Malware Analysis Report

2025-01-18 21:27

Sample ID 240321-w9gpaseh83
Target http://google.com
Tags
adware discovery evasion persistence spyware stealer trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file http://google.com was found to be: Likely malicious.

Malicious Activity Summary

adware discovery evasion persistence spyware stealer trojan

Modifies Installed Components in the registry

Downloads MZ/PE file

Blocklisted process makes network request

Sets file execution options in registry

Loads dropped DLL

Executes dropped EXE

Registers COM server for autorun

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Checks whether UAC is enabled

Adds Run key to start application

Installs/modifies Browser Helper Object

Checks installed software on the system

Checks system information in the registry

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies system certificate store

Checks SCSI registry key(s)

Checks processor information in registry

Uses Task Scheduler COM API

System policy modification

Suspicious behavior: AddClipboardFormatListener

Modifies registry class

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-21 18:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-21 18:37

Reported

2024-03-21 18:51

Platform

win11-20240221-en

Max time kernel

851s

Max time network

853s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.92\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\MicrosoftEdgeUpdate.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\MicrosoftEdgeSetup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\MicrosoftEdge_X64_122.0.2365.92.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\elevation_service.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZoomInstallerFull.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\cookie_exporter.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.92\\notification_click_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.92\\notification_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.92\\notification_click_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.92\\BHO\\ie_to_edge_bho_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.92\\PdfPreview\\PdfPreviewHandler.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.92\\notification_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.92\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=B96F632387F0406F93CD974168D29D80" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{80F442DB-6D77-4388-B14A-0DC10537EF80}\BGAUpdate.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Trust Protection Lists\Sigma\Analytics C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\sq.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\Locales\kok.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\msedgeupdateres_lt.dll C:\Users\Admin\Downloads\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Trust Protection Lists\Mu\Other C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\notification_helper.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Trust Protection Lists\Sigma\Content C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_proxy\win10\identity_helper.Sparse.Canary.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\e1353321-c023-4de0-98b8-f5c2906e104c.tmp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\msedgeupdateres_ro.dll C:\Users\Admin\Downloads\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\as.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\tr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Locales\it.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\hr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\ko.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\uk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\kok.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\Trust Protection Lists\Mu\TransparentAdvertisers C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\MicrosoftEdgeUpdateSetup.exe C:\Users\Admin\Downloads\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\BHO\ie_to_edge_bho.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\notification_helper.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\ta.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\sr-Latn-RS.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\VisualElements\SmallLogoCanary.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\ga.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\WidevineCdm\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\EBWebView\x86\EmbeddedBrowserWebView.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Trust Protection Lists\Mu\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\ml.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\VisualElements\LogoDev.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\ga.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\Locales\am.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\msedgeupdateres_km.dll C:\Users\Admin\Downloads\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\et.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Trust Protection Lists\Sigma\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\fa.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Notifications\SoftLandingAssetDark.gif C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\fa.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\mr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\pt-PT.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Trust Protection Lists\Mu\Social C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\az.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\msedge_100_percent.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Locales\es-419.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\msedgeupdateres_lv.dll C:\Users\Admin\Downloads\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\new_pwahelper.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\Locales\fi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\identity_proxy\win11\identity_helper.Sparse.Beta.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\msedgeupdateres_ru.dll C:\Users\Admin\Downloads\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\identity_proxy\resources.pri C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Trust Protection Lists\Sigma\Entities C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\augloop_client.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\Locales\mk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Trust Protection Lists\Sigma\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\kok.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\Locales\bg.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Locales\te.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\Locales\es-419.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\Locales\mr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\msedgeupdateres_zh-CN.dll C:\Users\Admin\Downloads\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\identity_proxy\win10\identity_helper.Sparse.Canary.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Locales\as.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-tokenized-card\nl\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-notification\fr\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-tokenized-card\zh-Hant\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_578037231\hyph-hu.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_578037231\hyph-ga.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\buynow_driver.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\driver-signature.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_578037231\hyph-en-gb.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_794304763\LICENSE C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2512_1573402465\edge_driver.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2512_1573402465\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-notification-shared\de\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_578037231\hyph-es.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2512_188437578\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\Installer\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_1590391752\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\wallet_donation_driver.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-hub\de\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-ec\fr\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-tokenized-card\ar\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\Notification\notification.bundle.js.LICENSE.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-notification\ko\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-shared-components\ru\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\Notification\_manifest\spdx_2.2\manifest.spdx.json.sha256 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2512_1573402465\auto_open_controller.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-notification-shared\fr-CA\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_87188570\deny_full_domains.list C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\wallet.html C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_1590391752\LICENSE C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-notification\en-GB\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-shared-components\es\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\bnpl\bnpl.bundle.js.LICENSE.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\wallet\wallet-checkout\checkoutdata.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\Notification\notification_fast.bundle.js.LICENSE.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2512_1573402465\product_page.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2512_321267081\Part-ES C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2512_321267081\Part-NL C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_578037231\hyph-da.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2512_321267081\adblock_snippet.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-notification\id\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_1435087633\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2512_654775141\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2512_1573402465\edge_confirmation_page_validator.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_434285837\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_371643626\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-tokenized-card\es\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-hub\el\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-ec\pt-PT\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\wallet\wallet-stable.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\Wallet-BuyNow\spdx_2.2\manifest.spdx.json.sha256 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-tokenized-card\fr\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-tokenized-card\id\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-mobile-hub\zh-Hant\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-hub\pt-BR\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-shared-components\en-GB\strings.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\Mini-Wallet\miniwallet.bundle.js.LICENSE.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_578037231\hyph-de-1901.hyb C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\SystemSettingsAdminFlows.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.92\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoommtg C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\AppName = "Zoom.exe" C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoomus\WarnOnOpen = "0" C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoomus C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A} C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoommtg\WarnOnOpen = "0" C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Internet Explorer\Low Rights C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.92\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Zoom.exe = "11000" C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin" C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\Sequence = "1" C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\Installer\setup.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\Installer\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\Sequence = "1" C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\Owner = b4220000fabeec42c07bda01 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\Owner = c0090000aec28f43c07bda01 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\Installer\setup.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\RegFiles0000 = 43003a005c00500072006f006700720061006d002000460069006c00650073002000280078003800360029005c004d006900630072006f0073006f00660074005c00450064006700650057006500620056006900650077005c004100700070006c00690063006100740069006f006e005c00390030002e0030002e003800310038002e00360036005c00690063007500640074006c002e0064006100740000000000 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\Installer\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\SessionHash = be7aa064232d7a907a8d2372bfdb6f0a0d3e91661d3bbde5ceb2462ba9c4834b C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\RegFiles0000 = 43003a005c00500072006f006700720061006d002000460069006c00650073002000280078003800360029005c004d006900630072006f0073006f00660074005c00450064006700650057006500620056006900650077005c004100700070006c00690063006100740069006f006e005c00390030002e0030002e003800310038002e00360036005c00690063007500640074006c002e0064006100740000000000 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\DefaultIcon\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe,13" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\ZoomPhoneCall C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{31575964-95F7-414B-85E4-0E9A93699E13}\ = "ie_to_edge_bho" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\zoommtg\shell C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService.1.0\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.pdf\OpenWithProgids C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\ZoomRecording\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\zTscoder.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ProgID\ = "ie_to_edge_bho.IEToEdgeBHO.1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\ = "Microsoft Edge Update Core Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\msedgeupdate.dll,-3000" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell\open\command C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.shtml C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\ZoomLauncher\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" \"--url=%1\"" C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\LocalService = "edgeupdatem" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\zoommtg\URL Protocol C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CurVer\ = "MicrosoftEdgeUpdate.ProcessLauncher.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\ = "IEToEdgeBHO Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\.zoommtg C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\VersionIndependentProgID\ = "ie_to_edge_bho.IEToEdgeBHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431 C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 040000000100000010000000ee2931bc327e9ae6e8b5f751b43471900f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b060105050703076200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1770b000000010000001e00000045006e00740072007500730074002000280032003000340038002900000014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c7e000000010000000800000000c001b39667d601030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343119000000010000001000000091fad483f14848a8a69b18b805cdbb3a20000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 5c00000001000000040000000008000019000000010000001000000091fad483f14848a8a69b18b805cdbb3a030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d34317e000000010000000800000000c001b39667d6011d0000000100000010000000e871723e266f38af5d49cda2a502669c14000000010000001400000055e481d11180bed889b908a331f9a1240916b9700b000000010000001e00000045006e0074007200750073007400200028003200300034003800290000006200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1777f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8040000000100000010000000ee2931bc327e9ae6e8b5f751b434719020000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b060105050703076200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1770b000000010000001e00000045006e00740072007500730074002000280032003000340038002900000014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c7e000000010000000800000000c001b39667d601030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 19000000010000001000000091fad483f14848a8a69b18b805cdbb3a030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d34317e000000010000000800000000c001b39667d6011d0000000100000010000000e871723e266f38af5d49cda2a502669c14000000010000001400000055e481d11180bed889b908a331f9a1240916b9700b000000010000001e00000045006e0074007200750073007400200028003200300034003800290000006200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1777f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d820000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 608571.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\MicrosoftEdgeSetup.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\MicrosoftEdgeUpdateSetup.exe\:SmartScreen:$DATA C:\Users\Admin\Downloads\MicrosoftEdgeSetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\MicrosoftEdgeUpdateSetup.exe\:Zone.Identifier:$DATA C:\Users\Admin\Downloads\MicrosoftEdgeSetup.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 839664.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\ZoomInstallerFull.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2900 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff918263cb8,0x7ff918263cc8,0x7ff918263cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,7275787646720349096,15369739671716290792,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,7275787646720349096,15369739671716290792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,7275787646720349096,15369739671716290792,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7275787646720349096,15369739671716290792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7275787646720349096,15369739671716290792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,7275787646720349096,15369739671716290792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,7275787646720349096,15369739671716290792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,7275787646720349096,15369739671716290792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" "C:\Users\Public\Desktop\Google Chrome.lnk"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" "C:\Users\Public\Desktop\Google Chrome.lnk"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3024.0.19106168\235626955" -parentBuildID 20221007134813 -prefsHandle 1812 -prefMapHandle 1804 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2013ebff-39c2-452d-8569-3a808197eb2d} 3024 "\\.\pipe\gecko-crash-server-pipe.3024" 1904 286b58f5458 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3024.1.1896690966\1449491693" -parentBuildID 20221007134813 -prefsHandle 2300 -prefMapHandle 2296 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dff9382-80dc-4745-94c7-eec36e729d43} 3024 "\\.\pipe\gecko-crash-server-pipe.3024" 2312 286a85e5958 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3024.2.349293594\239797344" -childID 1 -isForBrowser -prefsHandle 3168 -prefMapHandle 2980 -prefsLen 21640 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09536b9c-9159-48bc-ab5e-cf4f1f14113a} 3024 "\\.\pipe\gecko-crash-server-pipe.3024" 3024 286bb1dca58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3024.3.2004994042\485132489" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 26103 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d1f91e3-692b-4a89-b812-a342d01848be} 3024 "\\.\pipe\gecko-crash-server-pipe.3024" 3576 286a8561c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3024.4.669068774\310265207" -childID 3 -isForBrowser -prefsHandle 5424 -prefMapHandle 4360 -prefsLen 26337 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6667c5df-b03f-48a2-90f3-66cd47c75668} 3024 "\\.\pipe\gecko-crash-server-pipe.3024" 5416 286bd6ef258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3024.5.1963250867\1629969849" -childID 4 -isForBrowser -prefsHandle 5608 -prefMapHandle 5612 -prefsLen 26337 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9646e8c8-f8be-4dd5-adb0-a73d8886e88e} 3024 "\\.\pipe\gecko-crash-server-pipe.3024" 5600 286bdf99258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3024.6.1231183048\541270171" -childID 5 -isForBrowser -prefsHandle 5796 -prefMapHandle 5800 -prefsLen 26337 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d9dc940-e49c-44db-860f-016b9a4bb6d2} 3024 "\\.\pipe\gecko-crash-server-pipe.3024" 5788 286bdf98c58 tab

C:\Windows\System32\DataExchangeHost.exe

C:\Windows\System32\DataExchangeHost.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff918263cb8,0x7ff918263cc8,0x7ff918263cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4400 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5440 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6968 /prefetch:2

C:\Users\Admin\Downloads\MicrosoftEdgeSetup.exe

"C:\Users\Admin\Downloads\MicrosoftEdgeSetup.exe"

C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUCD6E.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=en&brand=M100"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjE3OTg3NzQtQjM5Qy00RDc1LUE3NTUtRDVDNjc5N0Y0NjI2fSIgdXNlcmlkPSJ7QkExQzNDNjQtNUU0RS00RTNDLTg4NDgtNEM2REU0NjE4QUEwfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezcwMEE2RjAxLUJCNjItNDg3Qi1CQkJFLTU5MEYxNTg2MDBENn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuNDkzIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xODUuMjEiIGxhbmc9ImVuIiBicmFuZD0iTTEwMCIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0OTQ3NjMxNzkiIGluc3RhbGxfdGltZV9tcz0iNDU1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=en&brand=M100" /installsource taggedmi /sessionid "{B1798774-B39C-4D75-A755-D5C6797F4626}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjE3OTg3NzQtQjM5Qy00RDc1LUE3NTUtRDVDNjc5N0Y0NjI2fSIgdXNlcmlkPSJ7QkExQzNDNjQtNUU0RS00RTNDLTg4NDgtNEM2REU0NjE4QUEwfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7ODQyN0EzNzYtQjkwNC00NzNDLTlBRjUtNDMzNEQ0NzMwMEE2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMjkiIGluc3RhbGxkYXRldGltZT0iMTcwODUyMTUwNyIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzUzMDIzMDkwMTAzNDcyNCIgZmlyc3RfZnJlX3NlZW5fdGltZT0iMTMzNTU1MjAwNDE1NjMxNjcxIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjEzNTIzIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NDk5NTk2ODQxIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\MicrosoftEdge_X64_122.0.2365.92.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\MicrosoftEdge_X64_122.0.2365.92.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\MicrosoftEdge_X64_122.0.2365.92.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.129 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.92 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff72dbd79a8,0x7ff72dbd79b4,0x7ff72dbd79c0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7636 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=3 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.129 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4035ECC1-3FC2-49A2-B49C-3B57379BB048}\EDGEMITMP_DD509.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.92 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff72dbd79a8,0x7ff72dbd79b4,0x7ff72dbd79c0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,12595901794266314932,8532564158235791188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe" --rename-msedge-exe --system-level --verbose-logging --msedge --channel=stable

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.129 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.92 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff77b9179a8,0x7ff77b9179b4,0x7ff77b9179c0

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe" --msedge --channel=stable --delete-old-versions --system-level --verbose-logging

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.129 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.92 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff77b9179a8,0x7ff77b9179b4,0x7ff77b9179c0

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.129 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.92 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff77b9179a8,0x7ff77b9179b4,0x7ff77b9179c0

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjE3OTg3NzQtQjM5Qy00RDc1LUE3NTUtRDVDNjc5N0Y0NjI2fSIgdXNlcmlkPSJ7QkExQzNDNjQtNUU0RS00RTNDLTg4NDgtNEM2REU0NjE4QUEwfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezA2MzdERkEzLTk3MTUtNDA2RC04MEM0LTJBOTI0MUU4RjYxM30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuNDkzIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjIuMC4yMzY1LjkyIiBsYW5nPSJlbiIgYnJhbmQ9Ik0xMDAiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzU1NTIwMDA4NzczMjAyMCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NTExNjg1ODM4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzUxMTczNzIyNiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc4NDU3MTE1MjkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzc0YzE1OGFkLWRhOGYtNGU4Ni05YWMxLTBmZGI0NzNhODVhZD9QMT0xNzExNjUxMzM3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWNKeWNqSktCME95UXlBZnJ6OVRKOEJsYlMyUHd6M2VGYmdsOWJGS2s2NG50UGRackZVNUdPdHpGZW9hSTBMajRMJTJiZ2dvdEVsOTBEV3hqMXBWRmxjJTJiUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MTg0NjA4OCIgdG90YWw9IjE3MTg0NjA4OCIgZG93bmxvYWRfdGltZV9tcz0iMjYxOTciLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3ODQ1ODY3OTY0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzg2MDU1NDEyNyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iODMzMDEwMzY5NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjY1NiIgZG93bmxvYWRfdGltZV9tcz0iMzMzOTYiIGRvd25sb2FkZWQ9IjE3MTg0NjA4OCIgdG90YWw9IjE3MTg0NjA4OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDY5NTUiLz48L2FwcD48L3JlcXVlc3Q-

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\ZoomInstallerFull.exe

"C:\Users\Admin\Downloads\ZoomInstallerFull.exe"

C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe

.\Installer.exe

C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe

"C:\Users\Admin\AppData\Local\Temp\7zS4DF06F0D\Installer.exe" /addfwexception --bin_home="C:\Users\Admin\AppData\Roaming\Zoom\bin"

C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe

C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe Zoom.exe --promptupdateaction=installed

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E8

C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe

"C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe" --action=preload --runaszvideo=TRUE

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.129 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.92 --initial-client-data=0x2e0,0x2e4,0x2e8,0x2dc,0x2f0,0x7ff8f6a05fd8,0x7ff8f6a05fe4,0x7ff8f6a05ff0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2084 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2936 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3040 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3524 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3560 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4396 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3412 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5140 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4912 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5288 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4912 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5908 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5920 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5908 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\cookie_exporter.exe

cookie_exporter.exe --cookie-json=1124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6248 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6184 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6508 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6420 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6628 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6764 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6752 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6740 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4416 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4680 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4680 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6796 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.zoom.us/client_google_signin?code_challenge=tZGi3U4kWRIUhLNRTN0YSZbypiSneFqA388EnYaMQq8%3D&ver=5.17.11.34827&mode=token2&entry=signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4392 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5456 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3672 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5416 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=3700 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5988 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5904 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=6676 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4448 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5080 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4496 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5380 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6480 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:1

C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe

"C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe" "--url=zoommtg://google.zoom.us/google?token=4bQP9HsEpfAoAcBjYGkFF5Z6f9kH07O4SO4V9SFs28aEdDLjlOImVfvMhXAcW9szHbMP33p1WpwTjCaU5Dkfj2vt5LgP5PBzg7GWkIZOOSGwIc-u9Nh-7SFPHqLIWXyx65TH_mBu6WR8AHyjuFYAZwOtTINr_Tbu5o_vxKXUJ8dtK_8yC7QHTGJ78vrdjov1JVn7N0ZP4f2pAkiUGWw6s6R5Ikx1jbYSqXsgPTDZYBUdOeU_oxCtn5cr-nwQv7m_YCtL-Xdus_AJK7e-LIZyyf6OkwMIV9FmfOwN3NjOe11Rnfc5kukWP7L67Gf_uP-QzuYiI0cCsB8WM0x-JiFoFwxAMB3eqFUyBqI43wacr2FTs1ees0dfZnXxoEsqn2yf_wkkE1DAoZrbb7zyAF0q8Z9X9talAQyZCLLS1EQkjFQ4dSZy7a76IxbcgN7G31FjB7DD4lfQYIV9_3RSm62j0rkgVFxq2gPvSM_d7j70KbXe45pArf8-9MQMVlVr-2sOqdPrcHn4oX_oAjDVa0il7yzV0IgnnJ8o3ydLqqQHxq6z9leD.MtalMPPoTxhs3Xkd&errorno=0&errormsg=&code_challenge=tZGi3U4kWRIUhLNRTN0YSZbypiSneFqA388EnYaMQq8=&back="

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=5428 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5484 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe

Zoom.exe --action=installDesktopShortcut

C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe

"C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe" --action=preload --runasps=TRUE

C:\Users\Admin\AppData\Roaming\Zoom\bin\Installer.exe

"C:\Users\Admin\AppData\Roaming\Zoom\bin\Installer.exe" /regim

C:\Users\Admin\AppData\Roaming\Zoom\bin\zWebview2Agent.exe

"C:\Users\Admin\AppData\Roaming\Zoom\bin\zWebview2Agent.exe" --data="data" --cachepath="C:\Users\Admin\AppData\Roaming\Zoom\data\WebviewCacheX64" --channelport="4876" --useragent="Mozilla/5.0 ZoomWebKit/537.36 (KHTML, like Gecko) ZoomApps/1.0"

C:\Users\Admin\AppData\Roaming\Zoom\bin\Installer.exe

"C:\Users\Admin\AppData\Roaming\Zoom\bin\Installer.exe" /regsipuri

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6032 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4876 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{80F442DB-6D77-4388-B14A-0DC10537EF80}\BGAUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{80F442DB-6D77-4388-B14A-0DC10537EF80}\BGAUpdate.exe" --edgeupdate-client --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7M0I0ODhDRDgtNjc0RC00ODJCLUJBMjctMEU1RTcxMkFCNUNGfSIgdXNlcmlkPSJ7QkExQzNDNjQtNUU0RS00RTNDLTg4NDgtNEM2REU0NjE4QUEwfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InszOUE2ODRCQy0yQzMwLTQyNzQtOUY4NS00N0VGODIxRjI3ODV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7RFYwakkvS0RseGhIdWUxTDlLUkdHY3FPaGYzSDNoM2FjU3JFYW5RS2ZnUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7MUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMi4wLjAuMzIiIGxhbmc9IiIgYnJhbmQ9IkVVRkkiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDUyMDUwMTUyNiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTIwNjU3ODcyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTY5ODEwMTA4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZjA0MmMwZTktMjYzZC00YzFhLWIzM2UtYTFmZTkwNmE5YmVmP1AxPTE3MTE2NTE2MzgmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9VXJ2d3RqWWE5M1FwMFU3b0pPV1Q2cUxnMmtPTGtYJTJiVXc5cUJxMk9GSkwlMmZvOVpkVWZoUktvSDNGa2JZS2lIdmJpZm1ITWtZNnhqamdSVU9QSEhEdENBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDU2OTk5MTE4MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZjA0MmMwZTktMjYzZC00YzFhLWIzM2UtYTFmZTkwNmE5YmVmP1AxPTE3MTE2NTE2MzgmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9VXJ2d3RqWWE5M1FwMFU3b0pPV1Q2cUxnMmtPTGtYJTJiVXc5cUJxMk9GSkwlMmZvOVpkVWZoUktvSDNGa2JZS2lIdmJpZm1ITWtZNnhqamdSVU9QSEhEdENBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTgwNDgwMzIiIHRvdGFsPSIxODA0ODAzMiIgZG93bmxvYWRfdGltZV9tcz0iNDY2OSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTcwMzEwMDg5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA1NzY0OTA3NjMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDU3ODg0NzcyNyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijg1MyIgZG93bmxvYWRfdGltZV9tcz0iNDk1MCIgZG93bmxvYWRlZD0iMTgwNDgwMzIiIHRvdGFsPSIxODA0ODAzMiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMjIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6628 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7132 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=3316 --field-trial-handle=2092,i,12338326156677193925,7583324636010100293,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.129 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.92 --initial-client-data=0x240,0x244,0x248,0x23c,0x2ac,0x7ff8f6a05fd8,0x7ff8f6a05fe4,0x7ff8f6a05ff0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2236 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2272 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2484 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4224 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4224 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4584 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4924 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5060 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5236 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5544 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\MicrosoftEdge_X64_122.0.2365.92.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\MicrosoftEdge_X64_122.0.2365.92.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\MicrosoftEdge_X64_122.0.2365.92.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.129 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.92 --initial-client-data=0x250,0x254,0x258,0x24c,0x25c,0x7ff6d7ec79a8,0x7ff6d7ec79b4,0x7ff6d7ec79c0

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\Installer\setup.exe" --msedgewebview --delete-old-versions --system-level --verbose-logging

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.129 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.92 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff77b9179a8,0x7ff77b9179b4,0x7ff77b9179c0

C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\YourPhone.exe

"C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\YourPhone.exe" -ServerName:App.AppX9yct9q388jvt4h7y0gn06smzkxcsnt8m.mca

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5592 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5764 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2880 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Windows\system32\SystemSettingsAdminFlows.exe

"C:\Windows\system32\SystemSettingsAdminFlows.exe" TroubleshootActivation

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REY4QkM1QzctQkI0Qy00QUE5LUFCRDgtQzE0RUFGRURCNjRDfSIgdXNlcmlkPSJ7QkExQzNDNjQtNUU0RS00RTNDLTg4NDgtNEM2REU0NjE4QUEwfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntDQzRCQjU2OS1CQTQ4LTQwOEUtOUI4Mi02NjhGODg2NTMzRjR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7RFYwakkvS0RseGhIdWUxTDlLUkdHY3FPaGYzSDNoM2FjU3JFYW5RS2ZnUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yMSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJQcm9kdWN0c1RvUmVnaXN0ZXI9JTdCMUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwJTdEIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjM4Ij48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iMTIyLjAuMjM2NS45MiIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGNvaG9ydD0icnJmQDAuMzkiIG9vYmVfaW5zdGFsbF90aW1lPSIxODQ0Njc0NDA3MzcwOTU1MTYwNiIgdXBkYXRlX2NvdW50PSIxIiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTU1MjAzMjU1NDA0ODUwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9Ii0xIiBhZD0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9Ins3MDNBQjBFMS0yODJBLTQ4NzMtQjcxNS02RTEyOUMwM0I0NTh9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iMTIyLjAuMjM2NS45MiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNzM3NjQ1NzY3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNzM3ODAyMjAwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNzY4NTgzMzIzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNzgyOTU4MzIzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTE0MTU1MjA2NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjE4NTkiIGRvd25sb2FkZWQ9IjE3MTg0NjA4OCIgdG90YWw9IjE3MTg0NjA4OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjIiIGluc3RhbGxfdGltZV9tcz0iMzU4NTkiLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Users\Admin\AppData\Local\Temp\37BFC97E-7B62-4C1F-B810-53670C7A9231\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\37BFC97E-7B62-4C1F-B810-53670C7A9231\dismhost.exe {3956937C-E488-4E03-BA40-986D0D9578B9}

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\SystemSettingsAdminFlows.exe

"C:\Windows\system32\SystemSettingsAdminFlows.exe" EnterProductKey

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5572 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4932 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5872 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5896 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5824 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5664 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5808 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5780 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5884 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files\WindowsApps\Microsoft.WindowsMaps_1.0.22.0_x64__8wekyb3d8bbwe\Maps.exe

"C:\Program Files\WindowsApps\Microsoft.WindowsMaps_1.0.22.0_x64__8wekyb3d8bbwe\Maps.exe" -ServerName:App.AppXxtd7jxvwd91t5nxqtpfcmn779q80qwza.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6072 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=6056 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6064 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3680 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5960 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6112 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe

"C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe"

C:\Windows\system32\wsl.exe

C:\Windows\system32\wsl.exe --list

C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe

"C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe" --headless --win32input --resizeQuirk --width 120 --height 27 --signal 0x978 --server 0xa1c

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3748 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3856 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3992 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6064 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5908 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2212 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2868 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe

"C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe" --headless --win32input --resizeQuirk --width 120 --height 27 --signal 0xb40 --server 0xb3c

C:\Windows\system32\cmd.exe

cmd.exe

C:\Windows\system32\curl.exe

curl parrot.live

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4328 --field-trial-handle=2240,i,1026799021153396510,4973098774518826850,262144 --variations-seed-version /prefetch:8

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3826055 /state1:0x41c64e6d

C:\Users\Admin\AppData\Roaming\Zoom\bin\zWebview2Agent.exe

"C:\Users\Admin\AppData\Roaming\Zoom\bin\zWebview2Agent.exe" --data="data" --cachepath="C:\Users\Admin\AppData\Roaming\Zoom\data\WebviewCacheX64" --channelport="4876" --useragent="Mozilla/5.0 ZoomWebKit/537.36 (KHTML, like Gecko) ZoomApps/1.0"

Network

Country Destination Domain Proto
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
NL 172.217.23.206:80 google.com tcp
NL 172.217.23.206:80 google.com tcp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
N/A 224.0.0.251:5353 udp
GB 184.28.198.65:443 tcp
US 52.168.117.171:443 browser.pipe.aria.microsoft.com tcp
GB 92.123.128.185:443 r.bing.com tcp
GB 92.123.128.185:443 r.bing.com tcp
GB 92.123.128.185:443 r.bing.com tcp
GB 92.123.128.185:443 r.bing.com tcp
GB 92.123.128.185:443 r.bing.com tcp
GB 92.123.128.185:443 r.bing.com tcp
GB 92.123.128.185:443 r.bing.com tcp
GB 92.123.128.185:443 r.bing.com tcp
GB 92.123.128.185:443 r.bing.com tcp
GB 92.123.128.185:443 r.bing.com tcp
GB 2.20.37.224:443 cxcs.microsoft.net tcp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.184:443 th.bing.com tcp
GB 92.123.128.184:443 th.bing.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
N/A 127.0.0.1:50012 tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 44.230.91.85:443 shavar.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
N/A 127.0.0.1:50019 tcp
GB 92.123.128.147:443 www.bing.com tcp
GB 92.123.128.147:443 www.bing.com tcp
GB 92.123.128.147:443 www.bing.com tcp
GB 92.123.128.184:443 th.bing.com tcp
GB 92.123.128.167:443 r.bing.com tcp
GB 92.123.128.167:443 r.bing.com tcp
GB 92.123.128.184:443 th.bing.com tcp
GB 92.123.128.167:443 r.bing.com tcp
GB 92.123.128.167:443 r.bing.com tcp
GB 92.123.128.167:443 r.bing.com tcp
GB 92.123.128.167:443 r.bing.com tcp
GB 92.123.128.167:443 r.bing.com tcp
IE 20.190.159.73:443 login.microsoftonline.com tcp
IE 20.190.159.73:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 204.79.197.200:443 www2.bing.com tcp
GB 104.78.177.227:443 www.microsoft.com tcp
GB 104.78.177.227:443 www.microsoft.com tcp
US 8.8.8.8:53 227.177.78.104.in-addr.arpa udp
GB 96.16.109.52:443 t.ssl.ak.dynamic.tiles.virtualearth.net tcp
GB 96.16.109.52:443 t.ssl.ak.dynamic.tiles.virtualearth.net tcp
GB 96.16.109.52:443 t.ssl.ak.dynamic.tiles.virtualearth.net tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
GB 13.105.221.15:443 edgestatic.azureedge.net tcp
GB 13.105.221.15:443 edgestatic.azureedge.net tcp
GB 13.105.221.15:443 edgestatic.azureedge.net tcp
GB 13.105.221.15:443 edgestatic.azureedge.net tcp
GB 13.105.221.15:443 edgestatic.azureedge.net tcp
GB 13.105.221.15:443 edgestatic.azureedge.net tcp
GB 13.105.221.15:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 15.221.105.13.in-addr.arpa udp
US 8.8.8.8:53 52.109.16.96.in-addr.arpa udp
GB 13.105.221.15:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
GB 13.105.221.15:443 wcpstatic.microsoft.com tcp
IE 52.111.236.68:443 c2rsetup.officeapps.live.com tcp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp
GB 88.221.134.67:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.179:443 th.bing.com tcp
US 170.114.52.2:443 zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 8.8.8.8:53 st3.zoom.us udp
US 52.84.151.43:443 st3.zoom.us tcp
US 52.84.151.43:443 st3.zoom.us tcp
US 52.84.151.43:443 st3.zoom.us tcp
US 52.84.151.43:443 st3.zoom.us tcp
US 52.84.151.43:443 st3.zoom.us tcp
US 52.84.151.43:443 st3.zoom.us tcp
US 52.84.151.63:443 st3.zoom.us tcp
US 52.84.151.63:443 st3.zoom.us tcp
US 52.84.151.63:443 st3.zoom.us tcp
US 8.8.8.8:53 63.151.84.52.in-addr.arpa udp
US 52.84.151.63:443 st2.zoom.us tcp
US 34.98.108.207:443 cdn.solvvy.com tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 52.178.19.104.in-addr.arpa udp
US 8.8.8.8:53 40.36.251.142.in-addr.arpa udp
US 151.101.2.132:443 config.datas3ntinel.com tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
FR 18.161.108.2:443 cdn.amplitude.com tcp
GB 96.17.179.184:80 apps.identrust.com tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 17.97.161.18.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 151.101.2.132:443 collect.datas3ntinel.com tcp
FR 18.161.108.2:443 cdn.amplitude.com tcp
FR 18.161.108.2:443 cdn.amplitude.com tcp
US 54.71.229.171:443 api2.amplitude.com tcp
US 54.71.229.171:443 api2.amplitude.com tcp
US 172.64.155.119:443 zoom-privacy.my.onetrust.com tcp
US 172.64.155.119:443 zoom-privacy.my.onetrust.com tcp
NL 216.58.214.14:443 www.youtube.com tcp
US 35.186.249.72:443 utt.impactcdn.com tcp
US 172.64.150.90:443 a.usea01.idio.episerver.net tcp
NL 216.58.214.14:443 www.youtube.com udp
US 35.227.211.136:443 zoom.sjv.io tcp
US 8.8.8.8:53 136.211.227.35.in-addr.arpa udp
US 52.84.151.42:443 cdn.zoom.us tcp
US 170.114.65.137:443 tcp
US 170.114.65.137:443 tcp
US 170.114.52.2:443 zoom.us tcp
US 144.195.22.213:3478 udp
US 144.195.7.213:3478 udp
US 144.195.7.213:3479 udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 13.107.246.64:443 edge-mobile-static.azureedge.net tcp
NL 142.251.39.110:443 clients2.google.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
US 13.107.6.158:443 business.bing.com tcp
GB 51.11.108.188:443 data-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 data-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 data-edge.smartscreen.microsoft.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 13.107.246.64:443 edge-mobile-static.azureedge.net tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
NL 172.217.168.193:443 clients2.googleusercontent.com tcp
GB 88.221.134.17:443 bzib.nelreports.net tcp
US 8.8.8.8:53 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com udp
US 152.199.21.175:443 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
US 152.199.21.175:443 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 204.79.197.239:443 edge.microsoft.com tcp
GB 13.105.221.15:443 edgeassetservice.azureedge.net tcp
GB 13.105.221.15:443 edgeassetservice.azureedge.net tcp
GB 95.101.143.250:443 assets.msn.com tcp
GB 13.105.221.15:443 edgeassetservice.azureedge.net tcp
GB 95.101.143.250:443 assets.msn.com tcp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
IE 68.219.88.97:443 c.msn.com tcp
GB 92.123.128.133:443 www.bing.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 c.bing.com udp
GB 92.123.128.157:443 www.bing.com tcp
GB 92.123.128.144:443 th.bing.com tcp
FR 3.160.188.50:443 sb.scorecardresearch.com tcp
GB 88.221.134.90:443 img-s-msn-com.akamaized.net tcp
US 8.8.8.8:53 144.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 90.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 20.189.173.6:443 browser.events.data.msn.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 20.189.173.6:443 browser.events.data.msn.com tcp
US 20.189.173.6:443 browser.events.data.msn.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 204.79.197.200:443 c.bing.com tcp
GB 184.28.198.65:443 tcp
US 172.202.64.254:443 arc-ring.msedge.net tcp
US 52.123.128.254:443 dual-s-ring.msedge.net tcp
US 13.107.3.254:443 s-ring.msedge.net tcp
JP 40.99.36.178:443 aff48769687eff8abe073f39c4e8d5d9.nrb.footprintdns.com tcp
US 13.107.136.254:443 spo-ring.msedge.net tcp
US 8.8.8.8:53 254.3.107.13.in-addr.arpa udp
SE 192.229.221.95:80 tcp
US 8.8.8.8:53 254.136.107.13.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
GB 92.123.128.133:443 www.bing.com tcp
GB 2.20.37.224:443 cxcs.microsoft.net tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
GB 13.105.221.16:443 edge-consumer-static.azureedge.net tcp
GB 13.105.221.16:443 edge-consumer-static.azureedge.net tcp
GB 88.221.134.90:443 img-s-msn-com.akamaized.net tcp
GB 88.221.134.73:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 deff.nelreports.net udp
US 8.8.8.8:53 deff.nelreports.net udp
GB 88.221.134.8:443 deff.nelreports.net tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 google.zoom.us udp
US 8.8.8.8:53 google.zoom.us udp
US 8.8.8.8:53 google.zoom.us udp
US 170.114.52.2:443 google.zoom.us tcp
US 170.114.52.2:443 google.zoom.us tcp
US 8.8.8.8:53 8.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 73.134.221.88.in-addr.arpa udp
GB 88.221.134.8:443 deff.nelreports.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
GB 92.123.128.157:443 www.bing.com tcp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
NL 172.217.168.193:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.39.110:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 arms.everett.k12.wa.us udp
US 8.8.8.8:53 arms.everett.k12.wa.us udp
US 8.8.8.8:53 arms.everett.k12.wa.us udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 8.8.8.8:53 arms.everett.k12.wa.us udp
US 8.8.8.8:53 arms.everett.k12.wa.us udp
US 8.8.8.8:53 arms.everett.k12.wa.us udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 168.212.234.8:443 arms.everett.k12.wa.us tcp
US 168.212.234.8:443 arms.everett.k12.wa.us tcp
US 168.212.234.8:443 arms.everett.k12.wa.us tcp
US 168.212.234.8:443 arms.everett.k12.wa.us tcp
US 168.212.234.8:443 arms.everett.k12.wa.us tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 arms.everett.k12.wa.us udp
US 8.8.8.8:53 arms.everett.k12.wa.us udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 arms.everett.k12.wa.us udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 172.217.168.193:443 lh3.googleusercontent.com udp
NL 142.251.39.110:443 play.google.com udp
NL 142.251.39.110:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 zoom.us udp
US 8.8.8.8:53 zoom.us udp
US 8.8.8.8:53 zoom.us udp
US 170.114.52.2:443 zoom.us udp
US 8.8.8.8:53 zoom.us udp
US 8.8.8.8:53 google.zoom.us udp
US 8.8.8.8:53 google.zoom.us udp
US 8.8.8.8:53 us05st1.zoom.us udp
US 8.8.8.8:53 us05st1.zoom.us udp
US 8.8.8.8:53 us05st3.zoom.us udp
US 8.8.8.8:53 us05st3.zoom.us udp
US 8.8.8.8:53 us05st2.zoom.us udp
US 8.8.8.8:53 us05st2.zoom.us udp
US 8.8.8.8:53 us05st1.zoom.us udp
US 8.8.8.8:53 us05st1.zoom.us udp
US 8.8.8.8:53 us05st3.zoom.us udp
US 8.8.8.8:53 us05st3.zoom.us udp
US 8.8.8.8:53 us05st2.zoom.us udp
US 8.8.8.8:53 us05st2.zoom.us udp
US 8.8.8.8:53 us05st2.zoom.us udp
US 8.8.8.8:53 us05st1.zoom.us udp
US 52.84.151.43:443 us05st1.zoom.us tcp
US 52.84.151.43:443 us05st1.zoom.us tcp
US 52.84.151.43:443 us05st1.zoom.us tcp
US 52.84.151.41:443 us05st1.zoom.us tcp
US 52.84.151.41:443 us05st1.zoom.us tcp
US 52.84.151.47:443 us05st1.zoom.us tcp
US 52.84.151.47:443 us05st1.zoom.us tcp
US 52.84.151.41:443 us05st1.zoom.us udp
US 52.84.151.43:443 us05st1.zoom.us udp
US 8.8.8.8:53 47.151.84.52.in-addr.arpa udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 cdn.solvvy.com udp
US 8.8.8.8:53 cdn.solvvy.com udp
US 34.98.108.207:443 cdn.solvvy.com tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 34.98.108.207:443 cdn.solvvy.com tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 google.zoom.us udp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 170.114.52.2:443 google.zoom.us tcp
GB 88.221.134.8:443 deff.nelreports.net tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
GB 88.221.134.8:443 deff.nelreports.net tcp
US 8.8.8.8:53 deff.nelreports.net udp
US 8.8.8.8:53 deff.nelreports.net udp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
GB 88.221.134.8:443 deff.nelreports.net tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
GB 92.123.128.176:443 www.bing.com udp
US 8.8.8.8:53 us04xmpp1.zoom.us udp
US 8.8.8.8:53 us05web.zoom.us udp
US 8.8.8.8:53 contactservice.zoom.us udp
US 8.8.8.8:53 us04images.zoom.us udp
US 8.8.8.8:53 st1.zoom.us udp
US 8.8.8.8:53 us04zpns.zoom.us udp
US 8.8.8.8:53 us05nws.zoom.us udp
US 8.8.8.8:53 source.zoom.us udp
US 52.84.151.56:443 st1.zoom.us tcp
US 52.84.151.56:443 st1.zoom.us tcp
US 52.84.151.56:443 st1.zoom.us tcp
US 52.84.151.56:443 st1.zoom.us tcp
US 170.114.52.5:443 us05www3.zoom.us tcp
US 170.114.52.5:443 us05www3.zoom.us tcp
US 170.114.15.211:443 us04images.zoom.us tcp
US 170.114.52.5:443 us05www3.zoom.us tcp
US 170.114.52.34:443 us05nws.zoom.us tcp
US 170.114.14.65:443 us04zpns.zoom.us tcp
US 170.114.52.5:443 us05www3.zoom.us tcp
US 170.114.52.34:443 us05nws.zoom.us tcp
US 170.114.52.34:443 us05nws.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 52.84.151.61:443 source.zoom.us tcp
US 3.235.96.61:443 contactservice.zoom.us tcp
US 170.114.52.5:443 us05www3.zoom.us tcp
US 170.114.52.5:443 us05www3.zoom.us tcp
US 170.114.52.5:443 us05www3.zoom.us tcp
N/A 127.0.0.1:54974 tcp
US 170.114.52.5:443 us05www3.zoom.us tcp
US 170.114.52.5:443 us05www3.zoom.us tcp
US 170.114.52.5:443 us05www3.zoom.us tcp
US 170.114.52.5:443 us05www3.zoom.us tcp
US 170.114.52.5:443 us05www3.zoom.us tcp
US 134.224.240.221:443 us04xmpp1.zoom.us tcp
US 8.8.8.8:53 us04logfiles.zoom.us udp
US 8.8.8.8:53 us.telemetry.zoom.us udp
US 8.8.8.8:53 61.96.235.3.in-addr.arpa udp
US 8.8.8.8:53 234.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 221.240.224.134.in-addr.arpa udp
US 170.114.52.5:443 us05www3.zoom.us tcp
US 170.114.52.5:443 us05www3.zoom.us tcp
US 170.114.15.109:443 us04logfiles.zoom.us tcp
US 170.114.52.83:443 us.telemetry.zoom.us tcp
US 170.114.3.124:443 us04xmppapi.zoom.us tcp
US 170.114.3.124:443 us04xmppapi.zoom.us tcp
US 170.114.3.124:443 us04xmppapi.zoom.us tcp
US 170.114.3.124:443 us04xmppapi.zoom.us tcp
US 170.114.3.124:443 us04xmppapi.zoom.us tcp
US 170.114.3.124:443 us04xmppapi.zoom.us tcp
US 170.114.3.124:443 us04xmppapi.zoom.us tcp
US 170.114.3.124:443 us04xmppapi.zoom.us tcp
US 170.114.52.38:443 asyncim.zoom.us tcp
US 170.114.3.124:443 us04xmppapi.zoom.us tcp
NL 142.251.39.106:443 people.googleapis.com tcp
US 170.114.3.124:443 us04xmppapi.zoom.us tcp
US 8.8.8.8:53 83.52.114.170.in-addr.arpa udp
US 8.8.8.8:53 38.52.114.170.in-addr.arpa udp
US 8.8.8.8:53 109.15.114.170.in-addr.arpa udp
US 8.8.8.8:53 124.3.114.170.in-addr.arpa udp
US 8.8.8.8:53 106.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 61.151.84.52.in-addr.arpa udp
US 52.84.151.56:443 st1.zoom.us tcp
US 52.84.151.56:443 st1.zoom.us tcp
US 170.114.14.94:443 us05ark.zoom.us tcp
US 170.114.52.22:443 mpapis.zoom.us tcp
US 52.84.151.56:443 st1.zoom.us tcp
US 52.84.151.56:443 st1.zoom.us tcp
US 52.84.151.56:443 st1.zoom.us tcp
US 52.84.151.56:443 st1.zoom.us tcp
US 52.84.151.56:443 st1.zoom.us tcp
US 52.84.151.56:443 st1.zoom.us tcp
US 52.84.151.56:443 st1.zoom.us tcp
US 52.84.151.56:443 st1.zoom.us tcp
US 52.84.151.56:443 st1.zoom.us tcp
US 52.84.151.56:443 st1.zoom.us tcp
US 52.84.151.56:443 st1.zoom.us tcp
US 52.84.151.39:443 cdn.zoom.us tcp
US 52.84.151.58:443 marketplacecontent.zoom.us tcp
US 52.84.151.58:443 marketplacecontent.zoom.us tcp
US 52.84.151.58:443 marketplacecontent.zoom.us tcp
US 52.84.151.58:443 marketplacecontent.zoom.us tcp
US 170.114.52.22:443 mpapis.zoom.us tcp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 zoom-privacy.my.onetrust.com udp
US 8.8.8.8:53 zoom-privacy.my.onetrust.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 172.64.155.119:443 zoom-privacy.my.onetrust.com tcp
US 172.64.155.119:443 zoom-privacy.my.onetrust.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 8.8.8.8:53 r.msftstatic.com udp
GB 92.123.128.154:443 r.bing.com tcp
GB 92.123.128.154:443 r.bing.com tcp
US 8.8.8.8:53 srtb.msn.com udp
US 8.8.8.8:53 srtb.msn.com udp
US 204.79.197.219:443 r.msftstatic.com tcp
US 204.79.197.219:443 r.msftstatic.com tcp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.158:443 www.bing.com tcp
US 20.42.65.90:443 browser.events.data.msn.com tcp
GB 95.101.143.147:443 assets.msn.com tcp
GB 95.101.143.147:443 assets.msn.com tcp
GB 88.221.134.122:443 img-s-msn-com.akamaized.net tcp
GB 92.123.128.133:443 th.bing.com tcp
GB 92.123.128.133:443 th.bing.com tcp
GB 92.123.128.133:443 th.bing.com tcp
GB 92.123.128.133:443 th.bing.com tcp
GB 92.123.128.133:443 th.bing.com tcp
GB 92.123.128.133:443 th.bing.com tcp
US 20.42.65.90:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.msn.com udp
GB 92.123.128.133:443 th.bing.com udp
GB 92.123.128.158:443 www.bing.com tcp
IE 68.219.88.97:443 c.msn.com tcp
GB 92.123.128.158:443 www.bing.com udp
GB 92.123.128.158:443 www.bing.com udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 89.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 147.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 122.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 90.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 158.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.200:443 c.bing.com tcp
US 8.8.8.8:53 ecn.dev.virtualearth.net udp
US 8.8.8.8:53 ecn.dev.virtualearth.net udp
GB 88.221.134.122:443 img-s-msn-com.akamaized.net tcp
US 8.8.8.8:53 prod-streaming-video-msn-com.akamaized.net udp
US 8.8.8.8:53 prod-streaming-video-msn-com.akamaized.net udp
GB 23.44.233.157:443 ecn.dev.virtualearth.net tcp
GB 88.221.135.98:443 prod-streaming-video-msn-com.akamaized.net tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 172.217.23.214:443 i.ytimg.com tcp
NL 172.217.23.214:443 i.ytimg.com tcp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 98.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 214.23.217.172.in-addr.arpa udp
GB 88.221.134.74:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
GB 13.105.221.16:443 edgeassetservice.azureedge.net tcp
US 8.8.8.8:53 odc.officeapps.live.com udp
US 8.8.8.8:53 odc.officeapps.live.com udp
GB 52.109.28.48:443 odc.officeapps.live.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.68:443 login.microsoftonline.com tcp
GB 92.123.128.181:443 www.bing.com udp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 deff.nelreports.net udp
US 8.8.8.8:53 deff.nelreports.net udp
GB 88.221.134.8:443 deff.nelreports.net tcp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
IE 68.219.88.97:443 c.msn.com tcp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
US 204.79.197.200:443 c.bing.com tcp
GB 92.123.128.134:443 www.bing.com tcp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
GB 95.101.143.163:443 assets.msn.com tcp
GB 95.101.143.163:443 assets.msn.com tcp
GB 92.123.128.194:443 www.bing.com tcp
FR 3.160.188.19:443 sb.scorecardresearch.com tcp
GB 88.221.135.115:443 img-s-msn-com.akamaized.net tcp
US 8.8.8.8:53 194.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 115.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 163.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 srtb.msn.com udp
US 8.8.8.8:53 srtb.msn.com udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 trc.taboola.com udp
US 8.8.8.8:53 trc.taboola.com udp
US 8.8.8.8:53 sync.outbrain.com udp
US 8.8.8.8:53 sync.outbrain.com udp
US 151.101.1.44:443 trc.taboola.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 50.31.142.31:443 sync.outbrain.com tcp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 hbx.media.net udp
US 8.8.8.8:53 hbx.media.net udp
GB 23.44.232.24:443 hbx.media.net tcp
US 8.8.8.8:53 44.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 31.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 24.232.44.23.in-addr.arpa udp
US 8.8.8.8:53 cm.mgid.com udp
US 8.8.8.8:53 cm.mgid.com udp
US 104.19.133.76:443 cm.mgid.com udp
US 8.8.8.8:53 m.adnxs.com udp
US 8.8.8.8:53 m.adnxs.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 eb2.3lift.com udp
NL 185.89.210.46:443 m.adnxs.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
IE 52.18.76.209:443 pr-bh.ybp.yahoo.com tcp
US 8.8.8.8:53 code.yengo.com udp
US 8.8.8.8:53 code.yengo.com udp
SG 172.241.51.69:443 code.yengo.com tcp
IE 52.18.76.209:443 pr-bh.ybp.yahoo.com tcp
US 8.8.8.8:53 46.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 76.133.19.104.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
SG 172.241.51.69:443 code.yengo.com tcp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 trace.mediago.io udp
US 8.8.8.8:53 trace.mediago.io udp
US 35.208.249.213:443 trace.mediago.io tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 213.249.208.35.in-addr.arpa udp
US 8.8.8.8:53 trace.popin.cc udp
US 8.8.8.8:53 trace.popin.cc udp
JP 35.213.89.133:443 trace.popin.cc tcp
US 52.123.128.254:443 dual-s-ring.msedge.net tcp
GB 184.28.198.65:443 tcp
JP 35.213.89.133:443 trace.popin.cc tcp
JP 40.99.36.178:443 aff48769687eff8abe073f39c4e8d5d9.nrb.footprintdns.com tcp
US 152.199.19.161:443 fp-vs-nocache.azureedge.net tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 254.18.107.13.in-addr.arpa udp
US 8.8.8.8:53 sync.inmobi.com udp
US 8.8.8.8:53 sync.inmobi.com udp
US 8.8.8.8:53 sync.inmobi.com udp
US 8.8.8.8:53 sync.inmobi.com udp
US 20.127.253.7:443 sync.inmobi.com tcp
GB 92.123.128.184:443 www.bing.com tcp
GB 92.123.128.184:443 www.bing.com tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 id5-sync.com udp
DE 162.19.138.82:443 id5-sync.com tcp
US 8.8.8.8:53 ecn.dev.virtualearth.net udp
US 8.8.8.8:53 ecn.dev.virtualearth.net udp
GB 23.44.233.157:443 ecn.dev.virtualearth.net tcp
GB 2.20.37.224:443 cxcs.microsoft.net tcp
GB 92.123.128.187:443 www.bing.com tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 170.114.52.83:443 us.telemetry.zoom.us tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
GB 88.221.134.73:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 88.221.134.88:443 aefd.nelreports.net tcp
GB 88.221.134.88:443 aefd.nelreports.net udp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 teams-ring.msedge.net udp
US 52.113.196.254:443 teams-ring.msedge.net tcp
US 8.8.8.8:53 379ec1686d177e9102aa30e023986aa7.azr.footprintdns.com udp
IT 4.232.89.175:443 379ec1686d177e9102aa30e023986aa7.azr.footprintdns.com tcp
US 52.168.117.171:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 254.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 254.196.113.52.in-addr.arpa udp
US 8.8.8.8:53 175.89.232.4.in-addr.arpa udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 152.199.19.161:443 fp-vs.azureedge.net tcp
US 8.8.8.8:53 254.4.107.13.in-addr.arpa udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
SG 206.189.36.145:80 parrot.live tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 145.36.189.206.in-addr.arpa udp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
N/A 127.0.0.1:58878 tcp
SG 206.189.36.145:80 parrot.live tcp
GB 184.28.198.65:443 tcp
US 8.8.8.8:53 fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net udp
GB 13.105.221.16:443 fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net tcp
US 52.123.128.254:443 dual-s-ring.msedge.net tcp
US 8.8.8.8:53 ow1.res.office365.com udp
GB 92.123.26.49:443 ow1.res.office365.com tcp
US 8.8.8.8:53 49.26.123.92.in-addr.arpa udp
US 8.8.8.8:53 us05web.zoom.us udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 19a8bcb40a17253313345edd2a0da1e7
SHA1 86fac74b5bbc59e910248caebd1176a48a46d72e
SHA256 b8024fbed11683ef4b53f5afac0ff691025b7eecca0f6a95737da1585558227e
SHA512 9f8780f49d30aad01b28189804329aeca6ad2b7ffb6be505d40bb1af7802bb62622f518cb1c43a5815bbbb46638f6c52aead3d68f14fa957d18157edb42e95c0

\??\pipe\LOCAL\crashpad_2900_RFLPKLOVPYJTNTDT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 96899614360333c9904499393c6e3d75
SHA1 bbfa17cf8df01c266323965735f00f0e9e04cd34
SHA256 486e4b4bb11f664c91c675e73cfeabe53b5009ae719459813be17814cd97e43c
SHA512 974735b40a9f92b40a37a698f7f333590f32ff45633c6e619500e74ec274bc20bf7dbc830b1685777b714d37a3ca103d741ee056f4ff45ef08c07b38a7895df7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 62a4d34e07a335d36438041487027cf5
SHA1 a64ebd99f8e97ecd4a131c10c113e89cd86c386f
SHA256 1fdaeb54efcdb99914aaa5f3a3ac9515a1983e3e239495a430fb09d4800adfaf
SHA512 4744490fe31504fac235cb51a1c4c2066e7386ff78b7ca161b205bd974e1ba0d5a74439a4bac13d64984b2542980f2ed7dda6e8aa59da437cbf8de1f51ef8159

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 813c1b41e435242e7365a4bcd7adcf23
SHA1 2d25e1564eaf93455640413b95646b3f88f9075b
SHA256 70cb2151ee4ef83195855d29819491a23c5eafee2e72b7ffd9041b35363d1542
SHA512 268c4fa1797700a205e37e716c1472592ad6242344645c703ab1ab8d4d68452c3ccce7cdc4d56a0b42d4061bdc793f1c79dffc397f038133387b94b2a1f4051e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2a36a307ef575cd492af8a34aec5fabc
SHA1 fc9ea916295f1e8ebb0906c921029f9a464ffe67
SHA256 62c90c02b75e4d6b3a18882eb899b86d0c810d089747642671fa1b7f4cca1bdd
SHA512 d5f1f578ca5a21061700fdff06eb6cfd5185c0698fe9676e3eab73bc9b5ef2251cf44dd7a780f2360acc05fe862f156e708cfc4d35446e38f7b51b423a26f1cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9bd1fbdb83246e8ea6fc2acbb3a70075
SHA1 9a09c9690f79364da998ad786dd200ffc50162a4
SHA256 9d32be3e281d5a8fa6e589fe5bc1e679758c787ee9f8e517759004f08e2937c2
SHA512 8d5eb9af6930ae1780679caf9a9c00a91003539de83a917ff215a7b81aa6a81028ca1545bf3f1cc8dc683e605ddf41ea8c7639ad1ada3b554a58e55e4eaf0646

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b0c99c2540f9f69750bc71abf5127405
SHA1 45a7c1150afcd6a7ffddf66d2dc54c5f275afad3
SHA256 69d2e4f0f2d7a125002229c4534b18e7f01e455321717eb6ea004e35e7ec3d89
SHA512 bdbbd3b37a466202860042a53c26e95085c3eab18e304c64c758017cff1a5d3a950432b9ddfb20dbaf80291f16d33b2fc792e5e00644c4a0ba3cfbb6ccfa7239

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 ba02e03cb05a8476da516820c07c1860
SHA1 82f75b2aabc7b90f9d7d074772aa6d7dbd52ba05
SHA256 c8401c60ce6df56251051ea3d425bbb2e585b11b57b682e4088d4dd0064cb845
SHA512 8a3b35091fc44f811aa5dc27cad8dba388c1c9fafba0deeab2e08de8bf1adb3b6d6ee28c12188bfacb9c4325d216cb1c6743a1fe1cf0816b4e1515ea89777f7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c724905eace479626edd3fb4e793be1f
SHA1 c8bf5fdfe839c6d3e9689a4077fa74385f646a4a
SHA256 a7a43b003fd602888d2593e7509398e88a3af53e3143f2746184b72e7b76e067
SHA512 e5160bd1eb2262895b92b1007a0efe5be33c7cce44d2e7f3d3c799a643bbb6047ad270ab2a7fd1db37298a2ece9603e4c43d3e9dd1d2b1d918b4ff9c253fe3a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 30cbef1bf6e5912e607b17ad7d7b8cd2
SHA1 b4197f8b1b0dc5710ba3ccdade49fa674f0fcfda
SHA256 7e09924638d8400f134ad03238093dc32cb4a6b9f3fd071729a70c786d6a7d49
SHA512 ea5d77e2f09a641ffb3a066ac0ff73c99dd8c016f7765a46960bc354fe14b7af280a19c58fba57869d320ffdb65220c554dbdf81a969d7a8fab0d3767ae21446

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-3-21.1837.1772.1.odl

MD5 0b06f7b61e2d751d84f11f65c121bb91
SHA1 c23a6e9c75d0e5a5004497cd32049f2321890465
SHA256 619ccb05309ee8cf00f30d18055f5626ce8d53a2fb8caf0ad9fc9b152967e559
SHA512 1af5845cae8f6d1e8dbcdd7ff9a979f483af58e7abcfea5976b88709886548c00b0c8f6d3f0e271e1cca64004038afea534cb13be43b268992483b312430a5bf

C:\Users\Admin\Desktop\BlockImport.jpeg

MD5 cb270cc0aa6dd5594a21cc323e163b54
SHA1 dc451498b587de3d8097faffeeda90c47b82e7be
SHA256 8709dd360073dffa1db6993b7e4d2afb2d37305aa3d305dd85d349470e24a349
SHA512 32ced1ce915a6486450e6bc80fce3dc878ba6b25eaac139e484801d362d02aebfd5000839751fcb5bf58843248c93419ef7ff92e30dfac60260b4d9347d7bc54

C:\Users\Admin\Desktop\DismountWait.vstm

MD5 2ba9395f765701c8c0224ad94d11f486
SHA1 9ca567a7fa3d1144c99e4e6beaf9883f71c2617d
SHA256 5007f7c374644a5501ebb6a45da26a364f4586a7cbe18c0a7b810ad598ce8da0
SHA512 579f0e8662e67c71852fceb63d2b61777f619c7a396b1985c9be835e1ae39223b7ee4ca390288fb54938bb757d6953160b4dd4a0df9541eb5c43eea298d03821

C:\Users\Admin\Desktop\DisconnectProtect.xml

MD5 f74b221e1eed9570de98f0e1ab37c76f
SHA1 fd5b48812b6f392d101a6b1e600c71fc8a36872e
SHA256 282f902810b1ed971a3362880b7090b24966187e14bbe9d1d591fcdd63de9b40
SHA512 142149104e40621d451dd5b284be8fcef3f1ba36a83ef02e8e70ee18ef5911a83d13a887fcbe3dc39a81d3408f9f81592dda2f0763dc562a3560a52c31406784

C:\Users\Admin\Desktop\DisableFormat.mov

MD5 3204e439b89d16902b78785cce1806d7
SHA1 a168c2c43353eb6878de73caf0f2663329b2445f
SHA256 bcfa5afc9931851e03aece1977b701742e5a1da4ae82bbe8b07fd6fe91708874
SHA512 60c5d10b0b229608fd5641830bcaa4c16778139ac08aa6542606c037e5c308020cb88e516666b9840d3b164db04bf0b6618f97f1aee53255e35570c41d5526d1

C:\Users\Admin\Desktop\ConvertFromComplete.wmv

MD5 6cef1753512f31d96d3977ee36a7187a
SHA1 33418633c6c6452566daee9e2c46f2cccd5a1c20
SHA256 654c263b65b77d36fb1030493b7e807cb65b33650b43ba7635c2a1e0ebff5b2a
SHA512 d5e51c97737b4e743387817aaf78af6db99cfca4adee0904c51d3ca0bd3a106f8ca6d5b1df5400cca5aa8bef2969cf0af7f4deb816431602ddc863d89948e9b1

C:\Users\Admin\Desktop\ConnectWait.kix

MD5 439e0125f6161343904b9b9537e9d8b4
SHA1 97b33f79a4164546c7cde6751ffae8231519ff68
SHA256 5ebe5ce0e1069964272f09ddd4e4db2ae0420560493d07d8ffd602f7245c0e0d
SHA512 4aa3d616fc8e31a6bf5a34243a2ed2cd811f8a77ebfc3bbe924149821e636beea9bb4027d591b7d214421b54c39332ac97ba11c70d5e10019d4cb17bf8473668

C:\Users\Admin\Desktop\ConnectSwitch.docx

MD5 d9ca39bdd207b88f41de042d661850fc
SHA1 43e65b38741bfec5bd5f760dafb2f6cf31a1a82b
SHA256 b2189c6281b05401dcdb7059845a5d9ddd4e156692f7c577ce29715d0194b3f4
SHA512 756db52b8d36f4456624f978f96f09d64c194a1dbbfaf4faead181f72d3bbb47462b83109ab3904a1b75a1a5a9321620d52daacb016ed8a9c1212e28ca471756

C:\Users\Admin\Desktop\CompleteHide.xltm

MD5 1db70b3c92ca5840538dd45e3aa3f56f
SHA1 2426c5ae201f02270f5d2b8041a75b107b2bb8b0
SHA256 d058309ea8aa9615ec0fbfc213eedf8468c0a65cb0a0626348626e65e1676035
SHA512 6b7c5fdcac5db08304c73f73651d77e54e69b0ad24f73b3a05813fb8217ae737eb614ab23f43e716b4bc48b51401e51a34111e423882fd8cd8a3b446df0a40bc

C:\Users\Admin\Desktop\CloseRepair.xls

MD5 cf8c97cad4f7c32a277eaae2bd7e18eb
SHA1 5e0290bedb8d0d2cf30db45794450ab7232167f0
SHA256 034336668a275ad5fd6d76e6c6182bcf43b90eb7cd2a7d23ae64e6f51dabd183
SHA512 79ed4d430bee7035a2a88ca35d535d89e170588a71aa2659a36ca138bc4f415cc42f52cd99eb949beb6e3fefe3d74e5a0a446d5c86404af785a4f561691fc939

C:\Users\Admin\Desktop\HideInvoke.aiff

MD5 870dc30756d1b86d339ded584e1fb3dd
SHA1 4d50392a9d17483a8d732757de9d00f25818793d
SHA256 f6c5bba1e8282936fd748a0cb8d6a6c7db3216fc3a580604bbd0a88b3126f5d3
SHA512 01c4fcecaeaefc34a35a1267adef418122d0d7a1a7bfdb1b1188299cba2c02a811576e621a927d8a22743e75bf034313e53e312b7c3e45b2f69d462b24793196

C:\Users\Admin\Desktop\InstallSubmit.m4v

MD5 8a551969381a7916b5ac3905bd65a8c3
SHA1 5dfb3395c39f75d56949c042be408e6aec38163b
SHA256 be1c14c9f100652c87403989ef72e655d13d9ba63b88bdf3910def7b2e77e1f0
SHA512 f057c1fe3c00dcd3e57dd5516cbaadc5ea447bcac024fbce47218380f4abe4be7613128ff23e9e1f6d639eb7a056b4ff09fb737bf34556d237af89e0e6a63302

C:\Users\Admin\Desktop\JoinClose.ppsm

MD5 dce6845921e8c61cca703dfeea287121
SHA1 b0dfa956a34651957cc493452eaa904bff9bf5f3
SHA256 36bf263ea531bf1a4e282ea292c6e947fa07badf7cd4021f97fb6335318a2761
SHA512 9b0825a6a9096b0cfc546765f219fdf9d7ce520f1c05f1947fe3e49d61038850174b1d7b4135e72ad780dfff36d9d5f53d9118244af34329ce33d0d768b09e0b

C:\Users\Admin\Desktop\UnblockStart.htm

MD5 5857f4e9a31fe398c6d47f361b8bdffc
SHA1 cef4b1f3bf2ddf79d082d756b4a78c1ad13c53ac
SHA256 443b8a56b2d1482eeacdc191e523a3ca29a492a1f96375dc76218cb341c54622
SHA512 6eae0b4ab05ef2a41f2ea54f25f312cdbcd38cfa30c2d592a90440c88de99df487057c1ffbdecc82072c11dfe2ef3ae9c325dc370d6890cd416ca88c20817f41

C:\Users\Admin\Desktop\UnblockStart.rmi

MD5 8d7dcc2c537a17095ab5508e29bd523c
SHA1 c7a3a4043189adc22e822a9064c4ca1fb5b09287
SHA256 7065178caa6f95d94ad76ef7dc14ef9e197490e661e10fadad4810cb7ac7002f
SHA512 14d3733442658f13f1234a07ce3b6b0f87354a844b7146f9ee77647a05afcb33bf9d8bc084f71120adc0bd2860983c591f9e0554655514d043e0eb18a428dbe0

C:\Users\Admin\Desktop\SendNew.m4v

MD5 2b960670d8ecf45b65c8784eb2f49d24
SHA1 3edf32cdac885007f1ce18fddfdba4d2492b0076
SHA256 babba811b08dd53d9f3e7828c6872919e8dfd776fff9756b3fd3ef7350c76147
SHA512 b8031d8b932237f481fa0e020eb6424ad329be3e6759280a1e4adada2a2cd19e19884598804577b89f30d9d09b78cbfc91359b4ea72c2a367043fe78354c1ed8

C:\Users\Admin\Desktop\ResumePublish.snd

MD5 c4a8589674801c44dac5ded9658a9404
SHA1 5886401adcd94203100523d9f99648c33a0cada5
SHA256 82f0f8ef5a3ded3c9e482a0d367762e13acfbe5163645d04e41bf09f833cf022
SHA512 2f6636b51176344ab743043ec31cf3a96a333ddfafc07f413f2d3a83041f489bb1b4459b651d559a836358f441b5fab9d17c030396ff41fbecc7131853cbcf0a

C:\Users\Admin\Desktop\RestartCopy.TTS

MD5 7c0c88600419139160328b6f350f76e2
SHA1 36c6b457c21917ab729731571d88c054c5d7934e
SHA256 fec3dc5ea86f61b96c7c1d97acccced88e391731209de7029555aede2bcda1fb
SHA512 dfcb0a41f624e27e9548d7e2fe0699ba6d8b59443dbb4aa2c2cdc248d23bf058db690362fdf75c2a9916613426f9599a77b8da8ea997c4c32fb77fdeb2cc620e

C:\Users\Admin\Desktop\ResolveCheckpoint.vsw

MD5 ae2ad31b588aa1406a4e3f924bea2853
SHA1 1eb9d7a44304a9668711b05b62ceb0fe38e99dad
SHA256 df174de0fa854e41052d82d91667f1458910860b487d3025de7b8161524616e0
SHA512 9bd0a819c3979e7f12082f265c3abd4ef024239f65a8b59d7a2194097148fbd2ba57d1fa11499c59c817bd626a244220b35f1739246d57ca6d0ac8df6c311115

C:\Users\Admin\Desktop\RemoveLock.exe

MD5 3a02c8e2b2ea960b80c11af568a8b5d7
SHA1 baa02f3d4477089399ae3592a3204351968b3a23
SHA256 8a70fec48a15b156aab07c0a1282bca1c0f4bfcf2441146a2e83075c074391c5
SHA512 92c6119bdd566f9c3483ddacb5d2babad70673b2dc49ad1b11fbcc1716965b77ce563c47e6cdd4d5abdf9bb27585e6319142fe3a634f15c5047e5d0c83058393

C:\Users\Admin\Desktop\RemoveFind.mpa

MD5 decf1fe6a0aa68bfc79d56fe465721f4
SHA1 448617e80b3c4dc18d2acac7869998b64f3476f6
SHA256 26a9d7f024f935bc03f7710ec3b589670087e55554db6760235a54591c9f5c5b
SHA512 acd7ec81d8a0dd9df0f456676f50eb173f06f18e8e10f03710d062544d8105f9b321a1ce5ec5923a8cecbd62fab7d79651d40f8dffe970588796861f6efa34ce

C:\Users\Admin\Desktop\PushRemove.avi

MD5 29a32ae7e044f9ac6615d9e8d2b44751
SHA1 f6b775cb18656fe83ce462ff3d04e7199889d4bd
SHA256 e9ff54f07d64028dcdaa0dbf56d7cfb66521392ce30df7f2e358c9af4fa279b8
SHA512 2cd2d204fd2795f33985d65e3ed3babd85bfb4152d9939d9063a78fcb7a5880a82cad704487a4a468d1d30e8370df06fe5c1cc4b4e78e7e9ab3a4e3d10b43fdc

C:\Users\Admin\Desktop\RemoveAssert.jfif

MD5 14e4df99604033223ec228fd09fa5443
SHA1 9a8f9129b173529ad2e51e2dbd4e3f888b621664
SHA256 ecd030bd48a6b502b4bf6e399c03b60dc4aa575484dc4c5f905efa5f0631930a
SHA512 9654a1b09b335e0becb4bb3d9180d9c9b2bd594bde43cd348f0fdf13f220b1b026bbcad61f24f71601a769f7ce6c9fd0cd18800a81d40ec3677f21bf08d34bea

C:\Users\Admin\Desktop\RedoResume.hta

MD5 e42bced683a04c10ff3994c9faf6c9b2
SHA1 a124c4f3971df3dd373cd8a4a61aab7443fe9d96
SHA256 0a5020322030e41aacc86adefc7d3cc0fb34cd42d1beb6f91fbff5fe3f6badaa
SHA512 4117e2acf9245d21800f420d21a89972a5e202c2612b8a51fe28f0e7d7b30de927c492e99cd35d79a4727518bbef8b62f8dd1477b6d87d87adbf41b9f0b2f1b0

C:\Users\Admin\Desktop\PushExpand.ps1

MD5 f7a13694a7ae7d91d27fcd4c5f86b20b
SHA1 22a2b48d749f5ba6885de58ea1007578803633f2
SHA256 4e7d153b77c0233e62fffd9b7a2fa0eded6e751d696f76b0e638651a5255d22f
SHA512 adfdbc66e7189c298342ec1ca2982cd1a3d077ad25bbce2bc48467f15715dff196fdbcde0b85aa1778705cb5b37356ea509b143a0bcf697e5ea2dfcc03fb6506

C:\Users\Admin\Desktop\PopPush.vstx

MD5 ff2d2f0117a4208aee2c042f4ab2ce0f
SHA1 a09a39a29f21b8b40996c9406ba58b4badef8c11
SHA256 92a4718ce3aafb43e95ddfe9b6721a499165cb82777aa0dd16adbc2844c628a5
SHA512 0970f0145e4805ff3070b6ec3d7f52b24dacdfcece14914d3e8d03cd1f296a7d86db9bdef2e962cfae87d8a32d54e2919697dc841bb18c3ca558055329d06d7d

C:\Users\Admin\Desktop\OpenSubmit.ADTS

MD5 cf3841278188d0d6ea7f860b2b842377
SHA1 199c4e9df9d9fe6369746818dae15f1a0042fec8
SHA256 d24168875943f751ffcca7bf637aa737daa46fd30b5b2101d53fa09c706ec05b
SHA512 a0949d51950603abbc08bb40c38d49331fb107c0be084f096fd8a99812f736c49f95ad130bbbfbc1fa278d4086cc60933345151b584e70e290b6d9abe66fe77f

C:\Users\Admin\Desktop\MoveEdit.ex_

MD5 30d6b27093d0f2c25057c261d4afe1bf
SHA1 d0fb02bd81a67011e077d15018562f8096a315a1
SHA256 c30df50284bc1f12d4150df1396859b36ba71a13ba9b348e8d049dd540451b16
SHA512 417bccd2eb783ae96e6507c6734f6d446565e1c9677aa091d2c2837211c153a410ca017d7eeea4fb8749ccf947dec6c62976db7ad27ec9a9faf77cf12492da41

C:\Users\Admin\Desktop\LimitGroup.mpe

MD5 b9d83b56db2ebdbd1e442bcfb6619794
SHA1 0a654843aa23565ff0e558c6a9196e9659200ebf
SHA256 965fe8455983a9b658b87b3ebccf2ec797fb34f357de9ce4c3423a144a7ed16b
SHA512 3adac61f6a4f647cd08d51f5410bee7bbd5ba315fdc3b5daf994c908b2e179fc2c0d4ec1da22677d92b9e0575e05cf56bad16c07f3a405c6333251352f58b781

C:\Users\Public\Desktop\VLC media player.lnk

MD5 a7e134aed6e8d69dce2f18228b00eb32
SHA1 3d04f47a302f4f315cc0d85152e443446c927cf9
SHA256 a7196280673c0fb8c6ac759e1864e7e2a04825ff76cd413eecb0d4c3871106ff
SHA512 13cd69f7cd142a695af0f450cf5203dbb31fa52991233f7a373a2f11e9bf82fd856f46446cb5f7b52cb51420c027450408b152449c7b7575f6e35881ad713d78

C:\Users\Public\Desktop\Acrobat Reader DC.lnk

MD5 7fdda83cf01ee93d1d92f4518d05aca1
SHA1 658fa399c1e5c713c056e3c4ccb9a66b5a947215
SHA256 11b994eb2572d93df0eb061e549015b14d7b52d75fcebfb9ea7d48fd7debc532
SHA512 abe2e8f437f08448bf27d9b4c681b2d3c31424e3bc14845c7f06c876ecc80b097cb7528076558a921f7e4ea23668b0b17eaf99ca846d0bc3b6752e48564becba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\datareporting\glean\db\data.safe.bin

MD5 2878e1afcd541e16fe564deb5e7690a1
SHA1 48b9327beb2748c13aaca0bc7ba10a09aa6187d6
SHA256 2109920558d4f7371dbd03e1319948f1937f7b8f98644bd360fb6df2ae2aacc0
SHA512 fb0c4c0aa5f42b4163c435788a490a2a7372f1bc5ba80a62f7ece4ad3a364d2a7b1d81eb1da264e96c841e9dfacec471955a1a39254bade7f1d56b0f433dd9ae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\datareporting\glean\pending_pings\8e9dba25-f4ff-4f16-9d1c-50a47d47d9bc

MD5 d7528166ef7a9cd34eb9bcf98f5557b8
SHA1 e39ea9575cee663736793d4e24ece65fec463662
SHA256 0aed6abcff347ff089de501ef6ca8de200556389d108a390a27ca3f039439a58
SHA512 bd3983785518095ba9c998724c2cfc2dd8158dd0fec03370b28cd822162de8fb5ad5becaef68c6fab2f18157d59fbf98cbdd33162e88c972665832fd3e640ece

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\datareporting\glean\pending_pings\4a7c99b5-655d-4ed3-a0ed-31635ac69893

MD5 8fbca992b9c3a2e06ce0876bc58f2bc0
SHA1 9cff0781023ffc01725fc65dddde5107eefb49c6
SHA256 8d9f2f4bbc9397283c09d791c594af5aaed6a999e34fd3ca734edd84593ba28e
SHA512 7c0dc07209ce210a206a6988c9b6a6bbb629c452693627b067b6cb3dbe0c17543263454d9c26c7bfc1b604fe0ae40ba7b40fecf83ca4ceb6bb2d0bd3e27b6467

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\prefs-1.js

MD5 c4c75aa37cc3d4e331da8a1cd0388408
SHA1 4fb8e74523c9b5b9a46b5759c23202921082cf2e
SHA256 1bfb84773dd2f0e561c6d77b22631dd87d489ee0cb29128884389e2c7f5c29a2
SHA512 8270fb35ee081c29b14dd4d5529ec3a37f342e04a8d62ecd5fc74931b33d4a32e91d3c173371376e4b359950b64778a4507ad107155459a4a135b40f808816e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 a6e2c0d6b59075fff94c66f804c74cbd
SHA1 56a81d3bc20afb57fcc4eb43f6862b4ee9a0ccaa
SHA256 4488d7e333fb1e3b4f981576f37b5fbd3fc32b88d465bf2356dbf5ee3d008641
SHA512 54594421b00052ae2fb0b4adadcd9ec8a89be1c56ee623f21f7793e6c648084073b548e18b11f38d17fd15efd2ed291fa94ae5413a261ea056173d4b243a4fbf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\prefs-1.js

MD5 c2bb0294b1329feb845f3fdf4d7f4cfa
SHA1 294b95d8e1f399effcdcc6ad85ffc3bf6a866476
SHA256 2b8cb8bd71ca0621b7e753bb5773607623b1648a772ec97da709ba9e6a7d0499
SHA512 883908a0d7c6c603dff3c7e85f0e2ab2e0e73dcecc8dd9d0888635a78c07daa64a6ecf02ff1098b11b2b167a6c4a48c12f25ce84ddd6ed491a8a3ba06ae29a4d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore.jsonlz4

MD5 c14de7d7adea5387c9283a02b261363b
SHA1 13e990727f1a295a0465d04dd26c78b7ae8b1939
SHA256 03886a5d406a7d07c5bf07835521220d36064835b65e1212f179da14e1c59d03
SHA512 b098b2b0c098b19f0e08f9b3435ea760fda904cd3cecd7efedc1788da2806b005f12c7f074c7e9a31da7464c809659dc7ad99406eb17d505386d555dc3c06adb

C:\Users\Public\Desktop\Firefox.lnk

MD5 b88e568112ba70ba71e14f0a74746ef1
SHA1 1ce75c63fb91178377633f4a0e4d13234049af07
SHA256 0494d50db0617bf649d8fc42cbfe1e9ca925783d9f2646a80f28c74acc85d16c
SHA512 db97ddfea8fc82479655310586fc3c08e8d9ecadefcc1e77a33a80a45380de6ae33f32d5aea1b9b154704d9300fb860e837cbd9c57e2267410038a875b897e64

C:\Users\Public\Desktop\Google Chrome.lnk

MD5 a61e130824723561d705b61be064afbf
SHA1 c22faa4fbf041ca192b4a517f834d1661aa9d488
SHA256 1def505cd797b45bb6c1eae60a3f4ff5b505bd63623653fc1b05fc7e1ba19663
SHA512 65074fc23ff046454233cdedabedb355e5bf969520f1e2ebb0d889066b446da9ad51cb411d41524d4671a72c52967fba00f94c3fbb80e228a3589b6735602632

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 f310b7d8beb99cefcf03b5c302065a9c
SHA1 178fe0a3cdabb0c93db75c7f4c7816693c63028b
SHA256 af32ba204cefcdec48dc3f875efb31499bd518c2cb44900a95b438bdc99aa200
SHA512 7b608ec7d059c5897bab0baade6b56d26a2fc4049eed3e6e8e7b3f65b7e5d828d027925e1fec67d7560d2f1d621a93251a1fb57cef029d3018967612e1bd2b42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13355519840139668

MD5 25f01eb6419164efbfee5a9b56b948d0
SHA1 7e1866f305471c2ecc9e58f43c11713a001d0f2c
SHA256 01c5b5f6fff5f006c7ab8866fba770b9f0a1247a11d753071d9dbcdfe332af2f
SHA512 01ca83f277b3bdafb1f111e7af7edf9922102eb85898431806d3e039cb5e8296c56d5c4982a26e83dc798dfc17704c461df2825f30468c538f564a68fa8accd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6171e4b73906bd2ddf91b43691d86f36
SHA1 6ef2dd4112e24a001bb4b964fcfa72980cd476ec
SHA256 7224f6bb434e9b2c04069b524dd355f0ca875213c164de48e226a002389ea09e
SHA512 cf7a88c0fde016a838f64f278c0a666f6d0f7444ad64c6bcb68e6ff71f1c5242a1c84f77415c9db0293528674a6c5cf6e6f7c17fd417d3da6fada5c4059ff959

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 0407b455f23e3655661ba46a574cfca4
SHA1 855cb7cc8eac30458b4207614d046cb09ee3a591
SHA256 ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7
SHA512 3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 718d3527655012e929944e30ed8b0e00
SHA1 2bd65bd683df50d50998ad4253888e7a1e04f540
SHA256 df1161308f79c1599061ca5e333d759bcdcda8c196eb10badaf1b32ca41bfee3
SHA512 8cb245e6a9b00a679a8b2f5d2e256b78d55b745e26df078319b8d650d61c14cf10cb8947c53a78c5d611d85880a851b29fe59a0b7676309217a3713236853c3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 b7b7d05dd5dcb3dfa8292b17bcec8f69
SHA1 e98464d3272e4bf1b4d680ea5a7ed41b09df7594
SHA256 d9c2a61077dcbfd626391c622c4c4ea4a7ebbb67bc782fe1f85d391276fcb857
SHA512 8890f8d6a91f4043441540b333389f29cf3e0f00870414df91f700b8273b7bbc32d92a8923aefc955a99fc6b3f1f639f6fd5aec620b5cbc39933ee583bcc8311

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 845551af2d5ee8175ef4511337c37481
SHA1 1cf06506b2a32ece9ba50490e2209b438e2d678e
SHA256 8c9180651934686be3109bfe687054da135b466063b5f3a01be9a61798c5429c
SHA512 e0e70c4a3c6b4bb85c9442638194d81f7a4c7c4a0ef72c1ff18689affc8dc9d8440851b26d067b746cac4ba7e73a616eaf408e7ec44cbd8cd3a93cc2ea0b9985

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c99479c70a2317c358ffa5d55d2cad90
SHA1 ed4f293b637eaeee781d7adf57c10bd9dea16f69
SHA256 16a8066d8f730e42bf0f8eac018bfa79c7422c8870e5e5f9bbc5ddb1e1d1979f
SHA512 21c322ca3df96cbb186f361228915eaba709586806dad61643b4739dceb7d732587c966add57d22c2fcde7ffe3edc6cff348b1ae4282aa4fa6b317832b6d6467

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 a9851aa4c3c8af2d1bd8834201b2ba51
SHA1 fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256 e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA512 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 3cfb2d2fc3ecaab7b6027ee05de44188
SHA1 905e95b4fcbb263f68ca928d7a7914198ebeb945
SHA256 a64db9abca33c1a3645ac62966e7147d951ec3c350f9e69f0736cdfd9c3443e6
SHA512 469d489b29580b31a8e2adf9ac66c291ccf203d80afd894698f92341c7846418b881d85aee5a249c7640201d3b50941f8967915b84b25f20bcdce52cf9610b08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 76284e78a384d390feb29112838705f9
SHA1 6b11d13672893944e904ec3ed669b769ca9e73bb
SHA256 32f1cf3c97b20240ede3418572985d5cd3b34c2acf29617b8ab976dad1174d52
SHA512 4beec00c4541fac7b2f2dfb200d0e8b07c8d77bdf332e1dd7065a89b01816b6b15546ccbb0ee7b3c4724ab765c196d2d1b6271262c04223db1ff4fdb6305744a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 b6abfe7d8f75ab9fe64b30b3c5489fe7
SHA1 c5dfc0419dafbdefd1cd5abffbc0c8f8ce7509c9
SHA256 ed69a54bbdb92917829680eadf42ceee0ef3094144c0842edc01ce21c4ea8d0b
SHA512 a7030c6f2938b6c22d1663ee6d0901f0fb73bf3e919eb8d9a23b18f70c16e33ec1ffccaf21050293a0e64f1634ac8b40341c2a3f817cb5fcbf01e3a467e3a33f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 ccbc5fb06407c466ec4ef6665d273037
SHA1 c943d3275142784bcf15e226f3db5109f184d31c
SHA256 29241f1881ddd9d293e64fe094f854085528c7fb16919c94542d30e771fae5a3
SHA512 c464afe809d6924a8e593defd8d9365b006b1a43b044ddddcec033e3765125e84fa948e811036c0d5800dc6d5714fb855292aae97d7b46ec883a4426323cd29f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 cc6cfd833c22f22fee39b20c883c73b2
SHA1 6f7692d4702f7b1bcf66ba2a4b8e5e9f9214c151
SHA256 635309572d9cb3fde9392922a40c2ff6571e24b90763548d41fa0d16d4a087fa
SHA512 9f101179b6749847a0a2ce50affe0e7b9fcf345b9681dcc90455748a9d048a95e4847eb6801c3547ef75e7a0ceb292a6e8ba67e86c1531f463488d2b4fe94981

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 2b977fb82feb9dd5f2d54bb4e17fb54f
SHA1 0bd94539ad94eff55118c6a4af6472023e430bdf
SHA256 cdfaf4dc595ad87cd20ff3775b3bb0f09f1b6e7f3a0819eb8b88137b08fb1991
SHA512 4df161aba3764961409216d22e89b1ffb9345474c9730ec4ef2e818b28b349295478b767b39d90bd10f8c297b872fbca20317daf860ef3036afb729a092d1272

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 b29bcf9cd0e55f93000b4bb265a9810b
SHA1 e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256 f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512 e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ed47b729980de06c350c25b9e20fe832
SHA1 aa6343ace53a2c141bfb76b2bb669045b9ff2d09
SHA256 6a23ca1435ded79eb687140ddd914d537fa0b964b66a6aca6d7bf88430dd9c12
SHA512 84e733d3c764b753056c399f3a5b6fecc18226e4cee91bfa5e9839ade007d4b9bc779371b3823e034b3235240164ae8e23224cc7c43cae195bd41da700149d54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b0168910cff3b0cd3c2e419d57194708
SHA1 f2abefd76d713b9ba639e02b6140cd3079e3ea57
SHA256 493ad2decaa5e00dd04979ab756e2bb3d46067fe279cbf2296e816b01cbeb65f
SHA512 2c7295fc4088e2f6bd33dd0bc01397339ea6f5dafcd01878470f175baa3f37689048a7f77d09df126cbcae62754a6aeeee5a28479185894c2c216b90cca4a36d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2023a82fec67447719e27fc022e9de3c
SHA1 09b0b66eb08a4da2b85cad37cf64308bbb6e568d
SHA256 2a8dd6b9179a4f98b67d4979842ff88e02ee46e0ca5188112c0e12d692c6afef
SHA512 2f5e8a49ca571f9444ed61d7aee4e69a84e76e0dee1a4b88e3b2dcc91352cf9150c6f6c1b3fa8c79a3f1d63ae46f781460b561714c4e1fcc0e844781a4b2b406

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e5328b35a90fd6712a315727fa9a69d
SHA1 874d9abd4d337ea6667bba4195ef3e05a11b36be
SHA256 68c3f242dc536acd35dac791c371ef2d05952e801d48240202bd5f0f43237546
SHA512 b6e579bd19f81c4ac094559f9957a23b5c58e204da7e9dc286cee8ce4f57f83a81db6f837e40f321642f19993d278d7d0fe9e2525356a6fd5ae0eb6e7bf6ef64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 da05e0598c0bd843171bf5b896945aa8
SHA1 99edfb90891ac4e298f2f0f012a815318eda795e
SHA256 9c8e8b6c84e1da37fbd5aef5145d32c1b8ef311bb98c6c76dbcfc61edd44e01d
SHA512 d45af62bfb30871503a6268807d8539597f735a8c80f0143d4d7d13270710de376b567ce05ae7c06f5154dcbba273d7a13aa155ba63a1a42f4a459f797393f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c4bc7c4a17a21b41e224c2b26bcb971a
SHA1 29d03cdaad47f9f08c866dacab08332d122a81b9
SHA256 a2605599a711d5e33bf3c8ddc3e0b788f8b70f128b391f663a910ccb3830b7a2
SHA512 2cf2d054e3e449caf8664c6fdbac19b6643fc70767d80e6f440d5fe0b79004409203d9c0c94548d7472037c77b0390e5419ffd8ead523fa777a1b4e4730af290

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5aec84.TMP

MD5 6495826d801487a1f49204c00f8e7113
SHA1 226cbce587de605330938327af4fd1a4ba79c105
SHA256 4592d3823838e7ba9339a6d21bf323808cc70962506ef1eb44f5078960640058
SHA512 c1e5123406f8382580900214da12cb77b61627df0f2a57ce51df5f930edea7ce7196ced4cf3201eef5aef3ca01dc9ef6cfd8b5ed1f56303148c17939a38116ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 89da844a3f4a92437c5b0d38c810a9b3
SHA1 f077b9473000ad55e8b10007ad25476cf3dcb3f7
SHA256 84489056d0411d1668e303166ff35adfc60cce38bf7b7e5585252813bc299660
SHA512 3b30c5a7364a99b0e58ce86ec0520f57183d80d36f821cc1303d50755f4f2662e90448d4920247a04f3a1ab43061c29a21f140b4c3f3849069d9742556ac1c78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dbaa427792c54a1bc1e60973997eb163
SHA1 0f4b251d6f43d5d99127fe543c691b193181f865
SHA256 62e01f82afea094a708f5ca0ba79156f4095f4a9239b398d17dc6248a58d3e56
SHA512 0678c0ba71a481f462c86b9699b2a9ffb42f463bff0291e494f8fda6aeefaaca8eb2843b5bfd5ff576b21210f0f24e898bb982f6d3a2ee39f85fb1efce830497

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 29daa555fc02137be864e717432ad99b
SHA1 f9cfaccc920e847abdf07a960f195d89dd400d4d
SHA256 a42ec32017889e56d83b15c42a2288b574fef2886954830f3712f59fbe23f57a
SHA512 f00fb27e188ebc0bcdc6ec8e07fc847f8a0a7b2f5a782a5f6c6572577b60601f23a0603446ae2cb7b8b8418fa23b55ed84adcae3301a9ff265fdd2bcd6806ad4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f6480eac8632a05b3c6122139f74f2ef
SHA1 5f6c0ecab51a1331db32fb0481324336c89fdcb1
SHA256 87d37dc5f3cdf73025955875381865b3c3b85bacaac67fb73e32ad14a54370fe
SHA512 5dc709609dc44fc78dce5b5a0d7df594cfcf5d23815b5445bbbfa2262ce988fb18136d0784efa76afb6f404846077de5d03476fc762dbaf5a05cebaf18bc6bcd

C:\Users\Admin\Downloads\Unconfirmed 608571.crdownload

MD5 5d4255b19d95748dc10bf090482e9a71
SHA1 99d02f6d7e2f5b9c371e43bfe86a9557d4ab8801
SHA256 6a556c5882115277f01b79ac927d0bc95d2e29f62a655cd25cb71c2689be9223
SHA512 b128bd3fd822b67e962ce9af885af4cd29f7ad6aaec10b27d1564700bee441c020c255afd81c8a80b31a263b0298c433e95eeeb4aedc7129f103c992988fd5c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ff6701dd2c39302bfa11aaf5c6a6987a
SHA1 db5955fc3af86384b4f4977061f43f853bb1ab77
SHA256 d1f8510b36ba584e139d9476dad958774b98dd5c9553c38ef1ba90024d21ecd5
SHA512 cd0fcec1ba340bfa0b3de398d806efcb43a922f265e831a8ced8659a44e06670540f07b9da349f37b7e2a6da4ea0e2d0c4a0a55166a47a4019f8dd280dabb75b

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

MD5 31f9e08922765ba2913632f758bc7423
SHA1 b36b4bf74d6d4b6c8c0e38d9c6b65ec7da2fa9e7
SHA256 c2988c13f66ce033fef65f3af20a00faf555047e710dc6c282c124c848c1eb88
SHA512 13808d6b3cf8f8e645bd421eb3916b12cfcef46ab5f0ce1a0cbda91c4be374d03504ec09d1a5916ff2944cc24135cd46dc5be3e6c72fb599b30a58cf8aad7c57

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 2c317de0e9793f21aaa5c1752cbd0910
SHA1 05df071341489f74ac1efd21cd0caf0617e19b27
SHA256 e7f5802ead2246ed2929198b20a4fc224412f23c8f02e428723ddc2a3a14750d
SHA512 4324d2c89a59ef1f6329e15f584507f9f8c60114b3c635d4924a28b6838e7760a693f9f436b27df1682aebf8db6568ce2f17eb7d6239fcf43b9cebc0726724e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 56fd63411e7b15fe15ba6402279e7661
SHA1 2c7024a92078af6057029b96a1f77c307e93104b
SHA256 d60970b2d3dee1a5857c49ef51721b4ea7c64521abd17f1dc9293d055d97ee34
SHA512 d9bd544dc57ff09969021da9a5696cbb04fb5f794d6eab9ca629bb2c8313c504340629e85a6dd353e106245aeec678cd94b5e9cdb34a8a496dfca0b8a730b7f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 88a552e6be1ac3978c49143983276b3a
SHA1 dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423
SHA256 927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5
SHA512 125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 a357f18e62aa358c250581e887295ce0
SHA1 99b449597d2b2bede38cb74f718765fa3d9b10c9
SHA256 44001b102e9a2bd2be0023f1aba783e045eb34967658df9abad9a789b9f14d1c
SHA512 3f01fab264bc24c4de6d686b91de87ec1961ab1df6ec8ceb940a6e460705f1aea4efcb2e8600d954e5b2bba614c044a652bb4419a3eef1713123fed8896a1730

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 a485090392f401a81b2e2c04d1632cc4
SHA1 e35a6f823ed1f2f674e4eca83cd938309c27e99b
SHA256 d4232119397b0952b0e822e2dd3094c70787c18a756ed66631a3e7359ff95d83
SHA512 6903cde04dd292fdeb616d602d69c619e3e53a3f0d46250b0d3f20e8be71990e0df3fdeca4b57bffe5a52db1a4fa0ebe3bb361a833f176ffc1b7ba3321bc39af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5e6f4c22b47f9f2c98fa2e6828d747a4
SHA1 4c9a2b02506cf92543ada4228827ce07193a6193
SHA256 9b682461c477aa31e68ff98118d2036009b75a70d63891b4783c168344dc9a6a
SHA512 8999060b797733fa6b285db6e23df05e7f4b3553350177ea07936ff466b2d2ca543c8b05b0a7c630a2c9c4e0f6cac0e8c77639ac31c65cc6fb864a34862cc35b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 526409c8d732de6af1a5eda2f5420996
SHA1 4d2cd99b53cf71d6f1b04e7df680d134962605d9
SHA256 c9389c1cf6693991f0e1b181593ce61ade8128a3512f49672e8bf410dda97de5
SHA512 9001cb17e1406753e715c627c9978c003f270dbef218441fe400e226145ea8bfc6409a2b4f78e27eb3042c0742a4a0d0f8f50842808eda3b691b6cc25a08d253

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\122.0.2365.92\MicrosoftEdge_X64_122.0.2365.92.exe

MD5 3ed31cd2213e8414a740bcf86538876d
SHA1 68ee93ea74d14e231109037040f21c509c476385
SHA256 3f733e99d2628dd2075fcc5d7f116201f9fe150cabade09fba4f4ccba68d1408
SHA512 c88f634ca118121b3941f8087cee24a02d607d4721734edecb8efc8e557aecd0d5f58b98f667479a60c885ab370b5a4c5555b928aaf56a4d6452cad128bf9ceb

C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

MD5 9ab0a2b0ae18656581b3b38e0f4e0b36
SHA1 e90c3cefaf5ee00350bdc68d35cc54a9ed808f1e
SHA256 8785f06e0bc62b979925ad522b05bdc82632296780d18d25e4f2eceea7acb132
SHA512 7cb1a6afcdfc959188ccfd7facaf6379453a4085799ff3b8cd26374402262f6ab4db4136ad8ebe2f520493d49af36de47351544a0e3f6b1604d4f20d01f4b535

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d8e9c443f862638a6b6816a3b32a1347
SHA1 4b9d016f5e7167f87d7a896f1eb0f6739cb9b595
SHA256 4e4193f765a1592472ca41c5a61ddab4872640600d49e95600896656a6e93de6
SHA512 01a2dfdd413e6d4ec7aee407b89819c67fa4440382055ef1b969c91e6d3faa6ccbdd1751326be9eaeb3cae6ce814313e9f468d0bcf6b6fe17fa75cd1c2430fdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ed2efb2a50bcc73c069b85c89a90da55
SHA1 189f94da9de0ae71e7f6a86f3dabf2d7bbe0bd22
SHA256 08807e756bbf66499d527a776bc1fbb4b8ec6e114ba7d365ec849f89d02c9f90
SHA512 aa6714697fe131c4a154c6d6477ee8d0fff19b28ac60148bbe01ad3154e8d02580dbdc8c63d9a4055f0e1a9d399140c1cda747af7ec3d7c65119b5c201f6050d

C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.92\Installer\setup.exe

MD5 6bcf9f5891e3fd62b47356c96c2ac5f4
SHA1 ed2a20383f4f780622cfd39372998eaaf155a657
SHA256 0e40fbaf357a70f356b8bded16c55683a2f2a3d2bb151217e77163d18ec4553f
SHA512 35ccbe340918d2f8457b35773545d2d075dac2c917b2cc6d93eed0f5be4ea7a854a5702fe5ee7632fe080cca3b11404718b3510d4d3e0b7d4ea8afa3a69572e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 47f604f72f9eadf2697912685c8191b3
SHA1 2949ced54c33925001f27b6060e1775201a0fc1c
SHA256 77a64f673fd3b8b99e0f20ef9b3c4bf29134d3b54fc8a82b531b1e2d0289df8d
SHA512 a3cf0e90c1c737e0bad39cc3d2a1ec0acf14467631736e2b4253d386fd1981b4a0832bfd28c4bbbf9a407cc3acc4db748ba64b6628d9aa6b1634f87f34aa40b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b6bbb9c05eeedd1c4a2b5ef51ad2f511
SHA1 64f6259e834c8618b958a0b43ae28db9f9bccdc0
SHA256 34435db46e3e611e05166b209003b7910dee6800939f1f88445fb4b9d8f709a0
SHA512 e2bbb053bb5f6107895eacdbe3a4f411c69c6cf584b0b511b16577503db64d9f3ba4f4c7dff3b0afc2024ac8101ff8024a29486769d2612f82cb381c0bf2fbe4

C:\Users\Admin\Downloads\ZoomInstallerFull.exe

MD5 9dfe5072e60fcf8e2c8ee016a4255002
SHA1 949bd2af799e7a16bcca7718f6960d743e3b2395
SHA256 7e7a8495a67caad160d2554fbd9061568e40e282b81b486c6914a695e29316f7
SHA512 0ace2b0ba37dadb72537a11bc1b1aae6f6ce4482f5a4a3afbf34a17082ca4468a3f87db5bc6a867cc4cf78bd668cd984a0c2fddc8b05cca5d3e5b72f89ab4b5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f90765fb28604a9a07fbc345d2fabf81
SHA1 0566b6baab93b561975dcd704298407f12bf3e3f
SHA256 29ae3a169903609b0d6f17c789b5df9f8b3f01b32387c193b9456c8a106f41db
SHA512 7c904aafc3e068951847723f4931dfe9a6655dba2d4a6bea6f04a8f34a786b394fe703a8d97b41c6c9addf8c280881ef723baa3df40b87a4b058982333e7e43a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7206349decf8212db585ccd99b7fed59
SHA1 6cf9c163167e4a3bdec7f2025945c6c4f1a12262
SHA256 b7b576bcbdc30b203c80af6eaa0418ecdd5147733939f4bd13dcd1a1774b9559
SHA512 0a5e035f89483dae9bfa3092661833da279b408315c030ca1ab9ae22ec394d16084f6b5728c2fc88241d2e617667fa787982806c222d277fd10076acd5b63019

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 4f5a6c7c967353a2e56b9dfa5f82cad3
SHA1 e513eb898de21252c3943915197ee050e3ea8ea3
SHA256 115e39f2d4a392f13b989bda827d5a4577af7ac19270ca0152dc7fde96a08640
SHA512 4dae2a61eff8f2849c9b1874d592abf4c342deb5a8d6d0975717a27369bd6b1eb77ec0a1c13355ee2d7b4ee02632475615ec20afd7b24c355a58df6c4a6b0036

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 587744540db63c3f8d3c7de3513f97f6
SHA1 3ee81e5f7adc980946eb5b931138aac9936a2b5f
SHA256 ac85ced74618ec7f062124653d493212c447164fd003758fe15c39c16a49f4f0
SHA512 4dd891d2fdbbf738a5e8d59d28e5881944ed98a14cc135f415a88934cbd8dd982852301c1ce595074f997fe51f362a17a8ee1b6c57d2d17893db471bae8589c6

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\msaalib.dll

MD5 0490770f1abbf33c93f50634a677f185
SHA1 978449b36d67c9dd976c3895fe8addfc5e93dc50
SHA256 98d70c59068c3aad14d0b6112c304e844cfe0a5b25cfb7a314dced335f7572af
SHA512 334381c8a62e0d9bf6831f1eede56a06de5cb06c1624600031a6fea9b970f33e682f04e1d5b511ff29ec161afc03cd09d8747fcc5cabb33a7e2fe5ab14158045

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CmmBrowserEngine.dll

MD5 64fff6d2b2b0590d8d6f464f539d09f2
SHA1 3695fffc1c3ec2132036b0872e46ccc02e837779
SHA256 09104f926d8b4a59b7663281d1d58462e7cd96c7ef3d8ed1c3b4d12d989f0ff0
SHA512 72d2e1fa8264818d50cd4261e826da43e3e95ca7a64769e5ce5df972798b39c9e9ed824ac0d295db9025a21d65433b8382d147061c0874cfc3f9d61db8a3b5d7

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Cmmlib.dll

MD5 177c868aa40743f785890e724161755f
SHA1 a7345d559b0a776d2ce91105c60e11b190a0dab7
SHA256 66546450f5257a85293d738056343b92fe58e4cb5609a96f0ef3dc7e0f0f7b8c
SHA512 33c1da459431c7d4ce52826adb4cb3cdfc3f485e228db67e07c89c2e87ee4952b80d30f521130282daeed3ed68ec794d96b23566a4a1dbe60ec2172a5b66fce1

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zUnifyWebView.dll

MD5 e37265b8e514e15c8156c3cfe250bbc9
SHA1 007bf52f0128513f538231c42e93f1f2602dda94
SHA256 e1bc86468fcde54d84fe0aa6b9b93c216086e74924ea8af31700d5d860be016f
SHA512 3c284e000993b16f904a91ea44f70d2e5509a492b783ba2a42fbdd5cc37f50110d6a956f0a7bdbcf997a69c33bb9810d64721db6f4259b1b5f3fbec604f98770

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptShare.dll

MD5 24e3e153c2c5630bdec57184b69618c3
SHA1 fc43532aa4e186bd663b88a855b6023badbf0970
SHA256 f97d32c399b9dd1583a9605c0549ea33f0c32eae10a3bcf41d97916d4cdff601
SHA512 ba45c581aa808c13cc593b7322c3d061c55d1e01f409a23d00ab24f9695999646c61463b86a7d02431c04647d7898e59dbe6fbcbb8e5436fb3dfb883c8055506

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptHost.exe

MD5 aaed43624e7a0654925eb355375f4167
SHA1 b6963b430eb52d618ff57cd93ffe1e1d940ce64f
SHA256 360f52161c4f1bcef6f5514d56e22ca35a1de2aca44bc0f290e27db6ba8bc5fd
SHA512 c7f95fcfd0d0fb35fd342f7b478c3517e482099c17bb8fbf1c7c2627ce23de8ea3ec942fab1589c83301d02355673b21c4987348095b9d773555d2b2bf5a8041

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mcm.dll

MD5 9b684c23a7e8b03186e8fc697ae8df8e
SHA1 5bbcd41418d56efa22ba14f0e1937e9407d7b176
SHA256 c872d29f9e5e26aeaaebfab2b2ed1c1c43f77bf85b25df57e67217c4aff0b797
SHA512 7970fb54c9928d3135555dcffe054f74f8994a0e0bab30a66a1bf050508082c7805933235d0b0e23338c30cc96ad02ac060af1625cb42f1976af93eaa9e0c994

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libcrypto-3-zm.dll

MD5 8beeb4c5aedd9e3dbe1fa51ee4fbd59a
SHA1 57c2a8ab69779d8c23bb889cc28608f6788932b1
SHA256 de147160bc747fa90f4da016b2a463a3ce926ba075fdf1df9052d90ae577cd82
SHA512 5596b28a6a93fb53d1a25f33379b95b4d8ce16527ebc1cd44b4c620f8e3f7066da0093804e1e32f00e5e9515ef39b2162cf85ce8f24e0638c71bc3eda30bc8fa

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ring.pcm

MD5 15f886cbaee088418b6ffcc29115c64d
SHA1 9147beae4e9138ba609f67e75f9cbea7651ca307
SHA256 29792a0893ed2457c3872c4418bdd71f5e6c1b8e5894c2c921f8a8f8d797d4dc
SHA512 e5228897cffb5e05a7a66471c52089ddb682d544ac3b4ac312804883a2d335b60edb6236286dbfb6934ed12715709f8ffa09dc7014844acb89bb1b0e205a2daa

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\nydus.dll

MD5 177902fb266f622b90bde4a7032bbad9
SHA1 cb218888048180b6f84f4818419b15c6ccfca972
SHA256 81827fcdf8551f78b07806440a33f0d6c4a5c71e39ab83f6feed653bb8fcd521
SHA512 2e260ed089d7aef38a96580cae1716cfa8204063ce3caea8cd219a1affd4430fd85a01edcde132fdbf5108bb9108d373121913df6c614dc6d2051fbefee90dc1

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\crashrpt_lang.ini

MD5 fcf61aed8f093bfcf571cdd8f8162a05
SHA1 8de8177798aae82d5bcc0870c1ca5365f5d9966d
SHA256 1f5b45a5411f7fc71b9da789d6d1ead8ad30551fbea7bbb40fc7ea576d581abb
SHA512 8a5d252d115f868a4e20fce10f9f9ec5f3948f0ad5680d656e0eba1fd167d36889e54c6e59bcde756945f93685401b825ba9dd7243d907d74b58a1d826609d72

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\wr_ding.pcm

MD5 c9318cc2306bf6b1ee74a5987a8d371a
SHA1 f482d3de9e8dd7c04344fab37d067a08233b64dd
SHA256 58cbaef9b7177a4e4427ceb303b852463964a5ac4e979055021eed1901ff164c
SHA512 04ccca6ed6c13872e8d967a9eceb7b485c5f0f7442259395773a1ef168fcf317e60e22ad2840579e4d8b849d1606190cf5dca0e00c2f88cd1891b8206e9a5ec6

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\record_stop.pcm

MD5 0001fecb6b6e044d221fbc6a7e22e313
SHA1 c73a6506c92d9a1188aaa793afbfc1951cd5340a
SHA256 8cd8b4d3e8447d82dd045c7a3a8f175b97376c3db5895506cab0af6a0075226f
SHA512 1588169348727306e9c4ab444a7857924bcb88e4dca2be8e3526a2227cf117702c47431325df1c83f71da34bb35c28d1589eb3f59cffddbb3dbbe1d00d8d76de

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\record_start.pcm

MD5 ab8a5f2981e225d3edaacb520083835a
SHA1 c60c383fdb6850cb5013065576de87610270fba7
SHA256 193c4ffea3de04802e97e9e62fcd8533d8ca53e7306ba113a2234959b5262eb4
SHA512 4381f709c5e9d0172027fd2fe65ce37b0444087d3e9d7864cd54651cdae6e8429653c02ebb7a55a5de194ccf0d674f376961b012b088e131a11b7352f1ba69dd

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\dingdong1.pcm

MD5 8fe86d9e8aa5c709bb0563243172e580
SHA1 c22bb02d82516a66f8473dbb4209bf22bb60fa14
SHA256 2fbbb9ae6a463b360e1459bee558dafa8d864db2423f0fe4d2c56d22c3f3a5a2
SHA512 6c47e964421ebab2c0c6199b97fb9c61b0a228fc654abf2e4d2bbaeec9640be2a5acca92474dfdd0b43facc71c60a9c9ba727d300cadb6128ef1f3dcd9a6c10f

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\dingdong.pcm

MD5 54511224e61e71d2915ff67e57dcb268
SHA1 ba45f16f12d2e29480952367c0c6bd34fcd16827
SHA256 7aadf0e317831d287b51e41992b43f0f381ae48a312cb77a426eeb3b6129d6d7
SHA512 46b4ea771328a25c6384d5cdff7643ced94dd446830b165f80fb69df2dd2754062dca0636604602a7ebad4ce29b3f8ef62a81f59cf5502bfc78468c8c67a41ff

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libssl-3-zm.dll

MD5 848db1573dbfde1662ccf2bde50d1b26
SHA1 d7239b66af71c7c9c3cbcc3172538b8b7ac26f66
SHA256 c4482d9be22e09f6e746b87f09c908add4a20bd4fad8edb37a319cd60b01b76f
SHA512 f9573751b02af824fead4c8663353a104d2e6a92ec8d38368fa6aba5782697df88dd0fc45bfa2048eb2b8be839cab3fe4770189b37cc322a613929ff4a6dfa4f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ssb_sdk.dll

MD5 05e1538d9f9370a9c0dba1c5cd9624d3
SHA1 8b59df8d4666d8f58a7863db11fa7b2d22fca372
SHA256 d92840b012114b88b747a2ab7d4531150496d3b772435d18094f2b54ee69130c
SHA512 e4bc5547495df0fbc3a60a60580759a0cbfa451c31a19ea8ecf6ca21ff499f15415cb64a44f67e4f3beb140ed852be34c271854e06369819e1f9df47dd25ca7b

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\tp.dll

MD5 515d8aa383c340880b8c268c52932450
SHA1 dad03157052445442bcd3e372a136e4dc33d47ca
SHA256 bf3e3d3781110f5fba74b9742e9e6266063d06b4aefa3a87efc5f8faf5b69a22
SHA512 0679118edd54b012e317dfa4223dffea28e9d4f2e21a8dfbfe443e3e8b5bab4fae0eb72b9ca7e6217386c5d5c225dd0468607dc64431ed9304b1924e1f082ad5

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\util.dll

MD5 109710865dc96fba5c56e2a5b112530c
SHA1 6c066b160e73b124109c65ed69f8d4c5c5cfb52f
SHA256 93b9b74196bcd6ba9ecf68ebd6fcc1288c55d3e6fe63dd146469f3199c9322e0
SHA512 dd7e3e6f5557fb8f5b01b89c3dcf94d8cd561c5ca48faca07dd8abe5d0e00698ef4e4a3f518af09d88400b8df93387c7afcc4ed2388502596566cad3ecb23234

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\turbojpeg.dll

MD5 f4e7d81f896b3f3a646867467ae7d771
SHA1 db258f57371b79b38ac52a01ec34af34b16aa876
SHA256 68dd8c407b895b55f0ba439091f97713c773e0d9cc05a95f7b95c8f011fa1e0f
SHA512 2e352962ee0cd86c76b2e230a9f28dfe9725ae4c27756f4364100720527246850f8810f3dffa3b1c550a8a163ba7e7ee34254c326881104e89e9b89ff525851a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\viper.dll

MD5 40978bfed34846b8d732ff0b3f7f4255
SHA1 57824dc1f818e62b21b5c34da6a506f723794baa
SHA256 fa13a001ca89d85d8328c4cc57889ca47033c0b3ce307b77f6526a3590315341
SHA512 2c86d770485c1befc069941f9e2a849a7a24d7a99bc43e772aef0527d6d412087e9870d01b4c7672ca3b346d98695e26e4637b7a5c35424ba7f61e60447f0f89

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPTApp.dll

MD5 8347dbf72c048618f7c9c23c77716400
SHA1 0fae0dc6a3ab5fadb453dd890473f7724349a510
SHA256 74d882b8ab86eb1eb07db8f830191620bb475d2e2ecc6bf4ed221cd9c533fb0f
SHA512 337e9e68053b2ce6374369f9fcdd8f98f61999660a606fa0e0386ff7f9acebdf411dcdc242f2dd500e8e42fba26b248183ba12cea06dd19f05da5a693dcff682

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zChatApp.dll

MD5 eaa55ae5e00df1674aead13f15556cbe
SHA1 b255f2551c0305eeda700d25d619e41b3122b704
SHA256 e4af42d588b4e575f6c992c20622a3bd336d502c39923f6e3e9c48ef80078eab
SHA512 30dab63c5efbfa5fd689e10ae9510ca4f1c2197eb8615801a296b993576e9ef1fea85050408450028e1bf7067b1b41217abe99c65d277dbc9c882872964d5d29

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zAutoUpdate.dll

MD5 e1d93c01fc18e4622796fe23d2ad6d1c
SHA1 551f54313324a0ae48f14a7a7743220357213771
SHA256 c4818cc8ce472ccb285bd592f794e09fa49f6aa2dcd667755b36a18f759c4990
SHA512 a3b05a8d9d4fc6f20103e9a7d92fb6a34e649dde19f660db45c346ee3004d552d4758ca35482715c87a565bc3857a894735bfccc38443ea50a7b1c5a9349fd00

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCommonChat.dll

MD5 081b52202ff8f1d422ced1732a0c53ac
SHA1 0c6d230d615728b5f297de59f9f34927bc389e5a
SHA256 05a532ebbdcd7b153798c4c3c34ce6eca21a3c3d4db777e1fca0d993c37712e0
SHA512 367183b7d77d741833c8148b7e65d80a92ebf7592a7761df3d53520c4d54294551209dac223a5fde16b89acb88978655679188370b6b61dc52871eb5836bbf9f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMsgAppCommon.dll

MD5 3f61ac600dd7c8bfa06fb9ddcaa108d0
SHA1 a0fa2489ce556b781f315808b6d1b71e948b91de
SHA256 f6e90464a9117d2110d9aabfc1db032eaf892935c1d190e25ca86540d2f6d777
SHA512 6662c5143222d93a0f4a570e6a340d27028b87a047f687ee369d64467cee31990a45f13ff88af55a050bb0315e9bcc339a216a16263121e3c85bbf7a4d0de6dc

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMsgApp.dll

MD5 f9b67f1ea7a268fb094e9a479b186d69
SHA1 ebeb7098ad1f4c14b07869ff5c9eb7901620874d
SHA256 6a15e781855ddd1e27a6d1a007bb24558b92dc0267f1cb476cdf71a0734e1f93
SHA512 f0fa0a6af4558810f28962790b0fa940c6982b174e41f65be6e134932f0a1e2793e24a014b697a13bed1336d3f663cc0200d4ef830cba9d4f7b28ae6a7bf440c

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zChatUI.dll

MD5 c4649c717d4afe28937842fe34da8eaf
SHA1 132b9b1965523cd296b9d9637e294ce5675d0af2
SHA256 f556b09aa1d3aca05d799ce8c9973ad8cdd767e1d45fd1d97d3c122f52ed300e
SHA512 ee59485701f8a2484c77c8134743a63d0155155c31375368fa5d4875107d65ee2c3870fb21dce8f39a810e436828e401576f004c89481dc818e6ed1c5299f67a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zChatHuddleViewRes.dll

MD5 2289cdc61719783b7843693b43816f2f
SHA1 1d177ed3e44456c62e20ad61181d0ebbc4c18139
SHA256 95098071480108163e1881a3be21744febb5ca57a99b5d79dc329d8f140e8121
SHA512 4f61cea60aa00e653d99b25abf29a15176a1f1d1887fc1f5d294a2df6c6286feccdf83b136224862562df7a1bb600dc0feda738d8849fac77a703304b2fcf89f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Lexilla.dll

MD5 23ff5dec30f6b4cea75d4dd2af50137b
SHA1 9bc543f399af0e23ae68320ab98ef416013b4a71
SHA256 d40cc629c7a20b83ff9fcab0b48261477df8d50abf6f4c1bade3e6ff52edfc62
SHA512 73fb2f58e318fd0773f4254f5ed6a20dfd3a00bf98369717ff176b2dc3a85c9768abe9013e44d793f652679059ba4c389456023de703379c09890615d250cbf9

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Embedded.properties

MD5 37b8c96e4f6d88f5c8e6ced0bd3e4bf0
SHA1 0af5ba0ac6d7c87549ee8e5376173bea95132915
SHA256 225c60517dbaf5b173439dc448cdad63a2348c9bfb09398d86e38826214c135f
SHA512 6230227a64d233d1ab6c72d55deed2429a58fafabe8463c305a1942382384640a71dd6a065e508e393be98351e577da46813c9e7d9111980a78d9a91125f96a8

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCrashReport64.dll

MD5 583dbbfffb3bfd7f530ba75c155807bb
SHA1 a9ad5871dda1dbef8d23af22beb1ce346514c639
SHA256 927737f0fc0f0d2d871aff58b2015c5a0f652c1d34cded7a6531b63363095822
SHA512 ceba667b3f072851e10fb9506e5c2ddf245fbabb02f24ec8e41fee06cb969e2f67e45c798ba57bd0a0b8ecb25062211ef7533307e56730fcd289bcaecc812828

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCrashReport.exe

MD5 9985113db1093f26b3e732f274d41b0a
SHA1 a4cb56f3030cdf0f0f3cd606fc07829d6146e16a
SHA256 58b3a0b90e1a705309e6e90c8bc1fdb6309e24700f19d76e0a8a8049189fa874
SHA512 49ad414bb23f9da3e7cdb07d265c4041883f51a33fca957b7ee45991da0b2a12f3d5c0c5b4046daa350fe25dc4aa271af73272be7f50018daf58a4993f97060f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\scintilla.dll

MD5 2ff4c654442004f6c3d3448fe12c92c0
SHA1 98f9f2701831ff063578bcf0b8b21fc67b095cbb
SHA256 a7e0f8d597eb608ebe871ced5e755a5054235dbf7febae0016b91ccd644c2bdd
SHA512 aad5d838e741aae3d473d81c03f912a3e2bda7088762e65763b450eb0f54f31cf94a3bc15924d02d91cd24c336a70703a9bbdddea4b17d4c040ba92456213513

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCrashReport64.exe

MD5 347b53c0fc00e54e5e91a2ca0febd65e
SHA1 7a27a858dc29e4850eaa5af8157f4e46b1f5175e
SHA256 db626ab4c47e5b0a5d2cf88d8f323e31d11de4262ce904a7058d9b1454786629
SHA512 c150601e79479cf37a8dc0b4f1b24a13d0c4b1da6b3afc17b2db5758e15d7b88e99e8eda7d096a65acd9dfada36ac0a4959b4c4005dfa49c01e694e9fb076aeb

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zData.dll

MD5 0be183d6ce23f1290b52476fa8f38f3e
SHA1 c5ce5b772e910442e38e0e3f9bac6044c971593d
SHA256 6cc61067d91a777fa324a2755dbbca29b10abf8ced8060c450e4b9345fd57519
SHA512 22382cf05061439e7038c2bedf83bed99757e8e0b908303bf1ae962aefa9a57da88147fa23dc1ba3bef34ac759f32f5798616d475135bbb5ed1ca7e585be0fdd

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWinRes.dll

MD5 3eb559d6c4d4dc724772cd16ee51c3cd
SHA1 82b20e59e8c26d9278f4dfea385a76630f0fae39
SHA256 1ae79e7e1a05520b4b944bb354667a625fbca009a4f76de75109bcf699b9d6c3
SHA512 4ecbd37340f3525ff1ab7c7edb2d24e47b54e25f52040bda143bb7cd36c8c40f62016ff35b34da300278955d0b443043aae7469dd482fd59490f4da5363949c6

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zlt.dll

MD5 96fdaf5e6d22f2eb904f02e8a580a2f0
SHA1 61ad73af88ec9876c9d2af714fad3959aaa3dda7
SHA256 3852e82313aafa674937ebe78a89c93327c814d5296fd04cfa3b494a03f34ec7
SHA512 5c308f4e071282c68000aaaa9abbc7c63aa1df09d85bc1662eca69122059e9894f583ecfd485d3014438984af204a4371672737389ec8d0649f7a18f5f5ff59a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zmb.dll

MD5 8352c746cc6e498419b3615a4c34180f
SHA1 3dcd6e7eea15fe19ef5a1fc66428c0bb101acc7a
SHA256 96b83c5ca6bd6973e58646dc652f1cfc1dd2ca88d2d6cca8b96c60c93acf3937
SHA512 e2a593a0a7dc704f259de05b43667ab89446699d8a9a21ffa236c6aa758e7952d77f43d0a92bd1f5dd44f76a18efad8f6fc97d5d2b8d423f55142553e73bfea6

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zoom.exe

MD5 96fb95b78e6d809553d96ac38e0a2584
SHA1 594e4b9db3e23525af5e4e31270aa79a9bc5e1ae
SHA256 6944945e8bef473c3501d41a7e66fa2bb07f67c50faa0c25782c6a95fed77a52
SHA512 1f5bb526904dc47566ef5ba4611bffeb80953752f314ed23b432efc71a8ce89e1b9c5be9af7ee9f321777a2078de32f4ab2a8204a4611242ede0c8c86306adb2

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomInstall.xml

MD5 c2441be6cb80024554d38fafe85e2c6f
SHA1 b0cb726375286fb2a2350b6ce8f375aed871c9fb
SHA256 433f642079fc949151b258672b3bbf3851d158639a996629b4e21cf367007570
SHA512 5728cb00d02634b6577100c4f8b2bdf7b5fb0e88ee2c338489f0ce1776bd745e883f7eea05c34c496eb4ef7d1ced023b93e52551e3d1492329e6dcd200ffdccf

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zTscoder.exe

MD5 4aa18af3eafa624314d75c0472c8ce7d
SHA1 1c89df0d8bb9ee150f4afd9743ce9d43d526dcc9
SHA256 1f9bab7d19228399129314aec80140c945928ef79890ea051116791aba96d536
SHA512 8f5393288b98682917326175da97a58c1fcd017d17d2156c5569f0ddea565a1a36dcfa7481deef0ec8e5a2d9f9fa643e4498f59c113ad0fedab54e6892009381

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zoom_launcher.exe

MD5 0281c907d395862bd0bd7aa9085cb87b
SHA1 c7e6ec90c436ab0a7aac0e9487c1e43d0c89c8eb
SHA256 81169d1b2c1d99614264e8a16e74c9fdb15c5cf16c0773cefca8a36e17ced39f
SHA512 69631f23871046ed5163f4ce2212a31a1c40e1dfc7faf87b500bc23be30cce01908056de24a10fb8a86c8385abe244439207d5572b63c0b24a8a7edbeed941c4

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zVideoApp.dll

MD5 e5c434bb596738ea2a338db9ba4006d8
SHA1 c78f11f732ad690774baa62f04bcb5a9395c95e2
SHA256 48898bda2ceaa4dc99478dcad7c7a3767575792d6da4e3a679de988f9805849f
SHA512 8ecf7395bd778a8dd8c1ba55b6eb1eedcb0bf7f267c137b35fd9f9aac597f5abfdedb45f25f23a23ca8993370944b6548813efed760b1c70140bab14dbaa4982

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zVideoUI.dll

MD5 3d8cf7868b67cba36534cfe9937cb426
SHA1 30c68486b72582cf2ab253ed0b10cc3533ad1323
SHA256 eae15a66f7a29feb3104c302805a9ae3531abdf57983501bdd6295a3eaed6886
SHA512 1ba8a2b4ce548c60b70225a04c976423546caf625a5e99c2f58ac73906e7c714a10243ec92ffbbf9be794da92bc9e9b953a7e6c2e15a24563771fdf02f438a3e

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWebService.dll

MD5 5fbc36705a9f87683b782f1d91b7bfb6
SHA1 bb01e8665890bb80ddde5ad754f23567e8ac3e51
SHA256 156eb34c69ad39d283d6cba4c21ded495bc7976e573438c9597505c3e6908b05
SHA512 5b7135db8f2dc371417b2d6246a4a17f8225b5c7ff15ccaf0da8997e3c50f96d31f7963dd6c4ce01f9f7073f91241a8235f3471affe3806482aa22779af16578

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\cares.dll

MD5 df2440b425e2959d3a82b2ca308640e5
SHA1 8d84d7215ad40bdfff49a742ef3a9dc2775a989b
SHA256 83b8e187b4b538f7416238f4ba453721f8c75d9cc4a450461b86414f883b013f
SHA512 5536225e65f4e99e509dae94a64277cc76f21e8a63b1db3a51024f6c0b65c891b3d01436929579e8afcdabe62d419c342d28e3d905d587d45663ac93cee5023c

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWBUI.dll

MD5 49450b7896ff5498582d41c2696c14c8
SHA1 9eb5999b3646be19013e515d6d037c63f55c4b26
SHA256 81626bd9073ebb0dc970a36d138c9e50c82cd30388d276ec53b444da1397c8aa
SHA512 d62b66dbdbd15ee12aedfa62fcc059fa94065e539e8b95eea6c8cabfc4ddcb75d5f38ce81d44d1069270be4ceb5a6fcdc6dfbbfe73a557e1d4ad04137e66cfe6

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWBUIRes.dll

MD5 e22336e8a5ae1d2af9b65a3c3232193e
SHA1 ec1e34285e1ef1f79bc750ee59d9491daf8aa14d
SHA256 7c623c31ad3b27733e1a73b45ab85ce2e0707c814cf2df6e9e0af88ad609e9ea
SHA512 14838ef71a66492515eb637b995c179ca3a6a9daeaaf9017b267fe15ee0edc9ad95db61336c41ee598a306a6105e7e93b10b0148065981156b74f1948d44a13e

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\annoter.dll

MD5 96bf6849f75704d864b146907739665d
SHA1 f272792142f2ba5c16fb09c5e68040e4e9fb0ae1
SHA256 387031a85ddcbb2747e93c9917f92d5ff2c58e2b56a0a5cb3c68457eeb128350
SHA512 d07ec439806bed150e0580d522e24d23497c4d1d4e9358a9dc7f7c06c124434f52a1cac0ec6a5d5285d17858efcfaa52450e87692a73e94233a0382d53a2feb4

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zNetUtils.dll

MD5 b24526a3d888c4bb858abc329a5a0da5
SHA1 cb050b9962213d361aadf1bf79333955f99be929
SHA256 d9c2cd04ada98157926faebaf9cf610e26d7d641af99338a4a82278e6de936bd
SHA512 e00647145bb85b05fc3525f53e835c150d971c6886ba901ca14b56e698758ba4a1253880b44bf786d6741737f28971d78397c416b3243f521253e4e883530936

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\reslib.dll

MD5 124af727fe25819ce13365c3e665b637
SHA1 a8466588ffce5e52d4b8bae510f9924ed50b5754
SHA256 7d6117557ac0b1857ebedb05794935434b301880d2a58aaa591990e5bf74c489
SHA512 7663e34b4efdd0fe454dc98e9d2c6cdbbe1b4ad4dd33b4c2600d23f1c8ce3291792b5a012d3dc012cfc9d15b6923713e6232941e5f47b3941b05cb7a23e6fad5

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\clap-medium.pcm

MD5 aa93ab138ec89cf7cfb8b4b0ea8990a6
SHA1 d13b139d666c76cb12e1c0280c1343770adc8aac
SHA256 d754fc9d9378772b7a17a53e6598c9cfe4a0f3ec492f0ed30241020562f58509
SHA512 f91c59cf1b1645b24997a1201bddb52953c0904f855b78add275d71401e4f9e6bcef59fe1d7205e222470689dacf2d55ae752cc2be66bbee5258db284b42e6c6

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\clap-high.pcm

MD5 c32f95839557340b4b4197a68847ca1d
SHA1 0feed637c4766b9b30ab6732259670f8c12c5538
SHA256 0a16435cb3f7b8b1787476575ad646361e6fb4c07587df874940413de004dd08
SHA512 f5f0dd4a313ff6686bed5090aaa64885d319b8fba51fb2722b764668b26f06ce95164444652661b027e35f3c6928d3919422e4816bbb81bbd0f7914869004700

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZRCSdk.dll

MD5 42761e198fd9919b330513c90d739fce
SHA1 42ef99e39394563e4579521a144d430f40186c47
SHA256 f19108edc03fda8d35460560d13f937849d68b736d1af3f741a742e412b19950
SHA512 89e6892e51c0d8b2337db44f53edf26ecb7a0b71eff87b18b635e6f1305edf97391815c0e7a5731834689a7146dea5de95a8a548f252df7b10f431ac19e52fc0

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\directui_license.txt

MD5 ab54b14548a4cc76dd7c27414d971111
SHA1 68a3888b33ee1c5d5efb913846867c9a8788cadb
SHA256 6033476be3d1d41166b65984e2be94c87ac98dce55bfec887e932b696e859295
SHA512 cc8c4d90efedf4aeb3ba3b64ebd0e938576867618a334bccf3cb6790338c6a1da239393a618f6e6a1186cb363cb514ac9528ada51f0090fe2fc709e5c666d971

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\duilib_license.txt

MD5 7faec2006bb231d14b794a9f31769448
SHA1 c2b5a34fe521502f6fca3031201b47074f30f258
SHA256 7ed2acca31a243ba107d8c12fddecd52462fd326d3d2c73b04d4cf10c76765ff
SHA512 777e0ec5d6b599fb0eabb8180fb6f302012ff12245e3de6a3dc568798cb057858eff18b08dacd28a72250236c4767abc2583670d92a946f684b45cb5144bd7e2

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\DuiLib.dll

MD5 1274710018fbaa016e2334d43d951f78
SHA1 0770890d38728ec9e42f90fd5df7e6ec983240a4
SHA256 e654da045dac94a3aca1eb729857b86901e0f89599b86c11ba255c7a15533aad
SHA512 517028803f1c1d9a968afc50ae388581417fe7020d49264dc948b4cc6ee09998f145ea8eb6d4a7492747145b76ed96a5510ba37095863a424ee691fb84d81982

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\airhost.exe

MD5 15745b0afce1de9923da258d82fd8709
SHA1 77a52aa312e81960c875b567c44579c5825af8c4
SHA256 a1daffe0a8b6ac12976fefbe73abc6e6ee4e172f9081ab787da2aedc49b0719f
SHA512 4d11d38671c5c9881c014bff7174b049f7d05b76e79c4131a734a56a20dec5b2fae17d5ac3d29499a6501c9848c7ae2a3ed838c32c02c8f6a5f2170c2d3896a0

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\avcodec_zm-59.dll

MD5 14dcb67e668d18509c335017841f21fa
SHA1 d952cd3a0184a3e5c28d81f26650b05bbc55f567
SHA256 1ba1a3d45a334ea5ad698f50700f00189404143a02b62160bef2996cb34af281
SHA512 5b539331b753fd1b896e0a75a89f897374b2a6ae03916cc137c0c477777f73578dc9a7b2dc3745fd026741b1a0b2faa462c78c7b282326dc2ae9988f2ae1ba18

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\swresample_zm-4.dll

MD5 68f74f1cb5a77a57c1568f137dc5833d
SHA1 8ce32df83d8e22646a1aa1a4b6df3de58f4bd8bb
SHA256 a66712e8ce2f341bfccae9adb31276d1669b58cea5ef87f0b397688127419244
SHA512 0e43c5d198616f109b87ef43d3fe11734b867a11277cafe65e806e1f8b20dd08c3db999c87c1d5f40caabc72bf9814cf54752ffc1a4fc4574373327ab058de42

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\XmppDll.dll

MD5 b51c46b71520b1accbb6302007a8a66c
SHA1 432b23521c9d7e60876f13260652a6355061a3ce
SHA256 a118355ccccfcb5b895b577f3cf837523cdd60801df173ec307aa235b342ebd8
SHA512 40aabcfcdb03089e1a77a99dd769ecd61292af30fecc87b0176cfa9d39e9f930190549ca2897993d19a1091f326368cf1df4e2218f69beea7a71e47973cc8646

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptInstall.exe

MD5 203297d11ab112a7780be20898df3f2f
SHA1 78eb16adaa7289ee07d59b56f8a358f7f973c733
SHA256 6d31e22495eca2b4c5567963e0195d674e7022c3cbf2e5beb9cc872c45dd2bd2
SHA512 eee04a62b874fd487414d08a54bc9f30a45802982b6e03598eba7c2660a92fc21a49e90d1273599997f53f273b135045d0c1fb9c9a6bd822901a33c654a0cccb

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\leave.pcm

MD5 3fcc19f6a199e97646a0ab32423c9332
SHA1 05613b14d6c7336b24e9779963d245098e73b40c
SHA256 efbd514b0ea241a560f1333cdbb90a9885d5c70c01ed032d11b8a672b1096a04
SHA512 b370ad863badd0d86d982eada1fd98306b686ef1cca4cc522558cbde40257effa96afd7327141beb08d9927a6b190e0047ad7978e87a41bf299f030c1cee121c

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptService.exe

MD5 309b37fbad4fd49ebed6760e21040b81
SHA1 7b57023263e355e31490ed5f1dcb7530780b9c5d
SHA256 bc1581969977a5891e3b2a15aabca7115df73c33150d757b7c4dfa6ffb5fca2e
SHA512 d1fc655a4fbae56d87569e4e4c832ae7fa6dfd119dd12498a49e3fc7050776c7fea170d65dc3c900ce0321ec2317f1beea83cdee74e0c1a2b8788de49f7f95ac

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\asproxy.dll

MD5 5b164bdf80f110d433afc54d19704dc5
SHA1 129f6d37d2a693ad2c1c1e804555091e39462134
SHA256 6e4da1cec9ef0690b6665e12dc844b216c8f85229bcf42015d121d98f25f5a20
SHA512 2aee1c5ce91b3c2967e8b97b9fec3bbecf07d7aee59242bb0714e1588475f9a5f8b37c5b91dcdbb0da12205775497344574743b7a9cb7622cb567e9f87d114c4

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptControl.exe

MD5 606cd4373eb8b155df8776bdb09de39f
SHA1 427c3a211940f0d51809eea4474d6ce8abe11586
SHA256 20b9153d44b0a991a4b8b6d67cfe659270f47d416d9b49ed93219797563c65bb
SHA512 e6e7e07b7d044fa54a58ffc8db8e4bfe0a8c4ab4c584643c557ba2e0ad079663185ee6f5faba0beb4b974cb36752b60c30de662c272b8145f4c679ec46cd6c08

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zSipCallApp.dll

MD5 3621e3d3aade04aeb621aa876eee8ec4
SHA1 42b67210cbd435348fbea8ebd4991f27f8088751
SHA256 2393d78205afc86cc763839c31710cf0f1348b4d7ee71d79c539b6ced5f3a4c3
SHA512 cf57d884806f6f970f5ec08ee4a0d02b283d2e5504491a7d0f7a5786dcd1e67e13dddc4cb307f1e07a4232381fbecb1218d87bdf23bc23160f3aea75abe01299

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zzhost.dll

MD5 6d28addc49a887a843753fc260ad7277
SHA1 31ccf57e7c5e586de1217309b53b91411e969647
SHA256 6a92a597a823cd84749e43849ff629f2f7c26b9d6e09053ddce6ec70c71ff206
SHA512 6938d1686cf87014c499099f8dc5b1ec4ee1b6df0004666f67aef1fd59464d3613da4c75b6762322d6b0074963d8768fa48851e4a3b8d6300167a49b19d2fd64

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mDNSResponder.dll

MD5 1af0e9f9b8cae21b7728c48f40137af3
SHA1 f61efb9098bdbaffeeda46176fc176f3ea2965e5
SHA256 975f3bb62c988acae1ccf1c0ab2ce101b4d971b2ba64fb8a93785b379fee5ccb
SHA512 6a06eadf9acd18a81a8516247ba869657150f77f811a420114ea0eac4715c3eb4f2f9997198d69ebcf51e174e2c890f0ff1cf85bf9e5893abceaa035cc506f8c

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zSipCallCommonBase.dll

MD5 0a318044fcc1e4041b01b880edcc3825
SHA1 efd2b17de1c827713e977856255b9488644b8f90
SHA256 2f1c7106c4dfc3e1014443047b81404894c254ad58f1a5a24feefd14afae905d
SHA512 4f1527fe8c7976b098e36239a4a0892c98119326842846045bce2e56b28e263b0730b1ac916ded7f512381fa109e867f4990236a349af2c362aa329ebb9232ca

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zSipCallCommon.dll

MD5 d24d67de5724be78b39ab882a940f71f
SHA1 674c85feec49d503f60511c39d8ffa6d46073dc0
SHA256 c56989a00fa2d42d039816dd96ff372021a7dd55089a3774bb9bfd401cefc9ab
SHA512 dc01ff51742cc965c62d654e22bea8280e3ceec932b6d2d8df8e36a7ea9a5ad37374c127676e34998fa8211fdcdc6702e0512fa1d1b8747102b3dd07ba5603b7

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mdnsclient.dll

MD5 27eb64151541385725f917f4949b0891
SHA1 8e6b7e8110ffd9d2cc966143247b239f35b99ae4
SHA256 d8d5b5d5755ba941e22b15b817dd4a934de8c83537d78507c9e285833d5e6f4d
SHA512 f7ef73e5fcd4982753340c9724f7fbdf4059279e3c577169720c326fcd0aa608c58e2ac29302eda9da893590a920188292b2ee1f6c05f3dcf7e95d6566f2800d

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zAssistant.dll

MD5 1bae00bb947b61ddac711b63ff9648cd
SHA1 15d592dfd343c7d241c912071fe9eb714fef4d5d
SHA256 5b1a4fe4120f0f0c16217e0a027c39f3c1984e7b8737680b32c6d51cc832ada1
SHA512 bbf13ca756d116dece883cf778ca60b5facaa76811edcfeb7ca785d844b25db7293b55759433c04095d9c20366ca654c5f7f79f785ff9c9d99e359ec9b14e626

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zSipSdk.dll

MD5 cde976504b46e0d999ddcfc271ef9a03
SHA1 41fb78542e1234646da8b3c995a1b344196f30be
SHA256 9b8bada6a35e4e7c33ab25e2068a7317a0abaa01b7651c57b5494cbe312f4804
SHA512 dfc6e9ab40bae25c78633aaff91a8958c6f80685de4c4d053cc0eaa527c83d8538bdad9613f245e95282f8587819709cfd0130aaba3ef06dd6e19ad7306a9920

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\swscale_zm-6.dll

MD5 2bedf9b127681714af88371aeb4bb7ce
SHA1 a059d4152079f33e827178458c9b386ee9fa10c4
SHA256 cbe7b12741a54f2b356847f1baaa62a8aaa6752fbe91e45f9db025b824dfbe94
SHA512 78d95d48a66d386d8359c58cce02d73da3f23c4425dc01adf33fde1b13d20d49aa9aef64512c5f24147dab1ea91e16307ed67058d5749034c1f210802967bbdd

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\avutil_zm-57.dll

MD5 8027461032f153622783aaa9e1c0e975
SHA1 2b3d82a405a2a418bee63d493c1fb1a5c93ab805
SHA256 f6d91719ced9fe63486cff366103be4143b7b5ff791281f9277e80924d8f4558
SHA512 444f05667a90f2615e4f8a4635a03333cba359b6ea0718442fc454fe7c47481dd3843f214ffbfafae052f32924b190eaff0768e19b5630d54bb5817f66cef880

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\avformat_zm-59.dll

MD5 bd7808c993742ee94d9356f9d300f3a5
SHA1 54de26627b6c98a1416e4b04be4412689dcef5f0
SHA256 786a13c0b853c31c88080613fe95748091d2ee2f3b223994df6caf2f62a5aa0d
SHA512 c36c9535c72db0e910db8275a51873d63cc7277d05c32cbde0d1a9c07181437ed8f18e59f2aa2e5d1086788f71cc6c6aecb847470844ce479c92b9d67183f56a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libmpg123.dll

MD5 ef3c8dd6fa0d3884654eb3fc7470f50b
SHA1 853b2c80b77f70cdaa82227f071b6dbbbe2b281e
SHA256 021012b36df81f3785c1e26379675b875a7649de487e8c9a2f8da364b378ea53
SHA512 ce7d67774d40d1d519aaa07dce705ca66d31bfa1096f05cef84169699fbb338ea3c14a2d5e20872aa1b40f1c54a98d69e3bd780252f74fa97957ea716956c969

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\aomagent.dll

MD5 bf5d68e8811e728faa44e5c1a8c7e840
SHA1 d04b41cdc559e6e25daebb5d04337bea6e2ce8d3
SHA256 1469fee8ae08d8462d9741f6910805403a2eb1f124f7d6cfe9d61e631e3bf0ef
SHA512 0e384dd25d5b1a00b42b4c2670fb2e72850a310439d61dd52446c3b89d65903d5def5f0f14ddf6e0c925581e9b79b226825163ac252df05be52776cf2f37e4e2

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\aomhost64.exe

MD5 fe6848d2e07ca85093a82ad5a0c273da
SHA1 62ec3904f3f422e45c21c99935be95e85414039c
SHA256 3fdbc9bd90e61f862278848c07156f5809f4f509ef4f762beb803b92225cb4df
SHA512 75aad78e56b4694c22e58a9adefb41957b193f5b6b02c21b90a1d1eb2bd38c8a09e572c66a679d7fb7ff6bdddcb2ddf98092636305b864aae2ef0325519f6f92

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zSipcallRes.dll

MD5 3f00b60f1136fa9bf7497e68d4472d96
SHA1 42062e9be473d1dd8b0da00dc1aabdac939ec326
SHA256 077762a16a57aa67d42a5b97ca59630014edd8a45e767bba4ec9429c454f060c
SHA512 ba1999e5ba70c9158d8127e3013878c52db04d7f4aa6f60a0a6bef33e7ccf89943264bcda209fffcfb44e035ea47c846967cb427563e7be4734826c8d7519bae

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\nanosvg_LICENSE.txt

MD5 078690812af4ba8567fcc2af2ca1d307
SHA1 f4f94babc436555d2f5992e29aacc47433fbadb4
SHA256 e82bc3dd03400aecabe12201219ba14750dbc4b36faab58663a7a6068548d372
SHA512 f4e1f1092ab90f380a63ed1954023722d265e32f7f3d9b86100fbfa7d6ecd8c584a7dc22b4e3cc4182957136e2d765d0d6a293694b739377c09b076e5fe448fb

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zSipcallUI.dll

MD5 4a155bee6c24acc5407644aad3c2f97f
SHA1 8e39baba791bf69409552b25eb6028647baf1b97
SHA256 c105c8321e2a2e2f5b052b56666f780da2163e1b473ba053640ca501833a8a3f
SHA512 227cc1eef0fba3feaada416e67e717f5b4ae677f65144da767f3b567c213e1d92706fed0e794ddec1256d666d73d94d91834dcdce8ea69e0b883417ddcc84e79

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libcml.dll

MD5 19c1005bc26cf574e053cd5ad6ce1daf
SHA1 a97b537b93e742b55cb9ccdf9613081bc66a2de8
SHA256 7639af585c3ae6b45f778967babeaff114cf1a7857a2ab2917f56316c5eb881d
SHA512 8968e0cb83434cb9ef52562454345bdd51933481dc45276c9d64c77c3e481adac992730e18cba0be44c73f64f3e481f808389672db81a429e1b9ba5dff16c8d4

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\clDNN64.dll

MD5 ccfabf379271db7babb6e9f06832af8d
SHA1 eb6de3e9d7bf849697988835ae763f104ea443f6
SHA256 6e3d27c91eb0fc992ccd56a4f0339a2756dd67b6802292cd0d5f98f1feb90ed7
SHA512 59afe8d90970d32fcfa5b0217d2cdeaeb37258591d882f3896c3626333b2cad21207cacea6b9dd4ba037783690b329a36136d7d2f0c4272b904c4175f02a37d7

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zmp.dll

MD5 658f52e0f8453e915f0e93079f7689fe
SHA1 63864395f553b53fe91e3cdea8904c6c991c72eb
SHA256 b6c4b3c88d61cbbae9a2d9937998265e7f6ff82362d8713fdcc3735c24b9ffe3
SHA512 9001b79ec35e477191f126ee21e2834ed4dd33bc09eed69904a6af17e443efa6a4dfe66f8dd199ccde0761a3ce00ed1de72776d48224e151bc8a1679b4ea465d

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\dvf.dll

MD5 454e9b2c497fac6a90e1fdcffe9ee15e
SHA1 71d0dcd6ff12450507cb9f78ace3bd0f0ca19326
SHA256 3c698fea3a8f2030bb384c585491db8c237c08a47cfef3f1c6bbb8e413226407
SHA512 06d7431576ee900648e737b4e2ddf00afbbb07be282841625586752d0bd844e2aeb24c0bcae50ad2d9f0bb7b577c052b286845927ccafc77a55ccc68db2557f9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mkldnn.dll

MD5 d60986076e055ca58322f04ae5a0d39b
SHA1 bcc8e9d28fd5b5a64a37c326ee5621d4ad8bdf16
SHA256 211f474d279b72d6beb0bb0a0efa275e3813db0d591533818147ab58a165f5b6
SHA512 1fa04aa4fb18617395e21fa0f439d69dbb74efa350d687ba35503099880cd98382a4d6ece740fbbce63129b9f653bd126e1980201626f80241fe70d9e21c06d1

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\d3dcompiler_47.dll

MD5 4706919bd5a3ba3f2b2bef0988b081ad
SHA1 8219cfd2b208952cc83f56bf0e3e0c8a1b9344ce
SHA256 ba29a59b3ab25c4fd2f67a1cb74b6d13a5130f42abd65d38c8f9a4f77781862b
SHA512 5909795a31e5e877bdec7a499f3fc7a875031ab1852cabed9f84e2b9602408334b4cd18640d1e49d90e3d465078ff2e940cada28b508113cebcd1a7a5ca60db2

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\openvino.dll

MD5 8079ac12c22365a97da5102f954ffe6e
SHA1 16ec87cbd48ab54369caa7a1d2bf5e8abeba2513
SHA256 9fe84196b96fa0462af39eedc1ee9c0188e7cb13798a7060c019d0248dc4dd27
SHA512 3a8ef52436b4d8165b3191096849df0ac7bdc8cdc9edc7ef89c5b85fcd9d66ed57334bfdd64a05f8951f5377053a06cb4d720a2965bafbc1c71a91fe27dda11c

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\openvino_c.dll

MD5 e8e6e16219cf0be9352b33865f0ef7ed
SHA1 e7bab1f203ddf41cdd468d86c1689df54f30bf13
SHA256 df1aff0c5274b116f5cef0805e0d6750f85a6b08f19781e20e441c3dc296a250
SHA512 fedd2b30dd6f34ce7f62988d4f1d791c32342e13c8d2e5f81247a10d86a2cae6af00605beee1c440696755e2b0f834301af3bfd1f5154ee038e4f4bf7c125d49

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\openvino_ir_frontend.dll

MD5 55edaeeac32d13b5d469cafabacb52a9
SHA1 2fa3163ec95a5c99409a169e60a9ad08db54592b
SHA256 14de9722e369584061193f815338b8562892d7064e9b90ef33741f7f5edc8583
SHA512 d18816ae807c1e80406585d14f5b0135ee32007472f6f90a71e588e0e1547563720c7a09d726e7d6123c187c092a79e5fd54f2c212f886045f908929d839404f

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\plugins.xml

MD5 7d081fe6f9c94c19987c04d1e6a5c506
SHA1 1485302a3eb6765bfeccc8f2c7d9eb98dd889975
SHA256 0bb8de37ac6d5d12a1d802276df79d9f378d017f54f4a03041a375b7f8d3b584
SHA512 3ee9c6c46a75c508cf3c38885dd7b05e0e9840df95e73b2fd9939a2c705b87ba9ceb45d764a878aac1bec2921cfd7a1f2c94f45ca6193dc4a4f639bccdfa8246

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\openvino_intel_gpu_plugin.dll

MD5 747e2cebc512677d7a756d20b215bbcf
SHA1 b3b96e43a375258829de64cf5375bf09206887bd
SHA256 13a061436b8158d1263c6850c9e3605a7dabe37bb5534261e06edf5736469794
SHA512 fa65bf64de9064565053d29ad877c7a58d76496b040bfd2898409e451b04c93664c983a44f1b42e8b3128d0141e504c3123ea17ac7b7b8f0a09c15918d95055d

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\tbb.dll

MD5 3f08f7f6774063e5a79a49044cba0a70
SHA1 201005d7b03c59825c95f38855815078375f018e
SHA256 b1ee048c8495d25cc2bf84e18c3319e06c788a4e033114e4ecb6958bc5bcbd8b
SHA512 ee78ebd7938ce9f2aafeb09594005e2630f23a691dda2d7cdbd742a3a3ecf07f42abf7d6e0f53b6e997077172e57a9d79a3b7375720f2d7f08efbd1493bbc266

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zUpdater.exe

MD5 a63262911f8f175469d13508dd111eb1
SHA1 b5d07c159fa96d43672aed2a035626cc4795e3a5
SHA256 523cb0ac00e668b1894bf73892f4630d0772ec2966fd225713aaf34600a1dd43
SHA512 1946d8f15e205b9c41bd7a894e38c2318238ce0a7a67dad7313eb22f8ed0c8d44093f75565703a94b96883146ca4d78d838646e856d07e32afa948bf62634238

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Droplet.pcm

MD5 923d4747324854f50ecf69324741c8ca
SHA1 4c19f847fa8fdf55e27b2847bfe09789adfb9e59
SHA256 3568dba00a55d25b736737a48163c13c1348afc5d4022a29ca0d3724d29ffe9f
SHA512 4ae265a89f693304fbeeb661d46d0cd96304083af75b5c245db63a632f40e08ca280a68f20115c6c38f5202801b29084633ffed4da16304689c4379f77693a0d

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomDocConverter.exe

MD5 33d7396e5e6a855945de14ef89644ad2
SHA1 8c4482252ac9d1ce0a5fdf8a2d417e206b7d6b7e
SHA256 96319f39420ad1a965e84488c1528b84dcc6da1e644a13c10def4f58946e712b
SHA512 ffbb91ef113e8fca93aa92ba928bfb731ba098d4c639324040fd2e995ca78dac2583c03dd9bc08fab30c81b01a4950ade10f58cdc002bfe25af9157f0b118717

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\meeting_chat_chime.pcm

MD5 b30a997b4a9df68d8796eef6f457f4aa
SHA1 23890fbc1f66c1061c60b8287659566c69b297d1
SHA256 f2ff5d73ee2a89135094ecb5165b30e351bb24ee4eeee95508f311eecdc9811f
SHA512 8cfc3b13d7c2ffa0438ab12669aef756bac76063cbf317e449e5ba4127c0604bab6fba793866857f4a68806e9ed779c0c521fc46c5ae3aab42de7c72d98613f4

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\meeting_raisehand_chime.pcm

MD5 cd7d41d5204013ce176c99c225016d6d
SHA1 996ea48981e81ecb107cd77fd0d6e35edc4d4214
SHA256 cd9b81d47633fe9aa3f1020d895161de8c31797b365f93dfb22a60d920cc2eb3
SHA512 44afe616a2596abc76cf9f862837b26c00e6214a08b61c6569e7ee07ab4331f4968d718889863cffc74ceed55ff377932432c7191dba4efdb638ea3b96badebc

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomOutlookIMPlugin.exe

MD5 76e917db95df0386cae4fcafd7ddfd30
SHA1 c85a1d1332df3474c8430eb5c0caa57724f83ada
SHA256 c75150a9f8ae13df630111926eddc68795030074922fd1832aa0d031478e8a5d
SHA512 680c36ffd6961dbcefb1e62d8c50ffca9ebca06a39f1a76eec8572f246487f1e59650fb3df424140866f157b29cd29ff2719d67e9fbe9efecdb778d3bef56895

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomOutlookMAPI.exe

MD5 821bbab68f38e22d2065639122dc067b
SHA1 1ab29cd3ff8e015440a3a33e1134e51cd070beee
SHA256 dc64a6bbc4389662680affbc998e08c72be2d4d83fa5cf0fec7a98386195c67f
SHA512 aaf62fa94bee252b8bee8c0519f504f3ea5b88f253e266e98c07e30d39e2b7ade166f8e18950790fc77cf3950b2fc9a4620d52fbe445a013fb9cc17a5101ab4c

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCCIVideo.dll

MD5 0db83023e218a12ccb32d2d36528506e
SHA1 b20ed18405789226a731ad3d6e1611ae8a4d395e
SHA256 ca0ab34fb01e41aafc4b910dc0ea6257450b2f1476b63558e4225e1681ebdcaf
SHA512 3fe72619e892af9370283f5f5ccdaedbe8b69fab1a940880fcad0e886a14ea98db16884317b4b8aa102c03f6762ccd4367b2a8bbb4898f92a53e8336b9585859

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomOutlookMAPI64.exe

MD5 b88a7a3dab9a28489d775764fa497a7c
SHA1 f1d25b776dde9ddd40ea2e833be83ebe5c802721
SHA256 1d8ae72a1abb3a2d5636d946e392ed04143b9758a9a2899f468b02666392baf2
SHA512 d83e74979f9e6a4f86855f77e000f2ecebb3313d286d2409c01fb83cc4cbf7e7b580bb7b44580085bed5ddaee2f00e9a996829d40eb2ce53a7a9e6ef5b6f2a80

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCCIMeeting.dll

MD5 7fd963d449f4f2628da5970d8a57325f
SHA1 51c30ceec22580c688425fd573af8670a6efff96
SHA256 19b4d079a3c47a2eada6deb819095ec017142e78914f006de894ddea17d0b55b
SHA512 e6ba9b79679a18b5a3bd3c2f7cf21e0c73edde710bfbea279096c433b04caed31ce2f7f9d88e2de2c93b3c02389ab3ea7c6f1aac54c30cef0491bdbdc0eec72f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\viperex.dll

MD5 72594c7250c56a130158d814745b07cf
SHA1 1414de05a1dc218d1f39254cfbbee2c6bbde668e
SHA256 b42a70643bfc3b33ba9f7243e3255649bdfc3ee0efcf8717af9695b4849f9785
SHA512 e796bf798a820e0137ab5303b77a2336a7467dfa0197c6f5806ef8f9980d93bdcf105535b420f9514bb83275892a45ecd9a7b8bea6d8b911d7c13f35d6d27ccf

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\sipphone_util.dll

MD5 491be045fd02c86d804240163a1efafd
SHA1 11e915ddac35cd8e74fdccae0ccd13e73857a3a2
SHA256 48527a400304cc5650616edcd3d381e9fc85dc4c0e677d8fb994cda3eaff1642
SHA512 a2090deb246a6a28cceb77ebe69c871d8b14fe91baef98abe1357dbeff0c196d549f742fdecdc1cae43bfe7b08e69eb0cc7896a75bdf66ea7278b37d7ae8b17d

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\LibphoneWrapper.dll

MD5 2f8666c221f71ba87dd316bd40022e32
SHA1 90274e905854c48690f67918477139104879f998
SHA256 8027fd94cb7a444f28449306c112f80ac83569764c9ac6cb446f5992f3972faf
SHA512 9af6ac47bc7afbbf76feead1bb95608e805407efa6b44228b8bccad52cb442e5120affa14d1f6043f9dafc9111e43aa1d9a495fa294ad2c0a1044b6dd0cf7bfd

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\G Step.pcm

MD5 41c9816899c367b3663c50f7d6c698c6
SHA1 c59007efcba1c379bf34cc875a07477648c002de
SHA256 26210fbac5a314609cfd04b77f91a91127695bc1eaa02074c57079cd8acc28e1
SHA512 ff1d7daecd31c5d38239bca5589e7a08f22eefd112f16e7a01278355532f45cb4e0cd983a5e5e72d7d3fe41895c6f813dd7254eee981f7073aa419c23146123b

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\G Arpeggio.pcm

MD5 6771499ee6ba11e659d8ad19981fe97d
SHA1 0f4ba3f4017575737669adcceada47cddb1f92c1
SHA256 7e24bd3ed8f03b5a0c09a6e6364915bddd4bf48bce64b9fa9ff3229e07f3e8a1
SHA512 049861d52bd58e2b45d182358fc0db5986e27390a85cb74d6c7f7b28146bfe679577dca02b3680a10c9a92e56c2ce6d61e1e13987d8cddd00a2772e6de5cc9ab

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\ringtone.xml

MD5 2a098d45a19527f62c29f3a90496240f
SHA1 a2b8c01ff514d443dd5c5634c3591b2655932179
SHA256 81ffa6db5798cc0114512a43c3111a8a73a57fa243d23c758c4c18f0c975a141
SHA512 bf18c491e57a3317192cdd0ba1a5680354a7eac146fe9b75bfbf6a97cb77c72e77db92b96843c9d5a4389931bd1bc891f404adb3a1914cb927719e828538e32a

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\double_beep.pcm

MD5 876e92eaa1e4ad2e72a6e602b4eaa7bc
SHA1 2b2008c1f1f9b18037e4c3a7931cc5315e779904
SHA256 3899566d9a2d7bf12a2122fc59a4279d9018a40aa18c946ae85ca2132a28b61e
SHA512 116db9da873a1dabcc30f5ae938164301c39ff5cdb3a5f7dbe9f1c83ee04dd078df1640cf3f86cac0eef46f5bf917305405401ea55ee23409a1958b47ccfa1c4

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zKBCrypto.dll

MD5 85893b5eece62c80ad860431bda5608b
SHA1 b7703592bb87972271370701b54366165fea9465
SHA256 0d0c8fadbe41424113e3640dc1bd4d265b1d2091b99cc7be9ff2f4007c48adc2
SHA512 9c4d2acc7ef95bc2ff44dff2ce34e5dd05ebb3cf5c8188f15854ea5b376860266428d35c8d071b6f8f4d24a1a3523c8c15bcb2ed8e03ede27909861970ac9b29

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zOutlookIMUtil.dll

MD5 3aa86d25c1077a7f42cef38fc4d85c3c
SHA1 61f4c52a57cfac17dc95e7f20c7de61e14cc4dc0
SHA256 237e135f8d86b6647f1d6415078f78587c355e50b46b34771440bb60baed6bee
SHA512 143c327a4b0ec25430c01e10c32953db358dc13a27a8f39465001720d2ef38628f69906329757597a00c0fb8f4aa33808082561a00851920071f682ae40fcd00

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\Silent.pcm

MD5 de74ff821c5d7f33259db9e85009ff02
SHA1 f9cd04668030703b5304c47bdb5a2e6638b0df89
SHA256 b24b0ec151d68a40d7c89f7eb1d52abce1eb9112041f755f5e092474e5aa638a
SHA512 8d9d3a1106e96ba57cc5d9a5ba2fa7c21ca0a47fbd9e841e5d6e3f61a1029e321b8210098fc26280b62fa6fbacb0b42e23b36129a5b05bee0654128d4660b47b

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zoombase_crypto_shared.dll

MD5 21345e0fa372314bc87cd7b57e494d6e
SHA1 8608f817686ee6b6d752a9424e84dfc9c161b1b9
SHA256 df86750174e13f8b2e38ba80042d41f71dcff4d923e064d75af7ad438145c045
SHA512 92ebcce786d779ac7e76a215fc370f142f3c104f1c5520b07ac1aafd7b4c974165c5ec5b78dfeb3b121f271574771aefe00658b25556a31baf00ef0560393788

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\percussion.pcm

MD5 388728657dd2d77d2257a90b9c935650
SHA1 17c15f9be8b263c52dc165b3395d8d92e72ec313
SHA256 dafa23315ef2893d200a88b65b8f455e788acd616d0634c35385d460f07c6a61
SHA512 5b4b298df61c4bafa4f2b4ffe2193ed331460ed922a17f2abedcd20f6f1b1af8719694299e367af0ba757ec3496d99fc67ff1963e27195ed30a95e5dbe97a2b5

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zAppUISdk.dll

MD5 1875d769c437bab6590d02d22fe1e1fa
SHA1 f908f5409b9e45a8e82a5d63196f0423ec624e2c
SHA256 b86c84167b849b2b05840942de5084cef8545efa1180b406a3186b99ed6bd44a
SHA512 d1c38446fa18266b3a5e707e3934a5816dee373b620838920e0c69f52cbf6777db3e059a3be522395f174ddf87629b5efdbd7a7496d7a73af84faa1d21c36ba0

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zAppUI.dll

MD5 56dedb3bf6a2c18152a0bd4acacfa06b
SHA1 716644fc87080fa9ce033a527e5c4408340400b8
SHA256 e16367b856869ee765b08001b991a519b7b4eea8bf5deb2c229e249a999d76d1
SHA512 dd138cd7e2d54feee4af093c019afec559c8a64845f3934fe7d7000dc814d539fe6d84ba365316f104a0284797e4d59209472156580f4c1e201021c408bd235c

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zAppRes.dll

MD5 6a21b3cee0cd17059eaf42544b103dda
SHA1 ac37744e3e8f89fc1e6285883a18dc0acdc4971f
SHA256 778e92bdb7975dfca98b30c0a1f599ce3443cab574602ceec9efbd462457d96f
SHA512 422fe842ffe3ca92c318a8b58de43175e063a2aba5d272c3d2b7272154413095306da8691e0ed614894e33d4b4ef4e4de54616ccd8cea60919fe3b5041db7fe2

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\viper_async_device.dll

MD5 704695577215f6c0ab07181bd1d0a12f
SHA1 656aa597016a3ca6baf7ea621f5d96e8ebe6925e
SHA256 1cd23d6eeac2b71d12cadd44df3551109a2b5a56085461afa9e649e592113906
SHA512 066c494c178e2070ffb81f9969d9bcec611433ebe8bd05d31cd0f71cbf0b5d2251c11ef5c7e40d6cee6122e90abfbf7d939864283d4eaea1decd8c5a5436b1cd

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zApp.dll

MD5 f1fbaa1bbbbc55ee53ae127e68d39146
SHA1 4de506e22dce79e9b065c12e5185357e97621a87
SHA256 0ab0de726c80e9d8125144dba5cc8da0c1ee231a36d8a35b103f26c143fdcedf
SHA512 cd53fc24c69dd906e9ae3b55fa2431f209acc1d774e5e433746209c55e654674df84cff1f80af9bd80995ec2f90b6b48525fb9ef648b5db5026b37b46bc2fc5a

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\archival.pcm

MD5 2da32e501e9720b40d438ff7352a5573
SHA1 e59fdecd75b2c8cb4b26bb4a2b3c622dca8a2e3b
SHA256 5e7d1491e7d6969eb67646f87ab2dbf0ff1d1cb4f5cf631128a305e2b67d4a1b
SHA512 5da2c201bfd01fc1ef1724acb0f6fddd7be39f83b6fff5c80aef71c96f14d30c694da82b1c41183b2b9ab9ef99d45faa657c4f6a984f87a97aef08d9e824ccee

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mfAdapter.dll

MD5 02b9fc6ce896854cb0f3729891acd0fd
SHA1 e6c523779be3d3e4d197d10e3d1d16b40fdc4f27
SHA256 e7113f276decc9b13c6ed30a1237b8bf36acc1a3fe31c9090f2e611749d8fdb9
SHA512 51d41d7ae5afcb5559e5180c5cc457056071b3304d433645bfba6b79a7382bb656e37d85135e7274baede2629570700a5767c53d9e1d8f5740b9ef560cb14d0d

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\sipphone_audioctrl.dll

MD5 ef63555206004d71a87efaa658bfca23
SHA1 9a071dd9012f79c9b1775e53d28231e1d6b52c96
SHA256 76dc3dc1df4afdd1b81650a3c51b97f10aae395385959fdcbc47ad8d747445e8
SHA512 219d6e8c609579d76ce993ef89ff0b27b9326cff9e4101e3845c1b3e621b4521eb0dcf5ded2f64948e3c22ca12fb560a2f0f567d6b5cf6b99b47c411c3ada3ab

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZZHostIPCSDK.dll

MD5 ea8b7bde19387e7efee0716c0f3318d4
SHA1 4775c1bcdca17075dc1a39061f0f4f3e1493dd7c
SHA256 5f0612c65cc3d3b66383a266a9ac55683e30b7637ecb0bb0523a376490a08584
SHA512 ffd3bd95fcbd7e46d69d003dc5f5b8cccb00628317a2234a4e4455b91e5d2817d180d6ed56aeb2216236768c32ce02136fe140e1ae10b7a452c52030b0069f28

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\Vibraphone.pcm

MD5 e750b985789477ea310fc23485c38b3a
SHA1 34c1c7fe44d97ecaad0e3ca2225039d3025980ce
SHA256 ef3fdbc6e2b647f9d061468672bdde08acff5a59df08f91e7dd3155ed6bb0ed1
SHA512 9769393ce2880558c30164a979d6197908bcee99d6d0643b68e05847b078c2a1b02b29399b949d424d3dc40952b759cf95a7a523575f2d1218f081be02bfd0ca

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\Ukulele.pcm

MD5 f72021d50014ab711c5048de10ef788c
SHA1 fba07f7045add6d1f08e5e4086ef2838d2623f3b
SHA256 41e5e209294da6d146d531e569435e5c2965676a70acf7c5a0a25d902d4c64c0
SHA512 d2989c07dcffaf5d598b9fa037c99e5b4e72026f6f273f319ed6b3ac046c22b8fb14e39eb57e413cc3cae2cf063cc229b524198c1097bd45daf31c6fef8faee4

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\Ukulele G.pcm

MD5 545e0e3c3e15874ff10658fce9c62ecc
SHA1 c74c1d56225e6d756608de57370d41b4b0c14263
SHA256 740f457ee95b637c9588d8f09a6185a8a0acdc69f3214fda1ad7a397bb79f26c
SHA512 904f80176377c101147c76a0c295fe3a7649f5a9d6c3a35cb41e5661b1ccd32912fc6c5385dacb23d04850a5397e897ddc358714314e3519f1e0d7dbce42ea1a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zHuddlesApp.dll

MD5 5e1454b38e6d19bd64692194ce5f41a8
SHA1 89250a10ff30c1b60906746d62cab3b9350cd4ff
SHA256 9e53bd0751a30628b971b33a1f15f078d960c58da64c68bb1ec8f56a71bd3e77
SHA512 de0c4c1d850f0db1a56fc17bdd23e7e281f3840fdf5ededbfff9acdfe65f99892500192b6f9c6d34b6b3c29ed3ac8988c58d4cbe15b3ac3a5498ed072d540535

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCCIUI.dll

MD5 c00d7020e944667914b4161997894916
SHA1 480b8ba165d21092da079b4d1e9bac000831ad16
SHA256 86caed0d31850cd26c5d4338239fb92e5b3d711184fa3c14633e6d998423c8d7
SHA512 f05e2f66c5c10a00db13cae363f1c84111fa04da00ae1d09680a755a829cf1cc62ec94bbd90c8cc82a3c9e4e1b1990ca3d0690ded4c26707c06a85eb6095e0d5

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCustomizeMeetingUI.dll

MD5 18f7976b4462d3a16eb0fad873073c9a
SHA1 508538ad0e27836da8772e7e2de9553047e1930b
SHA256 b6bdd30cf5620e4048d3b5ed09a87aaac4c653723b3c4f5799aa05ce73f859e6
SHA512 d8184d2c5a56e55dfe4e00bac8b9a305488629dbb673aded63325933702bcd0a26dfd6d03e2484a7e54c36fa0cca1dd332ea184c311cfa150da9c21076bdbf75

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWebview2Agent.exe

MD5 c031083117863a322578c5599e0f6dec
SHA1 5f297d49a3122a060808084d325ecda594fc2342
SHA256 0a0e454f960ad56e88fdfbc546b738abed2719331aeffabd18283ce23d27419e
SHA512 d2c8c7dacd173dce7a28019fb01b5614aa0f8be2c2e7b880e210a6ea71ad948587cbeba0a562ab9dc6edbef7b96d1162638b917feaced44730bc6c6563302cba

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\WebView2Loader.dll

MD5 b7dfbfecc8abbd6eae8b109d38e70e60
SHA1 3bcb1f74496e5eb65a421320c3011e29c83ac4a7
SHA256 cdd25193bb80a1128f9cd9867e901f9a9d746d8e49a82a326babd0abce07da05
SHA512 6625ee98c6b97530e5ae62ddaed4b6d06d9fae53a25f60b11b4b18a1bd4070430c3a7484622710255d2db06c72f1c5bc99f6743353be1eafcc08763b70ba3e99

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zoom_meeting_bridge.dll

MD5 076341a77119c5f90b18ed10b66accaf
SHA1 0468f555b6cbb7d8b60fd086239b20ea70bed2ef
SHA256 c2f792b252e058e0c4c30005b7da808ab2ba27859973a74eeb85d679e05bd8f7
SHA512 bb4621569aac0f2d0d8860fced50091c3c9154d9a8d3641af6db13378b1a86183d653ed3819d4c1418886ed7ccdfae2744639fbbdb4652818bde8e7a699f0fe9

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\Reed Organ.pcm

MD5 cbda54e1b4c3c746b7bf439bf3d1d6d2
SHA1 8d555ad3110ba2c2257cc18562bfa5a453ac03d4
SHA256 c3279bfbdbf53f32876ca34a213b102c64b6e0380ce5897400bca6e178267c33
SHA512 188d6700b93f21f776fdc4c2c6a2d41a82c52e5ec2525e7343d27aeb2badab3827c96889665766546b14d38ad3a6e575491c7f4d2e9d5c5c3a4c496e47b40f6a

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\Pizzicato Strings.pcm

MD5 67611d47f3dbc795cf0caf909a0070e5
SHA1 880a42bf2f926ad1a7e23b41610f5d0121409643
SHA256 c724b4ac93f02474f6b0b1849b875d4576846e7969d56c4519b0c8e77b8e14f0
SHA512 e385dbb975bca126b6fdd388e94dd12ed1cc95e860f68c1d1dfd073ee0d065cd8ea7671b7ce9e15779d329fd70a4d4278b5615abfb63cd4f9813d674cca6c754

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\Gamelan.pcm

MD5 e06c92d35ca7fd525fc7ea6e59929ec5
SHA1 ff19d13920cace68b559901911472a2ede6de2d1
SHA256 419db5735387e7876b1ae925f0ae8bc470f1ce3ecb2cff56788d0aeed07ab292
SHA512 f89283246852086e8b172a5b2f5cb617f2ba90526c729377ed62a21b15a6a5c0e31c5fb9b9dac12c0c04bd807eca1f3670d571c547dec71728460b844e201f98

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCalendarRes.dll

MD5 fd639a7d3f2242d57bc52a091da3e2cf
SHA1 d0b5b16166e9a7de3ec2650c4be9b5f13436f0a7
SHA256 ef48cc1f8373b6b4af2c48fcb37ce6b02bce3bd4647c91abc806e2d5cfa0fcfc
SHA512 459509947131ee21ec9e6002a88ec53116e0ce60d43bda1d9fde4ca9c2fdc5afde406dfed6638f2aed829e336dcff667a2ac759caff1ecd4015f69c35a241fbc

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMailRes.dll

MD5 d52267623397d3ce1ecda07d19314e66
SHA1 9b092c121488b6c6cb570261905809dac15dedcf
SHA256 0ecb8c01645e28a9dcdc05e34db1352937f31c4f8eeeb44ed94a1ea6a4e9a68d
SHA512 2c9dc1e85593014d36c016797af08f6191b12a989ec508d04fea1c78c8da6543829eebe209dfd954187e356c5f7131ee498c07ccc961716f9ff3bd7c9ffac8aa

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zmScheduler.dll

MD5 889059bc0c2ae51fcb67f6dbcd22e078
SHA1 7bf4e6479cca8238448b2d5f9162f8b60865872c
SHA256 d5afc20e3631a084287aa75f400ec26296c70eaa8dccd2bf6217288d0315d31f
SHA512 46721cb57de431f4913d1e1a1b8fb1229f2900d2346b39b73057d5eb2c56d3614dad62f8bfc781751026c6f92258ac953f25235c99b83f522a17c222ef3e57d9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\dav1d.dll

MD5 387661e68aa70f7c9a5b2933bcee47ea
SHA1 0689e311d7a26ebffac90cfd7b455bc54ee23f11
SHA256 ee39866d5cdfcf36698b2be278caf77cb52ce4813361058eb8fbf0939e41fe44
SHA512 69dc0a141778ffee5cdf853d2dea47acb982c3daadbf63f6f3aff0902dc33885acb8ee7b16c336435145d18bfbe9515c62a9fccf6cb3e62ec2f9ad1bb6d57603

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zbt.dll

MD5 20a7a0bc3794f7f6ec61e64fea389ba1
SHA1 e9e93c8e39a0424704e494dc305c1b3a990dd10b
SHA256 c1fc58bda02149fb91333a855621ca7a27b50dcd727e5b5e5d3132da60559f0f
SHA512 76a0da426493b36016034ab8611882aca9a5acbedbab8d9a857e5e32e6b3330468136889ec15944c4902788c30c69337e9cddd899dda92a5c758f210d994ec1d

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomPluginAutoUpdateService32.dll

MD5 ed0bf60dcf6793d163af6c7c2f8a6f30
SHA1 f30e941a584c6f9f7edd6d4e023ede4ea7217c2a
SHA256 6f94fc8b30b589bcac020f8eeea69a20225832b8544874631e842e64cce4596a
SHA512 20f17e8854ce820ca27aaf292b327933e68666eb32aa3dfd4061821f37fca19095816e7bf683c1eea41307dc6113ec1005fb5c6060ca4f7172e70c620c9941a6

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomPluginAutoUpdateService64.dll

MD5 8d7ed73d9798529af25329b7f0ba17d3
SHA1 5e1debe2a10d20424e191095f46f0140212c30d6
SHA256 0a9b9179a65a6c9bf5228c8c9a28281d9aabfcf0cc0d42e13c9e8cae821ca3c8
SHA512 86dff7713804c065cd3157a66b2d1134b4f6b29ba2582b29610da9e8d39235594de78ae97106385830a9689332fd8cea81cb44104423f706a08cab2b83a4375b

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\2764.json

MD5 6d4f746216997d4492b7991da7f7a0b0
SHA1 47a2bbce3a24f0f74dca91f371f19be15ff197a2
SHA256 92e20725a8ca1cd2609471e43bf7fec74bff1d5497941bd7960f2e958baa7f68
SHA512 9abe6b5afaac1d7efb3bad635262365dac8999efbf12f9226bcd2815ab187d2e25abb1d74d23ecb08728229652d4b179eea791e595e8b55c9664a148f05a68fd

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f602.json

MD5 1d37cead9e0951770d9b44a700a1d199
SHA1 8c0266d363205aedd8ce2cd79bce23b6ed23029a
SHA256 030ca2feb055de27a68fba42e3e16cac5ab0cc6143831069be7182a693a56485
SHA512 6fbd4b5844df5942fcfc51ab260fad9e30fbdca1d42e6c923306674cad844ea9c7a8daf53f6ab3c557009d31d86b397c57bb5e832ca07b4d184e3de056b4a3ae

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f389.json

MD5 f67d4e717a5c78dc8cc24a9f8fda0c8e
SHA1 8106d5b328939142bef9c16a068c900ca2b63405
SHA256 61f1aee6f45612a6e5f7477e38898f56df5abefc58ba17316eb45d68a7bd2aea
SHA512 c6e9f43fda4220758741170501b4557ef245dc02f8d18fa13d40e62c7bc002c495c560421ca807a0b8fec75d8fa6af1e772d6f0f9321561042a358d66c0566ba

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zDiagnostic.dll

MD5 36e5e1acd50cb3465ac9df512867ec7c
SHA1 74afbac65ba54a4ab1184a2af5c1586c3fba57de
SHA256 cd98df8b6899b3704896a2e16653407289c03735e02cf2b47b9b9c845986879d
SHA512 eb7633e101fb6b1cbe5b9ffd71cd947d9eb05c2748f448a7a0d879203a22d4d2826ffb72cd305fbc7ffb5a217e743a65a4b1865eb7fd5bbf55f5c0ba5b7a2cee

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_5.pcm

MD5 532231d1e36ea53a168830033cc0aec5
SHA1 4407c14ffe5b12b7100db43fb011564269f702a0
SHA256 83ef758561576bbaa981e976510b74eeeacc181834064ba7412eaf876cc25290
SHA512 05bb2d8ae7cf3ead9dfbf05fef4983ebfd4f5a8991ba43a92191a1a97b485dcf17e315b9a8d39300c71be7114f15f0113a75c6648fcdfc46b46e6cfd2b3ca0fe

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_4.pcm

MD5 065ce5dc0d49c48589a3eb19603510fc
SHA1 d0852569e60486c2d9206c35be826ac4d23f79be
SHA256 c50e689f830fea83f82c6cb2e5472b3827c5635490f0d2b0e56c346bad616a64
SHA512 c4661a30868376a7ed681d4d984efcbb8af4a7449059f31225c63ce1cc88a3b4a7fba3e3047f2b29a0e0e437e8b4832e888f65ef86ea40c2063aa0f736c61307

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_3.pcm

MD5 3913cdfca0b0dfad1c11ab3cdb81dcbb
SHA1 92e17b1f78788d5b98bb539aaed018fd72244411
SHA256 f8902a24f7dd5f4355e684ac1cb0029992581c610ad011ed2c900f8957c104ad
SHA512 43d22a611b65e10b9bb4b8405a993a77618c24d8866032672d43911707ac9f6497826cb6c975ae422c7d61412d6bb2d2df0412fc7fadc0e5e5f84ea09c7475ff

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_2.pcm

MD5 d30328c7ec556e0fc8537d1a2316c418
SHA1 bbd09bfd865686297bc06ff35fbd5f56374e3dc3
SHA256 37db0a7b3ab878fcdc1da65dc21c006daba8791c87ae37d000d516cdea9d4804
SHA512 913c7f778f1a954c43c275e544689a528fc4a59d30f1d315359191de60f9bc9544bd322fc6842b63e8931e8f0ee8579f63a3e810f165d92a2f702ad3d8e5b6e2

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_1.pcm

MD5 842932d135c62a4866c698cf415a13d1
SHA1 7977e8280576cdfe14449e0522a824342899e21b
SHA256 1a5eb409a8dd747b37e24b3a7a0c3c8aa7c55778a9bf4a71f4bdf3b5ad298c5d
SHA512 a34ae285e13cf25beb93153f1de77c6bb61941fd4d8f91b9689cb84d37204072ed4ddcf17a7f2319393db6383a949d4d0a8722245116f6aee8ef62524a403e29

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_0.pcm

MD5 285974390c5114e6a8e91a2d63266a38
SHA1 f5b5b5ce959380d0358c463e2dcb9cafbe709843
SHA256 394c441e19f6d34b46baeb7820726f279bc71d21e6911070dbb58e67568ecb9c
SHA512 de85e1fc198fa235bc233cfd45747c30a8247af71b83e8ca30800cd754e6c45ae2d9754e4de0d51e3f2aed26ff8cc829d29374960f3b434e48acbbdf530ebe43

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPSUI.dll

MD5 1603a1a7794f289c1db54233ffe799bb
SHA1 5a0e70778b87129659c2651a3c882fde5af73a65
SHA256 a2e8202d396e8a6b0337de9ae65b86323f23abe7c503e7df1b01b7b19e724193
SHA512 000487e924830a3132b98489c5676ae4b379cc2b5afbfa73539a280282a091d7833f30eb86ec72445e4f73fa1c9eb8c2ac1787d23ae5378139583f65d86e819d

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\ring_pstn.pcm

MD5 f199df8ed884c5af8fd07aa0e046d19b
SHA1 507ca087de97053c4e65f4576f78157813e6c174
SHA256 0a23d9800db639dd5f40ff0e1ca3df5729df7ab81affd1a02db445b4b0ab235b
SHA512 176a88eb7df30c78442c435f102f865e1f8c8a6d0fa03f1af823cf6b7a3c290e50df229b8775c9234f09a0ab5643410f5e00bb4eae550c13cb59ee3d4147d5f9

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\double_beep.pcm

MD5 a2243b1ddd8cca6c40030020b57c606e
SHA1 9d0084832970caaf750335d5b27a3104623e2275
SHA256 e00dbb2ed88cd107bf384102e1353bb8d3a777dd9624a680579e4267080888d7
SHA512 04ba003ef55787f3d19006e8a3489b861ab86834acec445ec463172f5530fe72472c0bb39f62ff8d0222f388b63a6b2e28f5919fbbccea416654d7cc13f68b49

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zBusinessUIComponent.dll

MD5 825952f627c06e797e1e10f0121ea246
SHA1 51e2b4457332186f5628c3948b8a28220efdbac3
SHA256 62a3076dfb6f4f5bc548208625f9bc5a31c673cff779b2ecf7f23bad32b4659f
SHA512 ff2f3a0007641ae3f3bc6df2e3bd8543392e793be46b8750e09080c9591a81254d67cb6b937ec14114c3094268db009719b03c4f629774c24edc0eddea5d731b

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\beep_intercom.pcm

MD5 618a307ef3efad70399a6107cb1ce9e3
SHA1 8b42e7fc116a27a3fa868db49b3d0204f42cd913
SHA256 32567197286cbb2dffc282f7cae8d46d13af9d5e83bc98773a836904d244326f
SHA512 3181f538cf34e09de3ced6b702eb55654888b3b533a339eaff97f6f6da9014900f076c76ddd407c0c3736156a896fd23a07952c04c06664103cc74f317b8ea74

C:\Users\Admin\AppData\Roaming\Zoom\tmp_uninstall\Installer.exe

MD5 eef8f42ee9c09b08cd6be431e9780380
SHA1 a1fd89406fd7f60c3bc2c587caf8b8ca118d010c
SHA256 2a8ca4f712e391aaad9f84c8a9188d7d15e7c53d76481c98399310df0205fec9
SHA512 b78370b80ab46afd2dc0da29144368f18fc5dad0666a468799ffcda90ed1723597801df10a436500cf6229d464cb43b281e907d3e473924d11df69e0e22090d8

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_hash.pcm

MD5 569480b0dfe8b64b44f72e5740a58230
SHA1 6f4ed602780fdb7c3eda983bcb29007bcd8fbf77
SHA256 1a256021a62abb1386eabe58974db5bac91c622f9fecddc9f87216c102c23628
SHA512 89f6452afa3aee5265de3eac9ce0a5830163187abe6c5415141133a0b9c7ea091dfc198cad0b4662588b8f3785c93e310feccca3200b13af0c15caff7ab45d1a

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_star.pcm

MD5 814b4f610592e7d68725f87b04dd5691
SHA1 9e3f0489d1889b3201753730211fb14ea1fc1e21
SHA256 719f8aa3842eef2b413eb8dff026c2b442acf051af040b295af595ef207dc32c
SHA512 929f10fc51e71759d375d82681f6b9106932b27e0cd39fcd0fbacc2359d1907631a912d34958628c651c37617bd4d5d9db93d321f0592c30d0294428890abbd0

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_a.pcm

MD5 6a95093e7fe3117bb1e614fa9727bfdf
SHA1 1df81e069ed43aeaedd8dce9d1c8bf56fa6b96a7
SHA256 d705d27155e39da52d84034389fbc3953d98f2e7a6007c44cf0ea1bdda4b3bb5
SHA512 925d6b17cec73d8ea98ddc3b55d17c6e014a5d4504251563c5d5d55a9b7f8caa43dcc6d7989bbce72a62e1708a54ab7b09bdd84f79da9010bfebf6cff7534c99

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_9.pcm

MD5 cedbfc417b6ea8e076c99471e4d746ad
SHA1 11d95a6490613c3d7f350f5525ae47ddf244a5f0
SHA256 c5e274011991477635400e5a2c81d3b6cc12c50a61267b0ecc70077cb92a9aa7
SHA512 358120f75fb51a89979cbec3c1dd0227e286019025be9308e81f5e2f4c02cd9bb0022bed4db357d42990c5f0503aadb88963d7062382d9cd832440e12a338cd7

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_8.pcm

MD5 a9293ed20c46e09ebb87caf37e92f3be
SHA1 dd6e3ca3ef79d26f71fe432a2d928e9177f13205
SHA256 4c682a59d37c32715d7e82c1592fcfd51ceaaca7fc4464817f74d0c005a02372
SHA512 ae2572da5274f686ab5b2ca05c273e103e037f1b2d21775f86e780a6a4e97f61059387a063e86f276253011bdaf188b2ca20cb29ffca5803fce5cdd9a69f38a6

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_7.pcm

MD5 4f9cb5dbacddb4099469ff30fb61490f
SHA1 0a338b3aaa04309584af7ee0f14f1767afbe1da7
SHA256 79f7a132b33c6525ee483231a53b8298620700ab21343cfa70d716e96fd12b8f
SHA512 488fba0f24d2382dddd25c05531a5f61683f774dd86d41b652ce9473224607de9744a5a4463907930eb3b010e6f97f7b7d1ac5a9daba8453525735d338399a5a

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_6.pcm

MD5 a8e1e6ab27026fcc27307250e40dc64a
SHA1 a3d1bcd57edd4aa3f52c259a5b72c120f040d583
SHA256 ffc6da3e558a9b25cc03249f675aff3bd3ac21d54435fa8b23f37cbaf54dded8
SHA512 c82fb729e9aa1fb56efae9b76f42567b871b2626c29945d0e6b51e4f876f43b97b8bc5f0bbaefa56cd8b881def405c6b8a44f331500f169de80aba120c98f766

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPSApp.dll

MD5 700a1224225a09309474defa7344fc4f
SHA1 2f7e2fb7d485ec45e0bee3e4a8b13aa62a13ed01
SHA256 0e543b7fe79a1a535d0a04e2d251265fcc3fdb99438e9118cc92e94bfaa819ef
SHA512 331990335af00f0e2b705aa770410f1671dc1cec4907fe006b2bd689d0980745de2f5bc64688697511737ad41ee387ed423a551ee330021f70c421b77228173c

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMeshNetAgent.dll

MD5 53d113c0601b608dc59bceaddb7587ec
SHA1 a2cb5af180865928939559c352e0cc779a22b4c9
SHA256 0d48ef13541279996a9b0adf986dda63d29c8a9a4ec190fe3083ecb69c9e539b
SHA512 38794647e4c79242dc26173593cf4c24a063719e0834022f9acc7442d0451c469e8a6ff967f108b410bce82846a2c25f090b9decac1f4778e70ffe1ce7611861

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f62e.json

MD5 7cefb2263f614827ab6e0336b64fce2f
SHA1 1a2f4e128ba63b5e9b6c1b6205f7d7de9143907b
SHA256 c20267a718250c2d164a2f3e06df0c710cb6bf881dce3995d35bcb69bdf38089
SHA512 47c2b892b654a8c06b88842b04897cfdb46a990ab70aa0dc92d0df90dcc924493ca1ef0097141bd2fc55389f7b46462fb9239e9a3324e91cfe5cefefb8876107

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44f-1f3ff.json

MD5 fb40a5f93d8289078a45accd64e8b465
SHA1 2d65348b9bcf99ed6beadcfaadd1e4ba3060992f
SHA256 a138ef5319e9e21fa35890d6ca4b88f25bf2b0e1e323cedb64ebf4b9caf9d72f
SHA512 508a34b167ce76b09f578aa0b0470e4dff749e1bb2bb4a18033bf96774028ce46fe3a1c41102a16b32342af3d3e4aecbc49946f6677b43ba4f5fd94f3abc6365

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44f-1f3fe.json

MD5 7f9d9cdab026d95fd3284adf532e2315
SHA1 5403f9c7a8ca5fbfea80212456248c4fef800474
SHA256 bd77b000abbb946e77fe3f0850cc3ebc37b04fe0d326cc0ade00d01d6a3c6964
SHA512 c733a6cfea5f1b96ccefe7f4955d6f347099cfc965703a1e338377ddf973b1c75c7ce67a05966b1dcbb8148ad0de98d3d5b4c688ba0a8ba8444cdbff0f4f8083

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44f-1f3fd.json

MD5 6c248de1c9a3a4f80db699b2e0334baf
SHA1 8492fd0113557e1d106915e6f341e6361ae81fe5
SHA256 9dea6b7d295efb8fc7b6cadca1300dec66b767902a1cecc09c0bf2061d583236
SHA512 8ab713951327f5d046ef8a301e8c015e264d1da53932938dce7acf4be2476b7c05cb0fa007376f9760d155527af3fb9e5cb7fefa208824a6ffbb4cb7c6ddae72

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44f-1f3fc.json

MD5 d106b53a5ecb2e2c948b649d30b7abc8
SHA1 b8da4b38b28194034f65c1e0b1e598ea19cc9757
SHA256 59feff722f006a29234c2d60232f8c658332678c58f47a46c328f5e6c1e5b8f4
SHA512 20f15b6e90e64f6514324e9c796ff8622cdeb1881bcc1d85ffda0ccdb80813999be1f7c15886f1f0b818c9f1163a944bd0a7d837913501e871a5b97180af2a30

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44f-1f3fb.json

MD5 2fc95360eac87dce1a1e45683dff62c3
SHA1 314b47046abe7edd6a5cec405eefd14f1375f950
SHA256 f863e406ba35766c348026ebf8cc31b3d196eb34f82f2b46dd8f95ec29c3d9d1
SHA512 e7513f97c0acf5fa0683ebcdf64d0c4f09b84f9a693468d3ea58d7b22ab6218eca5372e50c618efe54e5637777da8a3929a8219846517f0ede418e17dffb6cd8

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44f.json

MD5 80b427679e74a5a18e18c1add9d7b03e
SHA1 e63b222fae4dc53072b9080b6ee487155077fd76
SHA256 84f4390c03c46fd324ee2961caa437b72e231c40ee2bf9e8a55a33d8a69e36f1
SHA512 d8fcc78cbca0ba8d34143fc8fc5fa191f4b37cf9604c8c5dbc4214128778833edffcc8e704fe94223705020fb71bd08354c2dc98ea908b87bafbdd5a52d199f0

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44d-1f3ff.json

MD5 e923b83a1b6583c7a6d8e0c3ddbd18f5
SHA1 77c8b568a14266dbfee28ebebf7a813926d94ae9
SHA256 a149f67ecaaa42766499f122a4d9dee813f4c7ffd2a72a76706b3e1d6017c8fd
SHA512 da813bb3bfe223fdc8177493af12004aa432e6d76a8c8f9c09c80aa8c4ccf48d5e2f6504601a1864c1cf32b2f5a35727ff6b745ea71bcdf90d05951d5b867ffb

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44d-1f3fe.json

MD5 d4cc4a0572eda6dd046ea1477bccbab8
SHA1 d40bef057a1afcd0d95ed3d3e70850a45c337de1
SHA256 b0fe802982c912b18a7bfe0ed8bd7813b0f7c95a1cddad3dc193fdc6123deadf
SHA512 0c279bc010f98e9e82fda9c5d4725295d5a413d1e1fe0d3daf9580856213d32f438a1b247d169d712f9348e41d86b014c33a683d3a6fc40f32d0c2f20b1324c8

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44d-1f3fd.json

MD5 8a1539d919866a4cb249e7e72649fea9
SHA1 22ffd22a1c2021d87efbb3522765ae0517eee75f
SHA256 e098424aa4c8683122906445b8ee8fcbc9b052dc6302c243472667cb52e99c2a
SHA512 2a60eba32f91cf87da6908974b950f076c6ccf98785da72ec091a53afabfd769a5cbd4e8c8ef43bffef2291328f4ff766b7e83a3cadf5b242a3abd9c1e3ae318

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44d-1f3fc.json

MD5 48bf4da3d37e30ec5a1d97d856d7e05a
SHA1 4cd99bde6ac053849d928ddf3b7aa81965b80a8b
SHA256 62832db00d7a0e37f65ec3d487d3c3a28f72bff588bb3bbb3b99f89e0fa4017a
SHA512 6d5457b1af1ddabff895f601c152be1725fc70eccec9baf95fa4970a661b5699b3a85e31270a137dadf2378aa5b61c6f82caf1b3f7f8b5174080d328532f816b

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44d-1f3fb.json

MD5 a326b81f55e448ced69b4976b70d8956
SHA1 80d44363c42c7ee47ba8b9a50aa33fa8b9099b3f
SHA256 6c646b347476c9ef767ad094d3a8970056acaef87b18b6012f59d33ba850c401
SHA512 0c9ecaba03f2597a9bda7adc7458e53236924ad43f8f786918d5c60bebf18c3113b35a353cf030e0efa6491182ba5f0e892b7e90215100f93947f0b77ecc906c

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Animojis\1f44d.json

MD5 2e94b3973a2da18283ff24cd370e5893
SHA1 65c5a5caf66f94489b61d8e092e61888184efa81
SHA256 bfd1e8c6015f0a369fa5b3cd9a1ce59cfaec94942c81c81d9783c45478cb70af
SHA512 c845954a0d937f756cc76646dde14d718a3dcdf9d678a91cd7b4ecfa9052512a20b6c18fd67b7621f3f4ecb1f85fdee5a6bd0e8091f43b569594c9acb38aa04c

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMailUI.dll

MD5 a649dd6791d684cf77f3413a26b31832
SHA1 aa2c3e0783a1c07628ec17ff55ebdb5870e8b079
SHA256 df90a82519b098bf3a2477fbffa0cd2b702baa6cea2d3773c371bcc413f3db35
SHA512 61885ce264c76585f4d0df43fb46305ebbcaabb29d40477aa48b7527e641f379c826b748933d0a68cbd70c198720bc121e37b7c785c429c562c74aa97548f775

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\MailClient.dll

MD5 77c2253a107af0d98819f5e14b4cddab
SHA1 068d23298b3d9038b9eb5bc945f812156d281012
SHA256 84cebabfdf66b588e7d7e6017b3bb35f482a873f80d0948a3b1f2598710f525d
SHA512 39ac1b17937763aba56f55d6eeb37b8727cba59dd04585b3c3356d40d10eba47d59a1ae7e3f3e38f455bb0ac857b977772e723f67c786dc403f9594e52eef921

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCalendarUI.dll

MD5 e24043d7435e0cd24918dda2b406c542
SHA1 b3df2d905a82dd813b7fae360f79cba2ad8549d4
SHA256 8204a6e3081551c33d39b73bdd1b2b1bc608c40c6396a3aba5bfaee725dbe893
SHA512 a66a0eb821bc14d9e23785647bab3dbcc1b25d28908bb12d04093345c5dc6a2a4f9c374388db2ab9cf4942161066a21451c73e3ffc771e740bf16010e5024a69

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\win10rt.7z

MD5 0872acc303153d1bd8085f92e3c4bc7b
SHA1 9c38b1348238f8c3b8528f43203fe0cf0b9af183
SHA256 d66a72c3698f819ef306f08276aaeb7be0f9bcd3caa02040a2dc448f703368fa
SHA512 da7c46e165bf77e962fc72896a9613c7f0c5a6cad0a96a7f97a4844e448cd93cad0476b970948abe88a22163f91a5d2cdc7d1a6bcdfde8bd80ed70f79e31fed4

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPreMeetingApp.dll

MD5 0d19431f5545fcf3962e3ed14485ab89
SHA1 201ed13a82c16942656a56d405556a104a559206
SHA256 9f35593efec0b204099a70e4b516d564d472cbf8aa75feaee4bde28111d0c2cd
SHA512 237b45c52996d1ea1424d367641c636c3eac815c8fc326a262340cd5c33bf8d04b1a9169b1eb99dec0819300d2c840adb94cb6ccc7e770a51748f9c7cf59dcb3

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Ringtone\localization.xml

MD5 906d15d9bb44a0047a604798bf9129c5
SHA1 0f328b45419e20f067b4e11ad8eee4797abfc2c0
SHA256 cb6fb1c7b3d5bf61c174e2c472255336e1e0fecc4428aa4cc0bb32bf49c20b61
SHA512 3d00e8f9d365a673875f02295996ae973fb5400089100daef93b531832be56684a761f56be32102750e88e66a12d4cc79d0ca299284a9e66f8f12d183ad085d9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\UIBase.dll

MD5 f9850d4e5aeeffb0dd281a2a4dfdf4a9
SHA1 9ec3a418e2ef3a1e27551642c3a1cbf0e93b5b27
SHA256 5aa6985aa46142b11ce54fadd815a557968d14cda2b3346aa469823ced5dca63
SHA512 669299dde239028d046170b4a62bef22750ca403be787c470d818b49331933063bed4f4735d89177b7924361fc53336a975403d4678416165724436da33094dc

C:\Users\Admin\AppData\Roaming\Zoom\bin\vcruntime140.dll

MD5 7942be5474a095f673582997ae3054f1
SHA1 e982f6ebc74d31153ba9738741a7eec03a9fa5e8
SHA256 8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c
SHA512 49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

memory/4876-3228-0x00007FF900540000-0x00007FF900A1A000-memory.dmp

memory/4876-3229-0x00007FF8FB520000-0x00007FF8FBF74000-memory.dmp

memory/4876-3230-0x00007FF8FBF80000-0x00007FF8FC8C6000-memory.dmp

C:\Users\Admin\AppData\Roaming\Zoom\data\Zoom.us.ini

MD5 38d9f6fb1df4d57e752dd5b174c53d77
SHA1 beb680c5bf242e1fba51ed75477e033e7ff9c084
SHA256 fa33a8120b2dc389a2d0a22c8f4e27096989be8cabc18285ecb55805d1b25f76
SHA512 f70d0824a20c550caf40477dcf87feaf2a7280fb0f5f8ac7cb79bcbe63d7f7fec03324e28edfe5dc2cfbcde5f03dd6a809f8d4b3c526258a5c7e6729f916f2ea

C:\Users\Admin\AppData\Roaming\Zoom\data\Zoom.us.ini

MD5 43cbcbbaede94fa8aef70b9d8eae1cf9
SHA1 2da7f4af80c014c5e060f1fb1d2b5d7f9f8c5666
SHA256 7192db17c1f468e9623e87720cf0578824e4f553cacd8381d3f2e77d1ddda54a
SHA512 4ee2cd1f12d7c9548dfdfa16521ed583ccc1bb64f09b7e77b85b9d58f1a672d45c025c3a1bbb40e44bdff2d6ed85fdc904880bffca5628edf51a7e1baf0ba171

memory/3696-3490-0x00007FF8F7D90000-0x00007FF8F88B2000-memory.dmp

memory/3696-3489-0x00007FF8FB520000-0x00007FF8FBF74000-memory.dmp

memory/4876-3521-0x0000024A72350000-0x0000024A723BA000-memory.dmp

memory/3696-3522-0x000001EFFEE60000-0x000001EFFEECA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 337ad4eb357d593d5960a121694ce4a2
SHA1 f09a3b70489f449ea15d0118f9d0cc6494d7368b
SHA256 2d2c05dfdc7a2a3886fa2920c12ae8859132cc3dd58f9719c2bbe4a9961bf879
SHA512 9f6aedbb952aba8c18a4274f4eab5d8c087fd4835920c4f4dc976496a18ad0bd887f9eeae32e09c9d6301839c7c01541ebf86b8e7922cca5efb536be4834c14c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bd386d9c2b7375fdf6930736ceb148bd
SHA1 5f686ae4ef2a0c5c2d1dfe7da7fbc9255ceb1b1a
SHA256 9d8783935ae9b6b2a36ba86281b48331ecd4557440531fd6d9461cc830c7549d
SHA512 23b38fb106edaba09c9beb150da975163be87ea59ca6d8ff9558881a1df68b1b91e4b2ac17814adc0acb9ecd0a56c0ee908ce04f81295a381fb2a9646aca590f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4a19c7c2cdc4a9d221785b6b9de7ee09
SHA1 60fa1c92aca19032006f3bb363bc92fef30d8ec6
SHA256 9bfe7f4808a5c32c440d3e1f4e574348f30dc5746f69c99ebb7e56e15425cc25
SHA512 aa9d47d916def6da0026959f59b8af99b75adc8a4a3029f8de2db7580bf4a7e91739a2fb943235aaf26a1f4b8592eb246edd1ab59e1378b7d1ea9102f833e5c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8a83522e280eadc757d947bebf487205
SHA1 31a8bea48f7272abafcdf1637ba04f5a0222e16a
SHA256 0f835d5404c1022e3fe2fff7fd1c356587cbbcde892d7d930560eddb86ee09e0
SHA512 4c0c1de548ae868fd507c3fb36d56e51af1bad33492eac872ae3e055870ea5edcd91dbd7fa1b733419c6b829cb61c3c9b401255b57ba69aa4a523e9d22631968

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\61bc165a-7117-4f91-8421-96a72ad17123.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8fc8851615cb79ae786cb9573699e1d6
SHA1 caa420899ea450422388fa8f5ae3558696708093
SHA256 d1d54971b4c5d39ed43d37b1f848c73314d52a2f7315d8e769f0429b9ea67ea3
SHA512 e5a234499aaa21f9ccb694c28cf305d6a1d1dcac394e0071456d8696252561ead57575bae6e44a10c8306ca9cb2e5b2d73d63f8f91e410ba81b6b74cdda60ee2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\downloadCache_

MD5 47d41a980668e9bfae197488d6d56feb
SHA1 8acd8919b112d637a18e4c2f79f61fd62d2a1e6d
SHA256 87c1ba0f3a75480bef554b38abd51d7858bbe2cff07d4fd29162b4468d2b6c43
SHA512 165cf9913129bab36c22399c3636960cff235313256262439bea6a1ed78cf80d65690254cc63148e7e13bb515b513037ab6be7d20efdfb12b07985339ada36fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Temp\6039294f-f7f0-498a-84e4-280b53e30062.tmp

MD5 78e47dda17341bed7be45dccfd89ac87
SHA1 1afde30e46997452d11e4a2adbbf35cce7a1404f
SHA256 67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA512 9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

C:\Users\Admin\AppData\Local\Temp\681e83bf-3b6f-4e25-91d9-6cc95cf1e13a.tmp

MD5 fc21c3084ece86a867515f4112126d22
SHA1 7ad412386eeda21136ab332edced98af075cccd2
SHA256 378723490592c0627ac18a287f9a9cb74970c3c6e10a177c322282bfc1d01e01
SHA512 37777d2f86d5586b5db02fe8df853814ff0b1fcf0141adb8cf0a42ce3c15c5da8f65de89e2deb8c13040302f95c6b0ff523a4288c5d38ff7977212aa011b1309

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

MD5 3d20584f7f6c8eac79e17cca4207fb79
SHA1 3c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA256 0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512 315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 49f7d4cdf49944667861140a376c1fd5
SHA1 d4a85ec3c09bbe3579fce1967bc1f197367517e9
SHA256 22b3d2b4fb44f47e928097932e9c7f56da40dc3346857cb7ee9673dd4742758c
SHA512 2ca319b109fb135bdcd69d423aaf380dcfc092b1290f251adc95217e344e87b168b3732e998e4ab260351f3b04334fbf7f474d1f0069fe107614cd74ff7c573a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fa416b5a80a2481090118f5edc39e6b2
SHA1 7654c4061b0f85a4e8e509aa8d259a9368f99731
SHA256 ccc4601f08cdc8c6fe559324be8d7e180dfbb5d0675d60de88aaa5b754ec47a9
SHA512 33a40f1216270ac7920808944b0712ffae550aeede4058007f3ea573452208933c46faf90a47545fe1abe955e7dcbd43e8ac77cb57dffb8bc81dba1aedba27a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7752cd905528d9f328ae3f700bc5abb0
SHA1 2f908fc35e64632a492d8c52ab5a195bdb6bfc98
SHA256 f7f6b4d1d985a00d7b30f7857e86c0ce4d5ad35ebcf4f1258c612d0d2ace7065
SHA512 bf9cade50fa94ace60feb0583118af21ebfc24a7c1b2159fd630c1754eb7f756ea514fd66fcda6f008c6692742baa6608dc43acb65c21bac5b02cbc50b6da10a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 09cc34815ec9618b185bf753a16c05b4
SHA1 fb27e80b20ed230e237459d177d3462f4f8b7bd0
SHA256 9e258e4934f6c763296ce0af7a49972f79e1f710eb4bfdffe258d3f649fb3d07
SHA512 ba630d43547ad27fcb8560013822689dad188ca6de022ba2e4dc7818c9f3688b11786027959614dbd8812bc88c7d313c6b80290d9b0231eec5edca6a55c2569e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 316d2ac3c244e809dc5a0455dadccdc0
SHA1 f5efe288c8a44dc80c658d9663ac5d20e3bbfce9
SHA256 97e4d518f0b0f85cc603d01db80728d66988d17f6d511b78102249fe1963039f
SHA512 d4031294c45db1fcb8a681584bb22de01c53db91ef4557de4ca1469a3b2d9f512b2378c5f61c7e254e2c7ec7c779eafd5c07cf302e7ac387d844de12779ef626

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 279ea1797a8c234c5619e1bc4da307bd
SHA1 bf1be671605758a0dd50960db76229edaef8e91a
SHA256 52ea54b1a31038190d3e897fca9737f51251c57b71f609879baadab7030829d6
SHA512 5ff898f60db9e9eb5c1b4a19d766b04a31a44c69f9e65564557464f93c21d4dcd7b937fb181de8ef8982e0ff27ff496394cc2725e4de4a27f7616722da643ef4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 a7fbd314fdf465e07bd53eca8be40e49
SHA1 256257f143ef0accf9a1dd616ae75cc411c942ab
SHA256 e18fd67491a82fe0c730fb0ed93f1660c689186dbb4a36e4368f36683b5ec444
SHA512 3b0ad7a22b06f6049b7b6ffa263965e8c7108acf0ee9a59563b75e454c508feaf7ed53930c24509131aec43526f8d831dabfb5b26a6e61213e27fe48526c8c94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt~RFe5e6fcf.TMP

MD5 015c9f3c2fdbc1133f49a4e0782f304f
SHA1 4f17b3fdc00043a530ecb42653972063c8b23e0e
SHA256 17b007ca9b088c264a52a2d47d924518cc181e0b729b62c0527541d86be1060a
SHA512 fe5600c9592b24ec6710eef5881f75429e75d369c57237c72b419ba86cd5edae60e421e204af23d906e8e82e07b4af1bb005a1f0ae7011c4dc1215ac5ed9ed01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 e6565e97682a7405507277ce13f9fb04
SHA1 2954e665e2f0922a1a8db0a1f5e0f3ea69ee965b
SHA256 403a82ea0d6e526d3d227c4794b9f5d9e0de55b7abf33213da14ecd2702c2e28
SHA512 5a110d374b4f7c842b6c3ff6ba83f2b5c82db2d771cb74e482aa470165196fe0e88bfba8e56515ec4946ee902d733b294b9105009ded70a8584d7f3e62fbc178

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\012bdd21-a7b8-4b04-b45a-e893cfafd77f\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 04b0d4e018ee75672ea37dc2bde07ef1
SHA1 8bcf5fd837c077d53b65915ce9f52431d012dd23
SHA256 22e9a8161cefd31abb1a81ed71ae23056c95dfcaef8baf8d28b6d9de1d77917a
SHA512 11c0ec536b6693c3750ac64e147e9dc7963887a20d3661f52f2ef8fea8e18103815d19d946c3f3bd2711b80e58090b22d46df25ba8944cfc3586b3517c04ba7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 aa2ecddcbfd3f462576e691888ea43b3
SHA1 5521473bce360c017d12c67c586070198f55e56f
SHA256 35e934417c6b521b9cee15e97b5cdd32a55b934c66d739da536d52a847ed7dc6
SHA512 9d6315a42cf352cf498f10d1d7540e6f2a0c87cbc51d3c2a58d47b3f9655aa8a08f263bef40fdbd55390aba5ae367180a28895656f7b5ee60a3fee2ae7fa141b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 4fd714eab835c59934708651edc7e997
SHA1 2f1044aaa7e125671af85e4e6ae7364757571d57
SHA256 f00454bf713d5db8cba62e24fd775b0d6c7653d0be25348402eb88a0f7ea6cfb
SHA512 717ca4edd5ce0603befc3447fb57bbdf48b60a30e447423bd052d7375a6088f5c24f9241bba47a4072cc3c6133fa39990877c5e1ff52e6b6d69ce80f89e38240

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 387ddf8f01b59ca66564b4b450894770
SHA1 146819ee9b54cfd3cde94873af84bb339963719d
SHA256 f8979c786b44ac0b990b77eae61bc93e87f8f432aebda86f0b970227e3311c8b
SHA512 63e81de55b26ee6be8e24bbe9022254ce9dcdb2a52ba0fa569466b2dd758c5b32d06e1aaa17e957e56b3bc3f431b1f07d0015161c1a8990f78a8e38c5703f999

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\ba87a653-91b6-4b7d-8144-75ee4024d2ab\index-dir\the-real-index~RFe5ec36d.TMP

MD5 8b0e282223d4085bcf355c7afc480d69
SHA1 7c4fd93b86dec222e18a2684d85ca02194dd3601
SHA256 19ec0ba11b20c49d35bcd97803c61f30862bdd41a18810980fbb5a5b9aa6faa9
SHA512 369601b181b90d3a4cac67f55a656fe7013ae7161821dcfba97bdc93292274ba81059612ab3213904479c77ded3cc3001dad8a58d30cdde0a1be2a1f1c5f90f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\ba87a653-91b6-4b7d-8144-75ee4024d2ab\index-dir\the-real-index

MD5 38b8f0f75f78f8e2b1216a85df797ff7
SHA1 1396f4c2266741454e313f4b9a7fb3112c683a81
SHA256 44809bd307a3ed7b2912e80a652e632ad2e1421d97ca4b501d05118f0acf6c41
SHA512 b8976498eb0d6580e795f9dc32879c3e3987966e32fef8b41e5f6cfaa195953d6a0d802c3af9e616975ff98a9f323fe2df3158ff3a6f8640f7e96a63abd74621

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 afa79b63c69b87f692f475fb5c39f0dd
SHA1 f7671da0acf95ba0f888d60480a5745c73435bfa
SHA256 0bda67b2c7c578381c80cf6e41608570811ea098a1f87b9e05920d6b87d9535e
SHA512 4924de771171d8baf63a847b3d7262ec604b4f33d056a1dbed7517a448df349215d7c9d49719747899ab314df101546c0d90f454135f6de7a49cab6893bf652b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d2bcee496328bfad80399403f9dd77c7
SHA1 36630b16310e0fd1bcf770c378af5ca237b94921
SHA256 72e7c0704e9bcb986fa4ad5e279f0b6950bec52160c1d9147ae8492d88bb3710
SHA512 15e3dfbf0b78882bffddd59a41bcfc39d0789948c87d7142942a1c4df0918390c0ed1978a7778fa49ec40a58df88298ef7239ce9a94f24ee9bf3ca23023f9022

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 0dcf9f809c93fe7088493516081c9d48
SHA1 1a55b1321f041ff9a9ab20d41eea4e50b1d32089
SHA256 413ef5e9759e922b7a4e2acb553d8b56d192684698385628b1af82dc9e78799e
SHA512 1989ad79835211129cd8af8de51c815f8aec4fab7864ad4d60f4f22e8e32b7059bf7dbb167dc8ea488dd0346408f0fee63cd8694ac1b1d9b6b03edcdbfa00d03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\012bdd21-a7b8-4b04-b45a-e893cfafd77f\index-dir\the-real-index~RFe5ee9b2.TMP

MD5 2dab556dc9b5a04541f39978f8065dfe
SHA1 782f41ddb6048535ca5e53266a91d4b036a05e15
SHA256 a987bf255596b5cc7f8e7149f435544c95fbcf3c311cfb44fe767b90b0b79cb6
SHA512 60cca0088f5e75d723969167d158bbc07deee12950dff4c1b66dc5fbc3c846ffe0d50997fe4b852e597f32571335928b07abeb1a661581bb4a93c039e7875145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\012bdd21-a7b8-4b04-b45a-e893cfafd77f\index-dir\the-real-index

MD5 25abe3e3abcd22711e75499efa9629f1
SHA1 6854b153cac29f0186d10edfcb23d1ef91a242cb
SHA256 b1f88982d79d1665e0b30f09f28945df28bc7031f08b12dc2de6acbbfbdd5fae
SHA512 7d511b0eaca95ecb572a81003e92bb51d373da51443d614ace56769b818a389df2bf92236ab8e296564e5e79a8d440847b2c089adb98492633a97ea03e6e022f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 718f297d15de2e195939e2f2c98c3167
SHA1 5d1b5ba750d56381e0d601b6a8384a0821cc67d6
SHA256 109055bb7b474dab777a5ba164e2c6315293fbb91be496ee4fc89d23dc2784e6
SHA512 d01ff160103c40ca4800e39fb690018b945de158288ee536d2fa4c4f3c40127a38e68f3120dc9b0b048d9b2df45b2eb68284d9bf5e24626f443cef05d36da5e6

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2512_213017235\manifest.json

MD5 ba25fcf816a017558d3434583e9746b8
SHA1 be05c87f7adf6b21273a4e94b3592618b6a4a624
SHA256 0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11
SHA512 3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

MD5 b6f7a6b03164d4bf8e3531a5cf721d30
SHA1 a2134120d4712c7c629cdceef9de6d6e48ca13fa
SHA256 3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39
SHA512 4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1106fd7363255487aff34d67f1f29f13
SHA1 d370ebbe1086e5c9e9d8963bb2b772f26e06a945
SHA256 fe0161ec4b50411fc3ceb15426e1e64a353cb8d58f92365c8fa5d905d89d2e6e
SHA512 2633bfa4883bfcf8f212fcc3fbe5c1a17368e1d6ab7281fec0560c8a614d9cdc4e7a08674c768fcd12ebab86937d43e16cb322687b3019ea79dba710bc418271

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 ef13bdc58e9093653485cfd72d3bb702
SHA1 840086effade6f7b81920a6e5a3d8a4f0be55e92
SHA256 0ade35af02b7462cb45002a9ea4f1b91f4a924dd49e0b02382eed544b4a81ac8
SHA512 910d1cf47a793ac2e1f3b3daf7d4fefbd12abb281e3244d6618d374166227f19e23e9485c23432064223b8505e84ac1a23703c537fe232c574efb573e5039ee4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 54d791fd74e979313aa79ca426bd491c
SHA1 3bcd0bfc9f292bef716fe5ccf1c97c2c9715a1a5
SHA256 941dea886818bd60e79255d2d322ce21364712fb3a75d6565756aa6e8673742f
SHA512 37e7ee4ca5ea3358ad9a17c137b1b62031a047b746c7eb97c41f018b187a7a58ee5693a5ec66f11da58d4221a33954125d3bcb7b7768bf7df9bf6d57cba05d4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 fd0366a70a954706c3181788b3c2e198
SHA1 4eb6cc4f019b6e34081f22c41393f0344e79e026
SHA256 8c86d1a0d17a8554c56d302ef88a6be9065325567756ae7b8144ab49b392906a
SHA512 5c720d6c3cf653142e43758d90dc2aa02711a67c6156c59e330d917fc14d8bda36faa055c6f5a63aed5cd5bad607400e142979ce3c9eb16da576c9479b9beb2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 9474d3e1ab7eedda1467877e8ea84f62
SHA1 acb6d2e47ccbf3fc744b5de12d01cc943879327c
SHA256 4f98bc323ad9f184829ca5815d7da65da0ba63f891a04f3e129d80bf3f64dc97
SHA512 81d4a48d78dbb87ea42f2a06f9f24e52cffa153c75317b7625e28cd09569fc43aef40690818be894c10634509a0c59820a9e5e6d7f9783b85636a24cd1b61986

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 0b84c4b1274a5087261838deefd889fb
SHA1 d367a2f33fc0a63b57d4a1fff11c4e48f1676399
SHA256 781f1af18f8ad1f9c7bd6858eefe222e12143d66a90016fdd06ab48b90d67ffb
SHA512 8003fc43de2f2ad2ec292dcf1caa844591c406cbb5e2b00c8c939d626c21d1903cc2260830d8e52d9d6ff7ad10ac20e895c6a91bea6e6d5828d5046cdaab6f9b

memory/3428-4974-0x00007FF900540000-0x00007FF900A1A000-memory.dmp

C:\Users\Admin\AppData\Roaming\Zoom\data\PSWallpaper\{D15EF600-42DA-4D00-A97D-6E39DE8F6C93}.zmdownload

MD5 582f61b1524fb8a8214a06c6af591044
SHA1 4269a1cd3dd1ba5ebfb14ecf16c0a05d1a6c3170
SHA256 9d05a5e2aaa644b91a2ebf28abc02a5667e2d7ceaeca4ae8c0a5e8bc8cd48796
SHA512 6eeefca9e5ca5c9f0efc28a763b1e699ed7b0cfc038b6f0afa791f86ac944d2450c8dc68d62d1c22291e966ad029791cf6d6acc3e07e40d322cf9246e555a9b8

memory/3428-4984-0x00007FF8FB520000-0x00007FF8FBF74000-memory.dmp

memory/3428-4985-0x00007FF8FBF80000-0x00007FF8FC8C6000-memory.dmp

C:\Users\Admin\AppData\Roaming\Zoom\data\avatar_1f55fa71fa046486f0145d3e9db00ba1_2

MD5 39af0b69b760d842532e2f21826c3455
SHA1 bae95c40686b9199e188cf5a57a5967d69ffa12a
SHA256 31ae5a36d0cea4cac9a13175f1b866a3c10fd1e010d6becbf0ce710f7b86e391
SHA512 765b5026b6de8476b696f67e899125e20843997570db934001a26d4cfdb5134f20dd281537f9e2f963bfdbce0ae8199d231a62533572bb29f87731f835d5883d

C:\Users\Admin\AppData\Roaming\Zoom\data\[email protected]\7b20f20016e11824817c161d39072d1a47ab91df6b7334aa2b64ba824da0c156_small

MD5 93b5b09442601a44b589820c037f5bab
SHA1 8f66b5658ae46a7c5834439641362177dc019814
SHA256 cd8d974320412c5f7d3a1ece8f41d91de86f1c49a6b293e4f656a12f07cc7587
SHA512 ace48e48ce37d2e55978c69c559e10caae441de32dec6a9f20335eb2f4214639299987fd1744d040ffb031eafc179db11f7eb6b7336ae2b2350aa71c21d706ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0b158485c285889a0fc4942526dd4661
SHA1 e660c9346d9542d3f271b7a518393633521864ac
SHA256 e87a7b75ef286cebbebae6d51e42837f9f1531356dd828e83e2ddef07742d400
SHA512 ae4970245977537f1a056a57c257eb6561153c5779d92675fd4e819574752e6d2c1183f824af0d94015680f7cd89c15ccf486fd89475f22518f6af0cc193f3fc

C:\Users\Admin\AppData\Roaming\Zoom\data\VirtualBkgnd_Default\{F005A9B5-D257-49D2-8068-0F76163D126A}.zmdownload

MD5 b979107a43aebb6e8cffa0cd9b3b90cb
SHA1 e37885908b13791690093838759f7efa54145261
SHA256 3db8715cad9185a68a1b52ebb8e65798ff16f234ed8c4fff842a3afb369a94f2
SHA512 fee2c0c85d224d63ec7c3d65e32ebe47923ac835aed999a0395e7ff7ba625349840f2afad1271d6cc722f5882f5f17bda29926c6990a4ccaa8ca1049967338ef

C:\Users\Admin\AppData\Roaming\Zoom\data\VirtualBkgnd_Default\{99C2D774-32D5-4B78-8753-05236C763966}.zmdownload

MD5 6941fbe7f35b2034d31486134ad244ce
SHA1 b2c776bbac94ab67a1f257bb3eb8c17262836b81
SHA256 c1b530d01410197a9a2974b8a8b068dd814320a42ef451211677448492385278
SHA512 b9fef8f56938e82de5ee52d685fc134bf0b042981eff3f02fa839a81c6957eb6b9e1cbe4a7ebfbc2cd15b78c39c35988642464517485c7f45aa4dd57f8202c27

memory/4876-5596-0x0000024A72350000-0x0000024A723BA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 ff60daedf363769d94fbbdb328745009
SHA1 c1e2052aef1825961e7375b53db8f12537906bc3
SHA256 05187f6b6a9c9875722ff79601ef4ef0d8432012f21252f0d10ef2834535aa6e
SHA512 6111170189070244ef919d85727ae7495016a44879b4fbde2a0480e212181ca753a1e4698ac271d5e75df4ba634f6a877ab58b3977af40790a48ae8c0dd8bcbe

C:\Users\Admin\AppData\Roaming\Zoom\data\VirtualBkgnd_Default\{A8280EF0-B554-4B64-9D5D-77973E5C2010}.zmdownload

MD5 85723a871c857103aa69d108d14ac334
SHA1 f69133638d29e798418c7a9f8be2ffd6c696dbbe
SHA256 63947ecbc37e49f1646db09f01b223b95c0d9c3a1a83ee87004a4012630aa27f
SHA512 af0e8507f42ff0a5624f21ec26ad0acf697e00ec1aacb8b79153bac93e92a596d60b5ccba33cb8a4aba8c5499c7ea77d78026a975e2533f186ab56ced2ee2733

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f1f2-1f1eb.svg

MD5 f8d3c0bef471e7640b5849b87ba7d56f
SHA1 eacf345d95892bae61555e6c5bc81bcea26028ac
SHA256 5b27690c0d0ff60589cd44639e0ccadc35c8c0a77353034b5090d46bab89f23a
SHA512 472ccfa74c68d29ddd92bad21212468cd916d4655c2cc45d9738453f5fe3b3a160d5c0a6662c85e1b5ec7f63ed8fa73806cd62c3a996e8d9b9ba4490e58c3237

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f1f2-1f1eb.png

MD5 e24a5922490ea09bced2c44613107ed6
SHA1 33b14dd8c226a1826161801a71d537042ce1e402
SHA256 9e74533f8c5afa2bbdc06a3972b41bc0181c4c503674156d96f940c2388de7c9
SHA512 33430271daed2578fec0a6774a98457a709de2a599b5aeb35110cb73a57753ef4ee8a2683fdd4128b4d58599fb5616b592ff6ca3c4e72976e72182d29e4cad12

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f1f8-1f1ef.svg

MD5 f7fe36fc9582b6f1aec06c3c73db814a
SHA1 a6e0588f908d6c90dc3e1139e84f10e82614378e
SHA256 60b79284599504b50170ba506dc0198a4b058711058050ecdb1c0c2c617e463e
SHA512 759bd57e7aec253f22e45bbb78ace2666b256e1b0593231ee5a124ab1bfadac1e29fc080e0f83c28c3dc3b449ef2a432c7ab3ae2e567f3763497c1a3f0372475

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f1f8-1f1ef.png

MD5 7c500d8f8a6b86b737ffaffce72d0e75
SHA1 dec92c55ac76eeb3a156c937bcaadce2908b73a2
SHA256 eea25ccd8b456a7d28f8736e7eb48bec9cf58a6168233ad0ed2949be10ae52a5
SHA512 94c1950ded281097f35f8d8b164f8f4712eb9b51056680bf3e09a7df804e73b6914e6c7ec16dc320d3354bd5400b3c01ba87b5b362fc83573e0346c35f8350f7

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f3c2-1f3fd.svg

MD5 78a1987b430e7ed93a0b5e24d775bfbf
SHA1 25713b0457877a92d59a0163c3b49b26a31e8aa3
SHA256 48d68ebb5e24b6a03f8d3de6f219178c78ea5c7075bb00f7cb2909623d38a735
SHA512 cbd0eece4f6522288f3670c203f5112dde50aae0fce683867a47e8c3d3544c9408b206f84bb123a71a28e15ea3bc936551943baf3742f311eeb3f4887ca4e6d1

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f3c2-1f3fd.png

MD5 1f7c872d3697d3839067abba356349c6
SHA1 0a3710417cc88078bc2f6b943a662127cf8e4d08
SHA256 644c6ef33b0f10df4480b63d0516c3adc2f6facd92e474a92b36e3545b48e9cd
SHA512 0d5c2800b68b177c271bae96c6e290cda0b1095fa76e397c8983b2e5caf2598c238849fddcbf04cdd17dc92cbfd998ab0e1a5ee6d08c4cf321f27e404f3c72b0

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f3c7-1f3fd.svg

MD5 2f2d75ad4844b043de6a9466b2243049
SHA1 7d3c79667a3bbf8a1dc6716bebc54a4d1ad8e584
SHA256 f2a20336a2ff3706b8ad123e0c2d053d4c6cc77a8c9879d9ead1cc1aadc563b6
SHA512 1397d5750a7845df9a3e0bc385d518db16beec705684a5905dfcb282ed6a7515ff8dcfc278bb13553f469fa7ad2428aad572974fbfbedf06e2011ce8132d4601

C:\Users\Admin\AppData\Roaming\Zoom\data\Custom3DAvatarElement\thumb_unzip\thumb\2001_13_thumb.png

MD5 6411b9d0870c360f76f66955127f7dd7
SHA1 94b44cee1aa1b7e260b685791ca72c434cc62093
SHA256 0c0b943d742975682c1502b2f11e69cebb6f10ff0a1f48e9f87211aeb27b75a3
SHA512 709acb7c4b59c5b6e1ec7b7b5421cd8324abf6b1716de706eb4788401b4dcbc441268cc6d30df6a26cf93135525c2227e4bddaea28cd223d332c58e15e302f87

C:\Users\Admin\AppData\Roaming\Zoom\data\Custom3DAvatarElement\{277C0988-71B2-410B-838C-53F0B5763089}

MD5 25f795d6819bb9ee749a84a9cd77a59c
SHA1 2f88367b9aa5a7649e7bc5632cd9f4c765650a70
SHA256 788d746f24c902b9d4b7446b5dbc8e79c4d8445b2ab715b8ded7bdafb8070ec5
SHA512 4b51c6aeadaed3d09832d4a29f417cd3b21c946d9388519178392e5f5ae9c5e93fc06a562f05f62821eee7085e10edcf2b8408085832f84bb0e0582790d94ea4

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fd-1f692.svg

MD5 6ab9ba64e70c4531b2bf14a0f4a9b9ee
SHA1 b03115c46dfdda9e3e3e2df99e010e0445e114f0
SHA256 b83e0855f895f68b6526d6a5d4625dd58541c7ce45362fef749c076342c8ee23
SHA512 fb6bb47fdcb13f493b73cb228179af72ad414231532e7c53206710d10a66bb417500acadf6211cbebf604df04bb88877c8808b2c06730db63ad01e2107784c4d

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fd-1f680.svg

MD5 7e3467e8140070dbb54f3c730f8c3b5e
SHA1 1d1cb357a9fc85335504cdc1c2629a18fa6113e2
SHA256 d6a92323fa70b50cb0c0afd30fa9fe5ad6c6a6d698b0dc4350bcbc5ab2c7c031
SHA512 29c2a1f28821d97391293f01453f5d96e4c2fd41748b01aaabe56f18a1434aa20aa40ead38d39ad1c09ff7c6d708fad9f773b8f43f3c11b7ba5dec050dbda80b

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fd-1f52c.svg

MD5 a60e9a7b24ce9ab6d0c0957d7d6a65d9
SHA1 9b871da8744c9a798ea4253c51c94a18a77d8aa3
SHA256 f0ed131631098d4105d7876796827037da16b711688b6fe488451e8dd4013d20
SHA512 8ae4d41e5073fdb0fd4104706225b7e734de9d354cf21ee51fb47618bc4215c5ddf0d51c28d5a8279e8c83fd3276cac9ffba6e14950b245e153cad287d256e0b

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fd-1f9bd.svg

MD5 fc7781dbb545d1ed0e0cf7e0fea1e792
SHA1 6659d41a8053f815157715a71e5ee866272c3e4f
SHA256 7c3b276d2abca816fd4e1b9b8d95fc34996fda262a75622ba0d8ff6f7de0e0f9
SHA512 3d96d7596d3b856a0069eb47254bd6ee8bbf8689052cb74290a79b622b69988fd4471ac7cd29a335172697be95cdb67114268ca0240a00661c1de300793df107

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fd-1f91d-1f468-1f3ff.svg

MD5 735c34515def34f27a7154fed455ea2e
SHA1 7b01c41ad4f90adcb16aa88f5a14d78b8c1f83e3
SHA256 59fae5454e5926bbce5b7c4124021a57b3a02872e2f701bbea9120195fd92e83
SHA512 a5c4986f9d13c3eca29f1bc336767c7f71d675d08170e20871652290d69740810de0200a5fb1b2b2df448eb3e33b88b5e4be033b23de814c80208d1d0cf3fc1a

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fe-1f91d-1f468-1f3fc.svg

MD5 9b40204af1b6a28bb88fc7ffd2ea57f7
SHA1 824ee4ba5ef1bd86373f3cf52d5d6bc89ffe6ba1
SHA256 c144c5d554397a26731f32a9e549cdf334fbc41de2596e084bc65f849beaa4e0
SHA512 ca5f8ac7bbaa90680cc1522a3fd4f0ef633cb020c5cdc212f5128a2ca09f2bff43d32c36c1fc6452aac81d0363f2d51180a16488b7b094662d7e757524e5e292

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fe-1f91d-1f468-1f3fb.svg

MD5 73b97ad95a8461f3f26fd08e18696aa4
SHA1 a2e4a2f24028cf64e44603a4812d498550d3781a
SHA256 d3b32453dd78d825ff4b5d87a120513a7b9bc5c81c4a35d5179aa3c06fe26b5b
SHA512 c539292ac33bed2769090aba2139f6cc809c1be752dc63590f4061698faf23a13928eda3aa1885e21897e9e5042ba09dba51d29d43884495c44af0eab56ff47f

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3ff-1f91d-1f468-1f3fe.svg

MD5 ef29f154a48c86d08cbdbab7572b3880
SHA1 979867f22c49ff27a7aa104b3d96fe4f2dcb1a06
SHA256 a95e0f316041c2dd52c554ab832b0f1103c720fb19512ec28e8a8347626137eb
SHA512 5d4b51221019317b30657474b684723fb4562b8b63fa886f4b88bae07fe97e7b8391c54658badb019ac7c630eee606988cfdae6d100d5a5cb20ac47eac0f1d20

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3ff-1f91d-1f468-1f3fd.svg

MD5 0efa0e226b7360feca7568589b016d91
SHA1 674b86f0672f480ed7475d13589502a0baf2ecd0
SHA256 4b8f977152adb5b7d55df1942ee6c7964413e51dd6a3d66ad25b6e661f05d02e
SHA512 148aec3dc5c273aa7dbd92f1310024621d39bcd39f72020f300bfd857f6652e292ab12219af2201ef23d0f025633944014b79666ff8f72a505e003dd6c05f741

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fb-2764-1f469-1f3fd.svg

MD5 d606bb69825d52fa232142bbdb7f985b
SHA1 1ded24b62be062b9f1c8a5cfa9c848d32339d7cf
SHA256 8668216cc468d471d6e8b094bf1e9cac324d16adc16813529f7fc3b94b84fab7
SHA512 487428414fc0e809660aefdb351da080884fe5061dfb26c692716daabb56e9dd4274ec4ac239094ff847d0393334aad93769eaaa39b66435376b2178667b5bd8

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fc-2764-1f469-1f3fd.svg

MD5 11c10dff05c7f85872f5271ec9736b83
SHA1 ab621f1e66514bb91674b94b643d0ba020428178
SHA256 5f65cf830f17a777ef12a3389030b8b9681165e46e9e3b78917427297839fad5
SHA512 9bba1235cc734c40cb34f3014b28b9b2ebd38e6000d4d624b4220d5358b12f69028217de7db06eeb320a33abcea09bdf9a63bff228c603b2f24df0fa54b9bafa

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fd-1f680.svg

MD5 8ee07bcac94dcf71e0279de998389346
SHA1 817c77b801ca926485663bf7ae600ba162a9eb4d
SHA256 a978d221a399f35ce822a17831140bd52f99b4927b9f10937f4326454a5dd931
SHA512 685908420f4e154a10baac33d1515f8baa6d4fdb22d815369e9fcd30b892a961db0fa21c3eb0e138ace0ca61b519f1771c8aca323b565a2668a988f84cb0003d

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fd-2764-1f469-1f3fd.svg

MD5 2272ac79c299d048406d97dff71d8d36
SHA1 5d49db7362686cd9d04fa8a86b19674832121302
SHA256 9527f0b04ccf0c6633b1644e6d0c0fe24d730f58cbff1d4f8f51e71611341454
SHA512 03ab7e85946062d3a7e6f36fc80836f67a13acfc691fe31e801adf5ef903b296e78456bf03df18861be1254f2265ee283509920748e520d587e142226e19e4f0

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f468-1f3fd.svg

MD5 6c51ff1981a4ace8c74a90c23b04dbb9
SHA1 7a363f1e8d3e2bd18ebf13aa39e2474569b38a80
SHA256 1f4ce13a13158a72aeae70a39582f45370b3c1386ebe69af95a9e1ed3aff9db7
SHA512 86f7ecb883a4d23f7592b44f26a1d584ab6635c5d6dac16de166cad1d20f3d5c7837bcd9c573d57f2fec64f4bf130b3a2ff51cc5e1942faa55fc5318ad693afb

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f468-1f3ff.svg

MD5 1d6feb3d1dab84ff411803ddc017d242
SHA1 9e0dd2de762aaa367a809ce0561d1f7f6dd8f56f
SHA256 ed280f6d103dbc28bfac0b0cab9ebe4e942fed35afeb2da72760aaf49e3dc5d0
SHA512 5a2c45bde99b07393702270e6329bba5958c9199895c6c6d6039941058e1f05fb494bd49f3d318282d7b1116364c2a1dc103a5d69b1949ea06c5478dc59e4159

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f469-1f3fc.svg

MD5 a3f59b88beb651c150e7de7768709d9f
SHA1 2d0cff322641da70d78183a82422fac199a67797
SHA256 890bfb6808ebbe175580456aecb93e32c9420802b2f5621cdd17fc48acf6c343
SHA512 c447f6b989f4288c2542d76357daeae726cd218af17487482bccc24f532a4f8378d85881fd429165728d7f352bb4042d31090e5b2f93d5174c23cea6e0dc41a1

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3ff.svg

MD5 6afb2712780f4552488392ac6ca95d1b
SHA1 67923ba2ceb5f4621c34e2f460bfa95daf1f6109
SHA256 cd59ba9c3aaf161a12fa5e863a638f4afe59df3def11eebb7838c1339de3e7b3
SHA512 60f40df51776dacfffea813c4e64797944e49f3f1a46caec3ce39bf07b222d3feb1fd903901b86be130c54fedf028f876eb17d7990acc1a4967a86de0d0f5930

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3fe.svg

MD5 d2fdf8b5cb9c5971ac4065cb15654ff9
SHA1 755f6d74cd650f3b5e7f5c409780fd251d9f16e7
SHA256 ff727128f23fdb8307a4752a3176068902efdf4842f06dc5ea1f7991da0ff0b1
SHA512 4c0c2a5491b8836ee872afda22034ab0a116fdef5d410057288c0f1c9513b1ad094cb3f81d180e9e6534dc8785eb55cb1b9cf4e957a223151fbeb87f6f5a5554

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3fd.svg

MD5 6110897ee9a8172c6759a335a7c731cb
SHA1 664d134854e2559a575436db21bf2d43b916f686
SHA256 2b1d3918282eb77ebfdbc7253a0c71cdbdbe2a3cfdd4b4f3da42ca10b6d2f30c
SHA512 1304265e21e5eac4aad87c83cda67dac345b8bd0d1146c240b686a3524b6e0ae1c35ba360ed318d38f9af474f9e087471b2be38afb5cf9349e847362d3770ac6

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f469-1f3fe.svg

MD5 404086eba8b7cc4b8b5b44ec9df3e07b
SHA1 481668caf334af1c4a470cb286047d9d062c3eaf
SHA256 1cfa0c95515f597fe85227dbfc88694acc32bbb14f95149afd8f4f164e6deae6
SHA512 09620638e04eadd7271584acce100b833df9bad0f6cd0cdff256516a314e79ee96f1c4738a98a3b418b391eac70c0337e9b3d471183a2a4c9f2802d25aa3f8bb

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f469-1f3fd.svg

MD5 522586e57b24029cf40f2510c81f2189
SHA1 f379229ed47ce65912c915171bfd0ddcd4ba1b86
SHA256 c4609758c8ceffd10011777b56634e63899ebfd6fb67030d57520ef46c2b057c
SHA512 dc359b1ff7e28b491766782edfca51c8e7282d328788ba3c437a88881996dfa7ef084a08c958b4d2f38745ac4f334e850645ff7e42d0c131a4c75a1ebc8ea639

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3fc.svg

MD5 5cbade4f5bb1bc7ef2e86602870b7416
SHA1 13747f011855f3b13233afabaafe95e3d98b0a15
SHA256 80db7ba93c507ad2706a2abc88cea4aa6d3cc2b95a3c28084c66761a36923ff5
SHA512 d944ef268a0ec5886979193694ab39ae90c6891809960e594d8ec65ba949247d0e9d211464d2e5eba37124531fcae8438352813675b04934da33a4ef4884f85f

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3fb.svg

MD5 568f422c37971b93d0ddc7bae6700654
SHA1 a7817d0cbab87c58052b69e4f98916efa0ef76c5
SHA256 ef9fe06c736ba437ad56e3ee0237192fc49aa33df6b740c1e73f0a385d8deace
SHA512 436b3179dace2232471f18a740e205bf4eefa16d51e17bb38e61e890573c2fbaed39ac79762e5c1960c9a6e21a5d632d79351a4cf79bef87a89edb98d85b4659

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f469-1f3fd.svg

MD5 a7da7cef7a6fd12281b1e4449432d0d6
SHA1 4830693cc4a35d84e0372c81b99cf2cf3c84bbda
SHA256 1a9b5d7e925726c1efea278064a3680e7db975e02ae94571ef49244f9965ea40
SHA512 a4c67899f65ab7241351606747d453c61811e70861cd91fedd9b8dfc1232ba4395dc61f8ce59b4800b7d4596a017af6a8f4a845f7247023e3135a4f37e78b781

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f469-1f3ff.svg

MD5 50f60f979f5b8918df58d0501b4d7487
SHA1 42a84fec6a296f3b413b7a744ed3e6992f7fa2e3
SHA256 b23f3ccb4901679eecd5bf5e9ea5e029b0321a514bba5551aa1afc483f5cf00c
SHA512 f1733430b43924ea1e5ae5646d79c5bd79eb3602f10e45a44168024e65d6c5f7b28eb195799a8f26a8d495025bc73e3cf277109165e3800577cf8c72a8f6ec74

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f468-1f3fb.svg

MD5 20a407b1a3f9f733c2481bc07a720e02
SHA1 776f21c31de2320e76d92512320e179ca2ead555
SHA256 db667fcf69cfd628d5c2132b84e1baf54df55296bf074903f94c41dcc3b669e5
SHA512 01dea1eeb77e91a80a59ba68d1c260ad4f324121fd6207626b0fcb25b4027082a64e83fd0890bdec25e4256efc29357439f47d8383389216c0360eb181634597

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3ff-2764-1f469-1f3fd.svg

MD5 8f868a263f6b4a796f00e95f9d15fbd7
SHA1 7d083471defacb2bbdf156f251f75755bb188de7
SHA256 df1592e5d8be506a05c38df852ce0fd3b09208939920e0ddbb7d5d108f33b30e
SHA512 c3dc960ae8210ca9d9694d0332d8520397030f685d45e745dc3598b9473f557e0d1c96ed7a9e7e9ec7ab1def29c9128e65277c7d830bfac03b9a79449b2b0a6c

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3ff-2764-1f468-1f3fe.svg

MD5 0f4f1eef680448dc3265335226c70da2
SHA1 5c71dded562a410791f65ce456610a7145f0d038
SHA256 7c881e18ff73044a0e05d838cb14331c591e874aef47a50828d6d392a0db5f31
SHA512 10e2303e0c11cfb5e44002666b9a5bb85edadff592a479792a6c580defbdc56bf6fba4283f21d6e0af1059693f8679f3d2966a2b40b56f6ab0fc52c073b3e1c2

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f47c-1f3fd.svg

MD5 31907a7b5abbf66956cce5ad22f4af36
SHA1 51d28c4fb0becb6ad4ce8339974f569c9f129d3b
SHA256 756a3b424199212f63753a1f2672245a7241c9877a9d65dd263c596c9e9e52e4
SHA512 6c676ee42bd2cd0cd4f7f0703d1fa16ea937ea6efa595456836f43650bba4dfca52bd85c5d7d48db65efd67cf00fc1c4cbd0928739a8a0d49c3f9fc66bceee7d

memory/3696-12488-0x000001EFFEE60000-0x000001EFFEECA000-memory.dmp

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f482-1f3fc-2640.svg

MD5 aa8b34acf3940fb01ad81a331966d9d1
SHA1 09f4e91e539fccd1a161337a0e2c1aea35e9d33e
SHA256 b382cec8be2da96902d0b13040614767f5068e669a42ebf9b633d210c7c75f52
SHA512 17c80f0b1728d7b990988d25ca960cd40adea3be218f8317d7b956501beda4be2014063d6362ff5f2f332d519dbe1b951f6c3eb8e5edaa04375153316e8732a3

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f482-1f3fd.svg

MD5 38fb06613dec33a6351b424cdcf9e798
SHA1 84258f41e485bbf36fa16a0f7691aa345c30543f
SHA256 bae702a8a27664f5d7378b7bda228564e8eb87979756800fd8233c7fff7f774a
SHA512 d688ad6e7c87ddf4a5bdec4c21c5be06110c918b6c1a45c88f8781a024ccffb8f17a3ad32224a841879362bd3813d7485fe809e5fe427722b1df93daa6599f7a

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f934-1f3fd.svg

MD5 2c3304dbf27e8b6205b1b315982cad8f
SHA1 a61bb150f6ac5f91ee6003a7f09bbd9c4dd719a2
SHA256 1687f8f975770db3bcd7ff60181a0d9350592dea6d247fac0ca050488bb416a8
SHA512 ad58a0af50afb3833782702a794a23b9257ea71433d7abd79baba186def45a529780614074545c5088c48f3f8a5f9d214df05f07e05224014acfb31487bb6a5e

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f9d1-1f3fc-1f3ed.svg

MD5 cda158ec90486e293a00101388fb056e
SHA1 0896e006d0a755dee3491dc3411fa97d574ad940
SHA256 7859e07bb93735b5532862e95b1f4928bc1e7ef186ecf6d8ff7fe354e93cb103
SHA512 411b7c52371031271e4bb2f42a6b49233acd8706cab3240a34fe2cc126d4379deae34697f89adca1df4c8752dc85351292f41af1120f854cebe1264978b78dac

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f9d1-1f3fd-1f52c.svg

MD5 1ee874650b8f60d065c04c24dda98b36
SHA1 a9f7e11278178260b22459d9592dcc74e0dd0f68
SHA256 c208c8c9c35327edcc490a569b768660ad8d363e1a6df57f9ec2d23cf7b3cfa5
SHA512 1404ee708959f84f435ec6b933bd8bb8e5f8112759aa5c5e3e36f24947bc29c54130a59b365fc6ba029af3df2af28c94beeaac66aa22cb400e5601ec1827edd9

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f9d1-1f3fd-1f91d-1f9d1-1f3ff.svg

MD5 c4fc238c34048e2343d2f1d333f442a7
SHA1 d28a3374456d986883a13db2cd6cadf837ad9721
SHA256 27a51afdfb403eb26dceb8e93a6cb81f4b27b10feea67b80deee3b7615ea054f
SHA512 429bae9b278b36fc645839a2edbd8b2cc9ae88ef1403825f8a539b997bc5828b447980ceef5552e4e98f8b12fb3641ec6796b70a7977201e426b57cd6683623e

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f9d1-1f3fe-1f91d-1f9d1-1f3fd.svg

MD5 e62b4de2a7185945388326c56cb2b684
SHA1 f1af67ed15c5409bd21550a641f8ee505e02cadd
SHA256 5f864eb3b33162d211cf6f22c4fa31be34a09bd655a23db510a968b3bf6cbb59
SHA512 7ebc4d82fe969be4b4440157f125d130adaf95cfecdf4aa808fa71b0ffc43f3570ffc2ae5b453a4e4211128de80ff08ca5cdc6dfa810ccca2eb9365d6b4559e8

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f9d1-1f3fe-1f91d-1f9d1-1f3fb.svg

MD5 0be420408cb2e02a9b44994f5531bd54
SHA1 a06b83bfdc3a7148032a74ce0ec1dfae35e04192
SHA256 4c3213d121cd3088cf8011f35febf1da55b0fd12463526c123467c9f66ea0128
SHA512 1e584942195bf05e145d1dd418680bd08d669573edb8c4c2e11a57739e0c8167efcad307e6ed7f937affc082399d54d43b25f3ab26f3feeecec7680d0e6e3700

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f9da-1f3fd.svg

MD5 b1a6c8f815b476d05e0b208319d946d5
SHA1 fd604b0eb467422a2c2033112358a8d6da60a7b2
SHA256 bdb723ab23ac185b0fb42c9979cb72b93d6c3167ed666c4f39d32228492ead23
SHA512 fbe911dcf98380240b6d52b55b5cddcf714b4df978d94c87dc6c28159ae477a282a5b07b63f9b246e4b1000e79fe5a116684792ba1c9f50fee3eb5065ed186d9

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f9dc-1f3fd.svg

MD5 ae020a92111b11fb3de388bc4b244b1f
SHA1 8eeb8aa46c23464932e9f952751391a20a1037e7
SHA256 ac9ef9a5952889dcb438f0eac84fae7c0c8ebf3acceb7b85eb602e14e4e77a60
SHA512 d5d522e808f6b74ef82918103a2a05d6896f9a550c4a7d89f452f65c647e99fe4a6c5faa46ef7a6bf6951cf5d391c2db0ebca2b14bc9d151cf8a2bc88a13e28f

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f9dc-1f3fd-2642.svg

MD5 1766a43198f64bd18de2e07c2a5e3293
SHA1 80f361eaa5d358e62a682955ef01e276b0547ac5
SHA256 5d9d857ae1f8f5bf207fc53ae02aced36d3956e4935920ccceb86cc7fdee1dfd
SHA512 50fbc7333b587c2ddb8b72fcec371d77651d9a52c961592e22387d7e6fbf93ad9eac7debb87f4f8be55259e2687db7a5d840e2774de96a3baf7b9b6808032e5a

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f9dc-1f3fd-2640.svg

MD5 38be49d9c762eebbecb9159b93493180
SHA1 f0034f4ecea3228d316dcd5b2c1aa288529901ff
SHA256 bdfb39589b195ad4e36414bfb8ad249558c55dce74533e9ad8ba87e63371d75c
SHA512 56da800b3e1e4e321528ae37ff5402c4ac89966e25b9fd5452253bda8e21c3913d989869b824c339ee6df54e348685f65ab692e96b2bf72e0b986eb8844c9c9d

C:\Users\Admin\AppData\Roaming\Zoom\data\emojione_low_20240219.zip

MD5 8c594752ac59f8734c47a2a1e8578f66
SHA1 d2954455da494c95237fefd7adcc0db9e858e2cb
SHA256 432c05650eb40852045acfe901197beb28362cb6dbe637d124dee13cce1c3885
SHA512 48074ee91771eec97470ba844586d43ce20f53191961c8553eb4930f5b8054e691e435ed752f47215484ac87c36640d9c32856ea03c2774d4e22e0726db43373

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ec737d8655dff8c52e44cb247da53113
SHA1 56345861b1ceb9d35ff4e8d03fd09f11cf17b94a
SHA256 c7ad0b2face603e3bf8bb09d91b81c5dc0187d5694e4c93c37bb92385de51ae7
SHA512 6a0ae9b14af6fe8249c44959f93c7a1dace83f2eb9a33dd8a65dca4b6bb96f3f8b45c8d88dca1809e32da1b9208ca99bf7defc03d9eb133efcd782b803f85c0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3023\typosquatting_list.pb

MD5 17c10dbe88d84b9309e6d151923ce116
SHA1 9ad2553c061ddcc07e6f66ce4f9e30290c056bdf
SHA256 3ad368c74c9bb5da4d4750866f16d361b0675a6b6dc4e06e2edd72488663450e
SHA512 ad8ed3797941c9cad21ae2af03b77ce06a23931d9c059fe880935e2b07c08f85fc628e39873fb352c07714b4e44328799b264f4adb3513975add4e6b67e4a63c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3023\safety_tips.pb

MD5 9a8fa91522d8e4bfdb1615b02f62a9ea
SHA1 f576e094b119cf309d4b823a702c4547270dd38a
SHA256 e62d26b7e7cf2224bcb9c9ea1ff221d85a5243d99510c1cf314502a4c012c497
SHA512 45477d2561aa91f1b85f09a0e81787b209aa3aa65c5646acbe73a666fbf2f419f2c0eeb9a16ba003977137faf1e205760538b57a3ff37ecbbde18d8c3e997c56

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2512_654775141\manifest.json

MD5 b2ea3109c37557d09709eb218f45ae4c
SHA1 f954ec0745ab9f1cbb9bdb31ad3bc9e4583b5a4c
SHA256 708b857e6aea522fb31abd93858e2104ffb225e76b942576063123bff675e5f5
SHA512 9280a15618c82af926c8c4725fbac20cdd8d7f187e4446c13b747ce94977689fff0db7b7b219e89556d7ef7c60cc9de3e48e7a8462fdf35771e912e4a7d14f22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ae9e27ed102cb64333b8b134d2e1a9ab
SHA1 57b8d46dcc9c09442e22d251005edb1979ae975e
SHA256 5f6d89e74359e02250827a514c9668c37524efa6ef252d316909a782710be24d
SHA512 3837d9f51529309b1d4a6e6fe4fb9beb466bb463402d1bb3fee71334052ad0061d3570cafc2a76e0638e4cc4261d38a4b0c986cbce148116f7d8483ae7c4be87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 e84001989d6775cf437a1294e7a9b08e
SHA1 466db40c4b121a6538f0a5b9560d2de33b65736b
SHA256 ab046c2244cbef5d158085601e78ac84891489d4736373fa3513e28ab624eefe
SHA512 96181221cbd6691cba34c2aed7de6975f70e2f142533abe24e14d7db8713473c7b8164a059d156585dee131353fb43b893a1c6ded15a48ca43286f2d7d313425

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.32\BGAUpdate.exe

MD5 13eff92ece4abda4c76236b1668a9d0c
SHA1 1e908ed6cf873c77790c7ee03ce1673bf2850b92
SHA256 7c5c9afa4f6a6ee3a854b915a3486c148d8566411e4362baf049b444bc3e4f5c
SHA512 b875d9768be15ec6f33744339d0ff26e88d0b9a54b4486c5f0957035ff833828a3c509ade063cd18332ff4efc3c936aa38e314d67579d78bf9610b4c21c5a5f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.6486.0\edge_checkout_page_validator.js

MD5 91083af96044fab17e1784cca5e1df91
SHA1 c2102a292fb995a4c07362478efef67a37db9c22
SHA256 0edffc23d47c195a1f09757f0055df728c9aba5c1407e292319181427f7c4007
SHA512 2a29ba8cc25600cb00859ee3705f6e66b286ea2589ae55764351440e6c68851815fb0d5f07a05addc0e8576b802362531574d101fb99c161ff230ee278dc8871

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2512_1573402465\manifest.json

MD5 981ad03c44b4a765c432787f0fbb4d26
SHA1 154203bd5aca20f38bc242a12c9aba3605935544
SHA256 235586240379bffd0bb025939952fb180175fe60219a9618977cf6e85ad73fa1
SHA512 fda919bb9aafde22b4eb7934932110849e4fd660c9f63c818ae3b3ad9cfc1dda4360ba3b5eaab5500f2203279c5e91845737a1897bbc1a6fe6c702cffb4360ba

C:\Users\Admin\AppData\Roaming\Zoom\data\[email protected]\client.config

MD5 7cdc4103951edd810c7f32c57ae27da2
SHA1 2a642e8999fe7c3e9f082839640b71fb8cc96980
SHA256 4bcd47cfd172f4b1635a294ef643356c894892127706c50c49febb58d914a0d1
SHA512 f4b75eb802354bf2e7dd0b7ee43216940f2e464ee535d5c7d7d2bb0f0d5be6a824dcaa799451c08769d7616df1ac2313a857ae9733833576a15defeddffad531

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6b7a48e3135526548e518cc1b5923b50
SHA1 484be65cff8bbc7df66c1cad8b2558e69ffb26f6
SHA256 aec6fbc279461ff0ac2a510b3a29aa3b8146f0c515e49c1f119736f431129c54
SHA512 8bbbdfceb85e851997b1fb6e01d62236284a1aa25bd8971a70c22c8379e324f96be08fb21b5f404d006e61378f3673be08464efca8de199235e61c69d0f9af64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 d16ab285e82e05b82401f4d07c91bc78
SHA1 07ef0ce1b38ccc13853eb9e959947c874f0ee075
SHA256 ef1765616139ed80fbbd9cdf6ffbdf09af7f968bc040cb0c0490e9d1a8b70c43
SHA512 b682fc2876466b0c096bd824b4c61e4b6423e407b8309fa1528e60ab6120c3b9a1a192e4d10c1c9fcb721d7094fcb829a5ccfaa1c27592a7aaac7dd26082be55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9804818bf19508454883fbb9ab2c0e6e
SHA1 39f1cc4251f961e2287b1860ea14c7a4711243b0
SHA256 60ac4b92791dfcad6335c21beb5e08c1f06d684594e62d8ae9cdfb64129fab10
SHA512 3a964ed7f5156bd238855994fa9e434db10a66f1ec697725d02f634ce51f2951d23961941b7b6993874d83ef5c526923f603c8e71912677cb4bce9f13b755591

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a8c1cf6448a361e4cacaf8beaa0911e0
SHA1 f319e9f414f470a19a0bb00ca2f1d411da08ef0b
SHA256 56b2665ab9355f0e6a167ed6406643056334e08ed1b7884a0d8353a65586bfd7
SHA512 8b80df45d09801d8f4ed9e331fb25e60e3548eeb536682f157b918142ff7ace1a8974f00d4af2e1bc94eb381ebd2366a66cf38e953b5cc65b5159e6221be5e6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\10.34.0.52\Ruleset Data

MD5 16176aa639f8d0bf6c1a823f9d973d8c
SHA1 f1f365a4705a3fcab04bc4aa8f080ed7ae2f372c
SHA256 75da3c6add63a83efb735ae0f1f4e6578607ea33187753b0f65f750a1ab0ab34
SHA512 d8711e8a2d417f1f9b81a13d04951420460d1be2dd0459916a3226f364b65cd77fc0feb4be22412df3da0a2433cd924df7d0684fab04a2c6cf3a6e9715ea9f84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 e8bd5634e7e7984d6a5a718beeaeb522
SHA1 e68039c724d06197f2212cc0faa766bc1ee1f0e1
SHA256 f1ba30c1bf5293f5d1f7ab774b57cb865f49dba4c81b41aaad1cc190cff081c9
SHA512 18c34aedc5d402594dd17bbdc5c069c258e8ee1dbeb6ce5c0869a550c97d937864ff2c2e57b4d11cad071770515475b3c0f88f82c8b5509e319d03e4f4c3dea3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\1759a1e1-cf15-41a1-90fc-239dc25cfcef.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 862815b75098745d2d419fb15f2fce80
SHA1 d56f881c08d535a517f0bd35b8bbf8f95e65afb2
SHA256 291a9de31f3c2be765762c9fd5f19d36e87153028324b710d9861cd2bfb90f71
SHA512 7646a0df8677ffde62b84774f9efa68747ba1d9a8d80a72a669c53d5430c80ea51c12dd116e4e13ac47d8df0f50be7188e7aa245c913e78f00e62698e4bc1e5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 cc02f69a0d6fbacb3b66b0243d5dd1ac
SHA1 9f6550176b4c8b83c782bb75215c785eab19bca2
SHA256 75d32b627b4420aa5ed85260c2b47ce85cf23d2b88c786d9f9618ca77c08feb6
SHA512 e5434b3507c62b28f0689431674f142ec2838b370700c61904c00f353dca1a1321e6a9eb33aa23d1e5c7dacbd14bbacf608c0dfba84142e92808245ab042605e

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7DE13E7C-75B8-475B-A063-B5809EA524B6}\EDGEMITMP_7BB73.tmp\SETUP.EX_

MD5 ac32fab2c3001f20f9c57a99c2557220
SHA1 3132e9e81c4d5208470ccea941565aeeee99f446
SHA256 817463502712e46e7638d0f681f14cdb0081570b04e0200a027270c1336700c1
SHA512 36c3f9cc04e75c7d83eceb09f44fe3a5b243c543d73df00e3527d0f0fff873769e9d3264e71a1b521c74f87135aa7cfc9fb4d3f59d8c5c0cc19cafb1fa015366

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\52c069c1-3c31-471f-a019-1e2d4da00617.tmp

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 b48ef223e69273ac15d04b70e263c5e1
SHA1 9c16ee88b91bc313fa37e85cc5486382e64d3177
SHA256 f1f78c3dde08624f95076a565a22987bb27e503e113bfa21276f10e0aeda5fff
SHA512 db678edfb9ec3013b1485110345391a725e27ff2c6a4c5e2dfc17911354f0ea640b6f1e46c366da9514c70afa148d668df6e39cd6ec42ca7fc6f4caeac0cf0cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\7db127a6-dcb7-466a-bc6f-335981167e6d\index-dir\the-real-index

MD5 207a3a7fc3df1127db8511d6d99a05f4
SHA1 acd138e860c91529421649381c1f5e0129d07e19
SHA256 d6ed2065c3c210f888f5e3bba0998f07e6b3e5874a87440be01211a2f1b0ab55
SHA512 7d0d25ba309c19986d2d8d249129e841dc9e7dab72d2d26cc866bf1bdc359de5a081e8850296af823d5cb35eeb516b15817d9f60c26ec5924c9ca0ba4f759fb5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 dabeb06d29bbc8b1ea28246e2579cb29
SHA1 bea894867b6b6b9f7619574dff3fad3e45b5b5cd
SHA256 006b67bf706ec8fc4a9f08a1a5f6c25ebc28c8c2b49f7727aeb5480aff334a40
SHA512 1c6114b587a6232e8b0000debc959192aded45cd409dbf8a2f29f8e59b3f19456b714a6d9eb87f0bb0c6c35311e4aff1b443316e37a31087c2c39d5955043e70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f766e914-1dee-421b-90c4-7cd3551588c9\index-dir\the-real-index~RFe612598.TMP

MD5 9d34032f586cd68b88db620c77587fe6
SHA1 9a8c5d2425ba4af5dc41b075e8f5eac500eaf9d9
SHA256 5810236203ff3fb300036d0caffa64f41729ecea4081ebad55ea91d162c0b4c9
SHA512 b68a48e83e6864d37d24a76a3c403db1d98fc2aa6da34470b596b95fe80d1e40d94755a67c1dcdbb0ee0ea757d3a8282ff6aecb7fdbdfd9c80791966f36bada0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f766e914-1dee-421b-90c4-7cd3551588c9\index-dir\the-real-index

MD5 5b97c91f0bf09d5a7f69481b84298227
SHA1 4f3e4ead50070d8afbef0ede2288aedb27274b7d
SHA256 5ea890ec3fa3f21f2fabd0be3ee676ccd26cc69d99a67ec5322fb4f577cc8111
SHA512 fa5c38ee8657a04e590d82185facb1fa0c0cb0e71f64ecd260d771b47482e5a10c10a2dc4abe69b72efc217e3eb65cdadae45a11d124be8443cdbe69a1388027

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 945a845e079247fbedc9a60a578e6863
SHA1 3a998adf811b29a01d916ecda2e54571bd5ef17b
SHA256 33ab725427ee370ebc03aa32a86799b75de15df037af16dbb577aa2b59069a33
SHA512 fc398bb7e786b5df1e2471154156c2817388250fdfb772c7d3b4885542cf5b137c306437e89a3d4189c6913f791aabec13b144d6a029eb83deed9d25514e0659

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 a3a5ff573fede06eaa75a9a8de99db3b
SHA1 fa78a4bdb9a1a59aa1c600f2dcae22da3721d180
SHA256 b88f0f2fe0feb925adcf2b4b047923284d0fb3732fe1fcd912c9c8045f209ab6
SHA512 f77a86a40b8b4121a41f91f6fddfeb6f3631c60fa0dbf52efcc8bec9966c7cca8788fea4194cb31ce87f94be83375be1a2688247b30b7c8f17ec41d554f05e67

memory/6920-22782-0x0000019CE3A30000-0x0000019CE3A40000-memory.dmp

memory/6920-22781-0x0000019CE3A30000-0x0000019CE3A40000-memory.dmp

memory/6920-22783-0x0000019CE3A30000-0x0000019CE3A40000-memory.dmp

memory/6920-22784-0x0000019CE3A30000-0x0000019CE3A40000-memory.dmp

memory/6920-22785-0x0000019CE3A30000-0x0000019CE3A40000-memory.dmp

memory/6920-22786-0x0000019CE3A30000-0x0000019CE3A40000-memory.dmp

memory/6920-22787-0x0000019CE3A30000-0x0000019CE3A40000-memory.dmp

memory/6920-22788-0x0000019CE3A30000-0x0000019CE3A40000-memory.dmp

memory/6920-22789-0x0000019CE3A30000-0x0000019CE3A40000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Windows Anytime Upgrade\Upgrade_dism.log

MD5 3c101604cf2921f09224df9d1b52f2ad
SHA1 f3e2052e6f9b7de61344ac616fb667b7b5ee0c07
SHA256 cb58bafb1c2db7190e4eb2e1b0696e74f1b6fce426fdd0619fbafddc5cfb4e9a
SHA512 71a5efce2d642d3fb847431c64dbe31848aea4e1cc8e827a82020f66f77837b3dd27453280a5845ff15a5c7ddeadaadd3900a97aa3b853e846ad60fce86e1dac

memory/6920-22877-0x0000019CE3A30000-0x0000019CE3A40000-memory.dmp

memory/6920-22879-0x0000019CE3A30000-0x0000019CE3A33000-memory.dmp

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\app-setup.js

MD5 7c7a7af879b79f3c25fea71c4b399481
SHA1 9a153d97946836fb64e9400a90a328b182b75732
SHA256 3e7e0c7761c710639adbd1306e7ec6d8638039831cb79281c3c85ee8ddc01e6e
SHA512 803601ad850f30a4b72d924f3cc2bc7804dbdeff996ce159d20703e73e8b263f986be5403a1521aaba041aeacb529c5c73a67b11c1833514811da685652dc730

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\manifest.json

MD5 e8f8f3173596a9352d2eb8554f328146
SHA1 17e1723c0ccf902cf2554d6e3ce4801f42444466
SHA256 3428d05f82e2137eecddce8ed87eff8ac22f389ac69298e8cba92ff3c2e16545
SHA512 7d28854aac16adfd4dba9c701a21fe178c75fe4c421333254e505f9b7bd2a856731bfec906872a92c866c5bbf3d517624624144621e7be8dda16b02d9a663314

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

MD5 8595bdd96ab7d24cc60eb749ce1b8b82
SHA1 3b612cc3d05e372c5ac91124f3756bbf099b378d
SHA256 363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831
SHA512 555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\Notification\notification_fast.bundle.js.LICENSE.txt

MD5 7bf61e84e614585030a26b0b148f4d79
SHA1 c4ffbc5c6aa599e578d3f5524a59a99228eea400
SHA256 38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179
SHA512 ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\Notification\_manifest\spdx_2.2\bsi.json

MD5 3ab320b66df885245ebccc3c315699e9
SHA1 93391947a3f3bbf82347058f94d0817c4b1bc55c
SHA256 aec8d082e402c027d98d4cb7c39a059553184cbb0f55c34f86cc83cd85cc1c90
SHA512 6ff9e4c41d37ee2a3bafad1ab76ff046aa54befc86cc5d40e2607fc9b3a229c9df88ae5bc751d3d0bf3702ac9fb7fe87657ceff7554b9f4dea51fc4a07024f6d

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\wallet\wallet-pre-stable.json

MD5 5d709377067d4ee95948aecc16146aca
SHA1 36df31fac098f3ab55ff33d3286089c7fa093d72
SHA256 2ba0187ba374cd8cbea56259836c2a0341355c54912e589ae869135b7faea724
SHA512 44c8f3de30c88d3ee7742712d974a9d8326159a839436410b6073aa353b9f0f6234ffd234dc0625ffd6d509b5db0bc552f1dd9ee2c55eac475cf5764b53c2cad

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_679981784\json\i18n-tokenized-card\fr-CA\strings.json

MD5 cd247582beb274ca64f720aa588ffbc0
SHA1 4aaeef0905e67b490d4a9508ed5d4a406263ed9c
SHA256 c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5
SHA512 bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\122.17389.17321.1\json\wallet\wallet-tokenization-config.json

MD5 58d328e05878048df57b277bc2adf4eb
SHA1 619192a332d9ec2239412e9fef6e2259e627f4ff
SHA256 5858378fd44eedd4eb1615f7e48072f5d4374848c0b3a5eacffa7cd9f3b9333c
SHA512 79a7efb226cece8334d5c1c76e41ffa18f9b10fd12379a62749bba8d8254afa0062b9af4e6b534bfa2ef30b45452807fb07c2508e9e341397186ead51130d8ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\122.17389.17321.1\json\wallet\wallet-notification-config.json

MD5 4cdefd9eb040c2755db20aa8ea5ee8f7
SHA1 f649fcd1c12c26fb90906c4c2ec0a9127af275f4
SHA256 bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd
SHA512 7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 7780d2f11f92e61fc9421a84b95b0c36
SHA1 d9890064c4b3550186a3150042d6cee5e4b91308
SHA256 9cf9ae8342949274f001aa7eda750f803583873a7850ec129b6d908384cb0a7d
SHA512 5de79724bd014ba681a388f24faa6675cdf3c570cb7a2d560d82679f9a1837c73be017907a358c09a0f18db04c9a541fd1aff0f9f539d682c866fad86d5044df

memory/8228-23929-0x000001DA10B20000-0x000001DA10B30000-memory.dmp

memory/8228-23930-0x000001DA10B20000-0x000001DA10B30000-memory.dmp

memory/8228-23932-0x000001DA10B20000-0x000001DA10B30000-memory.dmp

memory/8228-23934-0x000001DA10B20000-0x000001DA10B30000-memory.dmp

memory/8228-23939-0x000001DA10B20000-0x000001DA10B30000-memory.dmp

memory/8228-23937-0x000001DA10B20000-0x000001DA10B30000-memory.dmp

memory/8228-23940-0x000001DA10B20000-0x000001DA10B30000-memory.dmp

memory/8228-23941-0x000001DA10B20000-0x000001DA10B23000-memory.dmp

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_639114825\manifest.json

MD5 58d3ca1189df439d0538a75912496bcf
SHA1 99af5b6a006a6929cc08744d1b54e3623fec2f36
SHA256 a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437
SHA512 afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

MD5 6bbb18bb210b0af189f5d76a65f7ad80
SHA1 87b804075e78af64293611a637504273fadfe718
SHA256 01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c
SHA512 4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_434285837\manifest.json

MD5 27bbd8844209af39a35b42f2eb92ec50
SHA1 b1aab874a6aad1f9fc72ec9419980ce9d1db45a4
SHA256 4b7b671546c98b7452dbe62bc705b00005359b1580da91faaa5e02d811364a7f
SHA512 c0e5cb9a19cee8e24fa9bea6180b26b17b8bba5a8ea35f6b60950fc3f707375147cf0c68acec93d9cb41bcb6b64ab66743a1c1e5de77bc40adb665fd24609e1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.0\data.txt

MD5 4a96cf711a5aefdc27bf11b9ddb22dfd
SHA1 811210300f79743c5ac78b28e73c46af2a8c662d
SHA256 feafc9d646607ce5bb679ba030b9f243fb7ee8d9198fe75e4baead0c928d9f1c
SHA512 87a57eb6017fe9598f261f5b7e94ac92e18e6b939dfd0381877f49ab85b193fb430d6dc71164c0bef1214f46cfef4bb985a8d9fcb16a19154634217ea5f113bf

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_1815740224\manifest.json

MD5 1c539c68a00bd842136703d2cdc94235
SHA1 b39f04946e7da8380fa340ddf1baa757afb37df5
SHA256 bdd48d0d2e047e4816e1aa4dc248c095998cbda255b50db66b94bd7a42206aed
SHA512 eaf0cc24ecfbf8adc1b216a098fa72b95aebe6fbea9206860622c54f684e08447050cc9734fcf83f3eb2e15cb263dfed636539b24c5e4ba94b2ce309d651325b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\11.0.0.0\ct_config.pb

MD5 f86abfc2651f24867cf9aee405d95a07
SHA1 51531932b533a36a6ab41700f625f33ae7296825
SHA256 70c4568dcbf75e36879c75b068e67a2de7653cb5eff6c12697c3bbfead81d85a
SHA512 351a0a4e5b2b4800ef535d4ca1a9ebd65027543608df883a303a32ce37e110206da2555cd37853711bdf049e6a9df17005e6520ea0daadbe6d0fb08bd51b7020

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\11.0.0.0\crs.pb

MD5 5418f0d0f7d15ca9fbe5da74453722f5
SHA1 3ca9d7ae11a35a6c47d590b301602583add40e10
SHA256 251ad4f7aedd823ee97077e9764592188657aa831cd0948990fb549fd3e593e3
SHA512 4206c7c04eda629a2af109e35e48986e80fc16a2285ae3afc2e92f6a29651d7a06d1dc3d49f618fd33965f91e6cccc8b0dcbc34b4613eedabc7fbafc18783b7a

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_1176201949\manifest.json

MD5 55cf847309615667a4165f3796268958
SHA1 097d7d123cb0658c6de187e42c653ad7d5bbf527
SHA256 54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877
SHA512 53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_578037231\hyph-as.hyb

MD5 8961fdd3db036dd43002659a4e4a7365
SHA1 7b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256 c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_578037231\hyph-hi.hyb

MD5 0807cf29fc4c5d7d87c1689eb2e0baaa
SHA1 d0914fb069469d47a36d339ca70164253fccf022
SHA256 f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA512 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_578037231\hyph-nb.hyb

MD5 677edd1a17d50f0bd11783f58725d0e7
SHA1 98fedc5862c78f3b03daed1ff9efbe5e31c205ee
SHA256 c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0
SHA512 c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_578037231\manifest.json

MD5 273755bb7d5cc315c91f47cab6d88db9
SHA1 c933c95cc07b91294c65016d76b5fa0fa25b323b
SHA256 0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902
SHA512 0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_124883807\manifest.json

MD5 25f7c066eba213487d7271bf63180765
SHA1 441d0bcb8da11dc1e3d9621b3fb9f27258828d76
SHA256 4f714a821e6026f2cb9bbe9eda4e58d9710a4a0b110f1fa534f4f827302ff069
SHA512 d8b75daa4d21302180100517132cfb1bfab671bdd724fce2e92ba91277bbe4eae79bd679c6f41119464ab772bb4ae14e1a4dcb79719ae1daa4d066f1f63924ba

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 e4bad2817be39d0c1dafb8bb5acef0bf
SHA1 eb47d46764f8bfed0886c1f60530d24fae05b0f7
SHA256 f2cdff301a19af3f67d7a4e6f05404daab500d5f295e43a053a59a24d9661653
SHA512 4ad1dc52490e0c107da006c91f2fe4f2d6b4c0a823176bb21dfe7925dce6507cd57e62d35aaedc7306752c22b511f2327762cadfbfc49fae8c805f0c3c738216

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 c455795eb39f47f409dba83fa1bb4c29
SHA1 abf2abe2952c22cd1bac55c3001eba9770665f8f
SHA256 1761e74149bbc0d0a1ec4ca2d1b486bfbff30c3d6b668bf3fcdc6f6a71100acc
SHA512 d9de6551d4c92f18ae66098066591eff773ecc6ad268d8c19239946f164d7afefc04355ff544e7ec5aabdb2f90cee4455f3637d234f98fe976d847f2f72089ec

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_1435087633\manifest.json

MD5 5a6ec1311e0595cabc087867b3974ef0
SHA1 0a01317eb4d7b7b92f94a434f8914c2c64371978
SHA256 dd8d46e0af72599ae64b911eeae346a8932979b6ca1d891e4b597ed8b4ea67e6
SHA512 4b2fece51cc467149b4fa2209602532d881c7ac6ae30e41174583d218ee9d965100201e4ba8eb8e9f036c2f3d048d8978fa15c29bac7ce03d787a94741a2a0f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TpcdMetadata\2024.1.12.2\metadata.pb

MD5 41d04d8371715e478903a88c1dce5b95
SHA1 067052cc0c61940ee9f956a7be7db1f4938fcd1b
SHA256 caf8fe15704f3d8d562956723a5729cd12f870b1a5e817740f314ee4fc2d6470
SHA512 b6a239c73473593002c6be71521e63fdb8e0510bd63bf647b9b85329334409177318e316c862dae7cf2873cff6fa5301e26b3b24b56779fb51179f23f8a00a92

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_87188570\manifest.json

MD5 9afa8c4f2f110eb1dcb4eea557d70b14
SHA1 53e3459baeac038fc97c8d0301af4a677f469995
SHA256 d8ee094fab5587036dd1bba6e45503c7099e6eb8686acc776fce1fd60e06e29e
SHA512 af586f904079c60263ae284888d403685a8d62da158ab12a1429b0811bd2997c11fe91ee7faca46a1657b26764d857228e3df0e648f4be95ac496dc5fa193c7f

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_1590391752\manifest.json

MD5 4e1b2d5730032b1c13793c389697c627
SHA1 567c6126d784e372129c4bc7df89b7f340e7e404
SHA256 d8e4ffe4f04eff1ad463d4edb68834fec19af48812df01617442cee05e095727
SHA512 e54bc1b05304eb88482741adc470784467d3610d8dafa3f345da8f87d4c7e1053965f54a94d575d2dd422006b45e08a9c5984410efcf54c786e32adbd2674f56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2024.1.2.1\keys.json

MD5 5468d2923653b99d9f9e8817e1f728e2
SHA1 f0146243181abd43f4ee52159417f713e3497934
SHA256 31a639ea1cbc77828b6b9adf9a17bf16d4074981f10019c8ea1b2f9bd6c1ccb7
SHA512 4dc42dac0ff2c6ee2f928a85a8624b623ba3b432c17543a26629f0382abe9ec43f726a3b49679ea6df11360e8a8a77f1b5d84bb09463d567e4dc16d693fd3289

memory/9212-24440-0x00007FF8E2D50000-0x00007FF8E3812000-memory.dmp

memory/9212-24441-0x0000018E6E6F0000-0x0000018E6E700000-memory.dmp

memory/9212-24443-0x0000018E6E6F0000-0x0000018E6E700000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cmuo1hie.oyv.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/9212-24442-0x0000018E6EDC0000-0x0000018E6EDE2000-memory.dmp

memory/9212-24452-0x0000018E6EE60000-0x0000018E6EEA6000-memory.dmp

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_661592200\manifest.json

MD5 faae08d055ed123742bc415108373af6
SHA1 26f07cc260dce6c856c55c9da82c46795672c04e
SHA256 7bc64209a8d58605fcb372c5c9a486a08102dce7a711f1c03368727c37448751
SHA512 8c4ad38651a2bbc03427f6bab02a1fb4f4c18303457763c4d676ab7e5f767c11e03c92fd22ef6ed393a49164b7e73ca3eb2215d67a1e6b868b93ab6d65091880

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.0.19\edge_autofill_field_data.json

MD5 4a19a53cbbabb95d377b2e3f3468460f
SHA1 5b7b30aebac31abd636a890c2d5bb23522438fee
SHA256 5f3a7426de195d7c991aeabad4886e7dad32ff30bcfb4058745a1accc96a64d3
SHA512 713280e28d42431f05fee1a37f019bd84c768dfcf293ca4f80644e2a0f6c1fedbe55d155083f0c980143360025469325d41bc216ac8b7c4354a120fe1df242b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.0.19\v1FieldTypes.json

MD5 81c2a0dc6e05acb011a7eec37658c814
SHA1 5930d946399adf03ea725130acc6432d449bceff
SHA256 edd877377e627e84fe55b404b24e0bfeede2e2991d775a493dffa251f11e30f1
SHA512 20d02ae0feae878e957e5c61f3914c55ee3bb00ba08b35b2299c40184fb27b0946d300519d4ef6d5042b5a58f637b7525fb7bf2514d9d05750398bcf68df96d8

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_136463884\manifest.json

MD5 4055ba4ebd5546fb6306d6a3151a236a
SHA1 609a989f14f8ee9ed9bffbd6ddba3214fd0d0109
SHA256 cb929ae2d466e597ecc4f588ba22faf68f7cfc204b3986819c85ac608d6f82b5
SHA512 58d39f7ae0dafd067c6dba34c686506c1718112ad5af8a255eb9a7d6ec0edca318b557565f5914c5140eb9d1b6e2ffbb08c9d596f43e7a79fdb4ef95457bf29a

memory/9212-24557-0x00007FF8E2D50000-0x00007FF8E3812000-memory.dmp

memory/9212-24559-0x0000018E6E6F0000-0x0000018E6E700000-memory.dmp

memory/9212-24561-0x0000018E6FB60000-0x0000018E70306000-memory.dmp

memory/9212-24563-0x0000018E6E6F0000-0x0000018E6E700000-memory.dmp

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_371643626\manifest.json

MD5 ba4567388c38cd975fe4288633763434
SHA1 0cfdb35b199cac669fd61d4231657ed095b1e9bf
SHA256 dd4f941794a9bf67fbdaba16e50b061fda3e08bf3128e9eda9c36fba7f1d7bef
SHA512 d5bd2d0bdcf1f9225f4ae4047d97dbe29860bb432af61d907c8a60875bfe1735564d2df41a9101c80bc0b329f3b18f208756a3d86b8e35eb9b09548cfe7536fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Tipping\113.0.0.526\EdgeTippingBloomFilter.json

MD5 7d88043189e75d62238183c53e0fb1fe
SHA1 41d99b830b67b722920e5b0e1bca1cab652954dc
SHA256 03c680852691ac0ef2995702d5bcaa17453c455ab1458084bb3b28db9f73a6c3
SHA512 34eafa55c72f902105a52824a3756a3cd33819d91b3c088b1779187c82add318f0234f3fbc74b8ec0563b1a9c80e115abeb1ca79d2b3c03691f3580aac78d7fa

memory/9212-24837-0x00007FF8E2D50000-0x00007FF8E3812000-memory.dmp

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_794304763\LICENSE

MD5 ee002cb9e51bb8dfa89640a406a1090a
SHA1 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA256 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512 d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping9076_794304763\manifest.json

MD5 76fd885795dd209811659a8047b21a73
SHA1 6326e501c3092d4910ec2b8db236b094887c4d36
SHA256 dd6198365a06fdc8226df1ceca27739dfcb6e0c48e8282a88dd74c70e04ef511
SHA512 28383d6da2ffd2d87a1a12cd8bc93d2e38b059e37b19dd57159167fa4406c782a1b4429836f3e81cca37a26998fa21f78f546cb7be6a74993fbf37e7813b7fed

C:\Users\Admin\AppData\Roaming\Zoom\data\Zoom.us.ini

MD5 bbc732128f935fb888953e3f013ba6c7
SHA1 e9c33f60737d5039f5d58cbcbcbbfd0ec0ce7a1b
SHA256 2f195e60c7d68ea60361df23d5cefb422723f793dcec7c83503074c9dea03ae4
SHA512 b2022f9c7e026a10cf3c7a377b1b185dbeb8596fbc9842cc77214ff8cdfc4aea37e9b6431c1927d37f500acf4ea669a85c2bd4109acbf5f090c92bc59b94e2ee

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\352fd027c0e8f0e5.customDestinations-ms

MD5 64f5c245989fa7edd02c184fc18eba3c
SHA1 dc4a3025c0effc4996f92f6811c0003f8fb8e04d
SHA256 3f6d71656cf194102e1ba397a8b8b18aa8260be92a5d9411b98600166126faba
SHA512 0d418f2df05a9cde6092745a765f3fd153d6642c07d23af31507e1b6e0bc90c8dd62559060f216e8cf76759a9414b2aadcd9628b980420b4ce38fcf59b8cc44d

C:\Users\Admin\AppData\Roaming\Zoom\data\[email protected]\client.config

MD5 c886b66f26be148a026a0eedf4342f91
SHA1 d6f4edc0411f27aa924b595457f80dc45ca3309f
SHA256 87483a55613f9876fede9a7d52487d5d9aef6fc1cb970d6dc28659ed5b8c294f
SHA512 49686588fc238f54e52d853140405ed253b18d2826b678ddc5f8dfbd3769195b5c0e5b06d0fa0b90bebef9744e0ed2b3044eb9d42b81dbf8575a77798bdd4a73