Malware Analysis Report

2025-08-06 02:53

Sample ID 240215-dhlj3aff58
Target http://gfhfghsfhf.fdag
Tags
agenttesla remcos zgrat celebrity discovery keylogger persistence rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://gfhfghsfhf.fdag was found to be: Known bad.

Malicious Activity Summary

agenttesla remcos zgrat celebrity discovery keylogger persistence rat spyware stealer trojan

Detect ZGRat V1

Remcos

ZGRat

AgentTesla

Loads dropped DLL

Executes dropped EXE

Reads user/profile data of web browsers

Reads user/profile data of local email clients

Reads data files stored by FTP clients

Checks computer location settings

Checks installed software on the system

Adds Run key to start application

Looks up external IP address via web service

Suspicious use of SetThreadContext

Program crash

Enumerates physical storage devices

Creates scheduled task(s)

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Enumerates processes with tasklist

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Modifies registry class

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-15 03:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-15 03:00

Reported

2024-02-15 03:13

Platform

win10v2004-20231215-en

Max time kernel

764s

Max time network

768s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A

Remcos

rat remcos

ZGRat

rat zgrat

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
N/A N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
N/A N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
N/A N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
N/A N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
N/A N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
N/A N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
N/A N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
N/A N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
N/A N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
N/A N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
N/A N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
N/A N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
N/A N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
N/A N/A C:\Users\Admin\Downloads\f6eb315ec598c33da6bb1302eba8d8122e8b669d733d1339a2d01364cf1ca630.exe N/A
N/A N/A C:\Users\Admin\Downloads\f6eb315ec598c33da6bb1302eba8d8122e8b669d733d1339a2d01364cf1ca630.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
N/A N/A C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe N/A
N/A N/A C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe N/A
N/A N/A C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe N/A
N/A N/A C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe N/A
N/A N/A C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe N/A
N/A N/A C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vlc = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\VideoLAN\\vlc.exe\"" C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vlc = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\VideoLAN\\vlc.exe\"" C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vlc = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\VideoLAN\\vlc.exe\"" C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vlc = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\VideoLAN\\vlc.exe\"" C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A

Checks installed software on the system

discovery

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3073191680-435865314-2862784915-1000\{26780DDA-6AF0-4CFF-9EB7-E6AD2A03049B} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
N/A N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
N/A N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\f6eb315ec598c33da6bb1302eba8d8122e8b669d733d1339a2d01364cf1ca630.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 220 wrote to memory of 3348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 3348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 1208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 220 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://gfhfghsfhf.fdag

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff921f646f8,0x7ff921f64708,0x7ff921f64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff921f646f8,0x7ff921f64708,0x7ff921f64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,15511147603522819473,2738883303644083243,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,15511147603522819473,2738883303644083243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6012 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2e8 0x454

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6680 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1264 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6580 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap16513:190:7zEvent10492

C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe

"C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe

"C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe"

C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe

"C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe"

C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe

"C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe"

C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe

"C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe"

C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe

"C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe"

C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe

"C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe"

C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe

"C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe"

C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe

"C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe"

C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe

"C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe"

C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe

"C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe"

C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe

"C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe"

C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe

"C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe"

C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe

"C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap27627:190:7zEvent13693

C:\Users\Admin\Downloads\f6eb315ec598c33da6bb1302eba8d8122e8b669d733d1339a2d01364cf1ca630.exe

"C:\Users\Admin\Downloads\f6eb315ec598c33da6bb1302eba8d8122e8b669d733d1339a2d01364cf1ca630.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5176 -ip 5176

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 828

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Users\Admin\Downloads\f6eb315ec598c33da6bb1302eba8d8122e8b669d733d1339a2d01364cf1ca630.exe

"C:\Users\Admin\Downloads\f6eb315ec598c33da6bb1302eba8d8122e8b669d733d1339a2d01364cf1ca630.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Uniapt.exe" | %SYSTEMROOT%\System32\find.exe "Uniapt.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Uniapt.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "Uniapt.exe"

C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe

"C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe"

C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe

"C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\uniapt" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1732 --field-trial-handle=1736,i,9326183192041675340,3763352647878876353,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe

"C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\uniapt" --mojo-platform-channel-handle=2076 --field-trial-handle=1736,i,9326183192041675340,3763352647878876353,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe

"C:\Users\Admin\AppData\Local\Programs\uniapt\Uniapt.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\uniapt" --app-path="C:\Users\Admin\AppData\Local\Programs\uniapt\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2348 --field-trial-handle=1736,i,9326183192041675340,3763352647878876353,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6572 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap26056:190:7zEvent18491

C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe

"C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe"

C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe

"C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\AZibCvGEQY.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AZibCvGEQY" /XML "C:\Users\Admin\AppData\Local\Temp\tmp8179.tmp"

C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe

"C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe"

C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe

"C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\AZibCvGEQY.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AZibCvGEQY" /XML "C:\Users\Admin\AppData\Local\Temp\tmp5F17.tmp"

C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe

"C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe"

C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe

"C:\Users\Admin\Downloads\f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,18264097684344953081,13203404028285233305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap11056:190:7zEvent7128

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap19463:190:7zEvent5336

Network

Country Destination Domain Proto
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 gfhfghsfhf.fdag udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
GB 92.123.128.181:443 www.bing.com tcp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 gfhfghsfhf.fdag udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.167:443 th.bing.com tcp
GB 92.123.128.167:443 th.bing.com tcp
GB 92.123.128.167:443 th.bing.com tcp
GB 92.123.128.167:443 th.bing.com tcp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.76:443 login.microsoftonline.com tcp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 gfhfghsfhf.fdag udp
GB 92.123.128.167:443 th.bing.com tcp
US 8.8.8.8:53 bazaar.abuse.ch udp
US 151.101.2.49:443 bazaar.abuse.ch tcp
US 151.101.2.49:443 bazaar.abuse.ch tcp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 gfhfghsfhf.fdag udp
US 8.8.8.8:53 bazaar.abuse.ch udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 114.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 bazaar.abuse.ch udp
CH 185.19.85.149:6667 tcp
US 8.8.8.8:53 jaffinryu.loseyourip.com udp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
US 8.8.8.8:53 bazaar.abuse.ch udp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
US 8.8.8.8:53 gfhfghsfhf.fdag udp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
US 8.8.8.8:53 jaffinryu.loseyourip.com udp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
US 8.8.8.8:53 bazaar.abuse.ch udp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
GB 92.123.128.167:443 www.bing.com tcp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
US 8.8.8.8:53 bazaar.abuse.ch udp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
US 8.8.8.8:53 jaffinryu.loseyourip.com udp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.13.205:443 api.ipify.org tcp
US 8.8.8.8:53 205.13.26.104.in-addr.arpa udp
US 8.8.8.8:53 mail.hotelzora-razlog.com udp
BG 217.174.149.194:587 mail.hotelzora-razlog.com tcp
US 8.8.8.8:53 194.149.174.217.in-addr.arpa udp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
US 8.8.8.8:53 bazaar.abuse.ch udp
US 104.26.13.205:443 api.ipify.org tcp
BG 217.174.149.194:587 mail.hotelzora-razlog.com tcp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
US 8.8.8.8:53 jaffinryu.loseyourip.com udp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp
CH 185.19.85.149:6667 jaffinryu.loseyourip.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 efc9c7501d0a6db520763baad1e05ce8
SHA1 60b5e190124b54ff7234bb2e36071d9c8db8545f
SHA256 7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a
SHA512 bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

\??\pipe\LOCAL\crashpad_220_KBLLUIPVOJDGRUZT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fbcf1b1ad590092d52a8933052032407
SHA1 f60a8878599d74cc2a71f494b7f1c30ea4153314
SHA256 5a7755bcb6560570e62ae703fe8445b2c571569bbecbc33101a2107d26b0c0f6
SHA512 c7a05c8501f6452788ddfdcd378b042b029b129b99dbaba37f8e9c2b6e357d60ef2db79a6e14a43193479942141a18b97df71e2150f35c0a00e9b6e414af51b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ad66571738a6095e65ec83cc405c395d
SHA1 a2909f2ff6f308d23da6332a89843dd7e5416959
SHA256 1a99a13ce88702cc5ce0410cf12921ff6a992e0e08d67c540fe814f82656f996
SHA512 468d907f805beb3e1599e880345955c98066f9ea9cf545b990ab97356ac17cda7cde864d758be86ed94024a7386ddaab86fd142f5228316e0e35539b5db3aa08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7055a34f472318e870999fa05bdb3552
SHA1 b6eddcd5d1a77d9bb0dd245b20992c7e46b546d4
SHA256 639cdf758a4f4b3d9a9a63d8038a406b28af258c8e9f98ae33d00d817426542b
SHA512 c183d06c6be5a8b72d652ff663470054e444e1782a6b002d59c9b0cec285d6fe926c99740d2b0492b8fd117ab6a3fdee1223ca8115ae236ea01e72abae8244bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ded70356d80a2a9a3baec314dc8eca8f
SHA1 7e92de141dd8b477a0866a78699a0b93993702a0
SHA256 ac446ee9a2289db3f25e52f565cbd72031f1a9785eef6c883d84cc488af33a62
SHA512 f5ba478eaf5a8185039edb97ae1942cdf9dd4f614b46374122f76bef96d71826d3de474fa5bbc00d066338a8447ec81cfea0e4873c02df7e49648cb0ce4059d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 121510c1483c9de9fdb590c20526ec0a
SHA1 96443a812fe4d3c522cfdbc9c95155e11939f4e2
SHA256 cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c
SHA512 b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 a127a49f49671771565e01d883a5e4fa
SHA1 09ec098e238b34c09406628c6bee1b81472fc003
SHA256 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6
SHA512 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 e969e99f960c2a9c52616ed38a74af82
SHA1 0dbda7fb75e89704519d6af653cedcb760ad78a4
SHA256 c02e3222ba87462777803058a8bce8a643342db13fbd74f242cd320ef9921d5c
SHA512 8414ba71d1eeba0fcaa37225b321910ad6c7a3930b16ae4ec286a8ad9c4ad93437e6bcc50ec6cfdad6fcaffbb32f2e4c61bbc9ec9053749c91a2d90e3860feb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 35b7ed514a5792471df1231218737f10
SHA1 3e96a7c2258347c04971c3b15a8b546d934e49a8
SHA256 193862f6f223c56aa5fc3a26c24128f9f1849d50875073c480ebafd84746af99
SHA512 e9b2ba9fca3a3734894a5efe520e9d0ce2ecf9966c2df637bf80cf2e3c3c2aa6b94d820267b619e7f96d6d81e79f35f5db4e67dcdf3ea6a0b65e14b03f695ce0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 07917e07d6e233b89f4d254dd612aa8d
SHA1 1a4d73470c380be3f01eef133bdb4df32facae85
SHA256 9d4c742ace35aaf98b2824219398d0f433ffdd8eb3337892474f08828ddc4b7f
SHA512 79dc109b9d39e4dc89058080498aa80334ec5c3340dbd556d8a39a30c779dcae2cf405106999c2a5b7883126996dd1c72d94479eb52aaad7e69a9e98c2461c9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8af1abe9f336653eb247f211190412f4
SHA1 1c02bd5f03a9087aa2653a7c917d30a3215b902c
SHA256 339ee427831da6706f50ebd859d87878a294b2b8ab4e6c0469ab7802338e7f29
SHA512 2b5a976adde8edfce14172dde6421f532c8938480ad96a969e451ae4887954b13cb3a342559e236da6eecb38d600171fa9019f432775b2d49b654ea4d5129a48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583c77.TMP

MD5 ff3b41bbeaea1512c111d1b094f180e0
SHA1 36411b5e6866eca08996e49f43f4bd13fbe58337
SHA256 b13fbc34442dcb0e709c2219e4cc361fd37960d8cedd1fe1bcca3171aae3b704
SHA512 c13046916e702d2e4a7ff0bcd1696e3bd0f1f2679a67d9b9b1847788be392a6c7042bfd7c2b013768f098ea179617c8193469d42da4106a1151f170f66acda5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 843503810bca66651b9de7d0e2391d1c
SHA1 d5f281fdb96ba1d08afbb8070f78d9d13c18867b
SHA256 030cedc80335a312a77ab6910d6d9813262d8006fa49f3ccc8686d5c5aa3da1f
SHA512 2ee667182472296c909179c1967d4a25596b023f2a5212e9bee22e556cc50a7b474c8843af30c00d50e7d063367a2d9ed502c39415a6821ea3d81e5b78bb2d7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 36104d04a9994182ba78be74c7ac3b0e
SHA1 0c049d44cd22468abb1d0711ec844e68297a7b3d
SHA256 ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1
SHA512 8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 acaf311417bf2e492ade4164cb69a7ff
SHA1 93b07b0dabe319f6aa48ab3c8e8fb25edb80e0c8
SHA256 5aa9ba13d1fcb2229b68fd128651b9c8882efd3e2384a555c68a0b76dace0bd8
SHA512 5a1a088fb6fa771dcb0c81ddad104c8f1b8ca3523c2afdbaed5d1c403c91fd55976106bd8b2a9a8a6466f63e4c949d95a179b7381a5b924f16cd0ec479c7fabd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3a0d84e880d86f358ef266f88ce1f54b
SHA1 560f8fa8d54586c870d18dc5cda14ff16df832c5
SHA256 1225dab1d70e374a99aa6bb32a24c757e5a3229b0e12b17003316455dbfc3cdb
SHA512 28f682020be1b502846bd2a4a6183458e766c48a3ac3576aed29f02d47d50da46519cfd6f4c2c26b7c1723746de93083b1185ad1571023894817a63dd40439d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3a28b7fb0fe962cbfb9f78b525f88d94
SHA1 d4b6d3d5deb80fefe6b7a3c073b3173e816b9821
SHA256 5b430c3b1d43bc6a98267b071029274e6b4100f40ec1e701c1554bfb92d7ced5
SHA512 92058546ef15d31bf0fd14b80f9a4df87b647b3d7bbb7f3510b65059a77c04857b18dea0784a50703a3792ac450d981e471016cc57c1e2dda93971da9340e254

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a99043a355ac28f37395fa149bb44d60
SHA1 d48e1843329cb49304d9f82cee5c4c7b6a55ed1d
SHA256 7be3e4f4dc54e35e2baa8a4977bcc8e0e8fd7b6efe355b7a4c3185dd22070c88
SHA512 3b14784a2139351c442c8c57caacc4d4586dfd2fa74662f74c1d02ec67323759093d51a7c966bec19a2ee0b3e7d22c8e1475089cafe6dd33f91e516f33ec8dfd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 adc15f7c6bfb417894becea7fa312fc5
SHA1 38b43caa3d3386b8d87a953f56d0c78fce4d0539
SHA256 350197475072479151a5f023259ce678fafe574347ded9576062d11813a158b4
SHA512 f72d5b2b9023d793b6095866282a22d9ff2593baaf3f501abf512a01fe72314757f01e2a206d9c6db805d4017f9da2081dc0a272175bbc966dfdc9283d7f4978

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a1f07b35f7050a037cc2eb61ced368f3
SHA1 074ed96eec7e5e92ef8fe42806ceff480ec5c3cc
SHA256 a800d7e0bd9f6ad9998677b8c74471c99f60bd90f58d5be6febc3a7783a4823e
SHA512 259b8f09dd1846d93e7803d866e0c3806a12169d4c240bdeaf2cbd6492121590abdc89376a2123f5100c1a0a948e1bc77bf21b2a543b580359af2b904f7ed758

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ce67ec10f0590557de44e368479bb0ab
SHA1 e7ff0cd1570f3f54da772d30417fa73eb9ae1e66
SHA256 793924ff01ab3e42e5444ae6848004dac80e332e90752ddb2d46aa9277a63005
SHA512 f59b7b43c1e84b1b558582594b76881ba84680f45b91eb6360534984d2c07700b100b109a70e63af64175718f30d13295374696c8fd639666fc0931bd84a92f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e7c60cad0efe63464ef9e719fb891095
SHA1 694fa15f740329ac287406acf8c2097db80f7d95
SHA256 d68f05293c7a770fc2725fcfcacd6a60f5d00aae821afb612ab7e4fa99550c0c
SHA512 d6612bdaa76f19bf731a82dcfdc3fda0af785dbb62584c7a03cc72376d63142edb6d51b398fd96e1672f88dd4c936075373e3c023ef9929f07c1f5d15af29c10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fdf02a43330f662a9899fb8c7ddcc08f
SHA1 785e93a8df354801ffa15461249e5a2004929f20
SHA256 e09eb2ea5fc88e3a72a7e6069c625c506dff0bf573002b7665b9f508f0e038ff
SHA512 821e4d86cc2c533dab1db21bf81a2f25dc3899dac5f85ed1b1df212205f2d5763732dc95c306a06d0eb9a5ff87bde22203bd0d5e0bdda37a03fce339a4cc0ccf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 36f2c3b1d94e43f8547f99155cc276a3
SHA1 171e82e1e8c629f53efd1198a4bd2fb86634e378
SHA256 6fff04df64d37478a44af4e53a068516c5ab21cf9e6ed6eaec1c677a4615f65f
SHA512 25e4319fb990e6e66713ae710ec413a91403f92dcba48bec8129dd87a00d449788e2f928290d317cf2fba3f0fb61b2c6d55ed37b4797b7ad2226d394a5e134bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 3b5537dce96f57098998e410b0202920
SHA1 7732b57e4e3bbc122d63f67078efa7cf5f975448
SHA256 a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88
SHA512 c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 5d53eef2887d92486895fe26c370447a
SHA1 df61502f7ed39c46b6ab51b4ef72e7f5fbc899b5
SHA256 76047fccca589a2690185bed64a9d92d6c2df93b3eba66769e283b78220754fe
SHA512 4ff5730f9f4e8507ea93a6ae30228cc6f994d6a39ef0152b2117d63ae0d0c5e9e425549f24fbedb6832ae1cdc088d61bff0042e29fefa919229328b3dbe32104

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6b43527b95f43c2f62fa8d3f950057e8
SHA1 e03a1d7a808fa7e2af2151cacc736cb908ffa05c
SHA256 86cfb151aedc3a011a9f639d2b0b844df898ec844390d1b9e562dc642e64534a
SHA512 c0e604383f3ba78d96df66a5ee37d5a4634b859b0412fc9e9420bccb1ba7523624ade283da41047da971218ac43fefb27610f662ba60615404cf13c5dfb88e2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 92ae5a2799993d313a58504f55c54bf5
SHA1 984d095e9b48c29d739697a405b5c6234be44a7a
SHA256 4246b23ff2cb7b4fa2973fb032ee979894f643b19e1d65f1afa33c4e08bc564d
SHA512 b70be8babd695352968286fabed46fdfd9000dda96dd054fada9df1cf1c3399254ba3a9c34901355f7f871fd678206ac087462275e74dfb35d02a8f1cfdc6633

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e7053c2c6c2e4cd6a1285d365c8cf095
SHA1 69d0545a7be11601b80cc7a8cdefff6039515ec5
SHA256 d4cdce96f85e53d7c65524ade8221d5a7e31843419e42e760e52d7ab8726d1df
SHA512 95335824fe4518a23ddca0ed613b64b5ae79b495e65f33be8eaaa40ae838604db0b6d002176cbee08f7059ff7b1ec4e9b6d10d8bfbbc6ac1a4a7562fc378479d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8d9cdd8cec30aff8b79e07bf555542ed
SHA1 d79367765e8cd6b77d610be8b796d8ff93e4d406
SHA256 29eb22303d56f9e1249f79b1d1c62824429dd966fda674281ccd9cdab398bcd5
SHA512 30f89c95ae3fbd8888f8e2de6aaf63a44490bae78db7362e0457b9f9ae6180d8e087e6d8801ef9d0cf806c832f1fa1a9cadad2b206b840bb1569373fb1e0c222

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 67f83236256f0a65a0d0d14cfb1ae67c
SHA1 518a579f7b16161601ae74caa96ebe83202e3f59
SHA256 784db62948bb565e592b425fa23da9b6b9029b456c90a634b32525aceb6016e2
SHA512 0fdb3334eb70860222fd32f83426bc9df51113c1533cfd09e6f1dd7117dcb7821a0ae598432d1947adf15b3524b9bafb0f36cc390d3d2bb769a0ad4cf3a84d35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d52be9e17c61f232afe5462abade3e93
SHA1 48adccce5291da47efa5b6f0f1df3cfda6462e88
SHA256 538ad10e7a0b2cd615ccbcb96b18dbe46b0d628b997fb6979782e1266bd0005c
SHA512 f2698291d66b3f87de94b7699687bf9e03398dba6fb20664c3257927666b9a4b933d56e5618fd82fb0a6eed1927454d740afc5ef24f7ea0ccf35daecd34469e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1621d1323b26a60829fbe181cb62eff3
SHA1 e435c11b1e85c5f9d42fe742b4a7e5968aebfaae
SHA256 899810170cdeb8b6fa8a47fa36243f4d7ab7692cc1dead4afb088a9ddd0bb057
SHA512 b79bbaf1243399c5966f4e1cd4d682aa06a891810b8f61c3d5aef35d3bdcbc7294f58c68e4a3582adb334895f02e17400f710ed2df69834f4de77396e8c7b5ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e0b33423901f2d3f68c93e647d9818d0
SHA1 8eac0249f2a3e49ef6b90d0de0bb82e8da76cecf
SHA256 475b12ba2966940e450c2309014715905c0ab77b1b817ef84e4d4808ffa49f62
SHA512 7177b047d1263ce13acac22098566e0c08e1b5a10713ec22c9c40f93fa3281df77eddd60b61dc7aebcedfcb446125fd49fa91f7dcea9b3836f957cbc39181d84

C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.zip

MD5 d7af2108a5fde68d83d38d78322ac9ed
SHA1 0ce58d3c81beb1bdba8fbdcde6f8896ace049c3e
SHA256 7f52f1696ecd6631d92c592c6055ba326946c843f8ab9c39710ee3baf62d914d
SHA512 df91c9ad5762a16c48d7d026d5f4cd7f5b9b7097198710628e6c9ccee495aba2a73f899f9a1ac2d86ce31e88c7f39a91f46422efd1f8fe90b22ab250d57e7ef1

C:\Users\Admin\Downloads\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe

MD5 d114a69f8415cae2e4bd1595e7fb4790
SHA1 e5583bc3e48b0f0f93173518d493e27f28268875
SHA256 11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44
SHA512 34801c7f707f04bb87a38323182de0d2e48ee0c9fd7d2bdcea4947492590e78feda54c7986938181c6d8ef7a5806d4b56cb911a2043e5a28fc38e8612fa1d1fc

memory/1952-900-0x00000000743F0000-0x0000000074BA0000-memory.dmp

memory/1952-901-0x0000000000640000-0x00000000006DA000-memory.dmp

memory/1952-911-0x0000000005060000-0x00000000050D6000-memory.dmp

memory/700-914-0x00000230A7050000-0x00000230A7051000-memory.dmp

memory/700-915-0x00000230A7050000-0x00000230A7051000-memory.dmp

memory/700-916-0x00000230A7050000-0x00000230A7051000-memory.dmp

memory/700-921-0x00000230A7050000-0x00000230A7051000-memory.dmp

memory/700-920-0x00000230A7050000-0x00000230A7051000-memory.dmp

memory/700-923-0x00000230A7050000-0x00000230A7051000-memory.dmp

memory/700-922-0x00000230A7050000-0x00000230A7051000-memory.dmp

memory/700-924-0x00000230A7050000-0x00000230A7051000-memory.dmp

memory/700-925-0x00000230A7050000-0x00000230A7051000-memory.dmp

memory/700-926-0x00000230A7050000-0x00000230A7051000-memory.dmp

memory/1952-927-0x00000000743F0000-0x0000000074BA0000-memory.dmp

memory/1952-928-0x00000000052E0000-0x000000000532C000-memory.dmp

memory/1952-929-0x0000000005580000-0x0000000005590000-memory.dmp

memory/1952-930-0x0000000005360000-0x000000000537E000-memory.dmp

memory/1952-932-0x00000000053F0000-0x000000000540C000-memory.dmp

memory/3304-935-0x0000000000400000-0x0000000000421000-memory.dmp

memory/3304-939-0x0000000000400000-0x0000000000421000-memory.dmp

memory/1952-942-0x00000000743F0000-0x0000000074BA0000-memory.dmp

memory/3304-941-0x0000000000400000-0x0000000000421000-memory.dmp

memory/3304-943-0x0000000000400000-0x0000000000421000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44.exe.log

MD5 3654bd2c6957761095206ffdf92b0cb9
SHA1 6f10f7b5867877de7629afcff644c265e79b4ad3
SHA256 c2a4be94cf4ed33d698d9838f4ffb47047da796e733ec11562463a1621212ab4
SHA512 e2a81248cca7732ce098088d5237897493fd3629e28d66bc13e5f9191f72cd52893f4a53905906af12d5c6de475738b6c7f6b718a32869e9ee0deb3a54672f79

memory/5560-946-0x0000000074190000-0x0000000074940000-memory.dmp

memory/5608-948-0x0000000074190000-0x0000000074940000-memory.dmp

memory/5664-950-0x0000000074190000-0x0000000074940000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\926ce55b42de6847_0

MD5 6a5cd899441c2b7e3dbf9c97516c911a
SHA1 1d6e343de39c55cf426ad3da7ded4a6e7abe95ba
SHA256 cf37c33f66871ba196c5bab10bed5940ea17068e95bb9cf0fa42a456246a1b29
SHA512 79c6d415a8b826ac449b8013dfc6696137e01a1f1eec4a047d10fdde7aecbd6423e41aa2a664c3a03c058762e41013ddf6bf2fbb5922427306b82ddefdaaab4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\41a4ebffd069515d_0

MD5 098e04de2cdd87169198826e61abe9fe
SHA1 bbc859059c10860ad1ea937f5c440dbbf8f1ae02
SHA256 a9628b56cf1e8e5d181052a9219d96db5a0ffadb8d8a44765905eb3b1e38db7c
SHA512 128bf06611254518d7117868f024d59fe7975be66cb7c888a35881c20bdb6b86dfdd2a21fd2ce24084c731d4eb0220c80a08d9d283ec7151fe0871946289bb06

memory/5560-966-0x0000000074190000-0x0000000074940000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e6bc13fdeed259de914b62faf462f018
SHA1 f20ac1f696b702417757a733027c65bec96bdd03
SHA256 9e5b0b89a73386af9c15daa556eeabff0f50cd04a267008c12b1b587f7c4afd1
SHA512 fc7d293b83ffc4917bd40c9a21588520db6bce3204957a6c791fbd7de6018021350ae330c3ed1b255751397bbb3f2ca0f56d8c378e1c1f9f54302c957612f29e

memory/5608-992-0x0000000074190000-0x0000000074940000-memory.dmp

memory/5560-993-0x0000000004D60000-0x0000000004D70000-memory.dmp

memory/380-1003-0x0000000000400000-0x0000000000421000-memory.dmp

memory/5560-1004-0x0000000074190000-0x0000000074940000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 870db3e7d2c88915272649962a104c0b
SHA1 2c21b63e1b1147507e2b7c29d10bd2b3a5db59f9
SHA256 a1c0080fee1df1df249cafb7f0d891cb0527519cb8a956654bd2a1fca32dd8d4
SHA512 26b2c4bf4cb50ae085305c3b3927c5a5d3a2d55e92e38decce3e6e792fd425a36728588cb1ff2567aef2f8a9aa24ce0e2bfa2b88350d67273797ef0cb74ec2ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 28a50314d0403016098e2a6ba478accd
SHA1 03e9287dddebef49926fda6e30cb8a9df9202847
SHA256 7acab7fced079a173310423357edcb3b69d10d4b38d4780b8b250ec8c2161c06
SHA512 59f3e3bdef9c38e7e12d2a00ea0071c6886a4ed08c093617825b0c4a72b6613d793055b9bddafa81b31ed7f11b50d7c579867730d6971299428c65373ddfe481

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\911a1398-008e-4d9d-8dad-5d0a83e3285c.tmp

MD5 e948ae45865e83f5deaf96149a9455eb
SHA1 d8c223609aca11e93b0fd9a6490960710cb992fe
SHA256 ad77de0bd0f8ebb498d7d491665dc9322fb27e74fd5abae93b6ac8ffe6b55bad
SHA512 b523bc5682a1171ca6525da8cf2532c570df0e3afa3ea50435778fce9dde42fc0dffa940deee555f593d29f5b84bf1a8b0005b0338bc654c34537648685280b0

memory/5664-1036-0x0000000074190000-0x0000000074940000-memory.dmp

memory/5608-1037-0x0000000005910000-0x0000000005920000-memory.dmp

memory/228-1043-0x0000000000400000-0x0000000000421000-memory.dmp

memory/5608-1042-0x0000000074190000-0x0000000074940000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 f3dc9a2ae81a580a6378c5371082fc1d
SHA1 70f02e7dd9342dbc47583d11ad99c2e5f487c27d
SHA256 230189617bfed9ee9f2ac01d11855b9a784d0b6481d3411693db7e1c10ade132
SHA512 b1266043a310a5fe5834df6991537b61803ab14b737546a87dd422d2bce7277307973963a6cf4cac4a2a6030831611be9333f8ea4e56ec3d11b70313d30dc3d3

memory/5664-1053-0x0000000005610000-0x0000000005620000-memory.dmp

memory/5664-1058-0x0000000074190000-0x0000000074940000-memory.dmp

memory/1488-1059-0x0000000000400000-0x0000000000421000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 39792a234537d9d8dbe1a5be016b40f6
SHA1 e1919cbd552b00f33aca44747317991692c607e0
SHA256 8ec93da9323fb5ce8a1642ed8f3997dec0ca3a0a4f378cb410a473b5e96c5263
SHA512 452f2a1cb0fb4c23f06b252a1757d04261013ce8b8b391535e216ed28e51d1731cc16ded042d444b4a764e8e9bfc4814119d02a60cdd9a5e18b49ee9652063cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1295a773ec3d77f0a3ec1a2225d4a025
SHA1 7e67c26474b392cc6b1ea663e3518dc4e37d8e65
SHA256 d343291796eb91196f37d9784742c3525b27ca80f2e3564eaae49e1fe50d7c45
SHA512 653a2198c40b716a4eb8400e6ed5956b696f2b37045f89dd0bcee5475f5338f1f3af10b7ae72ad8752f9891293ab1c4ec8c33dd9bfd0d5abd4f29b47165cc055

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1bdcb7d030cd151cdf4b788cf2dee1d0
SHA1 b67bfcc692e14a2d249d5dc93e4d6f0fa77d4123
SHA256 4242e50c61e41973fe40b14c5d7bf630bc7b0f355763b55dec1084c127446da0
SHA512 48bfb62092801cded21e3a1e69f08da3dc3f52d8774ff1811cbb1495e8be180c752f29bce4bb13f4099124062dc5316b64cac414067908299413c5e16720b972

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fb20673b6f04cff530e0baa3eee896f8
SHA1 035329d48141fec512b61b56e7c608317d8b904f
SHA256 373433a49a95c8bb08c59662c38301eee0e9391d1495adc31bb20ffe63e84e43
SHA512 f2c233180798d188e62cd46eee5a2db4a7e67d27ca275915efc694aad09b173735c0ae69f04e37bcdb4781668b44462a68768d7eafe6bd5d378a9f46fb20b343

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dc77ea2cd7caa98ae097c0f9a32cec2a
SHA1 e7be13ab87281a3cd317396e8854823428383b2a
SHA256 8458c8f58383ad09089e5b937637689211f78b0dd34c2c67f496ca704af7feca
SHA512 948a856bf646fe235c8957b917706afee594372dc2ff934940d44586bfb673074b5072915e8c698e8bcea704166acad2a9acdef6a81ac0857ff02720b70914b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ef48d0adf114cad260b87514116ba1fa
SHA1 3416edf6c4ef6179571c216a324548ab6dcd1252
SHA256 6181f09837dc4d706141a0ea87ded393a84f31cf45a09abe17c229836cccf89b
SHA512 c91a07e042332ae81f44ef6a198ac86275a49281c9f2ec193c57f9c5a27caf2b3d5a46e834d1b52e8e4f83ef1464608a72e737115d8a175d925c58c3e2c488d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0812a4063ceea3d2fbb38d9c7901bd2a
SHA1 cd244e8389680d03957e2f918f661ef6433dfa4f
SHA256 632a623550de56122d1d485a5e96d5d25691b9e3b17dcc3fbc9358c1d3577704
SHA512 70d82f7b4aa01e9c000e2d10ff3491f47ad1a3d34dc5bb9bcc6b23b8ab93f0fac580cf7b93904ae55ffe5f4980509974972dc493752d9d40026fa39ee428e67b

C:\Users\Admin\Downloads\f6eb315ec598c33da6bb1302eba8d8122e8b669d733d1339a2d01364cf1ca630.zip

MD5 53552ee6b88bb358223980579177d1f6
SHA1 b12c70d31aada579283dad426dae30caaf107fa8
SHA256 5f34207e42b03bc16eba24fc623d40a8a17e8b522dbfc210566d7be7a16243f5
SHA512 b7f4d38f5484a9e79bcb0ee63508d5b4e9e95bf99cfb0ea80ba5368204daada6ca4ad1845b0c3ba8718e8afedef9e0d8da7605a545e083f6d858910e72feea6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 19d3c9e2d58677e24f07f7246ed27b5f
SHA1 2f6b59e95e62ac77a46d1814f57517124b8ebe33
SHA256 83e000d0e5a583e469643e1ed2ea19364925380e08c65dbbd8ba590ca705903f
SHA512 9fb35efac9ccb0cd84062ac23830db8ddb41617de779f53f97a5b9bcb133ff087fd7dd8429f12efc6d47b80264df43ebcf22ec4bb735ab24c447adb68687f760

C:\Users\Admin\Downloads\f6eb315ec598c33da6bb1302eba8d8122e8b669d733d1339a2d01364cf1ca630.exe

MD5 936fef453cc7e22a915f830357d99847
SHA1 29a0065442b80aefad3454d7dad48a5d3af9a83a
SHA256 b4f91d7af3e51dfae9af09a0cb03637122cb54ca19bc7221d35ca93162a0909f
SHA512 ce74f8370a9388e07527af7ae50b9ac75449e9fcc792984a6882cd38b61092b40376b26c6da069e819aa5267d6a8cd5bac37e1e458e5b3ce06d1cdb7f22b2206

C:\Users\Admin\Downloads\f6eb315ec598c33da6bb1302eba8d8122e8b669d733d1339a2d01364cf1ca630.exe

MD5 d28b4ce3385c629306efcbc965d0528c
SHA1 0727c7a9abdfd8ccce366a971a3ebc5de1a58fe0
SHA256 ea2a78d825f3d6e24e4e052c8c1df981ad981131940b10388647999ea89a5fbd
SHA512 3b9be4f694761617c0be3db54cfdae7c89b286a3b8aae027cad6c63ffe0346bf9262036f4909cc0291503f33a1aaa11672c157298b739d242b87f27c520202cf

C:\Users\Admin\AppData\Local\Temp\nsr30E2.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

memory/2988-1203-0x0000014CB31D0000-0x0000014CB31D1000-memory.dmp

memory/2988-1204-0x0000014CB31D0000-0x0000014CB31D1000-memory.dmp

memory/2988-1205-0x0000014CB31D0000-0x0000014CB31D1000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 d2fb266b97caff2086bf0fa74eddb6b2
SHA1 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d
SHA256 b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a
SHA512 c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 6bd369f7c74a28194c991ed1404da30f
SHA1 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643
SHA256 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d
SHA512 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

memory/2988-1210-0x0000014CB31D0000-0x0000014CB31D1000-memory.dmp

memory/2988-1212-0x0000014CB31D0000-0x0000014CB31D1000-memory.dmp

memory/2988-1211-0x0000014CB31D0000-0x0000014CB31D1000-memory.dmp

memory/2988-1213-0x0000014CB31D0000-0x0000014CB31D1000-memory.dmp

memory/2988-1214-0x0000014CB31D0000-0x0000014CB31D1000-memory.dmp

memory/2988-1215-0x0000014CB31D0000-0x0000014CB31D1000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\uniapt\chrome_100_percent.pak

MD5 a0e681fdd4613e0fff6fb8bf33a00ef1
SHA1 6789bacfe0b244ab6872bd3acc1e92030276011e
SHA256 86f6b8ffa8788603a433d425a4bc3c4031e5d394762fd53257b0d4b1cfb2ffa2
SHA512 6f6a1a8bfe3d33f3fa5f6134dac7cd8c017e38e5e2a75a93a958addbb17a601c5707d99a2af67e52c0a3d5206142209703701cd3fab44e0323a4553caee86196

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\chrome_200_percent.pak

MD5 c37bd7a6b677a37313b7ecc4ff01b6f5
SHA1 79db970c44347bd3566cefb6cabd1995e8e173df
SHA256 8c1ae81d19fd6323a02eb460e075e2f25aba322bc7d46f2e6edb1c4600e6537a
SHA512 a7b07133fa05593b102a0e5e5788b29488cb74656c5ee25de897c2ba2b2a7b05c0663ade74a003f7d6df2134d0b75f0ad25e15e9c9e0969e9453b7fc40b9f8bb

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\d3dcompiler_47.dll

MD5 8f175418c97bb50e673371b376270514
SHA1 1cd16934788afac2988148011f5e5453ddf9c5da
SHA256 b8768dab2c7aafdac1785435e12783f094e84235d0056870a50a0f02f088ced2
SHA512 239e394c8cbeb16b467e224cfd61f008a3b08da789099a130b4c02e38caac5d00a6fe8faeab1dcc89cacc9c07145e073b01a764c188012422cbb20e55d5b6ba7

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\ffmpeg.dll

MD5 51f1baa7fee261d4a7d7f188c0cf7502
SHA1 ad414b2046101e49b5c74d2cac96be782f50570c
SHA256 4218ee7a02556cf4a925f79957e3e157c54ef236a22208464406c88031695f1b
SHA512 b9ca5d7bfff98c07c7ffafade7e3cb3da0c7dc63bb2ff4e8da3223ddb46a9e972fa3540ab86bb4c2e2309966af38cb5572f8f4bd54c8528a4c36789773a8a98c

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\libEGL.dll

MD5 24d21aafc8df659211ef982beb29c2f0
SHA1 7196fc5dd9a4cfcb5c828d86bc333f422e1e3587
SHA256 d421431e5390d9e1a9f3d75c987d8cb73bb47e81208f0320bda1a945dede8939
SHA512 a6f1f5435be3bf37aebd8060d258a1e4c09b467d26034fdc7b2b1d3e63cba0e03f7ab733f616616708e0f4efd2aae9aef8d191c7beebdeb71e5ca6792a6fbd2c

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\icudtl.dat

MD5 626fdd12b8ac3d5d84525bb2a38e26f3
SHA1 5a752c123ec941d4f47af57163f68190c4689a21
SHA256 16bbed2b88f4958e5fdf32342da33c5b09cc42b629b3b55ecbbd37d3c99129f1
SHA512 c0dbb9b3770a25ab27263c080f45ddc195afaa257ff4e2922da6664612646ba5020ac10039a5335b48cb60e8861e222dde01d791e720359a750cca348eba159c

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\libGLESv2.dll

MD5 b7a97274473799ede668f39967c77662
SHA1 a1023fadedb6b9768c3e8e808799d154bb9e6b56
SHA256 a27274ebda32c348a3bfc6eb2ea5db94a91ea451531d2d7530879bc126746513
SHA512 bc50641e2966a82e1d38cd64e59c28c46fbc5831e27dd3fa57aed10a842a5e2356847304e88e905d98814a088dc9adc1165181fe2e67349f5ad946fe8f5035d0

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\snapshot_blob.bin

MD5 9dfc22c8fdc4a2420879a2c4ef9848c2
SHA1 f539e4e09e6f7b8edb2b539434db5fba1e80ee96
SHA256 721b2fe7c122bca5b8b7819cc7869c33a35384eb79da03a263dc792ce3862e86
SHA512 92c45bc4aa29288a13f569c0c7b4d67eebd5c80803f4b795737cbdc6978a9738ba4e4b06541033332c57bf8ee045c396b87231c9b60efeed04e98e1163cdc7c6

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\resources.pak

MD5 3186b653998ddfe6812f4965d857bb60
SHA1 e959b50b5ab29d33b1f7d1e45355c6835fe05291
SHA256 dd550af5f8adbdfc31c71553e218335f02ab1b4567c184499ff44b4a90f75ef4
SHA512 326877565fcf8e3e6c14b94c4ba4a93230c10dab82703ba5e369856a232d7fbe07b5048240e616e1b17680fb4240a100637d48094334b63e00dbd715175e2fb0

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\LICENSES.chromium.html

MD5 1af0bda0cd656a4f468a9babf9b96c0d
SHA1 0f1713a73e83da36bf978c2fb89490a816713d3e
SHA256 6ac9ba60cabdc5e067284607b52b416290ce35a40b30f450bf89fe739d1e9c76
SHA512 c42e5a1418e397965596408087776dd7a83206c2f5235533a5d6dc5a13a8602a1bca4f66bed8d13c8826e2a44648df55e7b5d41ca800d8959c757af88d3326d5

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\v8_context_snapshot.bin

MD5 66ab82aff2c300ac0aba6eca0708f318
SHA1 79f3eab3ddb137843c3f81598c75048e4bb4ac90
SHA256 24c939a5fa34d0a67eee43fa861dd9c097a657147d3ed96390cf3663d7720628
SHA512 1c0de49a645f0047c28a4d2d63a4b55cd0042eeff529da6ead527c4756deb1242efdc70efa6f0a3d6f0eee76c32462da4cae82a05d619341f56bbe7f23a7e92d

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\vk_swiftshader.dll

MD5 7b459725dbf730449d946434696bf47b
SHA1 5b15169fcbbb57e134d5ef4b46383c51389e5784
SHA256 e81f7c8a0d690e811be8cb0a19cbed58f3e8347935e8b217a1f0c1bcd85c0dcf
SHA512 5030fc3ff5bd04e135f1ee763cdac4b5dd5c631765fabd83e938d73382761dfdac447beca02924ad6aedb4ee120618277c174d8cebb3951f21471a02a31f0917

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\vulkan-1.dll

MD5 12a535824e36933c909cc089ee1c13ba
SHA1 8b30ba5b5d244b2efb1a924bc6ca14c48ea47a1d
SHA256 c61ae364870dfe2566edd92d6a5d79cb4fe6ae1293f5c78363eb6e08850745d5
SHA512 063a8c5d28ce0b3a776af62ec5e56075e5d8d843dc2383232d51dec59a369e5d53e58a91a6320ef93c439b5e72c35fca6f23e110e2c72b810dab94bc62028654

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\Uniapt.exe

MD5 d4a64e16dd3f70675d67c63a5eeadc82
SHA1 41ef5eb7280033db52e2768f136908b3e16099db
SHA256 e6c110b2f1502860b27a5a3b79a82fff4a33a091b19e318506a88c0986790f7d
SHA512 ab688f6f51f909b4300f3d295d3751c4c40fb5e775532055acd9a8b32a1372475052ba84e31c859a5ed22f5029dd1a7b44b0be869f87265f2625509fa4173077

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\cs.pak

MD5 c194b0dc73de42cac7879c8d8aad38bd
SHA1 fb5a91e03a414deb3588e483cbff3894d9b5174b
SHA256 51c00cfa284b70fadc95fb4a240c86c1402f31fc8a23951fb56ccb6f1e6c92d1
SHA512 82b821f25e0f138da92ac2130c59773db493dc9626d6aa4d117cdf6c04572f7e78d9bb4c95d4821b1b9a7af312e975aeb1338abcae18f86f8a52561d91792096

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\el.pak

MD5 ee84bac64eb387b6da9b073bbcadeebc
SHA1 e3756c286999a15183f60e1e16c13bae8fb44371
SHA256 6ebda53a524100728f921330824651ec7d786093012a3c00634dec444137d15f
SHA512 ef97037137261e7723ce7025b979c4252a572e8a43180aca30644e7ed89833c6e12ecdd57e945da52ea99c43d845de8cd8a769a454ca97001f74f279dcc20c87

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\fi.pak

MD5 fe011231bbc8b3a74652f6a38f85bc88
SHA1 2b851e46738d466b3a5a470de114d15051b6eb6b
SHA256 7a3249514585491eb47fe4b579edc27ccc48761e7ad6bc11d113b257132c5dd2
SHA512 2a4e5c1409347b4b514556c81ef32c8ae118add28e3469717b13045c8424fed9b817c7988629050ed3e732e0cdca181891b6a8b9e64e4c8d65f004d7c8db9796

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\fa.pak

MD5 0cf88d6a24b9afa309deaf8b311804f6
SHA1 cb6441a56d63511d72295007e8bb47fb7fd62bd3
SHA256 904d529631cccf9efc39774538fb529259c2f50e4972f4582500c09838e90388
SHA512 e843c0cb50b51aaa89da0445a675e0b37a6ff5d1acc98315281d357c3ba6103d774a66c61edb86d5b9d0ed69a36836c8494c56730e4181ff7adb5f8969af8249

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\et.pak

MD5 82a07b154cb241a2ebe83b0d919c89e9
SHA1 f7ece3a3da2dfb8886e334419e438681bfce36cf
SHA256 84866ccaf2ec39486f78e22886bef3fe75c1eb36e7a7c071471040e12018db28
SHA512 07319d155bdf9e27762ecb9ef6871430bef88b1af129450eb65aa798ebaa4e02b25b0cf9bde3b12ff1b04a3d14241569b73d6af895d2e85dd7b24d393e7317e9

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\es.pak

MD5 198a99df04dc127677755cd021faff60
SHA1 e97692d927059d507e99144fbb4ef4829abeeaab
SHA256 10d257b76fcc484ab163eb570de406fe07607ae75abba94681719dc7415f40eb
SHA512 ddc0d64cf906a9357aa675acf6037effd9a79d49dc0bfa8e49ffe41592f4b776095db5a6a49f33a637514f56ffa08bc9f1dfcb03572a205fc5ce7e658cc77ca7

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\es-419.pak

MD5 01a9ea4b1a6e834f248e602c6632674c
SHA1 78b28df07edb3ab49b33496d47ba6da623bfc3fb
SHA256 0ef2e7f6786569bc06897f21b86b4532a2f4d938b199f6f96eede05126401200
SHA512 25e6134f115933138b82ae05be2621b36d6757ae159557ec1d516fa0090207cdabf4bb8405412510003e16e99d678955c30c4703830f19f1721bd7fff433e190

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\en-US.pak

MD5 626f30cfd9ad7b7c628c6a859e4013bd
SHA1 02e9a759c745a984b5f39223fab5be9b5ec3d5a7
SHA256 0fd74bb69ad35b3f9391fa760bf0eb0ee73d2bea0066244577ef2abd269513de
SHA512 9ce902f21fef70c5b5af444b532b36c9a00d896878cb4021c9b1dc07aa3277d956bca65ee0adb68467eec113e535b60a8a5fb5414c7d0ca761ceae5c43b7d9a9

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\en-GB.pak

MD5 b7f9397c0f3cee07667f78a47dcb79b5
SHA1 23b195409aa79065ec6719ad7731b4bfa6488fa0
SHA256 37de35396aa9f339a24ead5435d7d7b7a46a698129e3e160bf2e753519e71a9e
SHA512 6a6ac49e72cd93f01a6b95dc8f789ce8097b51ca4404079e32a6699af744b87520f9b8c7a5dd38af27b8f0cc480ea637a2bc387872f1e53121a2b0a5187c0c42

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\de.pak

MD5 8e0fda4334aca9fd38c08fc04f902f14
SHA1 911fd9bb8465cc93016eee6295a51d2e1056a665
SHA256 a6d699ef46a029c61fb911b5f09e86944436d4b58e4ba5ba99b69c178e8061f0
SHA512 8a411a922413dd68d507bbdae681c5a2c340fcebf2ef4b3353d4c1801a328bb0a1557d9d0dd118368e02c6153141fca5ae11bec6d83c9ab10f33cc56b7328dbc

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\da.pak

MD5 ca86dc72b319d93e16aefe20ddbe4d19
SHA1 686904628ccaee9bb75a95c02a866368ea6be69f
SHA256 29f88dbe1952b71a7f72aeb31d9646b5ab2586714878a731f11f66cd30de89c8
SHA512 0435bfa042e51747212504e0a7de90bff452774d71b61ab9fd8a48895e219f89ded44f4786a399fcf966e325fd957362bcb85542ee6402d868b057a4bd352cb8

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\ca.pak

MD5 9e77a9cf601f1dade57f5a9033ac3397
SHA1 798d12be16d85179717e18b3dc82f8c8e5dcea88
SHA256 2bd71156915aab5977b031bba00637ebb66c39cb9279a174c84f7ebeea865f97
SHA512 24ea151b3f4c584f270bc23c44f01a23a8145cadbe34948be519bbf47b516534ebd8775356bdbea4fa49059f3150d508c1dd53657d6460f2a50147a59e3d4af2

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\bn.pak

MD5 245c44ca6387ad79bc6f691969f60075
SHA1 bca892ed95924a11888b3b14694c86b0809913ad
SHA256 8bc5d3147dc3151b2f3b4472ae9beff688c44a18a943b4e3d1eaa011dd1bd2fd
SHA512 ca79498b41fd19a29d4eeb3f1268d07788e3dc7e7e648ddf34263d8bb18dc44c0ba66ce9254ff1c1438c652377c50a48ea20d1ba04438b539f22608e42fd66fa

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\bg.pak

MD5 a69f6075863d47b564a2feb655a2946f
SHA1 062232499ff73d39724c05c0df121ecd252b8a31
SHA256 a5eb7038ed956bad7704a722f05691474ff709dffbad92b8e31dbb869ad58334
SHA512 930ce3938aa02a8bcc609a64bd86b7e6164d63baad157a980fd079859a6bee5db87bd1f7a74a71108f8368bc9c6154bf14a2dba1abf269f572bc262614bcf1db

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\ar.pak

MD5 7b8716f78ca2106653b53dc9080bfc2f
SHA1 28cfd5648408c8df83f301f59823986ff93a8858
SHA256 c50503cf71e33c1ea32030aa2613a3e02bfd6e24b01a77da7c52c99cd2b1a0a5
SHA512 c467dc452f254872dcc73242760fc094fef10e6e23e34dd5d50988252ca55794d2c5a3b8846b96039f9e95971c66a84a7801711d047a7b3e046ab09b88460dab

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\am.pak

MD5 3cfd7c5bb92ab72c63e003208a9e4529
SHA1 165d2f69ab6a6e237f0fec943b5577123cefea87
SHA256 12e9e1bec1c46e5ea706157726e17a4429acf288a5754fa183bd9b4cf7d3853b
SHA512 cd7c7837d758ea66abc871503cda6fe99ff45990405e60c1133e7c1f4cb29ee69723c9558bb2d3eccb42948da57351f4f095062616686ab2e255acd3c86236f0

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\af.pak

MD5 917a688d64eccf67fef5a5eb0908b6d4
SHA1 7206b01bbc3fd8cc937db9050dd8ac86cf44d8cc
SHA256 6981249837ad767fc030edc8838878a5e493fb08cc49982cffaed16cfbeb564d
SHA512 195dbec8463cf89990232296c5c927e1501f0c2e01a7be7c6a6acae651853ce1edb23d639af65979b39a3c61979119c3a305acfa3aadf0cb93e241c5e57f4534

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\he.pak

MD5 d9ef2209d1095488f4ce0af4523d9395
SHA1 e4d8d8af130893e55a867715e42ff02d02dddf2d
SHA256 1174a04de2fc394a4eb0671c4c7410969a23b8e59af20983a27ac95f4edda3f6
SHA512 d83399f4605ce25667ef9ca848dee1f7da077c7ee9be5350a4aec464a316dc83d14dec3a2432bfbbf985a164bc242100a463796e3b3a8b57c98cbbaf816370c2

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\gu.pak

MD5 04e9a5277c22b5de6ee2432f00c67b40
SHA1 022af342dd3f2829af75677f9b510ac168972718
SHA256 d9c134e069da17e9f197761a627d54e24d33fceea0f2c26929b7ca77b9706376
SHA512 62dbffc7ad66136c9eda93a5745a3d44651fc4fba9b5f65111805574956171fd02716e33d55666e3d8b8a584ffeec30e844185b82959d6c569f63771208077e4

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\fr.pak

MD5 d79d49987aa7937fb37e48aa0fb51165
SHA1 ee9ba7adc9aa4507b70f2da4e36612f083e8cd2c
SHA256 720e8fb0a093412e516db4414f2e017eb98dbe376e50a0a09977f31162854841
SHA512 be2299543df30c25faf70e7083b3fd711ae8c0929aeb964e60282314f747b5b36db4ebc7ddcefc63279c10524fc1330c8930074ced5e0954d16b28d9b78e59b9

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\fil.pak

MD5 87a7559bc0ee1687cfec84fa1c73afa5
SHA1 2400d64387c66ddf8a3c3f8285e2c61dfdad16b4
SHA256 5260c38823b4aa6c717bee9dec2f7440e46fba439d83a48b4bf1a68690322862
SHA512 8032f233808f5544da963f0abbadb490d8814bda55ccbcc1db0a23fb3e141448cf54618872cac303abced9b221f3c1ae243d9689e547fd1a9a9c21d0d38d876e

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\id.pak

MD5 19a196f6c33c6a206690d93408c1f2ef
SHA1 2dfbbd4133c48799ed4fcf9f388fc018ec3c2ff0
SHA256 53f24ad354cfa4a96d22140f8ec72199c3769ec057141fa1ac2d0108171741c4
SHA512 0ba4c694684ff8a8000f39d1b645cd6285a3b79f6a10f698e7a2ffe4a51529b2ec78bf04ecc6aca192557967fb08bcfe8d2269c2b80fe29e5a9b413f47a180c2

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\hu.pak

MD5 b93beeb1e35a29b310500fa59983f751
SHA1 45c0b2cab4c4a820cfc2aed4b7236ddc79a0db00
SHA256 bab09c3cb80130a4a288642633c2b31ab08b1757466d9a468bc36d276079f002
SHA512 249de5b8bd7c4755caa8b9552254d353b0d885b63bd5f7c6c8e29b3f4e447c9e8d6c0e88d5aaba0b898aa26880592b3904e19ca4797a2ac1dd757aaee782c37c

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\hr.pak

MD5 878e5979029909167217bba0756dd695
SHA1 cc5cc5566f014fa13fa724428c3670e6ba6f11a7
SHA256 4745358d0ef8ba3cbb1b160f372eded72c3a6ce80a6eee4bcd2869b1a6a6a702
SHA512 687bce4aa2a6ff95baa35d6497a8fc11a773d69dd9a1b99c37a1789e44f1d01efd0f72678c391196c4fe197b928ba2bc6fcbc6822ccbeac34eff37e091ead847

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\hi.pak

MD5 96e62c548005bcadb3e6b12fad9a249d
SHA1 b6efdbc7fc583a8bb7187fce2cfe9ec222c90f55
SHA256 9e21c0e29f913ac595fd7c6a414b6b0946134e445f757af8790a8d8b4eea7d73
SHA512 7a27fac58fe6884f6335b7dd090b079a36ab79bb11b863b05c31b5b5cca92face02ae6633fbe71a0d9c48dedb601c30bc85704490799552cd6f3382599d29f04

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\ko.pak

MD5 ec59b052a85b244d45d76c795c0f7cff
SHA1 46663ce3c4a617a8c641fab8f3a47b5b00d1c7bc
SHA256 a3513c85206a06179223ee7c890ffded53dba6d13ebd4aed6c8dae6009d36ef9
SHA512 d5b951245fb15e044fb4e4d74a4e0c482b0fed4d1c0e8529dc9c288a6df0dd763b5a620a5b1a23fe9827c97dbdbaaf55248e41e739558386bd671a4de3389c15

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\kn.pak

MD5 83a8652a6fe3d0411061f224c875c8f8
SHA1 21c1117919497db487c15dad7959f3a5d19b0796
SHA256 a07f6efcb5cb28277052dc73b0ee022257756387cede71355bd22eb617b339b2
SHA512 979ed0ce7c2c2ff4e04ab850e4a31a41b3a080b9b072f5a4d0fd10d9d6a4933b8fafc9f5f797b1b21852d9afb5f4f8c7a5d550bd304c016a30c736d133117975

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\ja.pak

MD5 a4dab00e991737a89335b1606edc0cc3
SHA1 111b692a2b5d4337b2baacadc8bd3c6ad787a304
SHA256 e9f2a4cb104d14c168bbca4cc8eac462fa074cd0f80c62134afb763d7b444944
SHA512 473cec3d92a343de1e0143f2301af5423fe6067bf997c40b8e3e7a9eeaed8878c3d3add41141262745c52688ff91a004057681b55864b6229a24b1ce3acbcdb6

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\it.pak

MD5 6b6e505c15f8ddf44876762ad2ca51a7
SHA1 551d6e3b111aac6c96cea4cff939d0e25d4f1403
SHA256 ea71154eb34bdc4183e0be8bf803730d6bd315020b814cf0ac63a04a1f6ea42f
SHA512 3e17189ea9c3f22ba88afa99b3d4d8abf08e84af0d5c1e345a280ffd7ff1716ef3d7ab299f884fe1f272617ad595d21530464477576e6282ae4907b60668aeb4

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\lt.pak

MD5 3e9119a712530a825bca226ec54dba45
SHA1 10f1b6bf2fa3a1b5af894d51b4eb47296c0dbc36
SHA256 3da531a9a5870315823e74b23031cb81379d2d94ae9894a7fb1d8a8ad51a2da9
SHA512 765c872cafa1b266575b0cac09dfa796cdb860bd82e1c657397fe2aada11771f306b0a1776e4d66ff41e94b153c812592430f31e7b1ff97abe7d8e6b96d321f1

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\lv.pak

MD5 b69dfbbc9262ef0396cbccbae1a450a5
SHA1 18cdbd405f9ba96516d4089019e9d10f8513c594
SHA256 7e343ba5eddbb08350e701bdbeb41196500a4b21b165a7cecb258cdd4666ed6f
SHA512 5365f788c8b7c70b68011c236388251d08c39cbe2ed8ab2694937e3c4ef5989663f11891900474d8200c1df20b4c3dd6ea60b141227a2d116d50d0e4842ad916

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\ms.pak

MD5 73096184d7bd6a9a2a27202d30a3cfa1
SHA1 ea711b29787aa8b9e9af6bde5b74103429e5855f
SHA256 d1072514bab63af5dfbf923175d491787139f0c1b6361acb23e67543836c84ba
SHA512 e3fbee4896554e502c222b5ffe38e9d61e9db4d18cdc92ce5118b819dc60789bfd6d6c7f8444ff1763222455ab91e79bfe500e75c0e06b0de70c2c64fb043c6f

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\pt-BR.pak

MD5 88a0d51135ac6eb63a1ae2c3d7d6b7e1
SHA1 0d82dce50f9971039ffcc3c52cb10ef22b5c0879
SHA256 d773a3feb2f96d7eaa488430525efa2c3e1c332eb23a73dda5318a9cf3311fc7
SHA512 d9c332f159b1f866a554823cd9c50a266cb9b68459c8d4d128fa00416067630ea255ea685f3529ef8f4982798a5c3d13193bfc99ef8185528dc693842f86a3b7

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\sl.pak

MD5 e8ed4db6b4aeb22fe5fcacc6930942f2
SHA1 71b46213d399c2f1e4ca15d10a352b0910e357c8
SHA256 892b70d912b09b2b2cfc2e0de740730fc95efd9144d42da4952da7809a41a39a
SHA512 6cc685329fbfdd834813575aa912e8001a4de47c2fe7156f83cc8ff9ebaadea44c412f2e18ca23972041ee0ef8869028b736f483f2230a3f71e463f71b840672

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\tr.pak

MD5 4421ecf9f210190446bb1f6bfbf32968
SHA1 339f33edd05433f909a3ec82a82bc9b7ebc8d551
SHA256 c388ffbe429cfb886a19fbb7b2c184dd82f09614f4a05e70fcfc1813b785b042
SHA512 eaa11a2e6f9039c877c5abb1a5bc8c31bc4161defdbe509000792b7526c8fa0af8de76b60008d4256ada0b9f6bbe25dbb44baadcf26a67e58563aa5d98c916e9

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\th.pak

MD5 cfe988427f59a8eee9912a0598c5d874
SHA1 ef81ef21da5c93895a5a0a7ed09944f7dc16ce2f
SHA256 0b61787cd5aa05a6b631f9e59d68f2f1a6f8d955e7d136aa186b920d091ed1e6
SHA512 2f4e745ec9830ca4b958b9ce40ba4ad99a180e08b3d4356f4ba3376be1f72ee33dfe018e7538bc2d851548ca448601504eab9147e9b88e8f9e1564e78436ef51

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\te.pak

MD5 fb1f79e63c6be573ecf4f3848640e41f
SHA1 21c705991bbd36b06fd8f773b144e77a6fe58d0a
SHA256 21bcb510745b3427647195d35ecd18a2eab47aac47c04e8284105fcc76626352
SHA512 339e7135104532163a048a01bedfd6e92e3dc5059b2390c1bd59a5a9db73cc3d70c40d1b10f6ca7a3baee5123e995208b88e6800875b151b4b53004ea3ac8988

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\ta.pak

MD5 c86a6fca8f0bdb5e8058fc37cc32e4e3
SHA1 a4cfee55fa92a182aead90a0edb84082e04c35bf
SHA256 e6fe05a4e8644c69eb6dfd0ac80a3196b9f7b8adb90836ad077309463b04bb23
SHA512 b5709c92a96241c630124e249edb682ba00d035f1fe689e2cb685cc4f4050aa99ae8ae83141eaf6aebdd747d26228716c4e3ae44ae23ef96951a9fbcb1d58a67

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\sw.pak

MD5 ce3a3e426d21f1c6ec7930106350fd81
SHA1 44693544eefeb7f8441420228c8f7c0a80a40d28
SHA256 77df771dbb7e70097bf43152d941e5295377d8864aebb3ed22b2079be74fc90e
SHA512 2a6d8dd8978d48b6f9b8745b383e3298855dddc4b238f0bcf07df697b1139d002696dddcacd4afc93096ee3b72e5a2eefe605c90c5c79fe76585168eedf2ad91

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\sv.pak

MD5 d578b2f9ce88de97b201258aa7b54bda
SHA1 f45b2ff661694f488df36485a078b55941314b76
SHA256 4e70a55b463922080d544fea186f7266519dfed6caa15f5cfd229265ad36a531
SHA512 2283a7e45b3729237446aa9b1b2439a1a9b759822c4fa8235bffaa9628a49b33e45e539db208e935440782001ae63b4b995a057fdaa2f828d04b257c20a670a3

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\sr.pak

MD5 8f58b2463e8240ef62e651685e1f17d8
SHA1 6c9f302aed807a67f6b93bcb79577397a5ad3cf7
SHA256 5a55320d6953efb5b565893e32e01f6dae781a16460df5502c8ba012c893edfd
SHA512 6076d43a73d5fa5192cbe597e018b268cfdc7efb94a6cb45dad5b0da9c3abf68aaf2ea06f3ad650b28a993605917b6d356339d79f8dd6962d2c40dbf4653ef83

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\sk.pak

MD5 f117e58e6eb53da1dbfa4c04a798e96f
SHA1 e98cee0a94a9494c0cfc639bb9e42a4602c23236
SHA256 b46db20eeba11f8365296b54469fdd001579852dc1d49a01fc59d2a8bcf880a3
SHA512 dea792a63e0557d9e868c0310ec2a68b713daf5cf926389e05a0885cdb05433d20f35d087de269f9584795da50600966b8ff5dd95583861443a1e90564a89793

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\ru.pak

MD5 2ff64897da3f382ca433f7e6dfa9b971
SHA1 435fda3cd1377021aad69337f1ba0f6a22eec1ae
SHA256 5f65b10de8ee34faef509345c41311f468e4042bfa8990c799fe94cfaeac00c7
SHA512 f59770d9977c94daca4ae100f45be5dcda96e758a9de32a15020c481a50a0f5db24ace9e68a9e08602815b282a337edd2276c1c988dcae06ca343f78f30180d7

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\ro.pak

MD5 4e692489e2ae74a4a11ca0a113048f15
SHA1 cb2b80217d5372242d656ac015c024fe1e5e77b7
SHA256 4a2a305668f1926cfe4bb72e8fbfde747c83ac4dd9cf535c13ae642d0b96fb79
SHA512 8ad9e0a79137a862def24d6963536e75b87bb71ab74dbdd43531c5c95ddd3cd834f22c6a8e3a1e03aad35ade65ecd227d5101b5be3ce3f0b7b471f5136cfd77c

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\pt-PT.pak

MD5 0237374730fa1a92dec60c206d7df283
SHA1 62dbbd855d83ef982a15c647b5608dafb748745a
SHA256 2fb2fd2e32b952dcbc8914f9d3aaf02bf2750b72abfee2e8b2bb08062ddd9934
SHA512 63ec4ec44002724e22703a3bd952d1ff4062b367c4f5e3f106349bd226ad1317bef2e371fda0e099ea5c0afd32a9d2c1246c93c18d73dccf8fc2c1644a6fb6b2

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\pl.pak

MD5 00011ac2cb23c159ddca327e8e3e9d81
SHA1 639163df3b7cfb798a93414a162d2e86c20707f5
SHA256 c12b119ed6e762b7c0bcf5c52e6fee1ad0ef57b9f7af10c3ab71efcdafe7a2e1
SHA512 10f4d34aeaf8c26afe82ec5fce69a0d0da26d7240798bb455eec26fc5029c5f41853a7e510c07dbc37cbc6bc7b08c680e231f3a0410eb5fc21aa3c307d2c2379

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\nl.pak

MD5 b7829a2ae1b6fb747335ab6cd650f63f
SHA1 6c6962bf9432d035add7e28a2c4b890b026363c3
SHA256 7243b7c2500a06683a381d47c8aeb1e3088f8b7415f29bb7bf50c619e3e6c13b
SHA512 eb553f46b75d2cb2dd267705a75742314ce031da1f0b7355f859b3c9fb64efc6e6554db8d08c19ac42c5cd6055915cfa2a9dec05f9e8528b7fc42758e6f22187

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\nb.pak

MD5 f8c436fd011fea36b29e8d889de11793
SHA1 68b30e8b9390572accb406bc0d2be8f6de07bc46
SHA256 508426fded0a52c389dc3ae325d1a7b93bf56d49086c4e0326e0e70dad2d11db
SHA512 ba275ed48313b33b1ae28a9d5bd3c079a613c2149d5945fdf4b08db3ea5bae6aa0d2f314e855fcaaee1d1388b7c38f4d43c3faf58f60be467562cf2cbe84286e

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\mr.pak

MD5 fda40999c6a1b435a1490f5edca57ccd
SHA1 41103b2182281df2e7c04a3fff23ec6a416d6aa9
SHA256 0ebb125a0bdfd1e21b79914ca8e279790d41f7bac35bf2d031dd7981f1c1c056
SHA512 666ceb24d2e568a00a77512295e224a6545bf6abcfa19c93aa823db5330117fcb39fde570e7601dbd41976950c3ec03634f89fc5d9203357515e6651ab0b6d32

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\ml.pak

MD5 6e96eddfe80da6aaa87f677feef4d1d6
SHA1 8a998785d56bc32b15cee97b172cd2dcdc8508d9
SHA256 e2fb73353ab05eb78f9845bdbdf50b64c9fb776b7f08948f976fe64e683397c4
SHA512 feea11dfc6ec153ab903b5828306617eedeee19daa73bd046ae47757795fecb9abce6192bb3a9561aaace7fc85ee442057b93081c6c986855b819fd38815e6f7

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\uk.pak

MD5 cafb6184f8a3d80aeedf5cab50cbaf27
SHA1 ec19a2093c4c552344486b52e4919084aa47037b
SHA256 fb3dc0a600e80774c4bf45d25ed62b76d7cff32eab3a79fa88cda50fc12b5fc7
SHA512 2479a0afdf2eaf779f4db96804e346424385f5f8c07366984daa4f5692e4a1d9fca965cba424935688592f38852040c1896475026ad519dc83d8463113183b29

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\zh-TW.pak

MD5 5ad179cc582933b6afd977514b8a89d4
SHA1 cdaac5025b94a1cc041133bd17bb82319b3cb004
SHA256 edc4bb5b93b6dc1263f10c2c1282e0b60445fe673dc68f06162d1c11b6ec0719
SHA512 2422487594909c3808cc7b27f728a220aaddb8200d202686035d554c71e61b64283a2ddab9c49b03ad99bb21c94f119d1bcd58c5b1a7d5ed1955ee36ea8364b8

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\zh-CN.pak

MD5 168968ed7705a2a62c559395724c92ab
SHA1 f0a67118affc19e8298ec79a87e0978bf1bd3278
SHA256 2398097bb87c9ce6e844ca69a6c65e75b3930e70ba085be7d2ea9bdfd09dd5fa
SHA512 b6d4f8a19c3cfcc80e29f6cead38d95f1cb8116680573b554a97709882a25473d9b02aad60a1ca2a2fa474274ea8cb0ca6fee2d631190e1ee63d83a90399f1fb

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\vi.pak

MD5 acb8af4f3dc1ab39439e6421884c610b
SHA1 1fe795293b2ecb88ae58968b4646a6dad22e130f
SHA256 7524a99ecb0fa8cafb168386ff075a51972aee8c3287ae403938a2b1cce36642
SHA512 3249f1e823d54d613574b6d4475c3d94c833a12127057d6d514f1c0ce1646d8875743fd36dc3a2bcc5d338f9bfc068394df6d903e7f24e6b6cbb293314b4779c

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\locales\ur.pak

MD5 861ffd74ae5b392d578b3f3004c94ce3
SHA1 8a4a05317a0f11d9d216b3e53e58475c301d7ea5
SHA256 b9f22a23368bf1e21f3085583ecb775cce8045176721ff6ae798b06bd2810dbc
SHA512 52ede35b7ed1fb6e51b18e450b95c3245d326f2afda646e3642ee68b714dcf9a726afe32e2759e9ea87a104f4a59e6fc2c60b3275aad8332ae1c626231e6747b

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\resources\app.asar

MD5 0056bc4caa6b0577debc0dae0db4f47d
SHA1 63197f3b54b9aacb678d697a51c4110f5105ddf9
SHA256 1175ad7557eac28efe79df9da282e978c7b4fd541dd656cbc379e39cf65b5d39
SHA512 88854cd9abddd09e83fce1b8b29f3a844c85a6c7a3789142d082cb962654f94234acaa837e518cbef702bdd3be8f52e103de4fc51f78e294487adb36580221c1

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aabef1f49e09086987597e75dd8b72c6
SHA1 5cd0b39831457d0563fc15a5bd3cc3bb06bc9cd7
SHA256 a631d71a34fc540b1f916bc93183f8f5f749bb5b0bd0963d9b2e3fa7355a8fc1
SHA512 0188e4e6271328ef1135fdc36c31f8b62d357f0004e79bf156cea51817284268abb940ecd6987ecbdfc2491d7c74a51dada8532675221a69c47165d923a706f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c34183f1c44bba818a604544c4e110e7
SHA1 de1e238a72c89706cb3bc84224d14c52ce7cb25c
SHA256 c9b8d0f0f82ad6b45f6a80066bf2c9d693c5584965f7bf855b329d6bd769e82d
SHA512 a032a815af70f3f556e3ff0d7d21ff5401b0f014642edbb055844e8955aef3b62bc02e6fe67abc0bd29c65dbc02c2a5663ff279de08f2ecb6cb33f6a64e4f4b7

C:\Users\Admin\AppData\Local\Temp\nso8183.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 e2200f83df563e7df016bfeeb36d23ae
SHA1 81ada65f6f20802121b7fb2e7ebb4d2734b2f88d
SHA256 5fd0eebc1fbd5788fa460b4e2531665138e48bbf7b3128f9dfa9d9c78f8c6c40
SHA512 3a1e67de7711b58cf426cf57cf45a67f1e947d17d6cfc75a883f0165cf1a92900347d28b7a5fc5b3e3e4364e47fef349f350cffc4adf37922c19c9789e4ecb36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6139865b5d22c4642058cb55e214d624
SHA1 1bf9e828f08c87cf0437879716fd3d65a26d7e59
SHA256 09524261f1d58d061214fc0e8e8ba8612cdb714a7fb0f2f3317dd51bf49105d8
SHA512 51a2d101f8752b42abf938412eba1da746d808cd33b37d553424198872a766eb333ec30e213f4ae9f2730ed44e78975d46e0347b1099e3762c96ad787f673d1b

C:\Users\Admin\AppData\Roaming\uniapt\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\uniapt\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\uniapt\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\uniapt\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\uniapt\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\uniapt\Network\Network Persistent State

MD5 aa88fcb956a36b0f1edc4b13a57d7b6c
SHA1 b8ae80b494ba82deac9fd9f531c6d7e46eb34538
SHA256 3d40a61b4c9f424808d26fae1abfff082efaf1b220dd5a3efb8cdf63d6ec53ff
SHA512 46b37da5ed872c62fd2dbb1cf42e3044ca3c7967f2d29fde513bab6a87ef1c7f221540e6a06f2a5d40823c98aa28441b98f20a74ffb4609432e18105347cfa00

C:\Users\Admin\AppData\Roaming\uniapt\Network\Network Persistent State~RFe5f42ce.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\uniapt\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 bc60deb3c0273dc1fcb96748b86b2302
SHA1 960a5e4c41504a6f3b078e90be539ef0e0eb8559
SHA256 631d382e3a0c3efaff4cedb1ddbf6d55ff983e745d8f7b64077ca858645a7b64
SHA512 3853e8f5fd2dd3a5c6ac68bd1de6ec0bb627086eea2c1bb94d9ef97be63976906bcd7646ded25e1dc681a7b1b77267f5b7605af4b35911e10f8a8323f277a8d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 c6334512044b038e1299c4edd3654bb7
SHA1 490f7cd5c7fdd875227c49344de31a2ca58f9335
SHA256 3724e559397032d8851ed76802b57fe479e56925d63e5d760aff536b9249df47
SHA512 b4c9d98a802525ee82dd8a0de6f07fc77c0243f7d001aca5d54b2ec71325119be45aa4e1ef5d1d035d6237ea9dcf2c976fa170550942c50b568326157d7bfd7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 253a356d4cf0f8be6526e2bf748f5752
SHA1 f9dae621348bb7825fc52839a5f0ead7f9b24e20
SHA256 3476996d66e9b61dc2f6dec6bbd715a6bdaff07771721884cce0221a76da25b0
SHA512 3d99f4f7059ae4c0b7eaed5aecb0f1b660427cafa77c321783ab59a698e5804699e10d447116b0690443df847b7223450cd728b1cd1aff956a90bc1e311e7300

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 7d0e72a5e00e5a7827904ecb649b7333
SHA1 0a3345d1c2056e532148cc7b7b53dde893690b4f
SHA256 4d5ad677fa9917aba64646f6c298bc0eb28f94deec5dee9a6903b3434ebc980a
SHA512 b887b9c4712deace98eadb34acdd7000db3b3bad8e41dc8de02ea2776f69973e2e7f47f5fc407fb850dae8a81662869c9d87e7788e8d56f5504f404b40a77183

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 fef291823f143f0b6ab87ee2a459746b
SHA1 6f670fb5615157e3b857c1af70e3c80449c021aa
SHA256 2ccc2b4c56b1bc0813719c2ded1ef59cff91e7aeb5d1f3a62058bb33772b24be
SHA512 cf28068cc1c1da29583c39d06f21ffa67f2b9a9c4a23e22cbfe98aacae6ddc3dde1f8dab7eaef371dc0a2230d21cc8fd41653fc5d812b14c389e07f5ef7fd5c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 b40f185cda34bcab137acaeab2afd3d5
SHA1 05cdbac403f5aff64ca40d9bf4f1e7040bcf0f72
SHA256 2ac410486727a5e4440c49cde4233e292deccd7dd84d70c81fd8951f0e51b9ea
SHA512 e61732fd70b169b901dd4323132d9c854772e416639ec7b21984c96c6e94f5c77cc1a098265935135f59da15bc2c428e409c3c0209eca4c1415df3e0d42a63ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 888c5fa4504182a0224b264a1fda0e73
SHA1 65f058a7dead59a8063362241865526eb0148f16
SHA256 7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715
SHA512 1c165b9cf4687ff94a73f53624f00da24c5452a32c72f8f75257a7501bd450bff1becdc959c9c7536059e93eb87f2c022e313f145a41175e0b8663274ae6cc36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 450fb6a48e336b24a12e050d5f2090aa
SHA1 548880fa93284cee6ec520d31c8b6502a6a3c340
SHA256 17d6861d24c9be9f166845fbf7c3eb0d700e91838199ce3c800e4ed52b194639
SHA512 5a912a46a4722ea2ae167624bfac59c8d2c6993833ed81b94aabae4eccb5c36b080538049c9dd5ac3db8ea98b50ca1fb36e8f96b90f5fe9b48f28789ff6c9295

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 12ef192df15011d506da25c2f0d871e3
SHA1 17e2ed54269a2030933deb6558d305a199545436
SHA256 48205f2b6292617b0815ad4082641689f1ea21e4f071ee640b46d05cc246c718
SHA512 960d09a3ad3a1a409b9895a32f883f5b8dd28363e3a3f0cfb3ee200bdf72a0d4563ac9a3e72326e8564f2b0987fda3c0ee629e1fc855c71c1a067ad35f037a39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 adacd4df1585d4c4c936edc4562f2543
SHA1 c62cd295ba243be4173a4ffa13b42fbc9cdad08c
SHA256 be08302751b74d3577a05494e8b7fcc3b151090197ad2c964d2b6f6011184709
SHA512 a7ac25950f32d4ae00dc9c0db6a759cc45d52e80d3876a2f7a60c8b762bd72653c0bb8eb14ea939092d0f4853eb8d5bb188f775864ff09e9549e5fe7e4b5985c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a3078018bbe3f5ba3b4f783044b51044
SHA1 a2db5b32092f65697991ae056e5f048922957558
SHA256 126cb3839f905a268604da8408ad04d5f1ced905d86bf7df377bd79f1eba68ad
SHA512 28a9352a1b827c951dfdd8077343842a89f31f8b7f363ea0b8888b3869fd1af17575ab4d68c2d9222fa27547b94b3d91f9da5178879fa452651a539a6cc0da24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cbf5d9222abbfe43976899536481481d
SHA1 ebddd56c9308f1e524ef4e6329371f326a32c8f3
SHA256 975a456e19d9910dbb4f83ae92f28c7fc570dd0f69bb2c6250956bec543b569b
SHA512 ec841c339d0fa1f13abe63ebee3e0b89035990ccb18b128c0ffe8452d30e1a9e5c5d534b922b43e521d33320e899c889ae68c7b6dac1a2e755ab87c05729afdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 89f5553eda7af43a7ff87361054b5473
SHA1 e8632f45062eaf147ff39ad749c1dc2806ec4889
SHA256 8cac8841c8868e7bf790a9baad37806272d3612de48863bcc159a3cb6ccad340
SHA512 7b178d3fd7b6d9255cf856783e65581561d2d8990d30ed142b47d5d05650447c6e099f9b6b7b967ef86f1c6bf2ea47be87029a9c4c76266f90988ffa0b825af4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9832282727ab0efe63ac0518024dd2e5
SHA1 0e10da83715069cd54b203e3072fa1b488af2034
SHA256 d8a04901a101bdba816532114e3f7a48f1188a9f7c68b2e241b9a4b86f57cc75
SHA512 8f38854649f19ddd2386c54af8d21bdfc38c4e24da531d186de0d1540ebdc6c5519f6bc26f92b93daf5d3f5960c80b83c4e51e8d0b3f3801abceb3dba5aadf8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a577ba3afb6fdc413283349ae10b0b13
SHA1 034a0543da98046c0da513180fb0fe1b2b1cc8b1
SHA256 e2898ddd1cce400764c8a34fa7c826512f57ac7d7aec82a6a5794dfc7ae512da
SHA512 743c085f6255eff542f1a2e79eb88b5b37cbfd780e16e692cd4111554b8d8b225324a53407b1d6f4b47c1997909aeac35bba440efe007f5a05ade54b89ac13b9

memory/2956-2284-0x00000000001E0000-0x000000000028A000-memory.dmp

memory/2956-2285-0x0000000074190000-0x0000000074940000-memory.dmp

memory/2956-2286-0x0000000005030000-0x00000000055D4000-memory.dmp

memory/2956-2287-0x0000000004B30000-0x0000000004BC2000-memory.dmp

memory/2956-2288-0x0000000004C50000-0x0000000004C60000-memory.dmp

memory/2956-2289-0x0000000004BF0000-0x0000000004BFA000-memory.dmp

memory/2956-2290-0x0000000004D00000-0x0000000004D14000-memory.dmp

memory/5888-2300-0x0000000074190000-0x0000000074940000-memory.dmp

memory/5888-2301-0x00000000055B0000-0x00000000055C0000-memory.dmp

memory/5888-2302-0x0000000005530000-0x0000000005544000-memory.dmp

memory/2956-2303-0x0000000005CF0000-0x0000000005CFA000-memory.dmp

memory/2956-2304-0x0000000005D00000-0x0000000005D0E000-memory.dmp

memory/2956-2305-0x0000000005D50000-0x0000000005DD8000-memory.dmp

memory/2956-2306-0x0000000008920000-0x00000000089BC000-memory.dmp

C:\Users\Admin\AppData\Roaming\AZibCvGEQY.exe

MD5 66469c7a7dd603a5910183207c000503
SHA1 c97d702a6c01b2dbfeba714d902d1b0bdcf914d4
SHA256 f29ca51ab4f94de1be168737174063f7fb8540543160478c64bef4ba611b0e14
SHA512 6461578613929c9d1985eb870511e2f1a561d4d0a1b2b27835d17a7b042e5cb5f683edc9b4dd8499b8b71dc2bd38a9fde0e079a96a253a8f8e4b6af1db05067a

memory/5564-2311-0x0000000004780000-0x00000000047B6000-memory.dmp

memory/5564-2312-0x0000000074190000-0x0000000074940000-memory.dmp

memory/5564-2313-0x0000000004820000-0x0000000004830000-memory.dmp

memory/5564-2314-0x0000000004E60000-0x0000000005488000-memory.dmp

memory/2956-2315-0x0000000074190000-0x0000000074940000-memory.dmp

memory/5564-2316-0x0000000004820000-0x0000000004830000-memory.dmp

memory/5812-2317-0x0000000004CF0000-0x0000000004D00000-memory.dmp

memory/5812-2318-0x0000000004CF0000-0x0000000004D00000-memory.dmp

memory/5812-2319-0x0000000074190000-0x0000000074940000-memory.dmp

memory/2956-2320-0x0000000004C50000-0x0000000004C60000-memory.dmp

memory/5812-2321-0x0000000005AA0000-0x0000000005AC2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_y5p132e5.jae.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5812-2328-0x0000000005C20000-0x0000000005C86000-memory.dmp

memory/2280-2329-0x0000000000400000-0x0000000000440000-memory.dmp

memory/5564-2322-0x0000000005630000-0x0000000005696000-memory.dmp

memory/2956-2336-0x0000000074190000-0x0000000074940000-memory.dmp

memory/2280-2346-0x0000000074190000-0x0000000074940000-memory.dmp

memory/5564-2345-0x0000000005710000-0x0000000005A64000-memory.dmp

memory/5888-2347-0x0000000074190000-0x0000000074940000-memory.dmp

memory/2280-2348-0x0000000004F60000-0x0000000004F70000-memory.dmp

memory/5812-2349-0x00000000062E0000-0x00000000062FE000-memory.dmp

memory/5564-2350-0x0000000005D60000-0x0000000005DAC000-memory.dmp

memory/5812-2351-0x0000000004CF0000-0x0000000004D00000-memory.dmp

memory/5564-2352-0x0000000004820000-0x0000000004830000-memory.dmp

memory/5812-2353-0x00000000068B0000-0x00000000068E2000-memory.dmp

memory/5564-2354-0x000000007FAC0000-0x000000007FAD0000-memory.dmp

memory/5812-2355-0x00000000714E0000-0x000000007152C000-memory.dmp

memory/5812-2365-0x0000000006890000-0x00000000068AE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cc00ac333f0bf986_0

MD5 c48cf6d54f6391dbbc80314c0cb2c4c9
SHA1 11973751d48f37d25f93af24487f844d9ba6ad90
SHA256 99e7f565393163b263228553a55f4e38eb743c118aa4f9bcb417d76747eba411
SHA512 70f2d7984bbcfbf4a165d259f651c9467102078da2aa80539b2969f2712fcbc6c5db786aeba3d378b9b4447f318f0757b16afb7465126bc0206a77253ba06d77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1d6f86f8bd95fd1d_0

MD5 74341b38e7298abfda4ea9145af767db
SHA1 3d2c432c04858dff90e0ae8dc4bea580f5247ceb
SHA256 034d86577519a09d8495d9907dd1ba1f7ee44c421984086f3dd6b6716cd6851f
SHA512 b986b685c09e52c1a8160d20529532d43b95444989a6df4ac8dcd175e66229ee274b477d60e98204e090c3d4704c137c1f7d4143ee1be8979899ca5838aeef58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64d97b09dba174fc_0

MD5 cb87c07f2b919a4366ebdef7a747d496
SHA1 8328d0dd6671ce1da4c5e7ceb20f3458f2caa3dc
SHA256 c6209a247f43fce7c74861e728ff6121a6e351475e6cbe599b95427e023768ac
SHA512 149305081f48acb537e5c7c79f68da3342e4af8e8968f61387887ee740514da467a7a5f8d057daf27598c05d64da52c5c24faa9b95a73325f50dce767778608b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c12ccb2945c7c3c3_0

MD5 80e45f746fb5bc0de29f23352636f7b7
SHA1 b96fc9a81e6cac9243432261adba1d5e620782d5
SHA256 96d75b6889652c6e29dd6b251d6a5b36b2d314d1fe996d51eb9cf1f2ff5fe27d
SHA512 0272592758c8c7bf0456878fed5f227d13951fd42de6ed1715598cba496602d1846ffaa9d401fe08c001edc4011a742a1dbd3f7f68ed95627f90f08d769ae431

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d38d81d256ea7ab1_0

MD5 8d44e5a82476e9b75699101a633f2c7c
SHA1 f936f0c1f28355c0ff98e4482f74de3faedfee26
SHA256 6a1b23c657e9581e6e83ace3a5c6c548fcec3702b5ab2d89f91e8e0882b647ec
SHA512 eb65151a167d5e8ae8ba3191717203a3fa2702c505c8a589d0a1464a79b99a56d342ffbe823b9227f4376c904bb30d05ec04acf6d590fe24458ba66a8efb34f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\515fe5b21749ce9e_0

MD5 0ad8162a93922cb67ed41a8cac8bff28
SHA1 4a7fed85deeeaa5df1389475f01d2832d8be0b94
SHA256 e6ece124cb89d326bd4b54bb13b3a35543de917218c5c9f9a848d01925da48be
SHA512 14f0d8a1bd3675c7d6694ab7e7f760dba6327e3987656145cf0e959ac22cae958eed2547e8b17023798dd1eb2458a80f1e5cb4827fc3c80a750bf97d859ddb10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d3c3904fca3e0eb07f33858c9a6c9163
SHA1 6af8f436042547d23d05a68640e2a8e926a71ef0
SHA256 65fbca21d752a6e07ab4c6fcbcfe3dca27e50ce7cf03ead2701c7046495104d3
SHA512 5c384bfdb7e3d8769669caf7e94ba555edbb1c162d1a8d8c6b68bbabc980e0a9b09cf324051edf37d22e8ca88e8a07ebb63c5620bb07196fd135284436ccfa84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 43368e5fa4fa92fff8d993a5a4819331
SHA1 4febd35edeaea2104da6ff453a890897d3ae0787
SHA256 e9d6d17e854f4b6a23426759efda0a9bebcc7145844f94b5eb97e92ecc3e9415
SHA512 30595e77bcc334a166c4b2e616b42ee6c2b5baaf58184be7155b8d89d41af2563de8a47bb1599a98e5be98fd94c396538431c94e297159aa2da1974a778ac960

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 98f2f3ea130b83a35d9a17a21fcd890e
SHA1 53f129a2eb4adfad0db92d53bed073cf7c352f94
SHA256 cad369f1a3ff5e808c655714d965a4938b48d404a4c8731066cff352e86449d8
SHA512 f0e7c670178cb007bcfe283952c44d7192314d39979e959b92e802bc619d5c0c3a19a997730e50f456e7eb045eb76c324b80472a310ff7e7142a578730c5b3dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3989844e52bc7717b35b3a20c5c04326
SHA1 09bb2c6482382e19ca16c8c27bd000a34f4cafb5
SHA256 5b9f2b97ad022b8d34dc408ae3da07c12336a0347d2fc830b673d5722d67654a
SHA512 4a954f0b64269eb8e176104688aa41c58e1823f871136ebed5108931a834abc7374d633014fd86698329d415286b683f90bec8ae4923d4f533e78a83dc095c33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3d923daccd6eab2575ed45bf99840dab
SHA1 b71311c58c8b65a493a9ce4ae7769b12e5d25f4c
SHA256 821335714c3a1b34a4c7a413e83db896ed7560cf2d08bd0c21c1235f5726a055
SHA512 548bc07af10950c30b8bd91755eaba280d6cf95519e0142098afa357773b06c5e8fa3f632de9752be049e0d96df6196cf5c37bcf241d9a9d11a4b541ba09064a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0a3f8cd2650c05d3c569188992f6f203
SHA1 a1b270b19d65a5fa15cca8590af7a65181830389
SHA256 c34090ba573e268b8125f3a0f1c717c7aae90b5194b73bd9483160baa231203e
SHA512 a1e0d72d729ceb7765ecdacdd17c9a118f2a7372a96ff72f2c743b2b919780d15d3d36209cf00f856550cad29b31f0be20798a0ea2fd8ea544a55918e5b72069

C:\Users\Admin\Downloads\d391d938c4fe11b3e2f65ada257e9331f85e44766ae3c29427ea082473d063c2.zip

MD5 0996f4c5f771d798d2046e9fe34b7c5f
SHA1 0ac61b30be10f69b0f89937afba9338a570af1a5
SHA256 666d22ead6be8c2ce9ee981f66b2e199e35e0d8f3fd5ecf3653619b002e2a42e
SHA512 8d41ca57cf1d332310be0975a4f029b260fbc11e1580d74fbecbadbec166fae5c258c8f1a48b0504bb6945a832265b195872b017cb9ecded7086cd676128af16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8ab15f6aaed395ffbcf67066df7c5aae
SHA1 c48c4d11abb7b7b2113528deff04e3e3afd09bba
SHA256 5815e1a0a56c2dd7f00ee989274c3a2ab0fbeba27e62bfc3f5d3dbfa2657392d
SHA512 1f5b28ca535e721c6ffb76db85999993efa50ad15ec181e6c18ca7adea094e6ddbefe5447b3d549d98483b9bacb044abf9fa33e1d2cf7d4ef4e1f12d66a08e93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 880ade2a4438cc70f1de751960356661
SHA1 03b292066565c667ee8c66312cca918118bdfa55
SHA256 1a6b2c118ad6a00a09e34e907c1eee264db1ad41f1ea0cd1a98dfdc1a2316ec3
SHA512 c067d7b592008f524bc6d8fbb9c0c33385f30fc7e1405967c6ce3b354c35ea2996f8f87eca2352fb0ba79f277a02fcc6a85bf71fbb22776b0b66b0a533ad0897

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e9f918a2372484016675efd428bd0c45
SHA1 cab9dcbc673cecb843dbb8cab9078fee3568e30e
SHA256 28993d2fc098cfdce7c0c99249fc44bc5a6b9c33e89989041acd0aa03b4d69cb
SHA512 40c51270355bc1a07e66d8ca3cb2ff8c4580dc01ad1430f1f7b0041684d0413f99d3d7044664ecec490676909c26d3fda9b9f70c05fb4939bbebce8419509852