Malware Analysis Report

2024-11-13 15:09

Sample ID 231130-wdfgcsfc49
Target Zlogger.exe
SHA256 be8b389d3fb5adc555760886cd8d0045de3b4b1c73168f30a7a257e3510a8c69
Tags
pyinstaller pysilon upx evasion persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

be8b389d3fb5adc555760886cd8d0045de3b4b1c73168f30a7a257e3510a8c69

Threat Level: Known bad

The file Zlogger.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller pysilon upx evasion persistence

Pysilon family

Detect Pysilon

Enumerates VirtualBox DLL files

Sets file to hidden

Executes dropped EXE

UPX packed file

Checks computer location settings

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Detects Pyinstaller

Unsigned PE

Enumerates physical storage devices

Kills process with taskkill

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Views/modifies file attributes

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-30 17:48

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-30 17:48

Reported

2023-11-30 18:18

Platform

win7-20231023-en

Max time kernel

1559s

Max time network

1571s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Zlogger.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Zlogger.exe

"C:\Users\Admin\AppData\Local\Temp\Zlogger.exe"

C:\Users\Admin\AppData\Local\Temp\Zlogger.exe

"C:\Users\Admin\AppData\Local\Temp\Zlogger.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI7682\python311.dll

MD5 5792adeab1e4414e0129ce7a228eb8b8
SHA1 e9f022e687b6d88d20ee96d9509f82e916b9ee8c
SHA256 7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967
SHA512 c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b

\Users\Admin\AppData\Local\Temp\_MEI7682\python311.dll

MD5 5792adeab1e4414e0129ce7a228eb8b8
SHA1 e9f022e687b6d88d20ee96d9509f82e916b9ee8c
SHA256 7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967
SHA512 c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b

memory/1600-1249-0x000007FEF6460000-0x000007FEF6A49000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-11-30 17:48

Reported

2023-11-30 17:58

Platform

win10v2004-20231127-en

Max time kernel

589s

Max time network

598s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Zlogger.exe"

Signatures

Enumerates VirtualBox DLL files

Description Indicator Process Target
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\RuntimeTasks\Runtime Broker.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\RuntimeTasks\Runtime Broker.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Control Panel\International\Geo\Nation C:\Users\Admin\RuntimeTasks\Runtime Broker.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Msoobe = "C:\\Users\\Admin\\RuntimeTasks\\Runtime Broker.exe" C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\Recovery C:\Windows\SYSTEM32\reagentc.exe N/A
File opened for modification C:\Windows\system32\Recovery\ReAgent.xml C:\Windows\SYSTEM32\reagentc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Logs\ReAgent\ReAgent.log C:\Windows\SYSTEM32\reagentc.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\SYSTEM32\reagentc.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\SYSTEM32\reagentc.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\SYSTEM32\reagentc.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000_Classes\Local Settings C:\Users\Admin\RuntimeTasks\Runtime Broker.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2037190880-819243489-950462038-1000\{52BE93A8-815B-4BEE-A88D-A825546C2353} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe N/A
N/A N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2112 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe C:\Users\Admin\AppData\Local\Temp\Zlogger.exe
PID 2112 wrote to memory of 1800 N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe C:\Users\Admin\AppData\Local\Temp\Zlogger.exe
PID 1800 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe C:\Windows\system32\cmd.exe
PID 1800 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe C:\Windows\system32\cmd.exe
PID 1800 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1800 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1800 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe C:\Windows\system32\cmd.exe
PID 1800 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\Zlogger.exe C:\Windows\system32\cmd.exe
PID 4844 wrote to memory of 5068 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 4844 wrote to memory of 5068 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 4844 wrote to memory of 1392 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\RuntimeTasks\Runtime Broker.exe
PID 4844 wrote to memory of 1392 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\RuntimeTasks\Runtime Broker.exe
PID 4844 wrote to memory of 4528 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4844 wrote to memory of 4528 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1392 wrote to memory of 4716 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Users\Admin\RuntimeTasks\Runtime Broker.exe
PID 1392 wrote to memory of 4716 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Users\Admin\RuntimeTasks\Runtime Broker.exe
PID 4716 wrote to memory of 2472 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 2472 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 1800 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4716 wrote to memory of 1800 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4716 wrote to memory of 2636 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 2636 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 2636 wrote to memory of 3796 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2636 wrote to memory of 3796 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 4716 wrote to memory of 1488 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 1488 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 4276 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\_MEI13922\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
PID 4716 wrote to memory of 4276 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\_MEI13922\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
PID 4716 wrote to memory of 3808 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\_MEI13922\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
PID 4716 wrote to memory of 3808 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\_MEI13922\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
PID 4716 wrote to memory of 4356 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\_MEI13922\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
PID 4716 wrote to memory of 4356 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\_MEI13922\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
PID 4716 wrote to memory of 4380 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\_MEI13922\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
PID 4716 wrote to memory of 4380 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Users\Admin\AppData\Local\Temp\_MEI13922\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
PID 4716 wrote to memory of 448 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 448 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 1664 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Program Files\VideoLAN\VLC\vlc.exe
PID 4716 wrote to memory of 1664 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Program Files\VideoLAN\VLC\vlc.exe
PID 4716 wrote to memory of 1080 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 1080 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 4544 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 4544 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 2812 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 2812 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 1804 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 1804 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 4236 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 4236 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 4884 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 4884 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 4920 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\SYSTEM32\reagentc.exe
PID 4716 wrote to memory of 4920 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\SYSTEM32\reagentc.exe
PID 4716 wrote to memory of 4336 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 4336 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 2316 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 4716 wrote to memory of 2316 N/A C:\Users\Admin\RuntimeTasks\Runtime Broker.exe C:\Windows\system32\cmd.exe
PID 5088 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5088 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5088 wrote to memory of 732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5088 wrote to memory of 732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5088 wrote to memory of 732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5088 wrote to memory of 732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5088 wrote to memory of 732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5088 wrote to memory of 732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Zlogger.exe

"C:\Users\Admin\AppData\Local\Temp\Zlogger.exe"

C:\Users\Admin\AppData\Local\Temp\Zlogger.exe

"C:\Users\Admin\AppData\Local\Temp\Zlogger.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4dc 0x2c8

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\RuntimeTasks\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\RuntimeTasks\activate.bat

C:\Windows\system32\attrib.exe

attrib +s +h .

C:\Users\Admin\RuntimeTasks\Runtime Broker.exe

"Runtime Broker.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "Zlogger.exe"

C:\Users\Admin\RuntimeTasks\Runtime Broker.exe

"Runtime Broker.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\RuntimeTasks\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeTasks\ss.png"

C:\Users\Admin\AppData\Local\Temp\_MEI13922\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe

C:\Users\Admin\AppData\Local\Temp\_MEI13922\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -version

C:\Users\Admin\AppData\Local\Temp\_MEI13922\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe

C:\Users\Admin\AppData\Local\Temp\_MEI13922\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -hide_banner -encoders

C:\Users\Admin\AppData\Local\Temp\_MEI13922\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe

C:\Users\Admin\AppData\Local\Temp\_MEI13922\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -hide_banner -f lavfi -i nullsrc=s=256x256:d=8 -vcodec libx264 -f null -

C:\Users\Admin\AppData\Local\Temp\_MEI13922\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe

C:\Users\Admin\AppData\Local\Temp\_MEI13922\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -y -f rawvideo -vcodec rawvideo -s 1280x720 -pix_fmt rgb24 -r 30.00 -i - -an -vcodec libx264 -pix_fmt yuv420p -crf 10 -v warning C:\Users\Admin\RuntimeTasks\recording.mp4

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeTasks\recording.mp4"

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\jumpscare.mp4"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeTasks\ss.png"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del rec_\30.11.2023_17.51.wav"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeTasks\ss.png"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeTasks\ss.png"

C:\Windows\system32\notepad.exe

"C:\Windows\system32\notepad.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeTasks\ss.png"

C:\Windows\SYSTEM32\reagentc.exe

reagentc.exe /disable

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del rec_\30.11.2023_17.53.wav"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeTasks\ss.png"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8710c46f8,0x7ff8710c4708,0x7ff8710c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeTasks\ss.png"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeTasks\ss.png"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeTasks\ss.png"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeTasks\ss.png"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del rec_\30.11.2023_17.55.wav"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1456 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1640534432923119029,572078004327457974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del rec_\30.11.2023_17.57.wav"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\RuntimeTasks\ss.png"

Network

Country Destination Domain Proto
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 126.22.238.8.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 65.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.135.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 234.135.159.162.in-addr.arpa udp
N/A 127.0.0.1:59740 tcp
US 8.8.8.8:53 152.78.101.95.in-addr.arpa udp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 209.78.101.95.in-addr.arpa udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp
US 162.159.137.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 232.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 gateway-us-east1-d.discord.gg udp
US 162.159.135.234:443 gateway-us-east1-d.discord.gg tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 3.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 162.159.137.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 pornhub.com udp
N/A 224.0.0.251:5353 udp
US 66.254.114.41:80 pornhub.com tcp
US 66.254.114.41:80 pornhub.com tcp
US 66.254.114.41:443 pornhub.com tcp
US 8.8.8.8:53 www.pornhub.com udp
US 8.8.8.8:53 static.trafficjunky.com udp
US 8.8.8.8:53 ei.phncdn.com udp
NL 64.210.135.112:443 ei.phncdn.com tcp
NL 64.210.135.112:443 ei.phncdn.com tcp
NL 64.210.135.112:443 ei.phncdn.com tcp
NL 64.210.135.116:443 ei.phncdn.com tcp
NL 64.210.135.116:443 ei.phncdn.com tcp
NL 64.210.135.116:443 ei.phncdn.com tcp
NL 64.210.135.116:443 ei.phncdn.com tcp
NL 64.210.135.116:443 ei.phncdn.com tcp
NL 64.210.135.116:443 ei.phncdn.com tcp
US 8.8.8.8:53 41.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 ss.phncdn.com udp
US 8.8.8.8:53 es.phncdn.com udp
US 8.8.8.8:53 di.phncdn.com udp
US 8.8.8.8:53 hubt.pornhub.com udp
US 8.8.8.8:53 media.trafficjunky.net udp
US 8.8.8.8:53 cdn1-smallimg.phncdn.com udp
US 216.18.168.30:443 hubt.pornhub.com tcp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
NL 64.210.135.112:443 media.trafficjunky.net tcp
US 8.8.8.8:53 a.adtng.com udp
NL 64.210.135.115:443 media.trafficjunky.net tcp
US 8.8.8.8:53 ads.trafficjunky.net udp
NL 64.210.135.116:443 media.trafficjunky.net tcp
US 8.8.8.8:53 ads2.contentabc.com udp
NL 64.210.135.114:443 media.trafficjunky.net tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 hw-cdn2.adtng.com udp
US 8.8.8.8:53 hw-cdn2.trafficjunky.net udp
US 8.8.8.8:53 m1.nsimg.net udp
US 104.16.125.175:443 unpkg.com tcp
US 8.8.8.8:53 m2.nsimg.net udp
US 8.8.8.8:53 vz-cdn2.adtng.com udp
US 8.8.8.8:53 vz-cdn2.trafficjunky.net udp
NL 64.210.135.112:443 media.trafficjunky.net tcp
NL 64.210.135.116:443 media.trafficjunky.net tcp
US 8.8.8.8:53 112.135.210.64.in-addr.arpa udp
US 8.8.8.8:53 116.135.210.64.in-addr.arpa udp
US 8.8.8.8:53 30.168.18.216.in-addr.arpa udp
US 8.8.8.8:53 156.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 138.79.194.173.in-addr.arpa udp
US 8.8.8.8:53 115.135.210.64.in-addr.arpa udp
US 8.8.8.8:53 114.135.210.64.in-addr.arpa udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 175.125.16.104.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 66.254.114.171:443 ads2.contentabc.com tcp
US 8.8.8.8:53 ht-cdn.trafficjunky.net udp
NL 64.210.135.148:443 hw-cdn2.trafficjunky.net tcp
NL 64.210.135.148:443 hw-cdn2.trafficjunky.net tcp
US 8.8.8.8:53 171.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 148.135.210.64.in-addr.arpa udp
US 8.8.8.8:53 storage.googleapis.com udp
DE 172.217.23.219:443 storage.googleapis.com tcp
US 8.8.8.8:53 219.23.217.172.in-addr.arpa udp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 104.110.240.131:443 r.bing.com tcp
NL 104.110.240.155:443 r.bing.com tcp
NL 104.110.240.155:443 r.bing.com tcp
NL 104.110.240.131:443 r.bing.com tcp
US 8.8.8.8:53 tse4.mm.bing.net udp
US 8.8.8.8:53 155.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 131.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.0:443 login.microsoftonline.com tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.46.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.46.107.13.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 tenor.com udp
US 151.101.130.217:443 tenor.com tcp
US 151.101.130.217:443 tenor.com tcp
US 8.8.8.8:53 217.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 media.tenor.com udp
NL 142.250.179.170:443 media.tenor.com tcp
NL 142.250.179.170:443 media.tenor.com udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 tenor.googleapis.com udp
NL 142.251.36.10:443 tenor.googleapis.com tcp
US 8.8.8.8:53 10.36.251.142.in-addr.arpa udp
US 151.101.130.217:443 tenor.com tcp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
NL 23.72.252.64:443 aefd.nelreports.net tcp
US 8.8.8.8:53 64.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 testfamilysafety.bing.com udp
US 204.79.197.201:443 testfamilysafety.bing.com tcp
US 8.8.8.8:53 201.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 tse1.explicit.bing.net udp
NL 104.110.240.155:443 th.bing.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
NL 23.72.252.64:443 aefd.nelreports.net tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI21122\VCRUNTIME140.dll

MD5 4585a96cc4eef6aafd5e27ea09147dc6
SHA1 489cfff1b19abbec98fda26ac8958005e88dd0cb
SHA256 a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736
SHA512 d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

C:\Users\Admin\AppData\Local\Temp\_MEI21122\VCRUNTIME140.dll

MD5 4585a96cc4eef6aafd5e27ea09147dc6
SHA1 489cfff1b19abbec98fda26ac8958005e88dd0cb
SHA256 a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736
SHA512 d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

C:\Users\Admin\AppData\Local\Temp\_MEI21122\python311.dll

MD5 5792adeab1e4414e0129ce7a228eb8b8
SHA1 e9f022e687b6d88d20ee96d9509f82e916b9ee8c
SHA256 7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967
SHA512 c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b

memory/1800-1251-0x00007FF870870000-0x00007FF870E59000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI21122\python311.dll

MD5 5792adeab1e4414e0129ce7a228eb8b8
SHA1 e9f022e687b6d88d20ee96d9509f82e916b9ee8c
SHA256 7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967
SHA512 c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b

C:\Users\Admin\AppData\Local\Temp\_MEI21122\base_library.zip

MD5 2f6d57bccf7f7735acb884a980410f6a
SHA1 93a6926887a08dc09cd92864cd82b2bec7b24ec5
SHA256 1b7d326bad406e96a4c83b5a49714819467e3174ed0a74f81c9ebd96d1dd40b3
SHA512 95bcfc66dbe7b6ad324bd2dc2258a3366a3594bfc50118ab37a2a204906109e42192fb10a91172b340cc28c12640513db268c854947fb9ed8426f214ff8889b4

C:\Users\Admin\AppData\Local\Temp\_MEI21122\python3.dll

MD5 b711598fc3ed0fe4cf2c7f3e0877979e
SHA1 299c799e5d697834aa2447d8a313588ab5c5e433
SHA256 520169aa6cf49d7ee724d1178de1be0e809e4bdcf671e06f3d422a0dd5fd294a
SHA512 b3d59eff5e38cef651c9603971bde77be7231ea8b7bdb444259390a8a9e452e107a0b6cb9cc93e37fd3b40afb2ba9e67217d648bfca52f7cdc4b60c7493b6b84

C:\Users\Admin\AppData\Local\Temp\_MEI21122\python3.DLL

MD5 b711598fc3ed0fe4cf2c7f3e0877979e
SHA1 299c799e5d697834aa2447d8a313588ab5c5e433
SHA256 520169aa6cf49d7ee724d1178de1be0e809e4bdcf671e06f3d422a0dd5fd294a
SHA512 b3d59eff5e38cef651c9603971bde77be7231ea8b7bdb444259390a8a9e452e107a0b6cb9cc93e37fd3b40afb2ba9e67217d648bfca52f7cdc4b60c7493b6b84

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_ctypes.pyd

MD5 1adfe4d0f4d68c9c539489b89717984d
SHA1 8ae31b831b3160f5b88dda58ad3959c7423f8eb2
SHA256 64e8fd952ccf5b8adca80ce8c7bc6c96ec7df381789256fe8d326f111f02e95c
SHA512 b403cc46e0874a75e3c0819784244ed6557eae19b0d76ffd86f56b3739db10ea8deec3dc1ca9e94c101263d0ccf506978443085a70c3ab0816885046b5ef5117

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_ctypes.pyd

MD5 1adfe4d0f4d68c9c539489b89717984d
SHA1 8ae31b831b3160f5b88dda58ad3959c7423f8eb2
SHA256 64e8fd952ccf5b8adca80ce8c7bc6c96ec7df381789256fe8d326f111f02e95c
SHA512 b403cc46e0874a75e3c0819784244ed6557eae19b0d76ffd86f56b3739db10ea8deec3dc1ca9e94c101263d0ccf506978443085a70c3ab0816885046b5ef5117

C:\Users\Admin\AppData\Local\Temp\_MEI21122\python3.dll

MD5 b711598fc3ed0fe4cf2c7f3e0877979e
SHA1 299c799e5d697834aa2447d8a313588ab5c5e433
SHA256 520169aa6cf49d7ee724d1178de1be0e809e4bdcf671e06f3d422a0dd5fd294a
SHA512 b3d59eff5e38cef651c9603971bde77be7231ea8b7bdb444259390a8a9e452e107a0b6cb9cc93e37fd3b40afb2ba9e67217d648bfca52f7cdc4b60c7493b6b84

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_bz2.pyd

MD5 2d461b41f6e9a305dde68e9c59e4110a
SHA1 97c2266f47a651e37a72c153116d81d93c7556e8
SHA256 abbe3933a34a9653a757244e8e55b0d7d3a108527a3e9e8a7f2013b5f2a9eff4
SHA512 eef132df6e52eb783bad3e6af0d57cb48cda2eb0edb6e282753b02d21970c1eea6bab03c835ff9f28f2d3e25f5e9e18f176a8c5680522c09da358a1c48cf14c8

memory/1800-1266-0x00007FF881100000-0x00007FF88112D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_lzma.pyd

MD5 3798175fd77eded46a8af6b03c5e5f6d
SHA1 f637eaf42080dcc620642400571473a3fdf9174f
SHA256 3c9d5a9433b22538fc64141cd3784800c567c18e4379003329cf69a1d59b2a41
SHA512 1f7351c9e905265625d725551d8ea1de5d9999bc333d29e6510a5bca4e4d7c1472b2a637e892a485a7437ea4768329e5365b209dd39d7c1995fe3317dc5aecdf

C:\Users\Admin\AppData\Local\Temp\_MEI21122\libcrypto-1_1.dll

MD5 dffcab08f94e627de159e5b27326d2fc
SHA1 ab8954e9ae94ae76067e5a0b1df074bccc7c3b68
SHA256 135b115e77479eedd908d7a782e004ece6dd900bb1ca05cc1260d5dd6273ef15
SHA512 57e175a5883edb781cdb2286167d027fdb4b762f41fb1fc9bd26b5544096a9c5dda7bccbb6795dcc37ed5d8d03dc0a406bf1a59adb3aeb41714f1a7c8901a17d

memory/1800-1306-0x00007FF8704F0000-0x00007FF870868000-memory.dmp

memory/1800-1307-0x00007FF8813D0000-0x00007FF8813E9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI21122\libssl-1_1.dll

MD5 8e8a145e122a593af7d6cde06d2bb89f
SHA1 b0e7d78bb78108d407239e9f1b376e0c8c295175
SHA256 a6a14c1beccbd4128763e78c3ec588f747640297ffb3cc5604a9728e8ef246b1
SHA512 d104d81aca91c067f2d69fd8cec3f974d23fb5372a8f2752ad64391da3dbf5ffe36e2645a18a9a74b70b25462d73d9ea084318846b7646d39ce1d3e65a1c47c4

C:\Users\Admin\AppData\Local\Temp\_MEI21122\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

MD5 139e752804a38934d26aaa8004717d04
SHA1 0497671e1ae3481c05eec2ef0877539db853a536
SHA256 07e4ab01b93792ea0beff08f4f6e41b2404186602774b2756854022f170a64ac
SHA512 8d62d854568decc39400dd2e4bb63999da25bf19bfc173086cfb92709a35d71a40c8a3a02dcd8f97af74d467b5d049ac26edd5a9710c58c879daecd411173347

memory/1800-1317-0x00007FF8810E0000-0x00007FF8810F4000-memory.dmp

memory/1800-1318-0x00007FF885380000-0x00007FF88538D000-memory.dmp

memory/1800-1319-0x00007FF880E10000-0x00007FF880E3E000-memory.dmp

memory/1800-1320-0x00007FF870430000-0x00007FF8704E8000-memory.dmp

memory/1800-1321-0x00007FF881B70000-0x00007FF881B7D000-memory.dmp

memory/1800-1323-0x00007FF880DE0000-0x00007FF880E06000-memory.dmp

memory/1800-1322-0x00007FF881450000-0x00007FF88145B000-memory.dmp

memory/1800-1325-0x00007FF880F70000-0x00007FF880F89000-memory.dmp

memory/1800-1326-0x00007FF880BB0000-0x00007FF880BE8000-memory.dmp

memory/1800-1324-0x00007FF870310000-0x00007FF87042C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI21122\charset_normalizer\md.cp311-win_amd64.pyd

MD5 347c9de8147ee24d980ca5f0da25ca1c
SHA1 e19c268579521d20ecfdf07179ee8aa2b4f4e936
SHA256 b6c3e565d152392aa2f1ea5a73952ae2a2b80e7d337759fce0ab32cd03c44287
SHA512 977a6e6e374e46b8bf699f285496dbb9777c8488bb16d61c0d46002ae4fcf5b2f9cd8cd8fa0e35ca442c43c9c286250edc10ef6eb1d2ef56578bcaac580f9fbb

C:\Users\Admin\AppData\Local\Temp\_MEI21122\charset_normalizer\md.cp311-win_amd64.pyd

MD5 347c9de8147ee24d980ca5f0da25ca1c
SHA1 e19c268579521d20ecfdf07179ee8aa2b4f4e936
SHA256 b6c3e565d152392aa2f1ea5a73952ae2a2b80e7d337759fce0ab32cd03c44287
SHA512 977a6e6e374e46b8bf699f285496dbb9777c8488bb16d61c0d46002ae4fcf5b2f9cd8cd8fa0e35ca442c43c9c286250edc10ef6eb1d2ef56578bcaac580f9fbb

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_queue.pyd

MD5 decdabaca104520549b0f66c136a9dc1
SHA1 423e6f3100013e5a2c97e65e94834b1b18770a87
SHA256 9d4880f7d0129b1de95becd8ea8bbbf0c044d63e87764d18f9ec00d382e43f84
SHA512 d89ee3779bf7d446514fc712dafb3ebc09069e4f665529a7a1af6494f8955ceb040bef7d18f017bcc3b6fe7addeab104535655971be6eed38d0fc09ec2c37d88

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_ssl.pyd

MD5 2089768e25606262921e4424a590ff05
SHA1 bc94a8ff462547ab48c2fbf705673a1552545b76
SHA256 3e6e9fc56e1a9fe5edb39ee03e5d47fa0e3f6adb17be1f087dc6f891d3b0bbca
SHA512 371aa8e5c722307fff65e00968b14280ee5046cfcf4a1d9522450688d75a3b0362f2c9ec0ec117b2fc566664f2f52a1b47fe62f28466488163f9f0f1ce367f86

C:\Users\Admin\AppData\Local\Temp\_MEI21122\select.pyd

MD5 90fea71c9828751e36c00168b9ba4b2b
SHA1 15b506df7d02612e3ba49f816757ad0c141e9dc1
SHA256 5bbbb4f0b4f9e5329ba1d518d6e8144b1f7d83e2d7eaf6c50eef6a304d78f37d
SHA512 e424be422bf0ef06e7f9ff21e844a84212bfa08d7f9fbd4490cbbcb6493cc38cc1223aaf8b7c9cd637323b81ee93600d107cc1c982a2288eb2a0f80e2ad1f3c5

C:\Users\Admin\AppData\Local\Temp\_MEI21122\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

MD5 139e752804a38934d26aaa8004717d04
SHA1 0497671e1ae3481c05eec2ef0877539db853a536
SHA256 07e4ab01b93792ea0beff08f4f6e41b2404186602774b2756854022f170a64ac
SHA512 8d62d854568decc39400dd2e4bb63999da25bf19bfc173086cfb92709a35d71a40c8a3a02dcd8f97af74d467b5d049ac26edd5a9710c58c879daecd411173347

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_socket.pyd

MD5 bcc3e26a18d59d76fd6cf7cd64e9e14d
SHA1 b85e4e7d300dbeec942cb44e4a38f2c6314d3166
SHA256 4e19f29266a3d6c127e5e8de01d2c9b68bc55075dd3d6aabe22cf0de4b946a98
SHA512 65026247806feab6e1e5bf2b29a439bdc1543977c1457f6d3ddfbb7684e04f11aba10d58cc5e7ea0c2f07c8eb3c9b1c8a3668d7854a9a6e4340e6d3e43543b74

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_hashlib.pyd

MD5 f10d896ed25751ead72d8b03e404ea36
SHA1 eb8e0fd6e2356f76b5ea0cb72ab37399ec9d8ecb
SHA256 3660b985ca47ca1bba07db01458b3153e4e692ee57a8b23ce22f1a5ca18707c3
SHA512 7f234e0d197ba48396fabd1fccc2f19e5d4ad922a2b3fe62920cd485e5065b66813b4b2a2477d2f7f911004e1bc6e5a6ec5e873d8ff81e642fee9e77b428fb42

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_uuid.pyd

MD5 46e9d7b5d9668c9db5caa48782ca71ba
SHA1 6bbc83a542053991b57f431dd377940418848131
SHA256 f6063622c0a0a34468679413d1b18d1f3be67e747696ab972361faed4b8d6735
SHA512 c5b171ebdb51b1755281c3180b30e88796db8aa96073489613dab96b6959a205846711187266a0ba30782102ce14fbfa4d9f413a2c018494597600482329ebf7

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_tkinter.pyd

MD5 bd62e34283812da3487154594296db60
SHA1 3664b4425cbdc5a49d7bb13bd09c9aae89058152
SHA256 7932a64e347ca9d6099cbb764958610a37e652c709d792a1348e2f56c6b20dbd
SHA512 62ebb04660a5a51796ee1b69f1118ae1b9deb8f01e73c840eb3ab01c7fad45c48fd0edd7285d041fa6df94ac6b3d728b6799d2d1f7bb266cb0bcdc793444735f

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_ssl.pyd

MD5 2089768e25606262921e4424a590ff05
SHA1 bc94a8ff462547ab48c2fbf705673a1552545b76
SHA256 3e6e9fc56e1a9fe5edb39ee03e5d47fa0e3f6adb17be1f087dc6f891d3b0bbca
SHA512 371aa8e5c722307fff65e00968b14280ee5046cfcf4a1d9522450688d75a3b0362f2c9ec0ec117b2fc566664f2f52a1b47fe62f28466488163f9f0f1ce367f86

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_sqlite3.pyd

MD5 eb6313b94292c827a5758eea82d018d9
SHA1 7070f715d088c669eda130d0f15e4e4e9c4b7961
SHA256 6b41dfd7d6ac12afe523d74a68f8bd984a75e438dcf2daa23a1f934ca02e89da
SHA512 23bfc3abf71b04ccffc51cedf301fadb038c458c06d14592bf1198b61758810636d9bbac9e4188e72927b49cb490aeafa313a04e3460c3fb4f22bdddf112ae56

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_socket.pyd

MD5 bcc3e26a18d59d76fd6cf7cd64e9e14d
SHA1 b85e4e7d300dbeec942cb44e4a38f2c6314d3166
SHA256 4e19f29266a3d6c127e5e8de01d2c9b68bc55075dd3d6aabe22cf0de4b946a98
SHA512 65026247806feab6e1e5bf2b29a439bdc1543977c1457f6d3ddfbb7684e04f11aba10d58cc5e7ea0c2f07c8eb3c9b1c8a3668d7854a9a6e4340e6d3e43543b74

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_queue.pyd

MD5 decdabaca104520549b0f66c136a9dc1
SHA1 423e6f3100013e5a2c97e65e94834b1b18770a87
SHA256 9d4880f7d0129b1de95becd8ea8bbbf0c044d63e87764d18f9ec00d382e43f84
SHA512 d89ee3779bf7d446514fc712dafb3ebc09069e4f665529a7a1af6494f8955ceb040bef7d18f017bcc3b6fe7addeab104535655971be6eed38d0fc09ec2c37d88

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_overlapped.pyd

MD5 6344223b2c04b31fc69b988f76ad0fee
SHA1 7012f4f8bcf181e1a7e30203fbcdec0c0afb5c9c
SHA256 5adfbf048f45eb734974fdc6416e96f7904736f033648d0190bef3422b676df5
SHA512 378dc5e900433b5412a035fc52be50285d10fbb2d3b3c488cae15cf1f84fcf7f2e082ec4bf14370b4c6cb8aefc6a64a625fff902b519c78b58bf68268ae444a9

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_multiprocessing.pyd

MD5 75bca8d4f1e829385e25abc39d8fc437
SHA1 0f289665b36aabc6f6f21b284f7d89ec320f56d3
SHA256 d0d4bbe992ef1e60af922926d1446a908c51cbf089b53b2c27166c90be7cd08c
SHA512 bb0881a3bd765850a322f0fa4fc3014feafb081f17bb4cab705dccf77d7f2fc30fd200e5d6499041adfae5f2a0307804b69953086426f1c4e4eced2f5a979804

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_hashlib.pyd

MD5 f10d896ed25751ead72d8b03e404ea36
SHA1 eb8e0fd6e2356f76b5ea0cb72ab37399ec9d8ecb
SHA256 3660b985ca47ca1bba07db01458b3153e4e692ee57a8b23ce22f1a5ca18707c3
SHA512 7f234e0d197ba48396fabd1fccc2f19e5d4ad922a2b3fe62920cd485e5065b66813b4b2a2477d2f7f911004e1bc6e5a6ec5e873d8ff81e642fee9e77b428fb42

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_elementtree.pyd

MD5 d64c52f740ac6f158a59736563b64c38
SHA1 f8cf372283b2599c894fa4d836f8d7700abbd5ed
SHA256 232933953bf1cdb575231c8f57cf7d9d00bd2179feb938ae34962f2c371bd0fa
SHA512 43879cba03c58935794c64dbfb0f4b2ed9e1b492ee75edd2720ee18c2089f1325dc01e3f8ee43e02fd7c8d2e923f10d0ee76d9a1edc9f946ebac1ea8b23a887a

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_decimal.pyd

MD5 a8952538e090e2ff0efb0ba3c890cd04
SHA1 cdc8bd05a3178a95416e1c15b6c875ee026274df
SHA256 c4e8740c5dbbd2741fc4124908da4b65fa9c3e17d9c9bf3f634710202e0c7009
SHA512 5c16f595f17bedaa9c1fdd14c724bbb404ed59421c63f6fbd3bfd54ce8d6f550147d419ec0430d008c91b01b0c42934c2a08dae844c308feec077da713ac842e

memory/1800-1327-0x00007FF8813C0000-0x00007FF8813CB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_cffi_backend.cp311-win_amd64.pyd

MD5 cdc182dc9761dbad548061af8ed0bacb
SHA1 646c648471552ab5abb49ed07d0bdc9e88a26d75
SHA256 213a68dface36e70bfc33d9b5932f01aab69010d50397f909b6721bfa42bf9dd
SHA512 968f518dbc5dd60c56e71cf7ca0331e1ebdab3c4ebb7614a2a8cbdee8d1e143e5103e37ec7fbb9d710bd0eca3cbda018564cfc08450178cf448086b1b5b86c1e

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_asyncio.pyd

MD5 45f8a7ec700c08b35cd2e7a3ef8b4580
SHA1 87ffe8dcabec09de34b60f71c9cfdc998fc6c152
SHA256 6517366fa68c1c970e458132842b26e48db3c931f043142f84c3785b5373c236
SHA512 474a1ec014d05ab1cf151b48ab3dbf361151614345878c2463f401b18621329aece959280db5e67c48bb48617b57f36760dde35f71470dd5ab9f48fb6155c870

C:\Users\Admin\AppData\Local\Temp\_MEI21122\zlib1.dll

MD5 ee06185c239216ad4c70f74e7c011aa6
SHA1 40e66b92ff38c9b1216511d5b1119fe9da6c2703
SHA256 0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466
SHA512 baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

C:\Users\Admin\AppData\Local\Temp\_MEI21122\VCRUNTIME140_1.dll

MD5 7e668ab8a78bd0118b94978d154c85bc
SHA1 dbac42a02a8d50639805174afd21d45f3c56e3a0
SHA256 e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f
SHA512 72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032

C:\Users\Admin\AppData\Local\Temp\_MEI21122\unicodedata.pyd

MD5 c2556dc74aea61b0bd9bd15e9cd7b0d6
SHA1 05eff76e393bfb77958614ff08229b6b770a1750
SHA256 987a6d21ce961afeaaa40ba69859d4dd80d20b77c4ca6d2b928305a873d6796d
SHA512 f29841f262934c810dd1062151aefac78cd6a42d959a8b9ac832455c646645c07fd9220866b262de1bc501e1a9570591c0050d5d3607f1683437dea1ff04c32b

C:\Users\Admin\AppData\Local\Temp\_MEI21122\tk86t.dll

MD5 7d85f7480f2d8389f562723090be1370
SHA1 edfa05dc669a8486977e983173ec61cc5097bbb0
SHA256 aaeda7b65e1e33c74a807109360435a6b63a2994243c437e0cdaa69d2b8c6ac5
SHA512 a886475aeea6c4003dd35e518a0833574742b62cdbbbe5b098a5c0f74e89795ebddac31c4107dae6edee8fc476addaa34253af560d33bed8b9df9192c3e7f084

C:\Users\Admin\AppData\Local\Temp\_MEI21122\tcl86t.dll

MD5 755bec8838059147b46f8e297d05fba2
SHA1 9ff0665cddcf1eb7ff8de015b10cc9fcceb49753
SHA256 744a13c384e136f373f9dc7f7c2eb2536591ec89304e3fa064cac0f0bf135130
SHA512 e61dc700975d28b2257da99b81d135aa7d284c6084877fe81b3cc7b42ac180728f79f4c1663e375680a26f5194ab641c4a40e09f8dbdeb99e1dfa1a57d6f9b34

memory/1800-1328-0x00007FF880D40000-0x00007FF880D4C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI21122\sqlite3.dll

MD5 395332e795cb6abaca7d0126d6c1f215
SHA1 b845bd8864cd35dcb61f6db3710acc2659ed9f18
SHA256 8e8870dac8c96217feff4fa8af7c687470fbccd093d97121bc1eac533f47316c
SHA512 8bc8c8c5f10127289dedb012b636bc3959acb5c15638e7ed92dacdc8d8dba87a8d994aaffc88bc7dc89ccfeef359e3e79980dfa293a9acae0dc00181096a0d66

C:\Users\Admin\AppData\Local\Temp\_MEI21122\select.pyd

MD5 90fea71c9828751e36c00168b9ba4b2b
SHA1 15b506df7d02612e3ba49f816757ad0c141e9dc1
SHA256 5bbbb4f0b4f9e5329ba1d518d6e8144b1f7d83e2d7eaf6c50eef6a304d78f37d
SHA512 e424be422bf0ef06e7f9ff21e844a84212bfa08d7f9fbd4490cbbcb6493cc38cc1223aaf8b7c9cd637323b81ee93600d107cc1c982a2288eb2a0f80e2ad1f3c5

C:\Users\Admin\AppData\Local\Temp\_MEI21122\SDL2_ttf.dll

MD5 eb0ce62f775f8bd6209bde245a8d0b93
SHA1 5a5d039e0c2a9d763bb65082e09f64c8f3696a71
SHA256 74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a
SHA512 34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

C:\Users\Admin\AppData\Local\Temp\_MEI21122\SDL2_mixer.dll

MD5 b7b45f61e3bb00ccd4ca92b2a003e3a3
SHA1 5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc
SHA256 1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095
SHA512 d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

C:\Users\Admin\AppData\Local\Temp\_MEI21122\SDL2_image.dll

MD5 25e2a737dcda9b99666da75e945227ea
SHA1 d38e086a6a0bacbce095db79411c50739f3acea4
SHA256 22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c
SHA512 63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

C:\Users\Admin\AppData\Local\Temp\_MEI21122\SDL2.dll

MD5 2b13a3f2fc8f9cdb3161374c4bc85f86
SHA1 9039a90804dba7d6abb2bcf3068647ba8cab8901
SHA256 110567f1e5008c6d453732083b568b6a8d8da8077b9cb859f57b550fd3b05fb6
SHA512 2ee8e35624cb8d78baefafd6878c862b510200974bef265a9856e399578610362c7c46121a9f44d7ece6715e68475db6513e96bea3e26cdccbd333b0e14ccfd8

C:\Users\Admin\AppData\Local\Temp\_MEI21122\pyexpat.pyd

MD5 f2d02bd2c933f5bd1f9f3d55c57a7417
SHA1 40ce29a427bfd980bb8d7b95d75964e12a3cdf7f
SHA256 c0a7b8d4458a7b3652e8e139285fc3743f5bbf5812ab744a3aa1d1aeab009959
SHA512 4d18fb9b74ffcb9dd3d3cb61d6495fa5a75549cffbd8cbe3031fd6215fafe11e05a57b3bad07bc58c80321e1c443f1491ef65c4c65340c1ba7d7529c366939b6

C:\Users\Admin\AppData\Local\Temp\_MEI21122\portmidi.dll

MD5 0df0699727e9d2179f7fd85a61c58bdf
SHA1 82397ee85472c355725955257c0da207fa19bf59
SHA256 97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61
SHA512 196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

C:\Users\Admin\AppData\Local\Temp\_MEI21122\libwebp-7.dll

MD5 b0dd211ec05b441767ea7f65a6f87235
SHA1 280f45a676c40bd85ed5541ceb4bafc94d7895f3
SHA256 fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e
SHA512 eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

C:\Users\Admin\AppData\Local\Temp\_MEI21122\libtiff-5.dll

MD5 ebad1fa14342d14a6b30e01ebc6d23c1
SHA1 9c4718e98e90f176c57648fa4ed5476f438b80a7
SHA256 4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca
SHA512 91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

C:\Users\Admin\AppData\Local\Temp\_MEI21122\libssl-1_1.dll

MD5 8e8a145e122a593af7d6cde06d2bb89f
SHA1 b0e7d78bb78108d407239e9f1b376e0c8c295175
SHA256 a6a14c1beccbd4128763e78c3ec588f747640297ffb3cc5604a9728e8ef246b1
SHA512 d104d81aca91c067f2d69fd8cec3f974d23fb5372a8f2752ad64391da3dbf5ffe36e2645a18a9a74b70b25462d73d9ea084318846b7646d39ce1d3e65a1c47c4

C:\Users\Admin\AppData\Local\Temp\_MEI21122\libpng16-16.dll

MD5 55009dd953f500022c102cfb3f6a8a6c
SHA1 07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb
SHA256 20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2
SHA512 4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

C:\Users\Admin\AppData\Local\Temp\_MEI21122\libopusfile-0.dll

MD5 2d5274bea7ef82f6158716d392b1be52
SHA1 ce2ff6e211450352eec7417a195b74fbd736eb24
SHA256 6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5
SHA512 9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

C:\Users\Admin\AppData\Local\Temp\_MEI21122\libopus-0.dll

MD5 3fb9d9e8daa2326aad43a5fc5ddab689
SHA1 55523c665414233863356d14452146a760747165
SHA256 fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491
SHA512 f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

C:\Users\Admin\AppData\Local\Temp\_MEI21122\libogg-0.dll

MD5 0d65168162287df89af79bb9be79f65b
SHA1 3e5af700b8c3e1a558105284ecd21b73b765a6dc
SHA256 2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24
SHA512 69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

C:\Users\Admin\AppData\Local\Temp\_MEI21122\libmodplug-1.dll

MD5 2bb2e7fa60884113f23dcb4fd266c4a6
SHA1 36bbd1e8f7ee1747c7007a3c297d429500183d73
SHA256 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b
SHA512 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

C:\Users\Admin\AppData\Local\Temp\_MEI21122\libjpeg-9.dll

MD5 c22b781bb21bffbea478b76ad6ed1a28
SHA1 66cc6495ba5e531b0fe22731875250c720262db1
SHA256 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd
SHA512 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

C:\Users\Admin\AppData\Local\Temp\_MEI21122\libcrypto-1_1.dll

MD5 dffcab08f94e627de159e5b27326d2fc
SHA1 ab8954e9ae94ae76067e5a0b1df074bccc7c3b68
SHA256 135b115e77479eedd908d7a782e004ece6dd900bb1ca05cc1260d5dd6273ef15
SHA512 57e175a5883edb781cdb2286167d027fdb4b762f41fb1fc9bd26b5544096a9c5dda7bccbb6795dcc37ed5d8d03dc0a406bf1a59adb3aeb41714f1a7c8901a17d

C:\Users\Admin\AppData\Local\Temp\_MEI21122\freetype.dll

MD5 04a9825dc286549ee3fa29e2b06ca944
SHA1 5bed779bf591752bb7aa9428189ec7f3c1137461
SHA256 50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde
SHA512 0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_lzma.pyd

MD5 3798175fd77eded46a8af6b03c5e5f6d
SHA1 f637eaf42080dcc620642400571473a3fdf9174f
SHA256 3c9d5a9433b22538fc64141cd3784800c567c18e4379003329cf69a1d59b2a41
SHA512 1f7351c9e905265625d725551d8ea1de5d9999bc333d29e6510a5bca4e4d7c1472b2a637e892a485a7437ea4768329e5365b209dd39d7c1995fe3317dc5aecdf

C:\Users\Admin\AppData\Local\Temp\_MEI21122\_bz2.pyd

MD5 2d461b41f6e9a305dde68e9c59e4110a
SHA1 97c2266f47a651e37a72c153116d81d93c7556e8
SHA256 abbe3933a34a9653a757244e8e55b0d7d3a108527a3e9e8a7f2013b5f2a9eff4
SHA512 eef132df6e52eb783bad3e6af0d57cb48cda2eb0edb6e282753b02d21970c1eea6bab03c835ff9f28f2d3e25f5e9e18f176a8c5680522c09da358a1c48cf14c8

memory/1800-1262-0x00007FF886450000-0x00007FF88645F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI21122\libffi-8.dll

MD5 08b000c3d990bc018fcb91a1e175e06e
SHA1 bd0ce09bb3414d11c91316113c2becfff0862d0d
SHA256 135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece
SHA512 8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf

memory/1800-1259-0x00007FF885390000-0x00007FF8853B3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI21122\libffi-8.dll

MD5 08b000c3d990bc018fcb91a1e175e06e
SHA1 bd0ce09bb3414d11c91316113c2becfff0862d0d
SHA256 135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece
SHA512 8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf

memory/1800-1329-0x00007FF880BA0000-0x00007FF880BAB000-memory.dmp

memory/1800-1330-0x00007FF8806B0000-0x00007FF8806BE000-memory.dmp

memory/1800-1333-0x00007FF880680000-0x00007FF88068B000-memory.dmp

memory/1800-1332-0x00007FF880690000-0x00007FF88069C000-memory.dmp

memory/1800-1331-0x00007FF8806A0000-0x00007FF8806AC000-memory.dmp

memory/1800-1334-0x00007FF880550000-0x00007FF88055B000-memory.dmp

memory/1800-1335-0x00007FF880540000-0x00007FF88054C000-memory.dmp

memory/1800-1337-0x00007FF880520000-0x00007FF88052D000-memory.dmp

memory/1800-1339-0x00007FF880450000-0x00007FF880465000-memory.dmp

memory/1800-1338-0x00007FF8804C0000-0x00007FF8804CC000-memory.dmp

memory/1800-1340-0x00007FF87ED80000-0x00007FF87ED92000-memory.dmp

memory/1800-1336-0x00007FF880530000-0x00007FF88053C000-memory.dmp

memory/1800-1341-0x00007FF87E410000-0x00007FF87E424000-memory.dmp

memory/1800-1342-0x00007FF881300000-0x00007FF88130B000-memory.dmp

memory/1800-1343-0x00007FF880F60000-0x00007FF880F6C000-memory.dmp

memory/1800-1344-0x00007FF880DD0000-0x00007FF880DDB000-memory.dmp

memory/1800-1345-0x00007FF8809A0000-0x00007FF8809AC000-memory.dmp

memory/1800-1346-0x00007FF880990000-0x00007FF88099D000-memory.dmp

memory/1800-1347-0x00007FF880470000-0x00007FF880482000-memory.dmp

memory/1800-1348-0x00007FF87E3E0000-0x00007FF87E402000-memory.dmp

memory/1800-1349-0x00007FF870870000-0x00007FF870E59000-memory.dmp

memory/1800-1350-0x00007FF87D3B0000-0x00007FF87D3C7000-memory.dmp

memory/1800-1351-0x00007FF87D130000-0x00007FF87D17A000-memory.dmp

memory/1800-1352-0x00007FF87D330000-0x00007FF87D341000-memory.dmp

memory/1800-1353-0x00007FF87D390000-0x00007FF87D3A9000-memory.dmp

memory/1800-1354-0x00007FF87D110000-0x00007FF87D12C000-memory.dmp

memory/1800-1355-0x00007FF885390000-0x00007FF8853B3000-memory.dmp

memory/1800-1356-0x00007FF877D90000-0x00007FF877DED000-memory.dmp

memory/1800-1357-0x00007FF8720B0000-0x00007FF8720D9000-memory.dmp

memory/1800-1358-0x00007FF871FA0000-0x00007FF871FCE000-memory.dmp

memory/1800-1359-0x00007FF8704F0000-0x00007FF870868000-memory.dmp

memory/1800-1360-0x00007FF8702E0000-0x00007FF870303000-memory.dmp

memory/1800-1361-0x00007FF870160000-0x00007FF8702D7000-memory.dmp

memory/1800-1362-0x00007FF87D0F0000-0x00007FF87D108000-memory.dmp

memory/1800-1363-0x00007FF880BB0000-0x00007FF880BE8000-memory.dmp

memory/1800-1364-0x00007FF87D080000-0x00007FF87D08B000-memory.dmp

memory/1800-1365-0x00007FF878430000-0x00007FF87843C000-memory.dmp

memory/1800-1366-0x00007FF877D80000-0x00007FF877D8B000-memory.dmp

memory/1800-1367-0x00007FF8720A0000-0x00007FF8720AC000-memory.dmp

memory/1800-1369-0x00007FF870140000-0x00007FF87014D000-memory.dmp

memory/1800-1368-0x00007FF872090000-0x00007FF87209B000-memory.dmp

memory/1800-1370-0x00007FF870120000-0x00007FF87012C000-memory.dmp

memory/1800-1371-0x00007FF870110000-0x00007FF87011C000-memory.dmp

memory/1800-1372-0x00007FF870100000-0x00007FF87010B000-memory.dmp

memory/1800-1373-0x00007FF8700F0000-0x00007FF8700FB000-memory.dmp

memory/1800-1376-0x00007FF8700E0000-0x00007FF8700EC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ru2ldws1.otn.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1800-1497-0x00007FF870870000-0x00007FF870E59000-memory.dmp

memory/1800-1498-0x00007FF885390000-0x00007FF8853B3000-memory.dmp

memory/1800-1499-0x00007FF886450000-0x00007FF88645F000-memory.dmp

memory/1800-1500-0x00007FF8813D0000-0x00007FF8813E9000-memory.dmp

memory/1800-1501-0x00007FF881100000-0x00007FF88112D000-memory.dmp

memory/1800-1502-0x00007FF8810E0000-0x00007FF8810F4000-memory.dmp

memory/1800-1503-0x00007FF8704F0000-0x00007FF870868000-memory.dmp

memory/1800-1504-0x00007FF880F70000-0x00007FF880F89000-memory.dmp

memory/1800-1505-0x00007FF885380000-0x00007FF88538D000-memory.dmp

memory/1800-1506-0x00007FF880E10000-0x00007FF880E3E000-memory.dmp

memory/1800-1507-0x00007FF870430000-0x00007FF8704E8000-memory.dmp

memory/1800-1508-0x00007FF881B70000-0x00007FF881B7D000-memory.dmp

memory/1800-1510-0x00007FF880DE0000-0x00007FF880E06000-memory.dmp

memory/1800-1511-0x00007FF870310000-0x00007FF87042C000-memory.dmp

memory/1800-1509-0x00007FF881450000-0x00007FF88145B000-memory.dmp

memory/1800-1512-0x00007FF880BB0000-0x00007FF880BE8000-memory.dmp

memory/1800-1513-0x00007FF880450000-0x00007FF880465000-memory.dmp

memory/1800-1515-0x00007FF87E410000-0x00007FF87E424000-memory.dmp

memory/1800-1514-0x00007FF87ED80000-0x00007FF87ED92000-memory.dmp

memory/1800-1516-0x00007FF87E3E0000-0x00007FF87E402000-memory.dmp

memory/1800-1517-0x00007FF87D3B0000-0x00007FF87D3C7000-memory.dmp

memory/1800-1518-0x00007FF87D390000-0x00007FF87D3A9000-memory.dmp

memory/1800-1519-0x00007FF87D130000-0x00007FF87D17A000-memory.dmp

memory/1800-1520-0x00007FF87D330000-0x00007FF87D341000-memory.dmp

memory/1800-1521-0x00007FF87D110000-0x00007FF87D12C000-memory.dmp

memory/1800-1524-0x00007FF8720B0000-0x00007FF8720D9000-memory.dmp

memory/1800-1525-0x00007FF871FA0000-0x00007FF871FCE000-memory.dmp

memory/1800-1539-0x00007FF8702E0000-0x00007FF870303000-memory.dmp

memory/1800-1522-0x00007FF877D90000-0x00007FF877DED000-memory.dmp

memory/1800-1555-0x00007FF870160000-0x00007FF8702D7000-memory.dmp

memory/1800-1561-0x00007FF87D0F0000-0x00007FF87D108000-memory.dmp

memory/1800-1598-0x00007FF870050000-0x00007FF870085000-memory.dmp

memory/1800-1604-0x00007FF86FF90000-0x00007FF87004C000-memory.dmp

memory/1800-1615-0x00007FF86FF60000-0x00007FF86FF8B000-memory.dmp

memory/1800-1619-0x00007FF86FCD0000-0x00007FF86FF53000-memory.dmp

memory/1800-1624-0x00007FF86F9F0000-0x00007FF86FCCF000-memory.dmp

memory/1800-1643-0x00007FF86D8F0000-0x00007FF86F9E3000-memory.dmp

memory/1800-1689-0x00007FF86D8A0000-0x00007FF86D8C1000-memory.dmp

memory/1800-1698-0x00007FF86D870000-0x00007FF86D892000-memory.dmp

memory/1800-1700-0x00007FF86D7D0000-0x00007FF86D86C000-memory.dmp

memory/1800-1701-0x00007FF86D7A0000-0x00007FF86D7D0000-memory.dmp

memory/1800-1685-0x00007FF86D8D0000-0x00007FF86D8E7000-memory.dmp

memory/1800-1720-0x00007FF86D760000-0x00007FF86D793000-memory.dmp

memory/1800-1735-0x00007FF86D710000-0x00007FF86D757000-memory.dmp

memory/1800-1745-0x00007FF86D6D0000-0x00007FF86D6E9000-memory.dmp

memory/1800-1740-0x00007FF86D6F0000-0x00007FF86D70A000-memory.dmp

memory/1800-1748-0x00007FF86D6B0000-0x00007FF86D6CD000-memory.dmp

memory/1800-1753-0x00007FF86D690000-0x00007FF86D6A3000-memory.dmp

memory/1800-1762-0x00007FF86D5D0000-0x00007FF86D684000-memory.dmp

memory/1800-1771-0x00007FF86D5B0000-0x00007FF86D5CA000-memory.dmp

memory/1800-1790-0x00007FF86D100000-0x00007FF86D193000-memory.dmp

memory/1800-1775-0x00007FF86D1A0000-0x00007FF86D5AF000-memory.dmp

memory/1800-1795-0x00007FF86D0B0000-0x00007FF86D0FB000-memory.dmp

memory/1800-1798-0x00007FF86B1B0000-0x00007FF86D0A3000-memory.dmp

memory/1800-1850-0x00007FF8698E0000-0x00007FF869989000-memory.dmp

memory/1800-1855-0x00007FF8692E0000-0x00007FF869506000-memory.dmp

memory/1800-1875-0x00007FF869860000-0x00007FF8698DB000-memory.dmp

memory/1800-1898-0x00007FF8697D0000-0x00007FF86985A000-memory.dmp

memory/1800-1924-0x00007FF86B160000-0x00007FF86B1A8000-memory.dmp

memory/1800-1946-0x00007FF869780000-0x00007FF8697C2000-memory.dmp

memory/1800-2199-0x00007FF869290000-0x00007FF8692D2000-memory.dmp

memory/1800-2203-0x00007FF8691D0000-0x00007FF869218000-memory.dmp

memory/1800-2202-0x00007FF869220000-0x00007FF86928C000-memory.dmp

memory/1800-2223-0x00007FF869170000-0x00007FF8691C7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jumpscare.mp4

MD5 5ac44ced534a47dc15b18990d8af0e49
SHA1 11add282a818408965d4455333a7d3d6e30923f1
SHA256 bea9d33028271f219a9c1786489dbfe8fa7191ba2fe2fbf8bd291130889a6448
SHA512 0ac4256e7dcc6697e7bb6d118a6cd6dbbfe2601a6487512d2c0ca3d73bc6ed4bc3f61d1c76e1c4316ec15c6bc3c5749fd8faf8636bc556a16844811586e21998

C:\Users\Admin\RuntimeTasks\ss.png

MD5 a0ed3073a55f4f09ec750c185191331a
SHA1 7e14b0813c93c4395fbac46670d617f98cec1617
SHA256 4324dfe0464a27c01b76a8d1650ebbffc899657974a58ba7504ad720c3fc0e00
SHA512 6ced6bf0e6698a2e6fc24ca9c4dc727a2f0353ee4000391e56aa96ef221b693d1ec9c18bf173f30ab2a2fdfc6d42fd69b712856bc87e5bed8232b25405df1ff6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e5c27b4a4d5a3c9c60ba18cb867266e3
SHA1 dea55f1d4cdc831f943f4e56f4f8e9a926777600
SHA256 860ed0acc83eb0096cc8911725e2c631ff879ad8c35854577651af502c4b69c9
SHA512 56eda28e9c61e8081dadc220d23e7bb3320a9ba557eb7511d17a3d2836aa61f301d1d714a3d611eedd7c4b91886c790af7366b01acdb3b637f3dc4fb024f3f6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 40f363d1a547a67d69ddc5af0a14ee23
SHA1 1976f295c038264f640cfb696b6750accde33c04
SHA256 10f7d60e43dd421d9446bef42bbc767deb05ca63305c8abf948551031c12a965
SHA512 4d73b560d28a30362c3115f049eb4021d0ee71c6679c052826cf3d3e56ef70bcdebcd57d5eca4ddb52007df269009938fd982429f071a49c102ae1deaddf3812

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0e7f4a05186caa4df8dcc1e9dfc0fb0b
SHA1 7849bce8d41105b1917e65107ac3aaa2b9a0301d
SHA256 547110e09ac83ced32144fe6fdb9343c4b4a46e8d100ba45e7d6c752608799b8
SHA512 70b88383726158cbb50fb7313bffa448b7dfece8133ef95b580a57beb233382cf66ce0abd348e34ce4b307a3f5c724cba15bda8b3009e455ef2865117fc7c99b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 559f8abec083d2a3da9eee114ed8408d
SHA1 02d6bf1de96d6c214f71453683a212fcc073a7a1
SHA256 762bef4df813474374752817a2faac90defad6a52451ed0811a6af654c430e9a
SHA512 f0f62e99748ef3c6c36518178fe7834921b375bb4e7e4cbae1e45f8d1670b3379d236ea6dc3a6811c3735d485c91001a52a617d4dedc52ebd45a55a9d477ec40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e30738d93d6789672ce8e1c4bfe275a8
SHA1 ce2195ec1f2e3830b9a106a9dc8d7fa5397d10fc
SHA256 7d60046d1238ff11bdf616d83c212ad6866a7cc630ee9be8580050dee7f74832
SHA512 e39c9590f558477a1b823de555bf27542a725566d8bd839a1c493459444d49d755445d8ff34f59681ede12a8e654c5a7fc34b6008c9abcfd65d09f6b1b523a65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fb9992f8ac044deac8ad7655df708e20
SHA1 75c1a7d79aa0ca4f42aedcac59f9ad825ecc98c1
SHA256 8a73fbfbbd5a8a4efd7c3209b4f51e544f7f003aa09d5b7c3d554caa5380415e
SHA512 3e876e3c24badadee25a886d21eab8314eec86167ab6cb5fe79a3a0398fb4f33faa172603e0a258f48175a09b463e383c95678c4d93ca894c1919b9226fba2fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 63d76266c78e2cb688d149547344872e
SHA1 d3d2d9c87a6b7a8f2ddc76fda2c204534d4a3939
SHA256 335960ec20157dd5219bb6ee782bc48afbf58b76a0f367c87cef4934e4409fba
SHA512 d841538a9d9d78e159eaca0f91f42c9cff8f00936154bbf34ed76905bc3011d9d4f99070f75c0b6f0d5049995b941a069946ba10d9df358e4ed23bd821d9a13f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 246549e345e1347b8e1f5c506dd78aba
SHA1 9601795442467f2c6be50c9d6e083094fa47cc0d
SHA256 ff9ad87c22c590f1c5c295b2e93269effb2caa2af6f622cba3258a2f160fd87e
SHA512 0d48d8817fd9de9e04a00e4a9ce4cbe9afeb4becb93e77b1fbf3e3083f0b13197f79e8ac4fc4f92901b326747c75d770154fbf2683e7819fd82450eb2a241b2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5cda89.TMP

MD5 818396c8fe9f093c492d84ebcf274376
SHA1 2e06f3d79c94ea9e7208ba9078432739dd20dd6f
SHA256 2567ce841c033c4c0328710910ff4cd5d1686041af7ca3cf85b89e0d32815f18
SHA512 a95631c2470ecd744d3c4b67842c116fa28d7da8bd872ac1c65145b2a5da8c92a3c667011125c13dba9fce43cdf08b5b00d808eec7f2c453135d07db26c04a0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5b56661ae416283821f5b22075b61e6a
SHA1 e84859a1a144caa9a61f61289605e313bf15c867
SHA256 047d43ba0e62ee6e089967634b9a65ad7d2d883e2fb8af84f3e97c72ba40131f
SHA512 bf6078c5683f93c087f3c8eece782a6a5cb7a6aa8b6e1857c07b989327d06fda6d6b065f54216379d20d740e80e939f8366897d11510cbcd25825694fccacd2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 87868c0a719366d7187944d4be68e38a
SHA1 c166261de99132d7830428d10f85103bf43ce094
SHA256 c34802974fd25ea53913872530b5e18e17aae6ea845425577317c98c853ef066
SHA512 632ffc781cf4ff470ef41af9fd4fc2d951e208c7a079906b24f0c3c6f7aec107466ae92d5d7ad641943a3483a2d37f3bb9536bec4dfc5ef1a945b8c668e979ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 604d8ffd3ea87f9c92efd7f63fee521b
SHA1 4e7496122225557fb16071078b6fff7a9191f706
SHA256 b4b58e88404dc8e4a714de30ab632922409d44466a968c9de2840d7cfe647379
SHA512 03e1f9d1355f7f938e4716556c0f435962f47cd7ab2c307f0390b521c56e37b24a2cb553cdeb0562286fea0f919969b81d3e6da03a59d42cacfba57f71046b82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d8b99.TMP

MD5 d7664be18fba7e6e77de0090c1d26f70
SHA1 6eafe76eb013aa6d18d8b88f55952a6204631a50
SHA256 bbc168f43278796df9cb6c01d9ff63662f39176550811bcf18a80e2a6d983ca3
SHA512 dcb7aa6a47d286b58bd4123ece73c6b5b79c6abc3b9788890b67e2194ef4c5b00f8a09ce4a226cd73c4ac2998217bd898fcf93638ee6afd025381fe685f656d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5aa74c1aaa6347ddd07a679020523b1a
SHA1 2b52bfe6a3d52703971137c38f89913940777547
SHA256 b4d7ad155e2d8ff81ecf49c5d3b7f7e337ae7b1cd32ebebf15a556538012eaa7
SHA512 1caacc56f54b88562a3c61b38faa31e82a6cb948374086ebba291acaa3cdad9acf1c518bf193644d8fa669d0449c3f95d8889d99ab6cf39c827fa25bf97aeeed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 14ecb8d85a77151030c96c277e7ded03
SHA1 9d9295ac25a50ec28a864e29cd34d278a72baa23
SHA256 5d21a2f1c6a33dd4c89269d92292381495ef7590389bc3131aaa0293d4e324cf
SHA512 a98c7e56727cc25c69220ee343930ce93e3953a12253111352822604667d957f35aacf48f23c009e6c81767d9a8159217bcc3cc89700ced576d720db80a71f06

C:\Users\Admin\RuntimeTasks\rec_\30.11.2023_17.55.wav

MD5 b00580dbc88962975a4ed271d22cd391
SHA1 dcccc22ba97d7ce320ab98ea3f0245cf80a2b839
SHA256 ec32bc9ba1963e716ba7f23bc1170068c2e8a7e3c5bc83ea9fef95242e8cde89
SHA512 1d83e0d44b84f3bac7efc18c14d3e198daab1618caffc8ebc490962cce52fd586d09d9187ea49e3f0274cf61fd5c2176edf9c1d8ce203752bfe65bf32714c7c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 76f43f1ae2c28f8081ca0e92e47e4c99
SHA1 18449925f18dfad0954993199295faa0761de376
SHA256 b9c78f54787fead9e69ea9b7e15177e273357b79f4fcc2ae059692680c4894ab
SHA512 df9fdd25925b02a5f70dc72f80199bda079aa23e65cf0cd86d9cc48931a26e51e0f84b693f9211f0e11b84a576d44fca82e90ebfaf7ddc6f8c1dbe2f0472c99c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 03cd0b66cd45265d730ce260eb8c8b04
SHA1 50c1266ea7dcfbc2950681f30bdad764e7014c11
SHA256 1d3f514f86c98d6cdc647ebfac0b9f98e4444853afc765696b3fed0e9bc6294c
SHA512 7e4a99e881ceb65128d75b9cd03755004d9a627c1827549d797b4f2ecc6c47d3ebdcc9fa2f3d038fed6d293d0110438bd9ae506c5c546c206932cb7cf37dcc05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 114567ab3c54cf4fc6b93a700571279a
SHA1 16464c81ff52714d665487586bb8a79fd5f78c84
SHA256 ce3614c9ff7f880a53c00a3cf8a21a922cba8aff1b57199202b920cc1fb7cc25
SHA512 a4fe694cb2d5ef57de53f04018de65568dd8059180f93af3073a3f12429d01d65bf6e2ae14c6c0adbb2a1f8136124f9d590c7200e7d883a4b2d929223a9b9017

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 c33c3755c9bc5c370e51bd72a524da35
SHA1 7b4d2ef2b5e0188562afcd4c87060a809a7d2919
SHA256 e30aeba2b555fe999989e290128024451d7b1bccd13060ce16990a39937a3113
SHA512 7c656b1f7e9806208c87b1f22d27f07f400c5bdd3fd258056a4046c7999d4f83f6c473800b09e36450eff9ff9dd86d045eedead515aeb4bdb55e9d9889e90de5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 3831b654c05d64115f94445ff82dc6ec
SHA1 b419d76b9c75315ab57ade2d64b91e8ad3ab09bc
SHA256 27c22ebee6b465a1c57b6900204d168a809eed11a147c9e27afc6c778ddd5e0b
SHA512 8b70c02c18941d93d42d1be9a27b6383c0c8fcfa26c67396a60839c05f420d1652681ecd59bb888485fbac19a23e91f37e12c7a659b7ab0b56ee7eb209d34a8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b0f4996ea4627aaf50f39197633e9fa4
SHA1 995249529a198ad48c46479b5c7d7c7be28364d8
SHA256 8acd260cb2edf00e252d752e0a36da2bb466d6cd70614286bc3c7342b64eb6a5
SHA512 1d4c8c20f53d301ca52ee57b8d797179f62371a1647d5fa7add289bafa49da22d369fd35241d9e9466539ec1aebadc4a2f95acebcb1869454e6726e270860ee7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 f0d11cde238eb54a334858a3b0432a3f
SHA1 7c764fe6f00cab8058caeba38eb7482088a378f4
SHA256 579adf148a5905868140df9075b90a2ff33c9070dfd35b3ab869a2d9aacd9a96
SHA512 b3e590c88b462004b29ced18027f640addd1ea6ce9ae584820054ca508ce7d626acb3bd729e3693b50ccdc5e4694b1aa400cb33a315a475de47f5b25ed964d02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\233227c9a47d76f1_0

MD5 8d9c70d84ace44bdfc7acf1409344e7d
SHA1 ce088f55dd2ac23ac1a72221b4af74498a91cc66
SHA256 8ef4c84d48b268f42ba8ff116f6483d4deee2c9e1575b725cb263249f6eb3346
SHA512 c7d4e4f24d8d698ca562b242f7c767c61750e8505a795d5f63eaa23bebe70f5e9b85c247088f3cebf4ea3762eeabcbccd7eacff4b7cc03e21e3cbfc4a7c4929d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 366e269126ba79ef06095ca8ab4617bc
SHA1 a0a5121105542786f9bc5912a0987d196bf277bb
SHA256 bb76ec248a03a12e7056990ea91fb7c1d934636853b128107617c6a74afdeb6f
SHA512 b503553f4d7331560e5d2cf176d58bf25b2aacd20eff875ccb0cf6ba79efc99724594cedf41e1c900f6e4dab41b350230696772beecf29d134caec2a34b72dd0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6f22b4890abdadcd_0

MD5 f3b86f0d25428d63909361c24720a853
SHA1 9846f376f9e022e67b443be06eeb8fcb3c89b936
SHA256 cb6e4c144a50194343e186c8a7949c74ba93fc2986f064da84be6d09f2714d8a
SHA512 7903891be4f27507f3ab35ecb678a9c1ea20942dfdd69029dabab7de8b8f7ffdffd28b944c992c68fc2904da496c67479f7d2c6fce7d065896ede1bb7bae5961

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0

MD5 029f6aca6e9103bc830d22526c913f0f
SHA1 2d4d11d0a68d2b8da38ab097b97c2e3ab8fe5fe0
SHA256 d3c8f4b658168aa5cac4e35b9a2b250be00b3b789ebe2459250fd41201eb0fcd
SHA512 18c5048623a0b5a3280fdcf3604719f5000d7d759e424646afaf35d5ef5c57f316c9b383867c7f3086621dbede358effad3643a015e3e3a61006c3d822e17d31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7054c7b6ffc9b6c4_0

MD5 3a91fb1b8a280d50610534eb3b3bd068
SHA1 bc07e35aab352e58f59954d4c43314294180a3f0
SHA256 c6a7386fbc6670b45c0b51d8fa2f5a931cce888fa54f2561df355009acb39608
SHA512 0fca735b3177f45c9ebfe13a2b5ddb46758769f9a7c131eca28f93b7ec3d3aadd463a54b7680c733b7edc67045035ad107f4e1a06dd298e0473164b1f427bd71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 279774a91d9f5ca6477e1bed242088d9
SHA1 b47ef99be4d5a3421cd9f1700ad012ee3cbe333f
SHA256 00cc668c84e1ebafe5c47be2591d4efe25b471e92686fec4d209ab397ff31b14
SHA512 ff588ba36c5bdfc29f202527d7bdb879546c2e3e825260aad00cf526d10c09b7ab7653f0fbee5e56ff33fba0e0106f510a19a5b101d8ba2015c50f133283423a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 08a19d4051891bfb2994c1575b292222
SHA1 88b6135a60b3adb68286fb33ceeb4a6bafd9cb0b
SHA256 8088cc8464ca8fe719f38384340f60a43352468af4b335a16e3dd16dacab24f6
SHA512 03fb40063b9bea7b9853638aee0cd564fb3bb789b6505ec33e71c062c86d9343758cf00479e1f3f82a53bd90ba16b92f4a554e87aa73aea46d25433efc775f03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

MD5 a6ebab9f080d2e8393c03f2b1d75c330
SHA1 5642f142b3e30b9082d9031ed98c9401bde2a47f
SHA256 e82d7a2c8482f213f58b3e44ae91c927c9512f675c30a44e7e922986347457af
SHA512 f6181a79456d1bdb2226f3e12245a469f8c9bc9f2cbb0f8846c6f487887ef4d39a965bad8e3264295b6a91fdcecbef7fe604d800127fb27b195de44e8791562f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

MD5 580cb131c67d45ab8059e2f1fb2ec1a4
SHA1 9b72c12523beff6f96038a98b45d7cea8bade484
SHA256 b7db892a631b8e7991198d048350016759c3c6ec6f5e4978e3f14deaf2ee736b
SHA512 a5113bd1e3daec684305e67fbdd41be61e5684d76aa953d83ee7784fa7a9f9df1c0bc29d1b5b8428901bd85a381a7517233e3434cb74acc43251e3e8e4f60a70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\186a34ab13c00db2_0

MD5 0eeabf6391d7d06475d2f81881991358
SHA1 0ba268883aab8a028b6929bf3dd02488b0f82e10
SHA256 9604b142f594506cc245fa8a14d2cbf3f7da88c2893b5c84dae8fafbfbb145cc
SHA512 cdf63164134090a18b935f58c4b9031c1d5e08cd941eb4b0eb790e6e2e6eda325060bcae4e0e76b45677d0377550103a722912e05136397388a3f1238c68f33d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a0703df20b370af_0

MD5 6bb219a1e44ced0e16d3820bf2fd9fb5
SHA1 219c5e5c06954d24a07383a8e17316e74d924e26
SHA256 cbf952a54e6ef7f826180ca11b5eaa7e0e1ff462ea9a1cd604f01af2709028dd
SHA512 ec058b3f777591fe79c68f8c239e5cf01eff21527353bd8f58413083221694813ed9b7e904ce55c7cf2087ae78abe0c9fedfba6090a00c074ed1a1090e53fd7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e2daebc9c47b45a8_0

MD5 a9facacf877f734b30cda2b63c35ebcd
SHA1 a39a8aa2e099dbd2d0f994ec13f8040beecf4380
SHA256 a62384295311867747835794eae52328bd38b7aaffb71b59a9f23db6c1de35cb
SHA512 4ce7aed9628eb60224ad86240fc62c39d293ea4bf1c1d96cb8e873aa7751096b18d5fa95f5606ee88bee2a6ef0354ac57e208e640d5d08a0a1d9311a1ca4e13a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 596904c69caafb2dc4b89232cafc2616
SHA1 5171074d7ba0c13de7ec164dd198f7d4bfa25931
SHA256 a02aff63e16c42ed426badcf7d4fbf25317b29e8e601d2259b87d7bff839b80b
SHA512 c97f53e41805e8808ca07a6d818f639cd8ece7e6ee210676df46731ccf48be563096c28f272de3dc1db7485e75b7cd9641bda6375389ebc04b1bb6063bf41974

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dec576ffdbd53a249d6ddd84da1977c9
SHA1 fb0842a56006c762bccd5b9f0705501c9df08b42
SHA256 1a0a7e4b2d7d19f17615b852fe88919bd1f49be7ee86f8695214ad9ce283164b
SHA512 a3f2c4c9293bb47b17ed13fafd8bb5a3fa48e0e9c9c41d2f0879918696cd733ba64b0607d6636c37d13719ec3970cb6902c4f4f6f3ae6ccf22d4c55d5400ca33

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 a7cfd55b8dd3bcbbe8c815e1ee298ec3
SHA1 8524deef732b6ebadc77e2b31b6a9c8315b111f8
SHA256 3b46f50c98326cc88cc73bd7a15f3826096566080fd54ad20d848fee57dd2205
SHA512 0979d5ff7f4ae917f8ad8e0d0d618d7decfcfde528829e7d3fef66f44205ddfbe1fba32f0df9f9f3343da06ea22bf334aad12d4f2decdceb0814c362be280eec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 753bf6309f396799842ec6a4bc1a5fcf
SHA1 00cb3df61d41058412b892792d2cc3e59e606b93
SHA256 d16a8b79a84f3638e22806bef4d3dc7b408423b8d076faca1c761ab9f3432287
SHA512 c76593aa6336106659baf4214bb1a9ab58f048b87ab8715cc6d33f5f270a1a085637076a5ae7d812d42da3f6c19506bca92f1c6ea08f7cce3d1684ddc5902069

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 20b4214373f69aa87de9275e453f6b2d
SHA1 05d5a9980b96319015843eee1bd58c5e6673e0c2
SHA256 aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820
SHA512 c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 729726504f33e836542a9cb3a9f4e3c5
SHA1 a8a5eb8f48b56906a7c0ebb7d796655e7b474210
SHA256 86d811db263bbe0892a844e889aa6908f27e41a04bc3cdf8b03e1402d99fa2ad
SHA512 5bc32e026d553cd9792d1556c578e64f4492ad04fcee409be38cd0ba821fd778a28839ac5d5134b7ab48d028047648d9e64e997c24f5a4429f24730f745ddc1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99355e6d825b2751_0

MD5 33a3d4902bd52425251c5f655d5c118b
SHA1 bb5d8b6313c36d9d9f6de4699bdf77b3b9a9c473
SHA256 a2ed211f1480949708728618d670c5fa5cc7b6c16ee1101c56867b87c7f34f9b
SHA512 cb0574fef562148182bc2593bc9e1a6648497498bef4be91a267e84e87e9a19bcafe1781d1b8ab5da2c475a114f29b5cf3a50537c87ffbb87b0fdceb934c6793

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

MD5 313afa1c489fbb5df9c6189f19874634
SHA1 3511653b9cab25eaf3b7f4e6b52ab94b5cd3d3d7
SHA256 fa9ee753d9c01e0b6580b66a5b6bc495526d190f79a60ffbfb763d9769a4f334
SHA512 aa5c0d598bfb93b1b08653ac0d8e54a2cca55d15a663b6ec3f9085d7ef69a57f7aa8a3dbab0afb19f768f7ed4b12e9be856697da366d56be8f50614bdb7a6f79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0394cb608277e667_0

MD5 80f478fa383e5323dc1b49d20efd6b14
SHA1 7e79713069379ecfb6b8164db9c110b7ae56e226
SHA256 e02e1d4e329d33646f4a98550f3dd9cf8a1b21b0034c1b32c5f69a2141149cc8
SHA512 37bb1f98819cb01cd9704cd2267cd8d0c5781308d2051624d43193f7a0410801e0f2cb1abc3021426b70d94a25a6e0cacd17ede4a714ae4e3aa3ac4ec4aa50e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

MD5 9f1c8d4c4435b419baf65be8815868e6
SHA1 a332261154f08ba71ac7a1f0adf970b536aeb3be
SHA256 e8da987b783d78ef132f9d891644463c6c5e6833b229a94e0ed9bf14b49b2b75
SHA512 c6d92f171bc3e1a267777f9871014f2cfa1f6ed24267bce9dca3e8c273d6238127583596d6936d3c41f962c88872b54ffedf14028d9aaabde2c7056d432fa2d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4319af450fc4dfda_0

MD5 2da2a9ab08aefd4ede6091169f2ec701
SHA1 bdce7f5c4419fba72525daa1045b453ad4d1c778
SHA256 9f0ff3dd98d441816497a6876659392f773067b20e7f5cdbf8eccdb77437eaa3
SHA512 1d419c4c455a6a185504706176ac35ba9c157aeac2da1a978c794882e3929d30e81fd08cae2df87624c1d5f8c78b2169988bc26c9579d8908e2e14130ffb21c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\22c86e29d33fc1a8_0

MD5 c5e90a6f2e9dd582ff37cea90f860459
SHA1 0b830ae23cc2327ff5d654980480845e5f708776
SHA256 510dba70fe36d0f5dcdfb58604f7507aa3938dd62704037b5562c05538846b49
SHA512 d4b1df064ff2c8f084e46989a27a91ac04c7c3fdf21e73dae6c21b19c1e6d8e19ca745844fa5a1f695eb0c810cfd77183ca084ace77021e42fcd971ae2cd3539

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

MD5 5490d40c18dd9e6e1f0e3d6d4ebfc56e
SHA1 8269053bbf17f0731664fe5f0b5b81ff6ba9081f
SHA256 a451d4cb41cf008e91bc3be0e32fa11de59075e8a4b20dc4cee992bfba0e5cc4
SHA512 dce8370ea5e7f01695ffe49e10ccc7ef005bb12fe4229bd8390b3f8137ff4db306ce25b89ab635a0a956109de81e9a02d535273bca509370adb83a004c4765f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1c30598e4ee2cadb24c9633c4e824ff0
SHA1 3f354acb4bbc4c922fcc28ef3c04af52e87c681f
SHA256 3ad0ee146f1625462b4577c191eccc5651079a797df2327bc69e0a9a9f582e74
SHA512 326f6489d05fa36b055321e13593ed7ea291a7176e94827d684edbf2accd2aba69ce7fb95c3c7fc00f50bb1276e13491d6c99a609b6f4a37f45825d221233b14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c968ab65467d8ba136735ac010b773dc
SHA1 32330b671dfa7c765ca81580226e5c5dbd35b3f9
SHA256 e9a20f4479f4d985ce3c7ecfef33d792a7e0a3ea8b0702c8851cdaebf1025385
SHA512 772fb928c0486b86147be76c23a1ee76c050f964a69827339509a3124cb51c3e36952968b96b161ba04bf3f27ae3eafb323eea99306de7a73955244aa680c83f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0b29a005a3f64fe9_0

MD5 af14d929c225518c7ed88df4e5ffdf3f
SHA1 5e4ea0e67d1d6e36adf986398f82f528292820a1
SHA256 0011d4c856b19599dc08176c0c00091365e3866b7620b4e7dad6b4d3019bd43c
SHA512 48579416bd33fdaa55fbc9d27b23de51bfb8d9e45ac5f5d3083b6c9ca5c84ea92a97548868c63b17ab4c6249c872ff6d3f502024bc7421691605f287f2501bf0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e39c6baf22f9d4b_0

MD5 52f5b06052e1b654769f97c87d24974b
SHA1 1ce2467b433ee282dd8ffeec76760a531932d47d
SHA256 75aa960e7fcb03317a55d421ccb596cbde22d046c998171177d5509c18def950
SHA512 2d75e89bc9b9ca5461261dc41ebff69619b314729dae7a4ccda96504b6b205595c9b8dd4a9bd97d435f0fedfcd1f26adc2fd8b9521df516ecdb7ae6ac5971046

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\43604d2a195c1916_0

MD5 e0b90db2b010bd3e5e6f0c7ddc30fb39
SHA1 6184675e64ef47574f5324c61e72dfbdb330213f
SHA256 af249cde4090b7c71a78bf0bd965e3f2ef7d510bcd075d3fe89842fe65430717
SHA512 43dd44ee457045dbd7fcd7d01d7a658a9412d508ac8e42d43d84d76beedec96665f82ba666011be785d9a75618cd8c41740a0e9c9c66194975f1891ace947ab6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d11df596af7121d_0

MD5 47199ed3fab5952d7ead5934ee65c634
SHA1 6f9b3dbb2ff74b26700b2956a73d9e89f31302f0
SHA256 d4838932b29a5342e6bd7a50a2c356adb4bf4ead17ca2e956fe3dc1f5b91f929
SHA512 4f68d6ab8b5afdf7b16b59ee455d015489d74062d42353c16d59a05180bf785c10f45e0805886187352081da398a7522230a9700dfd1188961bcc7b447df8d75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6304fd6f9e3c8050_0

MD5 648e48d610f606e2248d4f0427f2b081
SHA1 931ba9d58844206f0ad09aa0b3199c55d6ceb77c
SHA256 ab23c8ebc05bd2e2529b4f1eb964f0cbf626db01edc56b0a06bbc3b75450b73e
SHA512 c0f8161be90e6fe793a7aac2388b46687cd159f5167b4665cbc10d73a7ec04e3d847a9acc2db859b281f194e021a97131d66e88936ef98c4a9a28608d0702c43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ba235c604b81924_0

MD5 6ab4e8046ed1a38b693f26be9c0edcde
SHA1 68d0ee34de33e1917285bd8ed6a4ee7392c512e4
SHA256 7c2a2b35d8fbffb4c2eee1d3b31600aa96fb767333f07eb88082438d9c6e9050
SHA512 f26e57f42f8cff3c4803d948b1cb7f0a4207c28c209207222f836bf565bff1bd04cf0b134ea21dfcd8a54df02bb74372b39f326ba143db3cf7abbe40a32ee0cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71da22abe269277d_0

MD5 8c229005505bf1de406ac29595c5107c
SHA1 7328d85c15860d8ef8e3c72fbdd95c4a07d69a3d
SHA256 31b235c36feee2f178096ee1841693dcf152f203ed44e0516db65869ddc77a06
SHA512 c6c9e78991506ef55d3af41baa1100d350f18cc3f1640e60cc4f9554862ee4fb4a019f316352ebff6cbb4f3318271fb02d0ee0e825646e4e954a63761d24d144

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9b43d02c59c7984b_0

MD5 8fea7099e8a3d88db04c6dc362d2456f
SHA1 64afdcd7cf5f372bc9d2548d8a1a765f20adaa4d
SHA256 685f6b957c20c64fa5c98056d97b28d3e37d42b1d7ccd508472f7ea33d7a9fa1
SHA512 5d5e7b58b2cc31f60c877eee97357f116de6e84475580ae0f24fb835a6e4ee01a2ffc67c1d195187ba6045acc6ad496d79601d37cab84d85d4736c6f332654e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

MD5 17f297de9ebba1d39e60b8614b14f2c0
SHA1 e220404716fcf5687e13d696722ddc96b8907e2f
SHA256 b858b80b22fe1a7b46a06669a1e7680a31e85b158b5d8c9bb735272cf37207a0
SHA512 b54f3c05b0e9f04dda5e60ae1503c89201dd7a4afb9142ab138ec2abea1e46e8082cfa022814d55cc87d07a691eca4f2df9cd8df333443337803a48efb6258a0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 85b1829d65ec3f3fa75b891b168649c1
SHA1 55b501515ed1c88fcf6a05cc40c8fc5bd91f1ab3
SHA256 14257cfa5490de0850471c0bd9114037a3270579b34d8043be4f66f98394ebbc
SHA512 80aa63b68805f4820b547154ecb12bd6a243663ca3a05a32b759721aae1c37fb46ea57df4d555cb21e48d39375d059f9e24a5f071881226eded0866256b69092

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 052093e70af557af38439434a71daa84
SHA1 ca056136760acc8995ca6ef94bc655d30cd2ac49
SHA256 a047f2d873064fe1f82e2f6b80704d9402424403b831a908c999ca3fbc98e232
SHA512 53745b938bc9fa5d200c72013205518c07f298ab8c309d47b290a52c37bded7959a83c362ce03e23d0fa6a528419ef67ee8f457530fb50ee7241cca3287d8664

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bc71ef38672bc096e5dc8934074b199c
SHA1 fc3d9b19a2c8c8d7768ee6438dc788ce0112ab0a
SHA256 8494ba6c95e9a3df69b8db3d4d088927c975f15058c781baba4e7f32e5e8a2c1
SHA512 b6f75dbae35e53e26aaaa87c2981adff45a36c08621a585da333ed1ffe8501d249c44cfe2001b0eec7f901cf51c1889f4b1ec88fa8f5e516b74946833b93c3af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 739d8e77f120f3a95404fd9ef278c5c0
SHA1 1b6dd15eed26e283da19f0574d780ca4e77c1ea5
SHA256 4f80d03526390b29d8828c286c4214c57406256548bdbcbc6a7830613d43e342
SHA512 ea9f4df01e3f82ac0528a3e1ce88ed8c0039d6f06bfee290da22a5c733f57eea9f34640deac319936b1a7fe949f5c75b1a6723ea839fd1dd255da62f946892c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ba6519fa812a8d02f08e282415faadc5
SHA1 308b014873b57d2972cb0e2b6f0badcc4412c68d
SHA256 b6486122246a89bc64e1fdc7d550c820bc3ade7254d61821b538adf0dc66b8b3
SHA512 a1802f086ee6dde34b192310da980ef68bf8c72ab33420fd2ffc6449d06ae60abbf2daa3774ad1e5cabbab07fc0af15cbcb98cb8d8ec79e449a26e37f6b11eda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7d9f1de4fd5dbdaece2c14355f460624
SHA1 d4204c57cc32d624fe75ecdcb337d541d00e1e8c
SHA256 0d1896595c838267a0b5202693da53da8bc4ee4c86cdc839f7befdf60cebf75d
SHA512 7ab7f7c90cb024a15663286dcee1ab30721f0085f1ec868c348cc4e8fac90f55e1fe9fa2c2dc7f88bab297094e00da773f739874451f3044b205a94401e2f3f1