Malware Analysis Report

2024-11-15 07:50

Sample ID 240606-p8kw1afd78
Target NLHyrbid.rar
SHA256 562a06ab82cdd49a5edb68730c6bf90f76301dbb8f895e6aca99b60a7f6971c0
Tags
discovery execution persistence pyinstaller spyware stealer upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

562a06ab82cdd49a5edb68730c6bf90f76301dbb8f895e6aca99b60a7f6971c0

Threat Level: Likely malicious

The file NLHyrbid.rar was found to be: Likely malicious.

Malicious Activity Summary

discovery execution persistence pyinstaller spyware stealer upx

Downloads MZ/PE file

Command and Scripting Interpreter: PowerShell

Reads user/profile data of web browsers

Modifies system executable filetype association

UPX packed file

Drops startup file

Loads dropped DLL

Executes dropped EXE

Registers COM server for autorun

Looks up external IP address via web service

Drops desktop.ini file(s)

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Checks installed software on the system

Checks system information in the registry

Enumerates physical storage devices

Unsigned PE

Detects Pyinstaller

Checks processor information in registry

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Detects videocard installed

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-06 13:00

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-06 12:59

Reported

2024-06-06 13:14

Platform

win11-20240426-en

Max time kernel

779s

Max time network

769s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\NLHyrbid.rar

Signatures

Downloads MZ/PE file

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NLHybrid.exe C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NLHybrid.exe C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NLHybrid.exe C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NLHybrid.exe C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NLHybrid.exe C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Windows\SysWOW64\DllHost.exe N/A
N/A N/A C:\Windows\SysWOW64\DllHost.exe N/A
N/A N/A C:\Windows\SysWOW64\DllHost.exe N/A
N/A N/A C:\Windows\SysWOW64\DllHost.exe N/A
N/A N/A C:\Windows\SysWOW64\DllHost.exe N/A
N/A N/A C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
N/A N/A C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
N/A N/A C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
N/A N/A C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
N/A N/A C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
N/A N/A C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
N/A N/A C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
N/A N/A C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
N/A N/A C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
N/A N/A C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
N/A N/A C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
N/A N/A C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
N/A N/A C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
N/A N/A C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
N/A N/A C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_CLASSES\WOW6432NODE\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\LOCALSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_CLASSES\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\INPROCSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /cci /client=Personal" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_CLASSES\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\INPROCSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_CLASSES\WOW6432NODE\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\INPROCSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /cci /client=Personal" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileCoAuthLib64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{6bb93b4e-44d8-40e2-bd97-42dbcf18a40f}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_CLASSES\WOW6432NODE\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\LOCALSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileCoAuthLib64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_CLASSES\WOW6432NODE\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\LOCALSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_CLASSES\WOW6432NODE\CLSID\{2E7C0A19-0438-41E9-81E3-3AD3D64F55BA}\LOCALSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_CLASSES\WOW6432NODE\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\INPROCSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_CLASSES\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LOCALSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InProcServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\Update\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Standalone Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\OneDrive\desktop.ini C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\msinfo32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\msinfo32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\msinfo32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\msinfo32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\msinfo32.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\msinfo32.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMajorRelease C:\Windows\system32\msinfo32.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\system32\msinfo32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\system32\msinfo32.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{da82e55e-fa2f-45b3-aec3-e7294106ef52}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\ = "PSFactoryBuffer" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384}\ = "ISetItemPropertiesCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\MRUListEx = ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_CLASSES\WOW6432NODE\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\INPROCSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{2B865677-AC3A-43BD-B9E7-BF6FCD3F0596}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{F0AF7C30-EAE4-4644-961D-54E6E28708D6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_CLASSES\WOW6432NODE\INTERFACE\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy\ = "SyncEngineStorageProviderHandlerProxy Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{50487D09-FFA9-45E1-8DF5-D457F646CD83}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{2F12C599-7AA5-407A-B898-09E6E4ED2D1E}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{466F31F7-9892-477E-B189-FA5C59DE3603}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{0776ae27-5ab9-4e18-9063-1836da63117a}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_CLASSES\INTERFACE\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{B54E7079-90C9-4C62-A6B8-B2834C33A04A}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}\ = "BannerNotificationHandler Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}\ = "IFileUploader" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{fac14b75-7862-4ceb-be41-f53945a61c17}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_CLASSES\INTERFACE\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3}\PROXYSTUBCLSID32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{8B9F14F4-9559-4A3F-B7D0-312E992B6D98}\ = "IGetSelectiveSyncInformationCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2}\ = "IMapLibraryCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{31508CC7-9BC7-494B-9D0F-7B1C7F144182} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\ = "ILoginCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{1EDD003E-C446-43C5-8BA0-3778CC4792CC}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\ = "ISyncEngineBandwidthLimiter" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{53de12aa-df96-413d-a25e-c75b6528abf2}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\BannerNotificationHandler.BannerNotificationHandler\shell\import\DropTarget C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\OOBERequestHandler.OOBERequestHandler.1\CLSID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\odopen\DefaultIcon C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_CLASSES\WOW6432NODE\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\VERSIONINDEPENDENTPROGID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{B54E7079-90C9-4C62-A6B8-B2834C33A04A}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{9E1CD0DF-72E7-4284-9598-342C0A46F96B}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\ProgID\ = "FileSyncCustomStatesProvider.FileSyncCustomStatesProvider.1" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{0f872661-c863-47a4-863f-c065c182858a}\ = "IFileSyncClient4" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{a7126d4c-f492-4eb9-8a2a-f673dbdd3334} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_CLASSES\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Interface\{679EC955-75AA-4FB2-A7ED-8C0152ECF409}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 696891.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
N/A N/A C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\msinfo32.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2296 wrote to memory of 180 N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
PID 2296 wrote to memory of 180 N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
PID 2296 wrote to memory of 180 N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
PID 3868 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe
PID 3868 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe
PID 3868 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe
PID 1108 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\NLHyrbid.rar

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\msinfo32.exe

"C:\Windows\system32\msinfo32.exe" "C:\Users\Admin\Desktop\UndoUninstall.nfo"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\UnprotectWatch.cmd" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\UnprotectWatch.cmd" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\UnprotectWatch.cmd" "

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" /update /restart

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe /update /restart /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe"

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe

/updateInstalled /background

C:\Windows\SysWOW64\DllHost.exe

"C:\Windows\SysWOW64\DllHost.exe" /Processid:{5250E46F-BB09-D602-5891-F476DC89B700}

C:\Windows\SysWOW64\DllHost.exe

"C:\Windows\SysWOW64\DllHost.exe" /Processid:{5250E46F-BB09-D602-5891-F476DC89B700}

C:\Windows\System32\DataExchangeHost.exe

C:\Windows\System32\DataExchangeHost.exe -Embedding

C:\Windows\SysWOW64\DllHost.exe

"C:\Windows\SysWOW64\DllHost.exe" /Processid:{5250E46F-BB09-D602-5891-F476DC89B700}

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb90aa3cb8,0x7ffb90aa3cc8,0x7ffb90aa3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5452 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5444 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2536 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7708 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6464 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7388 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6576 /prefetch:8

C:\Users\Admin\Downloads\winrar-x64-701.exe

"C:\Users\Admin\Downloads\winrar-x64-701.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\fd5bcf90234d42fc90ec32af3e19e942 /t 4376 /p 5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4462001262205453296,3982919173600111606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1

C:\Windows\SysWOW64\DllHost.exe

"C:\Windows\SysWOW64\DllHost.exe" /Processid:{5250E46F-BB09-D602-5891-F476DC89B700}

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\NLHyrbid (1)\" -ad -an -ai#7zMap6933:86:7zEvent20589

C:\Windows\SysWOW64\DllHost.exe

"C:\Windows\SysWOW64\DllHost.exe" /Processid:{5250E46F-BB09-D602-5891-F476DC89B700}

C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe

"C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe"

C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe

"C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath %USERPROFILE%\AppData" & powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath %USERPROFILE%\Local" & powershell.exe -command "Set-MpPreference -ExclusionExtension '.exe'" "

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath C:\Users\Admin\AppData"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath C:\Users\Admin\Local"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Set-MpPreference -ExclusionExtension '.exe'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic os get Caption"

C:\Windows\System32\Wbem\WMIC.exe

wmic os get Caption

C:\Windows\System32\Wbem\wmic.exe

wmic cpu get Name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe

"C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe"

C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe

"C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath %USERPROFILE%\AppData" & powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath %USERPROFILE%\Local" & powershell.exe -command "Set-MpPreference -ExclusionExtension '.exe'" "

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath C:\Users\Admin\AppData"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath C:\Users\Admin\Local"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Set-MpPreference -ExclusionExtension '.exe'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic os get Caption"

C:\Windows\System32\Wbem\WMIC.exe

wmic os get Caption

C:\Windows\System32\Wbem\wmic.exe

wmic cpu get Name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe

"C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe"

C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe

"C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath %USERPROFILE%\AppData" & powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath %USERPROFILE%\Local" & powershell.exe -command "Set-MpPreference -ExclusionExtension '.exe'" "

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath C:\Users\Admin\AppData"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath C:\Users\Admin\Local"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Set-MpPreference -ExclusionExtension '.exe'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic os get Caption"

C:\Windows\System32\Wbem\WMIC.exe

wmic os get Caption

C:\Windows\System32\Wbem\wmic.exe

wmic cpu get Name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe

"C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe"

C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe

"C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath %USERPROFILE%\AppData" & powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath %USERPROFILE%\Local" & powershell.exe -command "Set-MpPreference -ExclusionExtension '.exe'" "

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath C:\Users\Admin\AppData"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath C:\Users\Admin\Local"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Set-MpPreference -ExclusionExtension '.exe'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic os get Caption"

C:\Windows\System32\Wbem\WMIC.exe

wmic os get Caption

C:\Windows\System32\Wbem\wmic.exe

wmic cpu get Name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe

"C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe"

C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe

"C:\Users\Admin\Downloads\NLHyrbid (1)\NLHyrbid\NLHybrid.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath %USERPROFILE%\AppData" & powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath %USERPROFILE%\Local" & powershell.exe -command "Set-MpPreference -ExclusionExtension '.exe'" "

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath C:\Users\Admin\AppData"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath C:\Users\Admin\Local"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Set-MpPreference -ExclusionExtension '.exe'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic os get Caption"

C:\Windows\System32\Wbem\WMIC.exe

wmic os get Caption

C:\Windows\System32\Wbem\wmic.exe

wmic cpu get Name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
GB 2.18.66.163:443 tcp
US 52.182.143.208:443 browser.pipe.aria.microsoft.com tcp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
N/A 224.0.0.251:5353 udp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
IE 40.126.31.73:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
DE 144.76.102.94:443 unrar.online tcp
DE 144.76.102.94:443 unrar.online tcp
GB 13.224.81.9:443 ik.imagekit.io tcp
GB 13.224.81.9:443 ik.imagekit.io tcp
GB 13.224.81.9:443 ik.imagekit.io tcp
GB 13.224.81.9:443 ik.imagekit.io tcp
GB 13.224.81.9:443 ik.imagekit.io tcp
GB 13.224.81.9:443 ik.imagekit.io tcp
US 8.8.8.8:53 9.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 94.102.76.144.in-addr.arpa udp
US 8.8.8.8:53 115.81.224.13.in-addr.arpa udp
PL 93.184.220.66:443 platform.twitter.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 104.244.42.200:443 syndication.twitter.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 200.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
DE 142.251.37.3:443 csi.gstatic.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 23.73.138.209:443 aefd.nelreports.net tcp
GB 23.73.138.209:443 aefd.nelreports.net udp
US 8.8.8.8:53 3.37.251.142.in-addr.arpa udp
US 8.8.8.8:53 209.138.73.23.in-addr.arpa udp
DE 142.251.37.3:443 csi.gstatic.com udp
US 8.8.8.8:53 x.urs.microsoft.com udp
GB 20.58.112.186:443 x.urs.microsoft.com tcp
US 8.8.8.8:53 186.112.58.20.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
GB 23.73.138.209:443 aefd.nelreports.net udp
US 8.8.8.8:53 www.win-rar.com udp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
US 8.8.8.8:53 163.68.195.51.in-addr.arpa udp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.155:443 r.bing.com tcp
US 8.8.8.8:53 convertio.co udp
FR 18.155.129.90:443 convertio.co tcp
FR 18.155.129.90:443 convertio.co tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 static.convertio.co udp
GB 172.217.16.238:443 apis.google.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 13.224.81.22:443 static.convertio.co tcp
GB 13.224.81.22:443 static.convertio.co tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.16.238:443 apis.google.com udp
US 8.8.8.8:53 90.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 22.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 64.233.167.156:443 stats.g.doubleclick.net tcp
BE 23.14.90.104:443 cdn.fuseplatform.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
BE 23.14.90.104:443 cdn.fuseplatform.net tcp
US 8.8.8.8:53 cmp.inmobi.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 104.90.14.23.in-addr.arpa udp
GB 18.172.89.17:443 cmp.inmobi.com tcp
GB 18.172.96.167:443 c.amazon-adsystem.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
GB 18.165.160.56:443 config.aps.amazon-adsystem.com tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 104.22.74.216:443 btloader.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.152:80 apps.identrust.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 ssc.33across.com udp
US 8.8.8.8:53 ads.servenobid.com udp
US 8.8.8.8:53 i.connectad.io udp
US 8.8.8.8:53 brightcombid.marphezis.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 apex.go.sonobi.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 prg8.smartadserver.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 34.149.20.76:443 ssc.33across.com tcp
US 34.149.20.76:443 ssc.33across.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 104.22.54.206:443 i.connectad.io tcp
IE 34.255.151.166:443 ads.servenobid.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
GB 13.224.81.88:443 tags.crwdcntrl.net tcp
US 69.166.1.9:443 apex.go.sonobi.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
US 104.18.34.178:443 mp.4dex.io tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
NL 185.89.210.46:443 ib.adnxs.com tcp
GB 18.172.93.140:443 aax.amazon-adsystem.com tcp
FR 185.86.139.58:443 prg8.smartadserver.com tcp
FR 185.86.139.58:443 prg8.smartadserver.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
US 8.8.8.8:53 56.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 152.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 206.54.22.104.in-addr.arpa udp
US 8.8.8.8:53 76.20.149.34.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 166.151.255.34.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 88.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 178.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 66.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 46.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 140.93.172.18.in-addr.arpa udp
US 8.8.8.8:53 58.139.86.185.in-addr.arpa udp
US 8.8.8.8:53 4.230.157.18.in-addr.arpa udp
US 8.8.8.8:53 9.1.166.69.in-addr.arpa udp
IE 63.33.74.9:443 bcp.crwdcntrl.net tcp
GB 172.217.169.65:443 b929146aaddb2a7e4335d0bc75793edd.safeframe.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net udp
IE 52.19.100.117:443 pn.ybp.yahoo.com tcp
US 23.53.112.216:443 cdn.adnxs.com tcp
GB 87.248.114.11:443 s.yimg.com tcp
GB 87.248.114.11:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
IE 54.154.166.247:443 pixel.adsafeprotected.com tcp
US 8.8.8.8:53 gum.criteo.com udp
FR 178.250.7.13:443 gum.criteo.com tcp
US 8.8.8.8:53 117.100.19.52.in-addr.arpa udp
US 8.8.8.8:53 216.112.53.23.in-addr.arpa udp
US 8.8.8.8:53 11.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 12.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 247.166.154.54.in-addr.arpa udp
US 8.8.8.8:53 static.adsafeprotected.com udp
GB 18.172.89.95:443 static.adsafeprotected.com tcp
US 8.8.8.8:53 dt.adsafeprotected.com udp
US 3.215.222.194:443 dt.adsafeprotected.com tcp
US 8.8.8.8:53 95.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 194.222.215.3.in-addr.arpa udp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 118.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 s186.convertio.me udp
DE 136.243.88.41:443 s186.convertio.me tcp
NL 185.89.211.116:443 ams3-ib.adnxs.com tcp
GB 13.224.81.22:443 static.convertio.co tcp
US 8.8.8.8:53 116.211.89.185.in-addr.arpa udp
DE 136.243.174.103:443 ws.convertio.me tcp
US 8.8.8.8:53 103.174.243.136.in-addr.arpa udp
DE 136.243.174.103:443 ws.convertio.me tcp
DE 136.243.174.103:443 ws.convertio.me tcp
US 8.8.8.8:53 discord.com udp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 api.ipify.org udp
US 172.67.74.152:443 api.ipify.org tcp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 152.74.67.172.in-addr.arpa udp
US 162.159.137.232:443 discord.com tcp
US 172.67.74.152:443 api.ipify.org tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 172.67.74.152:443 api.ipify.org tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 172.67.74.152:443 api.ipify.org tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 172.67.74.152:443 api.ipify.org tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\PreSignInSettingsConfig.json

MD5 e516a60bc980095e8d156b1a99ab5eee
SHA1 238e243ffc12d4e012fd020c9822703109b987f6
SHA256 543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA512 9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DT6JO3EC\update100[1].xml

MD5 53244e542ddf6d280a2b03e28f0646b7
SHA1 d9925f810a95880c92974549deead18d56f19c37
SHA256 36a6bd38a8a6f5a75b73caffae5ae66dfabcaefd83da65b493fa881ea8a64e7d
SHA512 4aa71d92ea2c46df86565d97aac75395371d3e17877ab252a297b84dca2ab251d50aaffc62eab9961f0df48de6f12be04a1f4a2cbde75b9ae7bcce6eb5450c62

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

MD5 fb4aa59c92c9b3263eb07e07b91568b5
SHA1 6071a3e3c4338b90d892a8416b6a92fbfe25bb67
SHA256 e70e80dbbc9baba7ddcee70eda1bb8d0e6612dfb1d93827fe7b594a59f3b48b9
SHA512 60aabbe2fd24c04c33e7892eab64f24f8c335a0dd9822eb01adc5459e850769fc200078c5ccee96c1f2013173bc41f5a2023def3f5fe36e380963db034924ace

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\DeviceHealthSummaryConfiguration.ini

MD5 b846a1bdf964cd21848f5a9044d82787
SHA1 828520544278ca5784c5cd15c41e62519ffc5427
SHA256 4393117debd21edd7a7716a8d88f5b6ae8ce9d1f2f314b5ad79440f91a60b3f7
SHA512 e21c621c2c6b4de33b449cef720260dd3478b7a26897a1304fd16d215fbb5dd84fff21a3e7229ef98966914a77de43c5d6c175b255c6fb7cf5bd518a03e4ca85

C:\Users\Admin\AppData\Local\Temp\tmpC574.tmp

MD5 5b16ef80abd2b4ace517c4e98f4ff551
SHA1 438806a0256e075239aa8bbec9ba3d3fb634af55
SHA256 bbc70091b3834af5413b9658b07269badd4cae8d96724bf1f7919f6aab595009
SHA512 69a22b063ab92ca7e941b826400c62be41ae0317143387c8aa8c727b5c9ee3528ddd4014de22a2a2e2cbae801cb041fe477d68d2684353cdf6c83d7ee97c43d4

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini

MD5 cc04d6015cd4395c9b980b280254156e
SHA1 87b176f1330dc08d4ffabe3f7e77da4121c8e749
SHA256 884d272d16605590e511ae50c88842a8ce203a864f56061a3c554f8f8265866e
SHA512 d3cb7853b69649c673814d5738247b5fbaaae5bb7b84e4c7b3ff5c4f1b1a85fc7261a35f0282d79076a9c862e5e1021d31a318d8b2e5a74b80500cb222642940

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png

MD5 2c7a9e323a69409f4b13b1c3244074c4
SHA1 3c77c1b013691fa3bdff5677c3a31b355d3e2205
SHA256 8efeacefb92d64dfb1c4df2568165df6436777f176accfd24f4f7970605d16c2
SHA512 087c12e225c1d791d7ad0bf7d3544b4bed8c4fb0daaa02aee0e379badae8954fe6120d61fdf1a11007cbcdb238b5a02c54f429b6cc692a145aa8fbd220c0cb2d

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png

MD5 f4e9f958ed6436aef6d16ee6868fa657
SHA1 b14bc7aaca388f29570825010ebc17ca577b292f
SHA256 292cac291af7b45f12404f968759afc7145b2189e778b14d681449132b14f06b
SHA512 cd5d78317e82127e9a62366fd33d5420a6f25d0a6e55552335e64dc39932238abd707fe75d4f62472bc28a388d32b70ff08b6aa366c092a7ace3367896a2bd98

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-125.png

MD5 09f3f8485e79f57f0a34abd5a67898ca
SHA1 e68ae5685d5442c1b7acc567dc0b1939cad5f41a
SHA256 69e432d1eec44bed4aad35f72a912e1f0036a4b501a50aec401c9fa260a523e3
SHA512 0eafeaf735cedc322719049db6325ccbf5e92de229cace927b78a08317e842261b7adbda03ec192f71ee36e35eb9bf9624589de01beaec2c5597a605fc224130

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-100.png

MD5 1f156044d43913efd88cad6aa6474d73
SHA1 1f6bd3e15a4bdb052746cf9840bdc13e7e8eda26
SHA256 4e11167708801727891e8dd9257152b7391fc483d46688d61f44b96360f76816
SHA512 df791d7c1e7a580e589613b5a56ba529005162d3564fffd4c8514e6afaa5eccea9cea9e1ac43bd9d74ee3971b2e94d985b103176db592e3c775d5feec7aac6d1

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png

MD5 3c29933ab3beda6803c4b704fba48c53
SHA1 056fe7770a2ba171a54bd60b3c29c4fbb6d42f0c
SHA256 3a7ef7c0bda402fdaff19a479d6c18577c436a5f4e188da4c058a42ef09a7633
SHA512 09408a000a6fa8046649c61ccef36afa1046869506f019f739f67f5c1c05d2e313b95a60bd43d9be882688df1610ad7979dd9d1f16a2170959b526ebd89b8ef7

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png

MD5 22e17842b11cd1cb17b24aa743a74e67
SHA1 f230cb9e5a6cb027e6561fabf11a909aa3ba0207
SHA256 9833b80def72b73fca150af17d4b98c8cd484401f0e2d44320ecd75b5bb57c42
SHA512 8332fc72cd411f9d9fd65950d58bf6440563dc4bd5ce3622775306575802e20c967f0ee6bab2092769a11e2a4ea228dab91a02534beeb8afde8239dd2b90f23a

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png

MD5 552b0304f2e25a1283709ad56c4b1a85
SHA1 92a9d0d795852ec45beae1d08f8327d02de8994e
SHA256 262b9a30bb8db4fc59b5bc348aa3813c75e113066a087135d0946ad916f72535
SHA512 9559895b66ef533486f43274f7346ad3059c15f735c9ce5351adf1403c95c2b787372153d4827b03b6eb530f75efcf9ae89db1e9c69189e86d6383138ab9c839

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-400.png

MD5 e593676ee86a6183082112df974a4706
SHA1 c4e91440312dea1f89777c2856cb11e45d95fe55
SHA256 deb0ec0ee8f1c4f7ea4de2c28ff85087ee5ff8c7e3036c3b0a66d84bae32b6bb
SHA512 11d7ed45f461f44fa566449bb50bcfce35f73fc775744c2d45ea80aeb364fe40a68a731a2152f10edc059dea16b8bab9c9a47da0c9ffe3d954f57da0ff714681

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-200.png

MD5 13e6baac125114e87f50c21017b9e010
SHA1 561c84f767537d71c901a23a061213cf03b27a58
SHA256 3384357b6110f418b175e2f0910cffe588c847c8e55f2fe3572d82999a62c18e
SHA512 673c3bec7c2cd99c07ebfca0f4ab14cd6341086c8702fe9e8b5028aed0174398d7c8a94583da40c32cd0934d784062ad6db71f49391f64122459f8bb00222e08

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-150.png

MD5 a23c55ae34e1b8d81aa34514ea792540
SHA1 3b539dfb299d00b93525144fd2afd7dd9ba4ccbf
SHA256 3df4590386671e0d6fee7108e457eb805370a189f5fdfeaf2f2c32d5adc76abd
SHA512 1423a2534ae71174f34ee527fe3a0db38480a869cac50b08b60a2140b5587b3944967a95016f0b00e3ca9ced1f1452c613bb76c34d7ebd386290667084bce77d

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveStandaloneUpdater.exe

MD5 9cdabfbf75fd35e615c9f85fedafce8a
SHA1 57b7fc9bf59cf09a9c19ad0ce0a159746554d682
SHA256 969fbb03015dd9f33baf45f2750e36b77003a7e18c3954fab890cddc94046673
SHA512 348923f497e615a5cd0ed428eb1e30a792dea310585645b721235d48f3f890398ad51d8955c1e483df0a712ba2c0a18ad99b977be64f5ee6768f955b12a4a236

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.VisualElementsManifest.xml

MD5 5ae2d05d894d1a55d9a1e4f593c68969
SHA1 a983584f58d68552e639601538af960a34fa1da7
SHA256 d21077ad0c29a4c939b8c25f1186e2b542d054bb787b1d3210e9cab48ec3080c
SHA512 152949f5b661980f33608a0804dd8c43d70e056ae0336e409006e764664496fef6e60daa09fecb8d74523d3e7928c0dbd5d8272d8be1cf276852d88370954adc

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Resources.pri

MD5 7473be9c7899f2a2da99d09c596b2d6d
SHA1 0f76063651fe45bbc0b5c0532ad87d7dc7dc53ac
SHA256 e1252527bc066da6838344d49660e4c6ff2d1ddfda036c5ec19b07fdfb90c8c3
SHA512 a4a5c97856e314eedbad38411f250d139a668c2256d917788697c8a009d5408d559772e0836713853704e6a3755601ae7ee433e07a34bd0e7f130a3e28729c45

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-400.png

MD5 096d0e769212718b8de5237b3427aacc
SHA1 4b912a0f2192f44824057832d9bb08c1a2c76e72
SHA256 9a0b901e97abe02036c782eb6a2471e18160b89fd5141a5a9909f0baab67b1ef
SHA512 99eb3d67e1a05ffa440e70b7e053b7d32e84326671b0b9d2fcfcea2633b8566155477b2a226521bf860b471c5926f8e1f8e3a52676cacb41b40e2b97cb3c1173

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-200.png

MD5 d9d00ecb4bb933cdbb0cd1b5d511dcf5
SHA1 4e41b1eda56c4ebe5534eb49e826289ebff99dd9
SHA256 85823f7a5a4ebf8274f790a88b981e92ede57bde0ba804f00b03416ee4feda89
SHA512 8b53dec59bba8b4033e5c6b2ff77f9ba6b929c412000184928978f13b475cd691a854fee7d55026e48eab8ac84cf34fc7cb38e3766bbf743cf07c4d59afb98f4

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-150.png

MD5 ed306d8b1c42995188866a80d6b761de
SHA1 eadc119bec9fad65019909e8229584cd6b7e0a2b
SHA256 7e3f35d5eb05435be8d104a2eacf5bace8301853104a4ea4768601c607ddf301
SHA512 972a42f7677d57fcb8c8cb0720b21a6ffe9303ea58dde276cfe2f26ee68fe4cc8ae6d29f3a21a400253de7c0a212edf29981e9e2bca49750b79dd439461c8335

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-125.png

MD5 d03b7edafe4cb7889418f28af439c9c1
SHA1 16822a2ab6a15dda520f28472f6eeddb27f81178
SHA256 a5294e3c7cd855815f8d916849d87bd2357f5165eb4372f248fdf8b988601665
SHA512 59d99f0b9a7813b28bae3ea1ae5bdbbf0d87d32ff621ff20cbe1b900c52bb480c722dd428578dea5d5351cc36f1fa56b2c1712f2724344f026fe534232812962

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-100.png

MD5 57a6876000151c4303f99e9a05ab4265
SHA1 1a63d3dd2b8bdc0061660d4add5a5b9af0ff0794
SHA256 8acbdd41252595b7410ca2ed438d6d8ede10bd17fe3a18705eedc65f46e4c1c4
SHA512 c6a2a9124bc6bcf70d2977aaca7e3060380a4d9428a624cc6e5624c75ebb6d6993c6186651d4e54edf32f3491d413714ef97a4cdc42bae94045cd804f0ad7cba

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LoggingPlatform.DLL

MD5 4ffef06099812f4f86d1280d69151a3f
SHA1 e5da93b4e0cf14300701a0efbd7caf80b86621c3
SHA256 d5a538a0a036c602492f9b2b6f85de59924da9ec3ed7a7bbf6ecd0979bee54d3
SHA512 d667fd0ae46039914f988eb7e407344114944a040468e4ec5a53d562db2c3241737566308d8420bb4f7c89c6ef446a7881b83eaac7daba3271b81754c5c0f34a

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\MSVCP140.dll

MD5 ce8a66d40621f89c5a639691db3b96b4
SHA1 b5f26f17ddd08e1ba73c57635c20c56aaa46b435
SHA256 545bb4a00b29b4b5d25e16e1d0969e99b4011033ce3d1d7e827abef09dd317e7
SHA512 85fc18e75e4c7f26a2c83578356b1947e12ec002510a574da86ad62114f1640128e58a6858603189317c77059c71ac0824f10b6117fa1c83af76ee480d36b671

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\UpdateRingSettings.dll

MD5 037df27be847ef8ab259be13e98cdd59
SHA1 d5541dfa2454a5d05c835ec5303c84628f48e7b2
SHA256 9fb3abcafd8e8b1deb13ec0f46c87b759a1cb610b2488052ba70e3363f1935ec
SHA512 7e1a04368ec469e4059172c5b44fd08d4ea3d01df98bfd6d4cc91ac45f381862ecf89fe9c6bedce985a12158d840cd6cfa06ce9d22466fbf6110140465002205

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\vcruntime140.dll

MD5 cefcd5d1f068c4265c3976a4621543d4
SHA1 4d874d6d6fa19e0476a229917c01e7c1dd5ceacd
SHA256 c79241aec5e35cba91563c3b33ed413ce42309f5145f25dc92caf9c82a753817
SHA512 d934c43f1bd47c5900457642b3cbdcd43643115cd3e78b244f3a28fee5eea373e65b6e1cb764e356839090ce4a7a85d74f2b7631c48741d88cf44c9703114ec9

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\ucrtbase.dll

MD5 7a333d415adead06a1e1ce5f9b2d5877
SHA1 9bd49c3b960b707eb5fc3ed4db1e2041062c59c7
SHA256 5ade748445d8da8f22d46ad46f277e1e160f6e946fc51e5ac51b9401ce5daf46
SHA512 d388cb0d3acc7f1792eadfba519b37161a466a8c1eb95b342464adc71f311165a7f3e938c7f6a251e10f37c9306881ea036742438191226fb9309167786fa59a

C:\Users\Admin\AppData\Local\Temp\aria-debug-2296.log

MD5 2831878e2184f2aaa385641423714d6a
SHA1 3d3601495e3ea3ace3304caa35b700cb417481c6
SHA256 9af0ac43f36d3b16dde50ae6b1c0f23df8ccbf1c3672e9eb6e1acc604e42c61c
SHA512 8b34d57533234d61419e13cf374591236469a339934dd5865818085d2b7822fca406d59af42fa85308275178d03717dc3f30bd89594473c105c8471955eb2b14

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Quick.dll

MD5 042baef2aae45acfd4d6018cbf95728c
SHA1 055e62d259641815ee3037221b096093d3ae85f1
SHA256 c0d9b9ecb002635f24dcaf53eb34f46c22bacf02afae768f2d0834656a5d581d
SHA512 e434acd6c227f049fbbbe0ec5652327d0b9b4633e8867f902e098ca20c6a39176d7bad77ca9d9866949e411b7a27d4eb359566bfe949c325b4bcf5cf155cf2e2

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Widgets.dll

MD5 284d1847d183ec943d7abe6c1b437bdc
SHA1 de0a4e53ce02f1d64400e808c1352fdb092d0a42
SHA256 3705c8a18dd69f23f02a8a29b792e684a0dfcd360b8e7d71c2afe7e448044074
SHA512 fa3695ec0decf7b167a84ea908920a1671f0dbf289d17ef19282719d25eec37126ef537b96544cbc8873761544a709c37f909fcca3c17f7aca54ac5138c21581

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5QmlModels.dll

MD5 41a54cf6150f71a40517db6f9a8e12d2
SHA1 19cb20dc55cc91877b1638ae105e6ccca65c59ae
SHA256 4129b5228cd324103e2f35a07e718d03dfa814186126d7f4ed5a7e9d92306a56
SHA512 3ecd45e2633feb376fc71481d68e93679e105dc76d57c9dfd2cfcfe18e746bc3bd5fc285d88f3d9b419b33882a9747badcd06d4dc220ad9767a3017748e0210b

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\libcrypto-1_1.dll

MD5 91c172041ab69aa9bb4d50a2557bc05d
SHA1 28f8a5a1919472cdfe911b8902f171ecc3c514a9
SHA256 14c291c907296098c9d7859063333aff0a344471ddc69497bd1f8004641c11b7
SHA512 e5f73a6a6c1958e6474b7609724880d69dbae16094ad716ec382c61b6e0c4fbe0f569d54bae0748a41a116a4a035039cb5607543103b8e3f18bfb845bedc9f30

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Network.dll

MD5 09d40e36108eb7bfe05e315170d60758
SHA1 897a621d27db3f8a65493b9ea43eb73be38e3ad5
SHA256 3d23eadcb60d469e974591e16d6e73f18e33939bbee1d27953e63df00e629c8f
SHA512 3ad2d4140d8157f477027b9c8b68d49983049ff9c475e091becbcabfbb47e855ea005682f4367cad0f203be832ac925d6125a979e46d01b3ca2c7ebab74cfa77

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5WinExtras.dll

MD5 e94c89df4aab6ecc5c4be4d670245c0a
SHA1 4d6c31556dbdbee561805557c25747f012392b65
SHA256 8bc10ab2b66a07632121deb93b3b8045b5029e918babc2ee2908a29decdab333
SHA512 3f42f9eadc0cbebc8e99ee63761aadb7851572b3600197514febd638455b34ee9075d4ec36eae82b2786877f06ebfade73735e3c9d3232fcbb66bed55b96595e

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Core.dll

MD5 3f7e824274680aa09589d590285132a5
SHA1 9105067dbd726ab9798e9eec61ce49366b586376
SHA256 ad44dbb30520d85f055595f0bc734b16b9f2fb659f17198310c0557b55a76d70
SHA512 cc467c92eec097dc40072d044dfb7a50e427c38d789c642e01886ea724033cab9f2035404b4a500d58f1d102381fe995e7b214c823019d51ef243af3b86a8339

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\SyncEngine.dll

MD5 0e57c5bc0d93729f40e8bea5f3be6349
SHA1 7895bfd4d7ddced3c731bdc210fb25f0f7c6e27e
SHA256 51b13dd5d598367fe202681dce761544ee3f7ec4f36d0c7c3c8a3fca32582f07
SHA512 1e64aaa7eaad0b2ea109b459455b745de913308f345f3356eabe427f8010db17338806f024de3f326b89bc6fd805f2c6a184e5bae7b76a8dcb9efac77ed4b95b

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Gui.dll

MD5 d059f2c0c4e09b319479190485e917da
SHA1 cba292c199c035f5cd036f72481360ed01ee552a
SHA256 bcfe906135d759cca8c2c7e32679c85404a288d99f3d4da13d929e98f6e607d5
SHA512 20d11522da194c0e3ce95ddf2fa1a6770824451e99a0dbf5ff56d3a71d72acf8e930066be0593fd793b38e27a3b24ae91fdfbe8910f0bd60b8e3b85a1e8942cd

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Qml.dll

MD5 1e5f98f97212fdba3f96adc40493b082
SHA1 23f4fd2d8c07a476fcb765e9d6011ece57b71569
SHA256 bdadc298fda94a9ad1268128863276c7f898bef3ae79a3e6782cecf22f1294a2
SHA512 86c5654f1ca26d5d153b27d942f505382bbb7a84f2acb3475d1577f60dba8bfec0b27860b847c3a6ff6acf8fcb54a71f775411f8245df5cb068175373dfa9c53

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncViews.dll

MD5 8e9ef192850f858f60dd0cc588bbb691
SHA1 80d5372e58abfe0d06ea225f48281351411b997c
SHA256 146740eddcb439b1222d545b4d32a1a905641d02b14e1da61832772ce32e76ba
SHA512 793ad58741e8b9203c845cbacc1af11fb17b1c610d307e0698c6f3c2e8d41c0d13ceb063c7a61617e5b59403edc5e831ababb091e283fb06262add24d154bf58

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogUploader.dll

MD5 03f13c5ec1922f3a0ec641ad4df4a261
SHA1 b23c1c6f23e401dc09bfbf6ce009ce4281216d7e
SHA256 fe49f22bb132fedf1412e99169d307fa715dbdd84fe71c3e3ff12300d30d4987
SHA512 b47dbd9fad9467f72d4d0d5ca9df508247176f9e11b537c750837e8b3782a2d20f31fad361153d816ddf7f5e8109a614f3c6e4e2307af69cd3e2506cc0515d81

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\adal.dll

MD5 fe837e65648bf84a3b19c08bbc79351f
SHA1 b1ad96bcb627565dd02d823b1df3316bba3dac42
SHA256 55234df27deb004b09c18dc15ca46327e48b26b36dfb43a92741f86300bd8e9e
SHA512 64ce9573485341439a1d80d1bdc76b44d63c79fb7ec3de6fb084a86183c13c383ec63516407d82fbc86854568c717764efdec26eaf1f4ed05cdb9f974804d263

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\WebView2Loader.dll

MD5 925531f12a2f4a687598e7a4643d2faa
SHA1 26ca3ee178a50d23a09754adf362e02739bc1c39
SHA256 41a13ba97534c7f321f3f29ef1650bd445bd3490153a2bb2d57e0fbc70d339c1
SHA512 221934308658f0270e8a6ed89c9b164efb3516b2cc877216adb3fbd1dd5b793a3189afe1f6e2a7ef4b6106e988210eeb325b6aa78685e68964202e049516c984

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Telemetry.dll

MD5 50ea1cd5e09e3e2002fadb02d67d8ce6
SHA1 c4515f089a4615d920971b28833ec739e3c329f3
SHA256 414f6f64d463b3eb1e9eb21d9455837c99c7d9097f6bb61bd12c71e8dce62902
SHA512 440ededc1389b253f3a31c4f188fda419daf2f58096cf73cad3e72a746bdcde6bde049ce74c1eb521909d700d50fbfddbf802ead190cd54927ea03b5d0ce81b3

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncSessions.dll

MD5 ae97076d64cdc42a9249c9de5f2f8d76
SHA1 75218c3016f76e6542c61d21fe6b372237c64f4d
SHA256 1e0c26ceecee602b5b4a25fb9b0433c26bac05bd1eee4a43b9aa75ae46ccf115
SHA512 0668f6d5d1d012ec608341f83e67ce857d68b4ea9cfa9b3956d4fc5c61f8a6acd2c2622977c2737b936a735f55fdcce46477034f55e5a71e5ef4d115ee09bfec

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncClient.dll

MD5 2df24cd5c96fb3fadf49e04c159d05f3
SHA1 4b46b34ee0741c52b438d5b9f97e6af14804ae6e
SHA256 3d0250f856970ff36862c99f3329a82be87b0de47923debefe21443c76cddf88
SHA512 a973bc6fd96221252f50ebb8b49774ccfd2a72e6b53e9a412582b0b37f585608e1b73e68f5d916e66b77247b130b4fc58bf49f5bf7a06e39b6931c5f7dac93ab

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncTelemetryExtensions.dll

MD5 51b6038293549c2858b4395ca5c0376e
SHA1 93bf452a6a750b52653812201a909c6bc1f19fa3
SHA256 a742c9e35d824b592b3d9daf15efb3d4a28b420533ddf35a1669a5b77a00bb75
SHA512 b8cfdab124ee424b1b099ff73d0a6c6f4fd0bf56c8715f7f26dbe39628a2453cd63d5e346dbf901fcbfb951dfbd726b288466ff32297498e63dea53289388c0c

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveTelemetryStable.dll

MD5 6e8ae346e8e0e35c32b6fa7ae1fc48c3
SHA1 ca0668ddb59e5aa98d9a90eceba90a0ee2fb7869
SHA256 146811735589450058048408f05644a93786a293c09ccb8d74420fb87c0a4d56
SHA512 aa65ef969b1868a54d78a4f697e6edbded31b118f053bbe8a19a599baaf63821dc05f75b2ac87452cb414ab6572b8d9b349093931e64601c47f8ebbb49c431cd

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe

MD5 c2938eb5ff932c2540a1514cc82c197c
SHA1 2d7da1c3bfa4755ba0efec5317260d239cbb51c3
SHA256 5d8273bf98397e4c5053f8f154e5f838c7e8a798b125fcad33cab16e2515b665
SHA512 5deb54462615e39cf7871418871856094031a383e9ad82d5a5993f1e67b7ade7c2217055b657c0d127189792c3bcf6c1fcfbd3c5606f6134adfafcccfa176441

C:\Users\Admin\OneDrive\desktop.ini

MD5 2b98cc2afc1d0907c7066453643faac3
SHA1 864b3477bba5fb913b0e017f7bc087c3c6af95c4
SHA256 f625a1050e8ba6df4de974c2acc572e1e637a3429bf2ee1449c552999a6c7268
SHA512 9e2eecf1715378f44539cc79c718bcfd9181728e9f2330e34d228badd482ce48a8b916275a0d063dfbcdcadcde25be82c43fea44aea0393ecf3385095550c6e2

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe

MD5 57bd9bd545af2b0f2ce14a33ca57ece9
SHA1 15b4b5afff9abba2de64cbd4f0989f1b2fbc4bf1
SHA256 a3a4b648e4dcf3a4e5f7d13cc3d21b0353e496da75f83246cc8a15fada463bdf
SHA512 d134f9881312ddbd0d61f39fd62af5443a4947d3de010fef3b0f6ebf17829bd4c2f13f6299d2a7aad35c868bb451ef6991c5093c2809e6be791f05f137324b39

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-400.png

MD5 adbbeb01272c8d8b14977481108400d6
SHA1 1cc6868eec36764b249de193f0ce44787ba9dd45
SHA256 9250ef25efc2a9765cf1126524256fdfc963c8687edfdc4a2ecde50d748ada85
SHA512 c15951cf2dc076ed508665cd7dac2251c8966c1550b78549b926e98c01899ad825535001bd65eeb2f8680cd6753cd47e95606ecf453919f5827ed12bca062887

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-200.png

MD5 f1c75409c9a1b823e846cc746903e12c
SHA1 f0e1f0cf35369544d88d8a2785570f55f6024779
SHA256 fba9104432cbb8ebbd45c18ef1ba46a45dd374773e5aa37d411bb023ded8efd6
SHA512 ed72eb547e0c03776f32e07191ce7022d08d4bcc66e7abca4772cdd8c22d8e7a423577805a4925c5e804ed6c15395f3df8aac7af62f1129e4982685d7e46bd85

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-150.png

MD5 de5ba8348a73164c66750f70f4b59663
SHA1 1d7a04b74bd36ecac2f5dae6921465fc27812fec
SHA256 a0bbe33b798c3adac36396e877908874cffaadb240244095c68dff840dcbbf73
SHA512 85197e0b13a1ae48f51660525557cceaeed7d893dd081939f62e6e8921bb036c6501d3bb41250649048a286ff6bac6c9c1a426d2f58f3e3b41521db26ef6a17c

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-125.png

MD5 8347d6f79f819fcf91e0c9d3791d6861
SHA1 5591cf408f0adaa3b86a5a30b0112863ec3d6d28
SHA256 e8b30bfcee8041f1a70e61ca46764416fd1df2e6086ba4c280bfa2220c226750
SHA512 9f658bc77131f4ac4f730ed56a44a406e09a3ceec215b7a0b2ed42d019d8b13d89ab117affb547a5107b5a84feb330329dc15e14644f2b52122acb063f2ba550

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-100.png

MD5 19876b66df75a2c358c37be528f76991
SHA1 181cab3db89f416f343bae9699bf868920240c8b
SHA256 a024fc5dbe0973fd9267229da4ebfd8fc41d73ca27a2055715aafe0efb4f3425
SHA512 78610a040bbbb026a165a5a50dfbaf4208ebef7407660eea1a20e95c30d0d42ef1d13f647802a2f0638443ae2253c49945ebe018c3499ddbf00cfdb1db42ced1

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-400.png

MD5 e01cdbbd97eebc41c63a280f65db28e9
SHA1 1c2657880dd1ea10caf86bd08312cd832a967be1
SHA256 5cb8fd670585de8a7fc0ceede164847522d287ef17cd48806831ea18a0ceac1f
SHA512 ffd928e289dc0e36fa406f0416fb07c2eb0f3725a9cdbb27225439d75b8582d68705ec508e3c4af1fc4982d06d70ef868cafbfc73a637724dee7f34828d14850

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-200.png

MD5 09773d7bb374aeec469367708fcfe442
SHA1 2bfb6905321c0c1fd35e1b1161d2a7663e5203d6
SHA256 67d1bb54fcb19c174de1936d08b5dbdb31b98cfdd280bcc5122fb0693675e4f2
SHA512 f500ea4a87a24437b60b0dc3ec69fcc5edbc39c2967743ddb41093b824d0845ffddd2df420a12e17e4594df39f63adad5abb69a29f8456fed03045a6b42388bc

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-150.png

MD5 771bc7583fe704745a763cd3f46d75d2
SHA1 e38f9d7466eefc6d3d2aaa327f1bd42c5a5c7752
SHA256 36a6aad9a9947ab3f6ac6af900192f5a55870d798bca70c46770ccf2108fd62d
SHA512 959ea603abec708895b7f4ef0639c3f2d270cfdd38d77ac9bab8289918cbd4dbac3c36c11bb52c6f01b0adae597b647bb784bba513d77875979270f4962b7884

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-125.png

MD5 b83ac69831fd735d5f3811cc214c7c43
SHA1 5b549067fdd64dcb425b88fabe1b1ca46a9a8124
SHA256 cbdcf248f8a0fcd583b475562a7cdcb58f8d01236c7d06e4cdbfe28e08b2a185
SHA512 4b2ee6b3987c048ab7cc827879b38fb3c216dab8e794239d189d1ba71122a74fdaa90336e2ea33abd06ba04f37ded967eb98fd742a02463b6eb68ab917155600

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-100.png

MD5 72747c27b2f2a08700ece584c576af89
SHA1 5301ca4813cd5ff2f8457635bc3c8944c1fb9f33
SHA256 6f028542f6faeaaf1f564eab2605bedb20a2ee72cdd9930bde1a3539344d721b
SHA512 3e7f84d3483a25a52a036bf7fd87aac74ac5af327bb8e4695e39dada60c4d6607d1c04e7769a808be260db2af6e91b789008d276ccc6b7e13c80eb97e2818aba

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini

MD5 56b8977226769a2e0bdbae74a8180e04
SHA1 471eb311be4d38b11f0e282ea11cab67baac9a01
SHA256 8c59e2631e6bf6d4e151de900f0d661986ce2b080a1ca02d244853a03a042144
SHA512 1fed43a9d860c32467b5bd73becf36988639e5152eb6904859fd31913c834fefa18318573964f31f73db6c7f243bdffc3bf83c05cd5cc7f920f96e7cab9cb565

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 704d4cabea796e63d81497ab24b05379
SHA1 b4d01216a6985559bd4b6d193ed1ec0f93b15ff8
SHA256 3db2f8ac0fb3889fcf383209199e35ac8380cf1b78714fc5900df247ba324d26
SHA512 0f4803b7b7396a29d43d40f971701fd1af12d82f559dcfd25e0ca9cc8868a182acba7b28987142c1f003efd7dd22e474ac4c8f01fe73725b3618a7bf3e77801d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 de47c3995ae35661b0c60c1f1d30f0ab
SHA1 6634569b803dc681dc068de3a3794053fa68c0ca
SHA256 4d063bb78bd4fa86cee3d393dd31a08cab05e3539d31ca9f0a294df754cd00c7
SHA512 852a9580564fd4c53a9982ddf36a5679dbdce55d445b979001b4d97d60a9a688e532821403322c88acc42f6b7fa9cc5e964a79cbe142a96cbe0f5612fe1d61cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 57a305b22ee27c70627f23e45a167ed6
SHA1 b6d458bcf2d718bde7654ac1aca9341526bdb042
SHA256 aeea7d8ed38303341ad4a199eeb0e23525987a161a472d3180d7c1194518d269
SHA512 1a50df878cbdec35eec0634b8286e63fb6cf05d2a48bc0f86b2e849aa2ca2859bc22279b3a7c83acc1191ad2202ce178fa216c576a021441fa80ffb9df86cfbb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4927abf0516b247937a95163d81a1720
SHA1 32b451ac5dc43ad90609cbdcbc6f3e7757eb864f
SHA256 0b3f83bfd1b799eb7d09f5ab76d8edbecf756935bc927dca8fde67a86fffb394
SHA512 281d84e949d827c8a778cb481c55ea82285e360d59bd8b0375109995080dc7db3b19fa360dd22b82c502fdfb27fc3bcde707d2c3cdfe3a70de4842569c35fb59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 69ebb49f3fb8a91c63d889f2c9a43acd
SHA1 9994f5901964ddb8203130d0a1b734e6265905ab
SHA256 912631778a7ff65a9a88cde6be42f970b1465b248cd6febffdbbdaae04a5f898
SHA512 013d2b56703ee17596e3e1ecd8befd083f95d5cd5956354e7ed29472637177c5c31a57128ee9a4e4793e630eb83105c1ee0e721c7c3ae1c7ebd74c8818f8bcc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f15ab405a1787597122a2e39994ad927
SHA1 88b0da0984dcd31cb995d453a16f809296f9dcca
SHA256 1ac49f8a36c725affd72d447f9fb4facff29fac5ecdadd6b06e85f8579392978
SHA512 ebce286dd239bce67cc03ccfc6f4f5a3f1335ee86f8342536f8628b2876c3b55bf4b647f4485b7025fb7e612a6a66e9d3adba19b00430740798f66cd313e9eb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 39350aabff9f3eb46a733e59fb52844a
SHA1 6bde485fe18c7c0bed53b4869997acf911f6a348
SHA256 50598c027fcff25470087834d4db73745f24eb648e357ebb4c9172228678cdfa
SHA512 e1637e10b5a74e9a4630fa28f1fda44ec3326a5fabb35b8db15339765aceb97b4daf238044a37cbbe381a22283847c35a62b8e30b2bcd61a2ea34da46334ed15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bde072552a2c9c9372c617bdd08221d7
SHA1 f85d1abfddbc5fcc67134a85c054ba7666401113
SHA256 32eb9c4591bae4e6431994fd07b46553d8c2d9a1311bbaaf193fc126d32d9a91
SHA512 707ab49fbba99374ae9c4fa5a2ad9689d26e68b0b2a0807de84ce74bdd158f24811056a6e32c28f1ea44a41e8a443e1401028c6c520fd749b22a9c2601c728c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 ce1093c800c0933d7c9674eda75790d8
SHA1 371c2dcde092f51b18852e2617bc6c0c176f5873
SHA256 57781a723db9a2483067bcbc89d1f30f7e2f22ae2d18aab1e45ad894d8cdab89
SHA512 fdbb31c607cc9a4bd75c42cbc552fb40d82e53804d156244ed2daa124c75e1680b908589f7a3ad8888b9b03ebfd1f4b3e83e19f84e3a746cf210d0b8a1678533

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5a1c099eb5cc1c76f7950a5370d00c49
SHA1 60f72393752fcc6be04cd3541f5418a775c88535
SHA256 365afd59a39aeed9adf577e25ae93e969be5452c65230fcc34990c264fbc778b
SHA512 8e86f2a6dbeda2d56a190eb4190999b0533265f860bbb107d1ca4b7111911186d36bb9470c9cd7544cad4b1edb28d3176942464f2b5b5a5ae8be16bcc9c0c617

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5e032a.TMP

MD5 ef61d77a9ef12784101f74b708dfa031
SHA1 5e49ac824eb0feead9e7f123ca0dfa32197cade7
SHA256 493517fa6c32625e98e83270952e9ea1072a070fac8f0d999b108733b87b1d71
SHA512 9896f8c65de4adcf9b378ce951cc44ec216f0c9d9cbe481bd79ff391098714cd1c4bb0d04501013de8dded669d758c28fb83487a2b3bd459025af6be9b74151d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 414e21c1afe05d5b0259058594afafb2
SHA1 6017ec777c19b4db83f6f40c70b4280c8bfb6f07
SHA256 d0fd32a1701ecbe03686365385dc167a6d4b932ee31c1f7f7017c8c548a281ba
SHA512 c0151c391be65477fb92168753d0cd66b6df54a12f84c31a0f3cf8a76daa4c421f0b4bd2a19a88c6ad2c16ad94c6054404f03a0d1d7ac804ee60f432c39a14a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d618fb078d0f7219ce2c2661f08b3669
SHA1 e97cd4085f8ef9f10b4bd0250d60e131f9b3a85e
SHA256 70458afb1acfe41d20303be20b4d651d3ea0f75993d66b7967b57ef7e8c9529a
SHA512 6780c03da38de48da7aae09637dacdc9b3aa28f30d5f7bce6266d9e95a0d8c17c5925f0a95f30a5a13cb637324511d479f8d86592268b7fb8cd4da4e93d597d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 e3bcc4d955bf08ccfffa51b0cc058788
SHA1 0b57e52d9a02516ee63100049eebd6596a5c0393
SHA256 856be9b267e08caeaaf2d75649d6d3023960a0365559adeadc230dbe48faccd6
SHA512 8ab0db93688aa184ea07914080a55dc57006414288ce4fdca43f2bd124dc9601d7c00e8399d0098db3b2f4c0fd890e186df19735e24d09d3672d236ca5ff1193

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 8b37bb42b1577b08892393df19f534c8
SHA1 e12eaa944bff9ccd0687ac54811a3ada4a5d21e9
SHA256 6cc9e87df3ba27d6dd288a0593a4f70a17ecb0bf5cac0a591ff72f355a9f454b
SHA512 9dba0d070832cecab4c2aa922bd07395b7493845926a5bed5c5f86d61c3b2fff1f6fa12069b7b7abe4f15cd58775ffa238aa36c47e100d7ca544abb3bc1a29b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 15168c227eea7b6fc87e79cdae0b15ff
SHA1 4293082d5d0ee4ccfb04bf5886e01306d782c653
SHA256 be45fd01c4efc375014ff2f9b8d2aff44b4801506210d06d77d0fbbe5942d8f4
SHA512 ce4044b26471c12f1fbe034f8b4345249f98294f652c3a43f85dc4ae9257b4879ca8d372ef9e6ee7db835bfd117e2467f8f556a38da08df3f2419a11f144d56c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 192729882b9a9607f569297a4fd0818e
SHA1 05fa1e689544621855a28058e7fd74306569a9f4
SHA256 fae1f01e880210a893922b12524d6dca4490e90d85eaa5aa02665e77b22677cb
SHA512 87aed22a7db89adad2b5895ddf4412791f32c341ada2f2c95cb2452c345d9a0e2eb7ce101f1492f854c42cb42993ead6fc44294b417f5e9a04ccb1b6a777beb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 46e8699813585c2a09b2cc2ec9f959b6
SHA1 b3899a43986fa38890e362333a4f37c7aa3ef9b7
SHA256 ff3b361fe6b727f046166603c5cdfe4fa5b4db479f600911428da0aca6839a5f
SHA512 1affc71cbbbbecedfc652c409d12b4369b250505eaf4d4b188c2eab4101751c709e236f6521c7bb3ee896f814a4fc1f7071966e64746222938ef19814a501510

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 ed76b3230fad7ddbc073911373d8b828
SHA1 e03350537c19495628ea3c3827254483b14bcf10
SHA256 c277c9967f04a3483e9142dfcdea2656d7300d00e66f116de284e894d262460b
SHA512 70867212462d893f9212317c551e5265760f5af5fa7f856b38b8d9fdc896fd3c8a89dcb3ce2119a762db0cc38fc2b0fe3d3c1e2ebdf087bf5e7c5833816bff08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 b73bffc25948148ce6ad05dec3809b6b
SHA1 7f8fa7515537ee81d11c1c3a9024c7d13fd0b68b
SHA256 2dfbed687052968da41d52ca09052a0327a04a22bd985ed7980809b64b6e31c0
SHA512 c255572c8d7f1cbc1852a9033af9557922a75c236da17c09b3b7b0a81d35c8bf5ecc07750234896d6c0cd7df7a0d1845cfb8533f04e3d045bacc8ab7f2feb896

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 e1c894bf3fbd58b78d850ce33d6f3983
SHA1 08d182fede0e0f35c2d3937dad01b695f7f805d9
SHA256 4e3e0243085becdecfd2e3cbbaa3ac44c3f66b994315796dcf7a6b9e09d703ad
SHA512 177508aaf0b27631c3d038cd4652e93a879095f7e0bd6d295be33790dd16a91015eb0b84627a349c76c8b30029e03c4c41b199f5f680a39ca4439800db750792

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 1aca735014a6bb648f468ee476680d5b
SHA1 6d28e3ae6e42784769199948211e3aa0806fa62c
SHA256 e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a
SHA512 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e6cf5d2a301ddf5b_0

MD5 5e74987ac2c672bb5a99b8c3dd8c9c6d
SHA1 e63edb371efbccc70799e58d180216764e464a45
SHA256 37a416288f5b1afc01345f8ae12078f665970e2eb856ef2d3b1c448b8615b93b
SHA512 fb61cc2c7415ca990a433dfa9452b33a7fd8b141fb3a9def95ef524642d7c85f42f5f397e18e964da15d2f21c5348d9bf2506c707d453eb592ace8099d36c2f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3fb0cea0992937d2d3aabbdc1f776f03
SHA1 814a3042aa2b801052c4611519828100270317de
SHA256 e946209d8be1cf01b03d11fceaa0d49cb255b153186ee562fd1ba9686540c15a
SHA512 8ca8c2c8711b9170557184c4fccf5f459cf5212ecb779e6a12b89281eceaff7ea7a7e40f4fa8229fcdd7c19e5bf71d749cef1e5536f9210ccb0e0ccf5459648c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e239dec4eed1cc98a7c3247827c48f44
SHA1 ac16fa5afd19dd82d0c882ecfd600df2ed45b979
SHA256 27534e37a6e60afb329f61d10b010f97501e08bab9ff8e4b6902613db65ce4e9
SHA512 7fdf0f5a3820be00b2a3a183295aea6c2cc1331e59f86673d4d5901699bff81b970f9aa75bbb77cf0c0c44efde4fbebf8e7a0edc0748d364b05ddfc5b584c1ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7731f2ce383473df090e66df7a7df7fb
SHA1 fc5992b1cfb6808523ad274db9be85770e83ff18
SHA256 2fc139f6d6b140cd3322f291c1335b2aa930a2dba2f1ba252614bcd991e18a36
SHA512 92ddee1a146b3469fc94ce5fb0b2ba927def9b74fa734ac1cf19a0aa803e52e8af6c433598c5dd5010ab8eaeb8ea2070080b6007842d569703339a7955c0e86d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 2f2a325d9197ed9bb6c17b099f898185
SHA1 2142a6659123b33f13ea08bb55114d3a29ef4c49
SHA256 bcf0eb7ea6890bfd90f8260b9fc3819b09d95b25640437f47fb4d0b0d5fb4efc
SHA512 2bc0dde4a0a2bb43ae4ee539064b56b92a5905732b39ed18b0620b1353e7dec29a1be2e9cf791db850c26fd0ad99c6551d8978b50f71287c4dc54f4ed506c08b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\845609dc1f760ad5_0

MD5 7180b616b7746a7164529a2f9ed6cb9a
SHA1 7cfbb3b4048011f4b3cd39ac13c1f574b5716987
SHA256 a32a42bb12412a228e91320cf11efe36bc794aa6e21f78ba7c0938a83c6b9a6b
SHA512 ac54ef480ecf15de1838acbe85353e8863621917dae423a91d8dab2a87f2184880e2cecc5d2d3ef925e1cf5a105c0cca082433802fac92f0575c5927345f0ec5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\050d0bffdf0b4176_0

MD5 ca8ad76776d1941b06f017a673b55230
SHA1 7a6c535d1478e54dea7a377d2d43610d6b5a3608
SHA256 df392d424588d5251789130fa01a03d5848ca28273befe6f1807340aeb734fa6
SHA512 9f80ff621ad5cb7e61e44594f0e51b8611f65abdfab381daca2169b7c6cc8eaa97ae94b348b79e785770f7973f86ce81212c4f5fa33be84cb147c2163a644e4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3275e538b116cc62_0

MD5 b220fc2c63b2212a3d1df8b1bd3fd757
SHA1 492cbf2ec4279496b53c580e3310211177a4e304
SHA256 f1390ced36a21104cdbd582aa9af82bb13bcd307444c352263ab753f0c4df8d8
SHA512 3f476c5fcdba5d4e7fc80bec6ebdc4113b7207688864f71ccdaba464d841cfb6ccc5cda1ab14d6e89f18af48fa561590d9b0a1db2262c9a6fe95a4d442b81aa2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\801fa7b8a8ed9cbf_0

MD5 57e9137bd4bd2b17d6f29569cf3ffd3c
SHA1 cd4f0e1da7d2d590fcc6f96868ce7f6ea64a8f21
SHA256 54bb27ef53bcee2dbea8a48d26a578801037eea27e36e16e2f009a348fa65229
SHA512 578db9fcec4ee0381377d6168f89458ac72548ff33157ee77eb6868d2922d40ce36d3e4c8f73052cf30926ca741c31cdc26ee2f24a3afb08bf8d2b7845f6faa9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\febf2bc117d0b682_0

MD5 990f4e47c5b4c96fb2b26d9c8bd5cb71
SHA1 b0e15ebc62538ef0c2dde77d8224d6db2995412e
SHA256 5a518e3c35691910030221898942b2d5fcda97ebee223eb383b359cfdd770897
SHA512 b5b80c6c15117f7628f2a1e6f62427192c917f416cf10d09ff5352c2818af2e26f4f9b8f7a8f04afb4bd0a870501c86d1b1d9fbe303e864bcc7a1158b391bfcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5f18f7d0fabb1e21_0

MD5 7125595c79d03b57ef164fd92196cf83
SHA1 97dbeedb9aa73fad9399d6438478c94c736b6a03
SHA256 af5d67b0cf6a0df808b40e261bcbfbf919da8506a1b36e84f9d02c8b9e9e015c
SHA512 384aaee559625462bef2fb66ad2ff3fd1d9b6e6f1fe063e48160f1631547058071c8dda9dbd56d047871b8db783937b5a56287929a5b1de3df143f71e9940997

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df53bad28ea1e322_0

MD5 8c9da324bae183051cde5c627307b47b
SHA1 d0479f687107d3cded59e9ec7a2c4823212f8554
SHA256 320791a3bf0bfb53f93fd867d9b1f291fccd101402b05acb7a0da7413165cf95
SHA512 3a15b2eb3dafd2fdac3288bbac62f0fc1cf6d9eedbfa661b4e8994c525fac2471130817006e31a15e0a8d880679d8444c1d16c6d543061d3d9473b5a4be293b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 446240d0e35abf252816e4dee2274d7b
SHA1 64e87dcbb974a96d3dabc7288389b2c18d09de77
SHA256 7d379b05153fd3a619ee576bda7e2e7a6f3dbbb003c2a36bcdc8bddaed2a30a6
SHA512 27c895ce7f6aabf4828fcd5b56a28ccf662092994e23ce9aec1803186df52a890402bb7aff466d70ba120b6f6f8a3c03eeea439990b59d467f1d56c3fbd2df82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e80c273ebd4a5e49f43f492794d3a25
SHA1 0ee33ba4790a29890206c8ecb7dd6011c7677e84
SHA256 d94afa365b850445497ddd888c52f570e3b791dfb7675ef10645d8ff2b2f6414
SHA512 bb25f9c35014e2f95da92c15d41eb1301c24124f2e42d328de565bb416218165db7a291ce8e36838191267e8eebf432c7876f2e5bc43b27fd21ce1a8d44ea36d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e3974f92490ccf69_0

MD5 edce07e7f57fe1fee8fa4205e04bde15
SHA1 bef98e6b2f222d282af856ede24040573e6ee274
SHA256 97c594d6902504eb9ee8eca857d4b45a8947ab963a87d1d025fbe292a288b46e
SHA512 9742e81d1adbff5921a500bca881a165c204d22ba7b487ead7c5d1d93be6cbedd53a15438edf043a8ac11347243d1d2eee7cf24603745e6847d5d01fae0a6743

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\389e4748a72d385d_0

MD5 65448f83cf5e3d6d9e36055a2514cf49
SHA1 edbc80a2e14a029665ea284ee72c01c95b1b6b0c
SHA256 2665d859e02a62371e7733eee03f79ece129a41697f6330418366c0294932fa0
SHA512 4479fa5f6912c1b40533d346513a3688e20a14744dad25b4907266e8e665867cfd335808fc100811e150d972602496c564ef4b9efaa5d228ee0377495de2f3c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2c4e3a9894c10d5d_0

MD5 e715ccb4c5a23a34d5867dcf4f825d5f
SHA1 922dcd11b76b540aee5855a57a57d18b883f8343
SHA256 6036b3cda477dbb60ac9d11ad667909e2613a71af4ffa4c93d8106a18dda1cb8
SHA512 177fadbef662b764e93f9d851cbe11c740d3c9cd72de39a27289c2b145cc4f38f625a775fdb15b40df4e0e1fb94691b424939c0c96ddb9935dba926a1daa0d89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 7e24b3a9f1de969cf655ce8b1e5fa7b9
SHA1 054ef2895d4f0571ed36880d3b2be5e7a21b91e6
SHA256 adb1154487c30e1555e3d944f6201cc08545d43363ba987d8196b0eca6f3f8fe
SHA512 a65e4684232c51f6337d51a02baa8aad548392e517a022a734f650eb21f6c275918e68627163170dbe3d707ff56c1e0ce1974a3cb99b5b1751f197b78ff379ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\44e752b8af00e071_0

MD5 4fbec820208f6cf8c8520e49f37c9b2d
SHA1 fc4c7a6e64178508c845915fe069aec01a822a3d
SHA256 bd28b279375874bd5a893832dfddf417a165c63aaf76ad64a97043d943f4f510
SHA512 79177daf4f2d331404a031af5354325386be5c709b7403bc005d3815ea1d5a14447b15daef6ac74153e3c17b201198b2dc867eac8f71ed54d5c2d50bcff2f884

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\30bd647173850388_0

MD5 cd0c063978cbfb2c6d72641a0c78fc02
SHA1 166dd6aed3014f8b3a81516ab16c4b1e7600f5bb
SHA256 7106f60a043ac3afe31be1c20e50222ee0cdf22ff40dd7b0e8c6c0a71734199e
SHA512 db211599e8d2d03938c6aa3552744d73886718d01ac3a1bfa48a2af86a8631be18ba0267550407c1fc1de93b5b5f208af61e9683235a42824121fee8204338b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1fd966ca8493a5f9_0

MD5 53d87fd33f42c341d9ff20d2d14c068a
SHA1 9c0dc99bf72f4de5c239610b303e22cf0273f803
SHA256 0f1f17fe180d65aaa481fc6163fca3fef625ab39d699c6601e4c1e7d98b348d3
SHA512 71a14607bde951b81be2566d564b936460a4a4bd5a524e9ec53d32eb36a248d04e926cffd189de952b8dec4e4fcef81cfb9d01588a7cec263b7ca5b6037de16b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b60e6ed378c3b744_0

MD5 0ab1c01cf788479e86617fc808656851
SHA1 074f05dfbd04a87b480ebb0a71814d2ef244dee8
SHA256 0ebd66fc56ccb475b664682846b2b8aed303fc51f1f631608a8c6351c7a0ba5a
SHA512 3f0c5220fbaff97f15912d9b2e9a13c7047b268db061f6bff7703d4276ee38a3abb3372070c9457cf2c75abdfec5a1f26d379a31b99bebfa8a45d92c9f42b906

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a5cf4f444d50084_0

MD5 abfe1bdbecd48d3f4d403acdf77d7568
SHA1 9e665cb6fc0d8c3539f40c3c607edbf030ff4d14
SHA256 ddb77a7566bb91cbc3ded08e6feb941afc18775971f445e6c50163e79a79fcca
SHA512 05a8ad8eb09b17ff2f27bdb1f7a4c1d7fa20cc31c98de7bd0398a7822d87648935e3b3985d08ef6d3195ec82ab4ceb0c70a432ad1355d4500602b7dfcae1684a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\32f13e0adc99e8e5_0

MD5 6e86c49b2ed6fae13c5bef591b89c2c1
SHA1 cbea3525c7c24c22f729eaee96e9c8dbd6962dff
SHA256 74237d3b8852afd6dfb55ac6483caf88cdbc22ad25b1c3ab7127e1693337afc6
SHA512 85dc6bed8ae286b03cdca5b3208bd7b32d540c670595c5e9c7a8eafb19edafa227bd94eccb89fc9244ad553ec38b503a8243c61ea4a629e960996de83de91ddb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6dc84c979aa8be32_0

MD5 c1b9d4964655c9532f345b54b024a908
SHA1 dd41437e6c9258050539a493f4fcaa3b98a9e3d7
SHA256 dd773ee9167f6a3b439b136638fcbd1a644726a76f300eb31a42e3f7842133ec
SHA512 16ab765634170781c0edf1c4983f6621c490d334004fe8f32192c7382a2140294a2a52f72f01d3cd1ef127dcf4564c42c17b777395f397c2d542c66416635a09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\31c32108cbe5056c_0

MD5 7a03176b010064505644edfbcf82511c
SHA1 8660626da208e3e64bb031ac515cf76a1a1b15f3
SHA256 1a3fc997af9b8be315c8629b23007717dee851d7df50c250e05759bf65722439
SHA512 791bc75bd82837aed84e6a6fc72b9435010ba99c6a2449879f55b226b965cfe27f82aac8c310aecee504844c6378a8eb52ea4a56ee25f9b1620ca419e324fcdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 4e23cf0a622effe6072fde83d18d2156
SHA1 bf57a0783c6ceb9547acde6b585b0127c40e17f6
SHA256 dd4fe923e2cd0b31fdec51bd973acf89b180895fdfa82172218a6d96461a5985
SHA512 d45595ddc64e3138d2a4afb2053e0ea7dad66fd726022889ed8452c143449c3e310a9e8fd7f3a7378d0d84506483ad6203ebe2970a55c88bcc3d59fe0ce58449

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a147a89bc9679c67_0

MD5 45a309a9c541b940c98c11dea83abaff
SHA1 6973cb66a058b4f6dfee57ad0ab0c80c1b819661
SHA256 773c133cdef1e189af8711759f9a5354feb38d63971d0f3d1c017f1ae85d5900
SHA512 f2d7033d5ad618f3c2e48a19280b3d7d680ddd2bd61d136380c46a273a84fbc36fd07b100a3f95bd1c6c431ffad215f7f298165ff75708ad77e37d443b52d20d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2285ad6a-8df3-46b4-a34d-21e3c6eac7b7.tmp

MD5 0d57ed951e1c3823551ee8d7ff949bea
SHA1 a213b1d71d0f07e6f44a272c8c5c92df89df6a29
SHA256 2def4d50b967a7683b96030115766d19880829e2dc50b45d3fc3b94a8789c619
SHA512 c6c31e3e9db99e8f60a124873581bc39327141e9b416aea86a1eeeb5f609e96b76cb1b70d17857dcfe2de3322ee3c60d19a35e794e946aa6bf0ef6014659fb29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5cbdb56af36751238f38007d58658bbd
SHA1 917523934311d9a341429ff25aacb18d816b1d80
SHA256 366eac13b31810472e80da8cfbffdfa32a6179bebe2b3c26f140df97b7e23f05
SHA512 1524c792ee799e41813c9d14075d8a3f2d508975a9c33a0ebaa9360e4df16635957f8883c0f91727d497d39973070649b6b2a38349e93c2f69a70131e0e75b21

C:\Users\Admin\Downloads\4ce8a604-4d40-49e8-abcf-92c4f5371b57.tmp

MD5 c7cafa9238c0b4f40c1a92232d11a389
SHA1 16062f54ab15d1b0f7f7317e43627c47d2fc7474
SHA256 59f6bfacc5128b236844e31f491ace8326a8b8898cbba14d4618eb644fc6fa14
SHA512 40699148db973e6d7016ee4b74ff2698d216620754b7dfaa3b317cca0651d2482233f77c72e9922de19638fd016138a8e8ac60d9a723283d7aac833edca41d12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 12cdbd0e265ea51902b8b223d7fc3473
SHA1 e8e7d7c071f44bd419b03e13722217986c4ee222
SHA256 c3b3bcb5175be50def6b951d967399e34ee8699234d835d083ccdbc906b357ea
SHA512 ca4f9afc3ebab9d947579fd6fa70cc42bff8bec3523cffd49d862e4dec9c2d90394980ad471757112e99ff8078308a59dc959e240046bb3c1492df6180907d3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 d427318addaa210144b1223d5f7339b3
SHA1 8ff9fe6484605b620d049a12e0ad4e988d718daa
SHA256 0b6f99d6727e7c15884bd180f38dc0bffcc3ba65e8a9388dd82cfc7ef7a2919f
SHA512 38a02630a8549b2490ad5ec9000cd0a71be6f15053ddaa50b40cdbc659d55c62a11b8d50be4ce2d865418100419e1af1116cf19e76c62f4b0638381c22182d5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 9a663ecceadd2134bb503aae64853fe9
SHA1 8da1eff76a04ff3fc6f89a1ef93dce3f0cefa69f
SHA256 0f0c119ed8365bca7dc84f8a2f610caa0ff411306fc5a80febb0a65d7f429773
SHA512 b044b0095706cf53c4cb5ed49c346dc1c47705742819563384947592d68a9e689ca330ee8aa358e74d0305980c95abd9e8010d3d39ff5ae46ed73242b512512d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fc18d66393d53f7f_0

MD5 c60e0bee2e20aa1807f8a64e56a29b11
SHA1 f77f1cfc5c3d25c950dea6e0112bcdfaa7b849b0
SHA256 3581dbf89cf804bf908a929ece71f1bfa9e7e8ae17c3723e2321dc5264251457
SHA512 11f060be431f76b2a0e8d535b77e671509a9f849326533e4c03cc09fff7ad34a6bef82824a32307323d4b463855a8bb19489b33ab2318191c0560bbccf55bb61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0c1ee7cd95e9c2c6fd34cd00e6e8dc08
SHA1 864c20cc98f35b413c8f018b1b99c4fe324bbb77
SHA256 47fd27f3ec02f9a2e5b497953cc46d3a10f0811ebb85f9dfdc10e70864257011
SHA512 ab89bb689299ae841e94b56883247cfec20833df3e67ea20b2678ed099016aa203213ba586042d0379b426c9ff6098caf239501590f0b214a4a263eacf7ffe30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aadd9d7efdfa644ca780e80887b1b47a
SHA1 cada6e562ca50a617c0eba88e4ffecc619bcfce5
SHA256 bc0f253603147c548c02f1afbe8067fca778c620a115b1ace7625276f5c0a622
SHA512 5545ba5372a08ad30455f66204b8ffae8a46a1726e0d05c8932de0291cd4ed994348b8bd38948e9f94e2601598d3b24a1ff819e1158589d291ea26eccf2eee9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0ce7fa1dd0f6bf19f861bfca8b0666e4
SHA1 258b5df354c9a4c7967b6de91315a6f913d85170
SHA256 f574c0e7a4c3eaddb96de7863214b46cc046d05b07b5df668fd3bf7e02c2c37d
SHA512 576b705c580d566987d166bb82074a42660e87744df3908ec8098bf3cf5d8a7d4f904c53551bda2984b186ac16a12f4bc82e7fcfd4bd27eb8be6ab7cd99ba446

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a1fa0adb92f8d31aaae572e247d52d61
SHA1 ec7dc409a272404a8995cb1c6f8f1d50439f33e6
SHA256 eb14b1c80bc53b23027f9061add40a18e75a7029f46beabe7d336d4bdb07a410
SHA512 505c60b9858f85d6072e3bb5d5172fa452176bca18672c5787a1df1715ecd3f0ea0f26182425eb201b5b2b2fb125c8f0469ec198aa7c58fc5152501122896873

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b9e3947c5bc735dc17c48c7b896e1c91
SHA1 bf5bbfda8a5eea05fbbe0eb0d470a342a1ca9b34
SHA256 dd6ba50dd9a2edbd2c34dc9e3c4b2eb994fe0adae909566e4bc6bd22848933e4
SHA512 03356ae7f07faabcf4ed8026682d9ac9cda01c14b046ffe06824b6118b8c8a1afded27ee5b020dd482c8661821488465dfcdc88d6e11878c98e1eaa8480880f3

C:\Users\Admin\Downloads\Unconfirmed 696891.crdownload

MD5 46c17c999744470b689331f41eab7df1
SHA1 b8a63127df6a87d333061c622220d6d70ed80f7c
SHA256 c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a
SHA512 4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b70c393fa618e88f25b684e95b447e2d
SHA1 0d1279b1387da59eae2076d9e445b86271405022
SHA256 71356991ec1edcc688a98646c11c536d1e95b96aee28461a7951b228bc346b2f
SHA512 34d6512526909dfb96688764a3796a72d28338ac2d209ea92d29c348b0e85a2cb32b2e4727246e795944d2910f288af14b103d895cedb13e8cde27ad83faa4cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fb75733b3f81c4475874b62ba7be3411
SHA1 ec34471809738f2562c2c4ef680c22c34584be3f
SHA256 744a12b2f1d6828ed9c672ff3770bcc57e1b2a12eddb0e952e6580606718498e
SHA512 87ef5687c461a28488aa7ce974b23d855bae80a842e53b2f3647e6d38c73abd219160f7c27065777da1cdde85b88372f33b526468d3611bc4f4a723fe390d3f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 84c0343c30d8acad6485b46d89386504
SHA1 efb21028ffd53f324e7863d4bd709c00baa9b29e
SHA256 3667135f9fe83110a7ffe2f7310e584b9605c41ee96ca59ca43de22ef19bf530
SHA512 2899a7370a120ca84653c1ddad5d1f58414949618a1ecd9449375491cb7914738f7b52147a94c55bf9494129c6fd9e979abed4a9fc01abd97fa8dee50cad39ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 57f4e25a95560ca8e82f41d0307fe656
SHA1 74dbae8ea882307bed16e6fbc5670321fa0915a8
SHA256 114a4a2ab2df7db341bc1cd78968f15d45905cc420fed363ed0fae75d03b1114
SHA512 b7c5fdced9e8f02086f193700a32c44bf7ae209ce8e46553ace84c5fcd8dbaed15eb26881eb8ba2fa6fc3805751427ca011ca6e6f29f10303aaad4c93d411aa7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 42f101dc2eea459007b4dc0d6f98ac8b
SHA1 79df1c1b7fdcc1521c52463bc2b6bc8238b032ed
SHA256 bccda9d2ce6b8d5a2a5477955ecbec86515e1adbd1c8bfcfb597152b8c6a065c
SHA512 641ee79bae9c59461600ba1abd809ab804dfcbd525342ad11a803e6fd674cf364fe3e84bdbe18f36ecc524c99d450feb28b9b3ab05565492e255499a3b43e31e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 d2d55f8057f8b03c94a81f3839b348b9
SHA1 37c399584539734ff679e3c66309498c8b2dd4d9
SHA256 6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c
SHA512 7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 77a1f0e4e8fb97a6e34e513fd186cf97
SHA1 f4f1be3bcc3630a40825d8a09e0da8f2f1223419
SHA256 7adf0401760bc541c66b6bc7a6e0000fd6ac22e42f9bdf22bcbd06958c94ca57
SHA512 ac43eb1f039744a61b6a4dabcb262b9ac9b0c608c312e0d103b8e8f819265553922333cc934ad4d26311fe5e098a71fd84e019f1ae447adca83f3df9db8048aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 adfa1eab097cdef8021a3974c798e60d
SHA1 3de4661fe16675682c961a1974330dfc5a8eff19
SHA256 ce0775200116ab1b20f6521b1921cf47d5059a57fa565c91ea042c1f295d6878
SHA512 3b82abc55d00f672b342d3d5c098daeb307eba71a89abbd9c2fb98a76b380ccf70ded3d5ac4214558c09aeb8dce2c62baa994314e617088ce99f2c663340908f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8619ef5ed1b5dc85676f03cf8753d900
SHA1 302028b9c041fb0fb095d1bc05ba434d2af637aa
SHA256 97f0b017c590ec492b8eb13745c49d3909d5ecbf2fbfa0e6f17cb9f2f39b7517
SHA512 165b53aa0f0d9f93fd6ce985b4e70abe930c802764cdd928b7ef80e6b28eaa16a4e4ca4101c85f63059a810ddb840add75d11209f4e5ea7f33f5b0cb7231aecc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2a944fc57b33016adfe12011a00f41d5
SHA1 1e28ad81b4b386b54cd4d5da2ee35ad90be22227
SHA256 e8102eaa1c39ad7b8e70a49cc8f4421d85b1f791da1edb72ec8722ca6eada42b
SHA512 56019878f1b940e66b91ade34ad963a6ea5b480ea8e48580f2089fc472222daef881fc46998232048bb5b114b1c0912f9afb37c204cda9dfaf9832e98090d32d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a44b10701ac1235d_0

MD5 18ca14d07d8aed16fdaa536d29b1acef
SHA1 857d4d227b0bd99fb498859191461398593372b5
SHA256 a913f33f12d6a7f6d0a5f50b4ae9bfaf46dbc8054312ce662ab71820eb9cf8d0
SHA512 f98203f0c1aa1e9d0b30b38d04e8fbf109d14b06fd956989e70e9c973df41de87741c9fdd258b41ce284b1e08297668cdc86d491cc7b68afff04c2afc9e3d7ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 418ea95e42732abcc0a174c523fcd54c
SHA1 a22b3a903a52aa58a6ab3553307d0512a477acd8
SHA256 dd0adac1f6b9f4f7674594cee53b3aa569fd63bbb604ccadf2828feeae67f12e
SHA512 492af123dbc3fa5de99fdcbce88be42bc2bf2b30b90cf34407ebf68aa62f131f3dffb7c77c68f88e834200acf11655bd07c6aef15196a81da06dd9d0424d8f75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 63f42346fc98131e81b41da7b3c7a705
SHA1 40f6ee5b894d47a65299e94d8254b6f580a37756
SHA256 45966caa787dcc3d5358abf524becb027886985691b3565d55e584df5f15818e
SHA512 37ff8861b001ffe45d3542641ca5d3ea1d55bef7d20e976e30fea69a3ce52180228b685356a2ad6680233a3c302082b696fdafc341f193b56867442f7565b7d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 af25b462b8b90a30577c2568b13e678b
SHA1 4e52598f59ed44632bafeb0699b72c94bf910e7c
SHA256 68b2a2271e33f6488f13401fef73ddabd35bbdc5171440134fff0ab4e6fb7c84
SHA512 6541d4ccc0085a077bc63f706659f886f6811665d4601877da7177dce150280c6b072c8f5ca3dd71c2c568fe6bce77f952051ab4dc4fdd7d648e09b32afed12d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4363d0e7c84956483acc92db5c884b43
SHA1 737ecb410501c2f36a9d76cfb30fedeab11c56b7
SHA256 b43fb5e272bab5215e5498be62bfee937b55bfdb6a1f914199922e176599370a
SHA512 1e6e6bf9a404f654aa7147a8a88f38375132a1d333deba91bc3d16f3e5fb5ef62cd8f4a8a035a7fa3f984410cc71e1785fac77a876d553ac015759649af97835

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cc5efff8ce8f67068409ecee0019e212
SHA1 f28530cc2f92e8d71fe01c3e29002cf7bdc50529
SHA256 1387867dca360dc1399ad3a0dc742f11af0b36810c19dc2afb3868918f11855e
SHA512 4a9e472e712e5891498b3a024a42a148c3882f4bb1c33b51122cb2a0b2439abfe886c9348963eb01a076579f9c7af97375f71a180326ad9d7dbf7d729f750ec2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9ec449966d16ef6983d94b13e047c558
SHA1 dffe07e4cbcf60a64e6d454d40220d936c24217d
SHA256 88813644000833ea0a67b7b98d3a6f0b8c81fd0001cf03fab5f28323c4865a7f
SHA512 56de09fb03278da7f6e01f002b755b0d0a547e6e867312901d3efa706bb4b0c4e85b9703a545b010bfeac50af15a55f2632444a7fdf85e5f4c83351baf5c31e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3de822477dffb8848e63e3344dbe603c
SHA1 7ccce73d53c809068e09012c5e5cd46da1380990
SHA256 093b79da6d08100016d67f8c84bb24d6bd78db5160ed0045f96e52a8a9e9c2fe
SHA512 1c298a0ffa0838d180b6e15bd918a4d894503a55895e6539d9c690588db0e458a03d2d92cf5a8508fdfce47fe007706242e3e284b3bf39616ceb6efb6da262df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eaecd5f65059d51ec75ee7079f887a31
SHA1 90ee0abf0e7d980ca75b9ae33bca392c527669f7
SHA256 783137e5f895710bc2f4274e6f5e1a3fe032c8b815931ae1bfb0141e95aa7062
SHA512 36b66521fa27b5ad6d2cb709fcd836c5509e69e56d9cd5ade460d412ad7a7a37cbeae2f03d65691b568aae255ae4b875609977b5b747e75e0bac573722a9ea13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 70091675067bd9315f39395e7325c209
SHA1 fbd3b11674e571932f280850413273031ef90d6a
SHA256 edb040cf1ca8cc4bc923bb1d6aa08633cfda28258e00e4a1bb18042200bffcb9
SHA512 adbcff2d1d688e523ac81380bc415eb782babf14b1305f1f114c7f82b6a3cabcf4b724eabd77272f818d7d153a0ba5da558e96e6a2b157968843ba11793fd93c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 34b61aeead7df69e9ffcb783dd80134b
SHA1 559eff2a9003d81dde3236221c93c13aeac66cc1
SHA256 d683bf896963e91991dde73ac2a0805423f00b3daf189e226f7c00d9d2aff289
SHA512 73313797adbc230a67e50cb05d61f516594a0b8bc15ae933fa0f1d3ab2adf65d088585d7ccaed18db22babbe1424086c141b43a17eb6ee6a7160ffcdf606fc06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 50939623496966a170d31bf1598c41fe
SHA1 b26d81a6b5773e426618526b03d0cfdff9ee8fdb
SHA256 f1d0c724ac979cd8833b5722998b5ee77371d2b4f148b6b6ce93ec3743759eaf
SHA512 bb12e06c8a2cec639845cfb7a3d056b7328356b2b935d75bc26a2862893bdf7b30b91ee3c36bf42f3de2198165e0220d2a7e28481ed15ea5f4b3d43b8f32eda8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1150aa21b7e4de6b0576c3de3604c894
SHA1 082aed5053948b78cc2671641399a6813e89425d
SHA256 55748393758a7a726a4fead2e464eed1b64b71aaa141f1dcd71979ea302b74a5
SHA512 c1524b1f2e72cf8ab5f3ae79701e05fb96ef769f7e234df04c8f7236e915a4e139299a9562a9f976ab90e01c2731cafdcbcaa7409dfea377c54e282f53e5abe5

memory/5200-2987-0x00007FFB81FE0000-0x00007FFB826A5000-memory.dmp

memory/5200-2989-0x00007FFB9EB10000-0x00007FFB9EB1F000-memory.dmp

memory/5200-2988-0x00007FFB9D400000-0x00007FFB9D425000-memory.dmp

memory/5200-2991-0x00007FFB94CA0000-0x00007FFB94CCD000-memory.dmp

memory/5200-2990-0x00007FFB9EA70000-0x00007FFB9EA8A000-memory.dmp

memory/5200-2992-0x00007FFB9A4B0000-0x00007FFB9A4BD000-memory.dmp

memory/5200-2994-0x00007FFB98800000-0x00007FFB9880D000-memory.dmp

memory/5200-2993-0x00007FFB94C60000-0x00007FFB94C79000-memory.dmp

memory/5200-2995-0x00007FFB98420000-0x00007FFB9842D000-memory.dmp

memory/5200-2996-0x00007FFB94A40000-0x00007FFB94A54000-memory.dmp

memory/5200-2997-0x00007FFB82740000-0x00007FFB82C69000-memory.dmp

memory/5200-2998-0x00007FFB81FE0000-0x00007FFB826A5000-memory.dmp

memory/5200-3000-0x00007FFB908B0000-0x00007FFB9097D000-memory.dmp

memory/5200-2999-0x00007FFB94A00000-0x00007FFB94A33000-memory.dmp

memory/5200-3001-0x00007FFB937E0000-0x00007FFB937F6000-memory.dmp

memory/5200-3002-0x00007FFB9D400000-0x00007FFB9D425000-memory.dmp

memory/5200-3003-0x00007FFB91630000-0x00007FFB91642000-memory.dmp

memory/5200-3007-0x00007FFB81E60000-0x00007FFB81FDE000-memory.dmp

memory/5200-3006-0x00007FFB94CA0000-0x00007FFB94CCD000-memory.dmp

memory/5200-3005-0x00007FFB8ADD0000-0x00007FFB8ADF4000-memory.dmp

memory/5200-3004-0x00007FFB90870000-0x00007FFB908A5000-memory.dmp

memory/5200-3008-0x00007FFB9A4B0000-0x00007FFB9A4BD000-memory.dmp

memory/5200-3009-0x00007FFB91610000-0x00007FFB91628000-memory.dmp

memory/5200-3012-0x00007FFB8ADA0000-0x00007FFB8ADC7000-memory.dmp

memory/5200-3013-0x00007FFB82D90000-0x00007FFB82EAB000-memory.dmp

memory/5200-3011-0x00007FFB82740000-0x00007FFB82C69000-memory.dmp

memory/5200-3010-0x00007FFB95670000-0x00007FFB9567B000-memory.dmp

memory/5200-3014-0x00007FFB94A40000-0x00007FFB94A54000-memory.dmp

memory/5200-3016-0x00007FFB95560000-0x00007FFB9556B000-memory.dmp

memory/5200-3015-0x00007FFB955E0000-0x00007FFB955EB000-memory.dmp

memory/5200-3017-0x00007FFB94A00000-0x00007FFB94A33000-memory.dmp

memory/5200-3023-0x00007FFB90C80000-0x00007FFB90C8B000-memory.dmp

memory/5200-3022-0x00007FFB94B50000-0x00007FFB94B5C000-memory.dmp

memory/5200-3021-0x00007FFB952D0000-0x00007FFB952DB000-memory.dmp

memory/5200-3020-0x00007FFB90860000-0x00007FFB9086C000-memory.dmp

memory/5200-3019-0x00007FFB95340000-0x00007FFB9534C000-memory.dmp

memory/5200-3018-0x00007FFB908B0000-0x00007FFB9097D000-memory.dmp

memory/5200-3031-0x00007FFB89B30000-0x00007FFB89B3D000-memory.dmp

memory/5200-3030-0x00007FFB89B40000-0x00007FFB89B4C000-memory.dmp

memory/5200-3029-0x00007FFB89B50000-0x00007FFB89B5C000-memory.dmp

memory/5200-3028-0x00007FFB89B60000-0x00007FFB89B6B000-memory.dmp

memory/5200-3027-0x00007FFB89B70000-0x00007FFB89B7B000-memory.dmp

memory/5200-3026-0x00007FFB8AD90000-0x00007FFB8AD9C000-memory.dmp

memory/5200-3025-0x00007FFB8DFA0000-0x00007FFB8DFAE000-memory.dmp

memory/5200-3024-0x00007FFB90850000-0x00007FFB9085C000-memory.dmp

memory/5200-3033-0x00007FFB89B00000-0x00007FFB89B0C000-memory.dmp

memory/5200-3032-0x00007FFB89B10000-0x00007FFB89B22000-memory.dmp

memory/5200-3036-0x00007FFB81C10000-0x00007FFB81E55000-memory.dmp

memory/5200-3035-0x00007FFB81E60000-0x00007FFB81FDE000-memory.dmp

memory/5200-3034-0x00007FFB8ADD0000-0x00007FFB8ADF4000-memory.dmp

memory/5200-3037-0x00007FFB82D90000-0x00007FFB82EAB000-memory.dmp

memory/5200-3039-0x00007FFB83420000-0x00007FFB8344E000-memory.dmp

memory/5200-3038-0x00007FFB88C50000-0x00007FFB88C79000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xenhgagq.q3i.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2452-3058-0x0000026EC08D0000-0x0000026EC08F2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\JNTDZBgM2H\Browser\cc's.txt

MD5 5aa796b6950a92a226cc5c98ed1c47e8
SHA1 6706a4082fc2c141272122f1ca424a446506c44d
SHA256 c4c83da3a904a4e7114f9bd46790db502cdd04800e684accb991cd1a08ee151c
SHA512 976f403257671e8f652bf988f4047202e1a0fd368fdb2bab2e79ece1c20c7eb775c4b3a8853c223d4f750f4192cd09455ff024918276dc1dd1442fa3b36623ad

memory/5200-3190-0x00007FFB90AB0000-0x00007FFB90ABF000-memory.dmp

memory/5200-3188-0x00007FFB8ADA0000-0x00007FFB8ADC7000-memory.dmp

memory/3988-3201-0x00007FFB81030000-0x00007FFB816F5000-memory.dmp

memory/3988-3202-0x00007FFB90A60000-0x00007FFB90A85000-memory.dmp

memory/3988-3203-0x00007FFB90A50000-0x00007FFB90A5F000-memory.dmp

memory/3988-3206-0x00007FFB90A00000-0x00007FFB90A2D000-memory.dmp

memory/3988-3205-0x00007FFB90A30000-0x00007FFB90A4A000-memory.dmp

memory/5200-3204-0x00007FFB90860000-0x00007FFB9086C000-memory.dmp

memory/3988-3207-0x00007FFB909F0000-0x00007FFB909FD000-memory.dmp

memory/3988-3209-0x00007FFB909B0000-0x00007FFB909BD000-memory.dmp

memory/3988-3208-0x00007FFB909C0000-0x00007FFB909D9000-memory.dmp

memory/3988-3210-0x00007FFB909A0000-0x00007FFB909AD000-memory.dmp

memory/5200-3211-0x00007FFB81C10000-0x00007FFB81E55000-memory.dmp

memory/3988-3213-0x00007FFB804B0000-0x00007FFB809D9000-memory.dmp

memory/3988-3212-0x00007FFB90980000-0x00007FFB90994000-memory.dmp

memory/3988-3214-0x00007FFB833E0000-0x00007FFB83413000-memory.dmp

memory/3988-3215-0x00007FFB81B40000-0x00007FFB81C0D000-memory.dmp

memory/3988-3217-0x00007FFB841E0000-0x00007FFB841F6000-memory.dmp

memory/3988-3219-0x00007FFB833C0000-0x00007FFB833D2000-memory.dmp

memory/3988-3218-0x00007FFB830F0000-0x00007FFB83125000-memory.dmp

memory/3988-3216-0x00007FFB81030000-0x00007FFB816F5000-memory.dmp

memory/3988-3220-0x00007FFB82D60000-0x00007FFB82D84000-memory.dmp

memory/3988-3222-0x00007FFB819C0000-0x00007FFB81B3E000-memory.dmp

memory/5200-3236-0x00007FFB908B0000-0x00007FFB9097D000-memory.dmp

memory/5200-3235-0x00007FFB94A00000-0x00007FFB94A33000-memory.dmp

memory/3988-3221-0x00007FFB909F0000-0x00007FFB909FD000-memory.dmp

memory/5200-3274-0x00007FFB81E60000-0x00007FFB81FDE000-memory.dmp

memory/5200-3273-0x00007FFB90870000-0x00007FFB908A5000-memory.dmp

memory/5200-3272-0x00007FFB91630000-0x00007FFB91642000-memory.dmp

memory/5200-3271-0x00007FFB937E0000-0x00007FFB937F6000-memory.dmp

memory/5200-3270-0x00007FFB94B50000-0x00007FFB94B5C000-memory.dmp

memory/5200-3269-0x00007FFB952D0000-0x00007FFB952DB000-memory.dmp

memory/5200-3268-0x00007FFB81FE0000-0x00007FFB826A5000-memory.dmp

memory/3988-3267-0x00007FFB82720000-0x00007FFB82738000-memory.dmp

memory/5200-3266-0x00007FFB9EB10000-0x00007FFB9EB1F000-memory.dmp

memory/5200-3265-0x00007FFB98420000-0x00007FFB9842D000-memory.dmp

memory/5200-3264-0x00007FFB98800000-0x00007FFB9880D000-memory.dmp

memory/5200-3263-0x00007FFB94C60000-0x00007FFB94C79000-memory.dmp

memory/5200-3262-0x00007FFB9A4B0000-0x00007FFB9A4BD000-memory.dmp

memory/5200-3261-0x00007FFB94CA0000-0x00007FFB94CCD000-memory.dmp

memory/5200-3260-0x00007FFB9EA70000-0x00007FFB9EA8A000-memory.dmp

memory/5200-3259-0x00007FFB8ADD0000-0x00007FFB8ADF4000-memory.dmp

memory/5200-3258-0x00007FFB9D400000-0x00007FFB9D425000-memory.dmp

memory/5200-3257-0x00007FFB94A40000-0x00007FFB94A54000-memory.dmp

memory/5200-3256-0x00007FFB90AB0000-0x00007FFB90ABF000-memory.dmp

memory/5200-3255-0x00007FFB8AD90000-0x00007FFB8AD9C000-memory.dmp

memory/5200-3254-0x00007FFB8DFA0000-0x00007FFB8DFAE000-memory.dmp

memory/5200-3253-0x00007FFB90850000-0x00007FFB9085C000-memory.dmp

memory/5200-3252-0x00007FFB90860000-0x00007FFB9086C000-memory.dmp

memory/5200-3251-0x00007FFB90C80000-0x00007FFB90C8B000-memory.dmp

memory/5200-3248-0x00007FFB95340000-0x00007FFB9534C000-memory.dmp

memory/5200-3246-0x00007FFB955E0000-0x00007FFB955EB000-memory.dmp

memory/5200-3245-0x00007FFB82D90000-0x00007FFB82EAB000-memory.dmp

memory/5200-3234-0x00007FFB82740000-0x00007FFB82C69000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\uxghxe3gDU\Browser\cookies.txt

MD5 357c18b5c470aa5214819ed2e11882f9
SHA1 262726528ac6ece5ef69b48cbf69e9d3c79bbc2d
SHA256 e04233c3a65810f382471c2c1484cc71df6f2078d56bd91f478ed99790ac11f5
SHA512 a84eaa0f8466ef145e765b3c340120a7947aad6ded63c301be5a5c4dea15f603ae0a295c8d7d9828a8f660edfa058edf96abc6950eebbbafe3af402a4b37d683

C:\Users\Admin\AppData\Local\Temp\uxghxe3gDU\Browser\history.txt

MD5 cf9f678746c8890c212ad7dd0c49576b
SHA1 b610e0e52b505de7c4b6e048145c9b920213c0c2
SHA256 92f8ee9ca623e9efd83b6daa37a1f06939a7757aa788493bc177afcb52e66d21
SHA512 a6013a164811ec23a9cfd06af261de7dd34dfc7c18c542500f0042dc3cb9e4050949086f7ebddcf2381933391474cf0bbb687e7639857ea0cbbf80313f142bbc

C:\Users\Admin\AppData\Local\Temp\uxghxe3gDU\Browser\roblox cookies.txt

MD5 de9ec9fc7c87635cb91e05c792e94140
SHA1 3f0fbeaff23a30040e5f52b78b474e7cb23488ab
SHA256 aac2a87a65cbbe472000734bd6db5c76f0ffed78e80928f575d5573f3ac94d0f
SHA512 a18ff0f277d880cf249fe7ef20fa026fd8126121fbb6f1de33d3d4a08d37084c662724053c6e8e2035aa7c347000e14a9c12698017ac72b327db6473d6e4af56

memory/5820-3407-0x000001C73C460000-0x000001C73C5AF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI19642\cryptography-42.0.7.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

memory/3988-3554-0x00007FFB909F0000-0x00007FFB909FD000-memory.dmp

memory/3988-3553-0x00007FFB90A00000-0x00007FFB90A2D000-memory.dmp

memory/3988-3549-0x00007FFB81030000-0x00007FFB816F5000-memory.dmp

C:\Users\Admin\tmp\Keskv7jXKRFLTjkIOqZ

MD5 42c395b8db48b6ce3d34c301d1eba9d5
SHA1 b7cfa3de344814bec105391663c0df4a74310996
SHA256 5644546ecefc6786c7be5b1a89e935e640963ccd34b130f21baab9370cb9055d
SHA512 7b9214db96e9bec8745b4161a41c4c0520cdda9950f0cd3f12c7744227a25d639d07c0dd68b552cf1e032181c2e4f8297747f27bad6c7447b0f415a86bd82845

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NLHybrid.exe

MD5 77c209dfb7b2022d18c6222c0e323621
SHA1 c64c3670bf1d43e6148497e53fa113596104b5e0
SHA256 39c8291e67e46d2187eebeff36fba793f42b5502a7f29088367e15fd50bae5eb
SHA512 be2bfdd58064ba432a2e9596c810f988399974393f7a4b44428dd42ba08f209e474d3d12fc3e21850ede3c43db64e56129ce279b71f4d13a8aa1844e69d02d53

C:\Users\Admin\AppData\Local\Temp\kLtzF05dO6\desktopshot.png

MD5 810ff04a8cca542c24983983eca710a0
SHA1 c346a0904182629eb7abef9e4421479111de606c
SHA256 40d6b43b65f07022a0fdce9eca8f2e190366eb1db086bb7585ad6062835a796c
SHA512 10da64ce8bc352f786842e913f7380c62432dee32381bc3c114a430f490bed5c595664d6f93658d5b21d3239cb220bce2092bc91db18262bec914eecb3d06001

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Cipher\_ARC4.pyd

MD5 79cb88fd8430233f7a1016156f30cdc0
SHA1 711180549115dbeb465e4ba5fd6469a9495013dd
SHA256 6fa90105b62e529ae76377b5e1bd182a8575b33da8221041cb1d74b12fff05eb
SHA512 0e35a951c7130ebdee973e2fea09212cce8884d959269f9b3382b5ae091779104596ee2003b057c8856704eef68cd75eb2358a6f89f46bcc4442af4d10197d6b

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Cipher\_Salsa20.pyd

MD5 067672b26a276933ca266a4905411177
SHA1 d0956de75607e58c2456d1b0d65ca618a5de3e32
SHA256 d0a372a717c35ed589fe00a93a182de8c60f4284ea1174f80eedfa61f073387e
SHA512 8c3ec1162cd2affa72a406ff4b09b15167cce424c854f0132c91a3e60df0e8c6702c27e541d33a6df2d1475414160b0d6ec1f91517186192a586f22a49401449

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Cipher\_chacha20.pyd

MD5 b373b105751e4eb54d7bed60abf38772
SHA1 f06b3e656c4bfa9641b70ba1843a96dfcfdf26ff
SHA256 7e1066defb01b427eba03c04159fbba281bb2440ab622fecc408f9725e0ffc70
SHA512 c8baa4b0523dad655635dc3334c5dc3bb6c6250e4e26315c93e8dca83ed155c1101751de036e7b7cbee787435fc0e736b9eed99e5c037ef60fdecfb50b8cf816

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Cipher\_pkcs1_decode.pyd

MD5 5a600939bea7972085fcd1fb8c5afc4b
SHA1 491debba06183acb66c0a2bdd681f3e094de9ed6
SHA256 656d8c5869f87d20385cef4b8c43e5b49a259e57405b7dc3c92037c2e09bb311
SHA512 dc843ab511ee0c762a665eb514b1a7b2635044ac11590f8e941cc6bc44bcae17c12e4ac8775343ad9eac2c0a762e2924faed50bcd44b483dc5f70754bc09fb97

C:\Users\Admin\AppData\Local\Temp\_MEI28122\PIL\_imagingcms.cp312-win_amd64.pyd

MD5 6af53106b9d923140ae04a2ad18fb667
SHA1 97a477117b91b9003a68383b7e2198799567ac0b
SHA256 fcace12838f8f9cfbd07e2320e8ff179a3ecfe5790b5f3d4ceceb45be704c59d
SHA512 f53a1fc5c3ea5b37987b01b8884777240d716fb422a71559e38187c03536d36b1e7ee46c2772c413800373299390d6a501709f81abb3b63d961414383833136c

C:\Users\Admin\AppData\Local\Temp\_MEI28122\PIL\_imaging.cp312-win_amd64.pyd

MD5 f64c17680bd77cf793e2689f4f2d4c60
SHA1 b34d65454440d1629221624994ceac3eebc39874
SHA256 fcbb4aacec2e8166cde24ee43e0a94583c19001411c7d54641402c4e9b1a3d31
SHA512 d37eb8861303658463147c762086e16aa26c480ce72fa1dd0f974f7d7af6e5a0a8cc89382ce7c81743bbd78b679ce932b0cdebb618ed0affc2719a46a78c15a8

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Util\_strxor.pyd

MD5 5514407ec9a5f75b9fe72a4dcea9ca1a
SHA1 96f0e027bbfd35f817aeb6b5991d89ea8cc8c10f
SHA256 ffea9f021df4e5dc728feabdb3de15a94cbcbb736fd0301f7772b2046a3b0070
SHA512 5326bc489e106906306fce2b890c992a114f217d1001afdad16061e1e61d71b34dbda5b0fa4a38f31f77756b1adc8501effb662e028fabe361d064e63056fa83

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Util\_cpuid_c.pyd

MD5 1e11fe9316220ae1b4b58f3edd43e7a7
SHA1 ec32f80592d5e3dd75eeade1d542a645fe5eeb79
SHA256 a0c879e6e344e785d585661efcec49e9d08b7412bba4a7076e04b8a94e50a7f1
SHA512 d426c883ce048d06b585c4f6dbdca53dad99a36b3fa417de7cbc72810b4dde0b27dbccca00106f89782c8df224a451922848b2340311871b738a33d8ef09c3ed

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\PublicKey\_x25519.pyd

MD5 82bb6e1c1007267741ea7747cd3fca30
SHA1 c5810307f1df869aa80f4b3514c82f814bb06820
SHA256 6fb2faf00340ffcb71a4df4a1cf47757e836c99a74f0a05f064525a1406896c0
SHA512 820cf0aee8729a6afc92e0d12ac985445cfa490a22b52a78e9987696751cf5d7db26ab3a3e9953c0af22e41c528047cb1dbc1735c1269f7bd7d383b0f0f88a2d

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\PublicKey\_ed448.pyd

MD5 407793df7c9fb01130e4ab4e3d5ebe87
SHA1 cbb22aefcee09436b06ed10bd9b00c2213b41859
SHA256 378f571e9b4c1dde631de152ec08de28e08fb14adc1edccc2ef1baf267d0f438
SHA512 0a522499b7a2c8ad61354dd6771897103a3c83275245bb2301abbe81796f0ea77c5e18de46d95384e88d81f164f57a2a022c01f5624bc7bafeb3390c73771fb4

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\PublicKey\_ed25519.pyd

MD5 f2334d0dd7f099b47d7993ebf0da4ceb
SHA1 66b9b7e969526e86ba5a894b90c5e1ee38d65372
SHA256 62eb9e4c9fad4ad02f8030a63708371032ca2ab86112aa209abfee164ab96ac8
SHA512 c4c5a603fb5c94aa0f9dc869d52c5ca4280917d149c32c3578fef1c97e7941ea56752380ccbdea7e636a44be9c54c4866abbea69f140555d9d1823c18296cab8

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\PublicKey\_ec_ws.pyd

MD5 aa836ccc148401f90d562cc33984bd54
SHA1 1857d1029b872c801ebf30010c14eb100a767f9d
SHA256 50c5f9bf08a1e1830c9c581f3a2e27b5cb4f32a698decdace6ab9c4680213b21
SHA512 3ba0709412e083a7352f17d149bd89df657e4bd3e591f01cdf8afd6a41945d0d5554aa8941b0f4b117fa04e930e4c8782515094278914fcd321c9da524f55b78

C:\Users\Admin\AppData\Local\Temp\_MEI28122\PIL\_imagingmath.cp312-win_amd64.pyd

MD5 6eeebf85d2375573370bb3f4e695717f
SHA1 a95ee3484bac2e34b4373287593e356a4217ef03
SHA256 17c061f311cacd4e7bc72ae958af171879219eb1adae137eb23cc516372c9195
SHA512 58266b597a31564fce2d0979fb654395675ad714285bc625795b9a806b714a2c96a2158c65e152f9c04de01c0233852f0cd8a02ec5fac2c58e97735a674982c6

C:\Users\Admin\AppData\Local\Temp\_MEI28122\libcrypto-3.dll

MD5 7f1b899d2015164ab951d04ebb91e9ac
SHA1 1223986c8a1cbb57ef1725175986e15018cc9eab
SHA256 41201d2f29cf3bc16bf32c8cecf3b89e82fec3e5572eb38a578ae0fb0c5a2986
SHA512 ca227b6f998cacca3eb6a8f18d63f8f18633ab4b8464fb8b47caa010687a64516181ad0701c794d6bfe3f153662ea94779b4f70a5a5a94bb3066d8a011b4310d

C:\Users\Admin\AppData\Local\Temp\_MEI28122\libssl-3.dll

MD5 264be59ff04e5dcd1d020f16aab3c8cb
SHA1 2d7e186c688b34fdb4c85a3fce0beff39b15d50e
SHA256 358b59da9580e7102adfc1be9400acea18bc49474db26f2f8bacb4b8839ce49d
SHA512 9abb96549724affb2e69e5cb2c834ecea3f882f2f7392f2f8811b8b0db57c5340ab21be60f1798c7ab05f93692eb0aeab077caf7e9b7bb278ad374ff3c52d248

C:\Users\Admin\AppData\Local\Temp\_MEI28122\libffi-8.dll

MD5 08b000c3d990bc018fcb91a1e175e06e
SHA1 bd0ce09bb3414d11c91316113c2becfff0862d0d
SHA256 135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece
SHA512 8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf

C:\Users\Admin\AppData\Local\Temp\_MEI28122\cryptography\hazmat\bindings\_rust.pyd

MD5 d85fd537a56a67fa5a1afec25affc010
SHA1 47f7f26c6840de1697d113ab3622235a35277dbb
SHA256 9b1a8477c284aaf301f03a07e76d00398af03a9203374f6eec788f6c5118ec09
SHA512 41bd3562490e5d01d4f08e8fccd8e19bb3f14feda143c43a7bbe69d0d98ffc469f72d9072ca012edd807fbf17b466e677aba657e1240227327d17b496061889d

C:\Users\Admin\AppData\Local\Temp\_MEI28122\cryptography-42.0.7.dist-info\top_level.txt

MD5 e7274bd06ff93210298e7117d11ea631
SHA1 7132c9ec1fd99924d658cc672f3afe98afefab8a
SHA256 28d693f929f62b8bb135a11b7ba9987439f7a960cc969e32f8cb567c1ef79c97
SHA512 aa6021c4e60a6382630bebc1e16944f9b312359d645fc61219e9a3f19d876fd600e07dca6932dcd7a1e15bfdeac7dbdceb9fffcd5ca0e5377b82268ed19de225

C:\Users\Admin\AppData\Local\Temp\_MEI28122\cryptography-42.0.7.dist-info\WHEEL

MD5 c48772ff6f9f408d7160fe9537e150e0
SHA1 79d4978b413f7051c3721164812885381de2fdf5
SHA256 67325f22d7654f051b7a1d92bd644f6ebaa00df5bf7638a48219f07d19aa1484
SHA512 a817107d9f70177ea9ca6a370a2a0cb795346c9025388808402797f33144c1baf7e3de6406ff9e3d8a3486bdfaa630b90b63935925a36302ab19e4c78179674f

C:\Users\Admin\AppData\Local\Temp\_MEI28122\cryptography-42.0.7.dist-info\RECORD

MD5 4262e116c4363cabd7ca1acbe4494489
SHA1 b2bef714db952e4585b612df6c3728ebb8ae2b26
SHA256 99f3723f903383d17a64b168911c7fc690210f1e5a2933ef5b0fb0d11e21e68b
SHA512 3d560dc346e383ea755caf66588561075c6b97f0542558e02b409ed2c4fba561507b4812614642d74cc3bb261fa405deb2946e81e447ff57b5024ae866a6840e

C:\Users\Admin\AppData\Local\Temp\_MEI28122\cryptography-42.0.7.dist-info\METADATA

MD5 51e28e442ad9f3ca86fc022806f6b860
SHA1 ec18e5a627febf6fc10fd28f77f03abe0d45f1d3
SHA256 c783b299bf4110de7f94a7da362927657dd1cd0631b00f2d7a2f1242ff4c3a1a
SHA512 a2d54956de9f2a896b270a6f2f738f1c83f13ebfa013ca21c7c8de2c02109065eb8feee1e1c4b5593a3a91eeba5caccf24d174fe7e098a61ed73949330a94e62

C:\Users\Admin\AppData\Local\Temp\_MEI28122\cryptography-42.0.7.dist-info\LICENSE.BSD

MD5 5ae30ba4123bc4f2fa49aa0b0dce887b
SHA1 ea5b412c09f3b29ba1d81a61b878c5c16ffe69d8
SHA256 602c4c7482de6479dd2e9793cda275e5e63d773dacd1eca689232ab7008fb4fb
SHA512 ddbb20c80adbc8f4118c10d3e116a5cd6536f72077c5916d87258e155be561b89eb45c6341a1e856ec308b49a4cb4dba1408eabd6a781fbe18d6c71c32b72c41

C:\Users\Admin\AppData\Local\Temp\_MEI28122\cryptography-42.0.7.dist-info\LICENSE.APACHE

MD5 4e168cce331e5c827d4c2b68a6200e1b
SHA1 de33ead2bee64352544ce0aa9e410c0c44fdf7d9
SHA256 aac73b3148f6d1d7111dbca32099f68d26c644c6813ae1e4f05f6579aa2663fe
SHA512 f451048e81a49fbfa11b49de16ff46c52a8e3042d1bcc3a50aaf7712b097bed9ae9aed9149c21476c2a1e12f1583d4810a6d36569e993fe1ad3879942e5b0d52

C:\Users\Admin\AppData\Local\Temp\_MEI28122\cryptography-42.0.7.dist-info\LICENSE

MD5 8c3617db4fb6fae01f1d253ab91511e4
SHA1 e442040c26cd76d1b946822caf29011a51f75d6d
SHA256 3e0c7c091a948b82533ba98fd7cbb40432d6f1a9acbf85f5922d2f99a93ae6bb
SHA512 77a1919e380730bcce5b55d76fbffba2f95874254fad955bd2fe1de7fc0e4e25b5fdaab0feffd6f230fa5dc895f593cf8bfedf8fdc113efbd8e22fadab0b8998

C:\Users\Admin\AppData\Local\Temp\_MEI28122\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

MD5 4b81e1518d8fc26804b26fa0099ee5b6
SHA1 b152ee2d7b843b883f830e69af629a49e2909dcf
SHA256 f00565d8909029ce00bc04048a551975db20eb8aa39d1e4a65b7e659c0945100
SHA512 09ad69911959418e458cf25c972b4d14983d58c4a48ae739c31d981125442673e66d935bf9c2ea0aa8fbfa20ba4434cf9aac6e6a3b0bd776cf4e46cb80b93949

C:\Users\Admin\AppData\Local\Temp\_MEI28122\charset_normalizer\md.cp312-win_amd64.pyd

MD5 ea68b13d83a5c7521453120dd7bd4dfc
SHA1 182d77f89ceb44b524b9d53d6480343f9670fc9c
SHA256 c3d31f8842c002085e2d7aa43856c2297d6740f70450c2c4bf80dc1d8360cbc7
SHA512 41d3eddc57ee9c643ab28a6e0286cd39c2724a9d1bdf24d75d1dd3ec7900396768e6afa4702272b051627855bdcb12fac8d8834d1d1ddf1638c769c89c2b488d

C:\Users\Admin\AppData\Local\Temp\_MEI28122\certifi\cacert.pem

MD5 2a6bef11d1f4672f86d3321b38f81220
SHA1 b4146c66e7e24312882d33b16b2ee140cb764b0e
SHA256 1605d0d39c5e25d67e7838da6a17dcf2e8c6cfa79030e8fb0318e35f5495493c
SHA512 500dfff929d803b0121796e8c1a30bdfcb149318a4a4de460451e093e4cbd568cd12ab20d0294e0bfa7efbd001de968cca4c61072218441d4fa7fd9edf7236d9

C:\Users\Admin\AppData\Local\Temp\_MEI28122\base_library.zip

MD5 8dad91add129dca41dd17a332a64d593
SHA1 70a4ec5a17ed63caf2407bd76dc116aca7765c0d
SHA256 8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783
SHA512 2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50

C:\Users\Admin\AppData\Local\Temp\_MEI28122\_wmi.pyd

MD5 db08907bdaee97a5e6e7c710fa7c8c89
SHA1 770dac1472d1680b7cddc65c3e1c95e7231135a6
SHA256 87c83cf09611d382d3886e396819258be29ee5bbcb15924ee9d7611b9aebb24e
SHA512 502a283beef61985b9365731e60a9170672abfb96c925e5d79067233a70498d15af8af2125e8ebfbea3043fed3732ddff46d79ff22182333d5d2c7017653e1a4

C:\Users\Admin\AppData\Local\Temp\_MEI28122\_uuid.pyd

MD5 353e11301ea38261e6b1cb261a81e0fe
SHA1 607c5ebe67e29eabc61978fb52e4ec23b9a3348e
SHA256 d132f754471bd8a6f6d7816453c2e542f250a4d8089b657392fe61a500ae7899
SHA512 fa990b3e9619d59ae3ad0aeffca7a3513ab143bfd0ac9277e711519010f7c453258a4b041be86a275f3c365e980fc857c23563f3b393d1e3a223973a673e88c5

C:\Users\Admin\AppData\Local\Temp\_MEI28122\_ssl.pyd

MD5 615bfc3800cf4080bc6d52ac091ec925
SHA1 5b661997ed1f0a6ea22640b11af71e0655522a10
SHA256 1819dd90e26aa49eb40119b6442e0e60ec95d3025e9c863778dcc6295a2b561f
SHA512 1198426b560044c7f58b1a366a9f8afcde1b6e45647f9ae9c451fb121708aa4371673815be1d35ad1015029c7c1c6ea4755eb3701dbf6f3f65078a18a1daeacb

C:\Users\Admin\AppData\Local\Temp\_MEI28122\_sqlite3.pyd

MD5 3d85e2aa598468d9449689a89816395e
SHA1 e6d01b535c8fc43337f3c56bfc0678a64cf89151
SHA256 6f0c212cb7863099a7ce566a5cf83880d91e38a164dd7f9d05d83cce80fa1083
SHA512 a9a527fc1fcce3ffe95e9e6f4991b1a7156a5ca35181100ea2a25b42838b91e39dd9f06f0efedb2453aa87f90e134467a7662dbbe22c6771f1204d82cc6cea82

C:\Users\Admin\AppData\Local\Temp\_MEI28122\_socket.pyd

MD5 f8d03997e7efcdd28a351b6f35b429a2
SHA1 1a7ae96f258547a14f6e8c0defe127a4e445206d
SHA256 aef190652d8466c0455311f320248764acbff6109d1238a26f8983ce86483bf1
SHA512 40c9bce421c7733df37558f48b8a95831cc3cf3e2c2cdf40477b733b14bd0a8a0202bc8bc95f39fcd2f76d21deac21ad1a4d0f6218b8f8d57290968163effef8

C:\Users\Admin\AppData\Local\Temp\_MEI28122\_queue.pyd

MD5 fc796fcde996f78225a4ec1bed603606
SHA1 5389f530aaf4bd0d4fce981f57f68a67fe921ee1
SHA256 c7c598121b1d82eb710425c0dc1fc0598545a61ffb1dd41931bb9368fb350b93
SHA512 4d40e5a4ab266646bedacf4fde9674a14795dcfb72aae70a1c4c749f7a9a4f6e302a00753fe0446c1d7cc90caee2d37611d398fdc4c68e48c8bc3637dfd57c15

C:\Users\Admin\AppData\Local\Temp\_MEI28122\_overlapped.pyd

MD5 6b2f62d1ab91d4d0abf0f10218cf1ca7
SHA1 d9797eaff4bea253d66339614a9fbaea8400bc74
SHA256 afbe7f4c19a7db42dc45f9f5591602c119fe5064de6607f33ba678f07626426d
SHA512 653a976c885b08a598dee727a2672aabc514d4095879c1b564354acf938197d8d49645f7b9e241b21610a5abf3bbd9d3805c64a158bf7c26f4a13e6be806fd5a

C:\Users\Admin\AppData\Local\Temp\_MEI28122\_multiprocessing.pyd

MD5 1359d06d86e1694c74076b81d265782b
SHA1 9cb55b82f4c2a407357ea0e5e48020a22ad4bf03
SHA256 81acc28672d3d46bdd7113efb2a13ceedbe0009fab5600117db4cad1648f69a9
SHA512 173bb999e680062692c99eaa1743361d65c5cdf7f88380d512717bab9d716b0c8b339bc59fce220336242b75aa70b5521560cb4d1fa857176624d6a73d07e17d

C:\Users\Admin\AppData\Local\Temp\_MEI28122\_lzma.pyd

MD5 05adb189d4cfdcacb799178081d8ebcb
SHA1 657382ad2c02b42499e399bfb7be4706343cecab
SHA256 87b7bae6b4f22d7d161aefae54bc523d9c976ea2aef17ee9c3cf8fe958487618
SHA512 13fc9204d6f16a6b815addf95c31ea5c543bf8608bfcc5d222c7075dd789551a202ae442fddc92ea5919ecf58ba91383a0f499182b330b98b240152e3aa868c5

C:\Users\Admin\AppData\Local\Temp\_MEI28122\_decimal.pyd

MD5 ccfad3c08b9887e6cea26ddca2b90b73
SHA1 0e0fb641b386d57f87e69457faf22da259556a0d
SHA256 bad3948151d79b16776db9a4a054033a6f2865cb065f53a623434c6b5c9f4aad
SHA512 3af88779db58dcae4474c313b7d55f181f0678c24c16240e3b03721b18b66bdfb4e18d73a3cef0c954d0b8e671cf667fc5e91b5f1027de489a7039b39542b8ca

C:\Users\Admin\AppData\Local\Temp\_MEI28122\_hashlib.pyd

MD5 89f3c173f4ca120d643aab73980ade66
SHA1 e4038384b64985a978a6e53142324a7498285ec4
SHA256 95b1f5eff9d29eb6e7c6ed817a12ca33b67c76acea3cb4f677ec1e6812b28b67
SHA512 76e737552be1ce21b92fa291777eac2667f2cfc61ae5eb62d133c89b769a8d4ef8082384b5c819404b89a698fcc1491c62493cf8ff0dcc65e01f96b6f7b5e14f

C:\Users\Admin\AppData\Local\Temp\_MEI28122\_ctypes.pyd

MD5 a8cb7698a8282defd6143536ed821ec9
SHA1 3d1b476b9c042d066de16308d99f1633393a497a
SHA256 40d53a382a78b305064a4f4df50543d2227679313030c9edf5ee82af23bf8f4a
SHA512 1445ae7dc7146afbe391e131baff456445d7e96a3618bfef36dc39af978dd305e3a294acd62ee91a050812c321a9ec298085c7ad4eb9b81e2e40e23c5a85f2cc

C:\Users\Admin\AppData\Local\Temp\_MEI28122\_cffi_backend.cp312-win_amd64.pyd

MD5 26624b2ea2b9ec0e6ddec72f064c181a
SHA1 2658bae86a266def37cce09582874c2da5c8f6fa
SHA256 9fcab2f71b7b58636a613043387128394e29fe6e0c7ed698abdc754ba35e6279
SHA512 a5315700af222cdb343086fd4a4e8a4768050fdf36e1f8041770a131fc6f45fefe806291efc1cfb383f975e123d378a029d9884244a420523fc58b8178e8571f

C:\Users\Admin\AppData\Local\Temp\_MEI28122\python3.dll

MD5 79b02450d6ca4852165036c8d4eaed1f
SHA1 ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4
SHA256 d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123
SHA512 47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416

C:\Users\Admin\AppData\Local\Temp\_MEI28122\pyexpat.pyd

MD5 a8fa7e9e05798ee799f6cc56a3fcf4ad
SHA1 7e1a36eba8eded63f2e409c00b0dcdf47dc9346c
SHA256 0221731a4b1bea7946061321d27d4a2b0b96d7acf0a54ecbacdf11aabecb4268
SHA512 6ea88387d89969f1746c0fe317d8ac3f55c28378fdcc08fcff05e9ddf57e1b034a6a371c0febb7858a0aed74a334b7b8de7d7f08882c650990b2779f946fa799

C:\Users\Admin\AppData\Local\Temp\_MEI28122\wheel-0.43.0.dist-info\entry_points.txt

MD5 6180e17c30bae5b30db371793fce0085
SHA1 e3a12c421562a77d90a13d8539a3a0f4d3228359
SHA256 ad363505b90f1e1906326e10dc5d29233241cd6da4331a06d68ae27dfbc6740d
SHA512 69eae7b1e181d7ba1d3e2864d31e1320625a375e76d3b2fbf8856b3b6515936ace3138d4d442cabde7576fcfbcbb0deed054d90b95cfa1c99829db12a9031e26

C:\Users\Admin\AppData\Local\Temp\_MEI28122\win32\win32crypt.pyd

MD5 22d56d38e9a1da4747442df238b5ef60
SHA1 5a197279221deece6fce80bed660aff6f998f135
SHA256 3e952daac84962cac9eeaea042a9a143ecd97c21a4c0d876d6a4373a9d7d8695
SHA512 cd9b92e3e24566a0ff8356e094b7098e54e8232ffdc2112614d448114f37c4dcefe5b505780f92ff47e59477dd927e677f1d9ef16857f6b16c08c45a800d2538

C:\Users\Admin\AppData\Local\Temp\_MEI28122\win32\win32api.pyd

MD5 59b1c9a7e9b5d6737c76bb4b06d685e2
SHA1 065223fa91a10f1e2a18e146891df61e3919126e
SHA256 f6ad58dcfe148a8f79a9c0c12f9d5ae7d8c1d0263904c9f30e9b4c3c609cc7b8
SHA512 7f39758c469fa33694ede6f0dc7f6147c18e1bea6bdb331b0c2009bad531c9da1a13bcd853f322e340293a795dbdac2ea77b38d310300bb91a836f11d12270cb

C:\Users\Admin\AppData\Local\Temp\_MEI28122\wheel-0.43.0.dist-info\WHEEL

MD5 24019423ea7c0c2df41c8272a3791e7b
SHA1 aae9ecfb44813b68ca525ba7fa0d988615399c86
SHA256 1196c6921ec87b83e865f450f08d19b8ff5592537f4ef719e83484e546abe33e
SHA512 09ab8e4daa9193cfdee6cf98ccae9db0601f3dcd4944d07bf3ae6fa5bcb9dc0dcafd369de9a650a38d1b46c758db0721eba884446a8a5ad82bb745fd5db5f9b1

C:\Users\Admin\AppData\Local\Temp\_MEI28122\wheel-0.43.0.dist-info\RECORD

MD5 64e8bbdd0116c84feb87e6e92c792665
SHA1 919a72355847c22e514ce8b4da47f58741397677
SHA256 01b098a312be67eee97a1b41f0a1c4cf9ac7ec884f9df10b0adef271f195f7a0
SHA512 85432bb65313b8ad3aed4f59aa532a3c436e884e8603f7ba9ca914fece63f6c217fd63181cef406824b353815697c691e24594d45ee16f92b22922fde9fb02b4

C:\Users\Admin\AppData\Local\Temp\_MEI28122\wheel-0.43.0.dist-info\METADATA

MD5 ebea27da14e3f453119dc72d84343e8c
SHA1 7ceb6dbe498b69abf4087637c6f500742ff7e2b4
SHA256 59bac22b00a59d3e5608a56b8cf8efc43831a36b72792ee4389c9cd4669c7841
SHA512 a41593939b9325d40cb67fd3f41cd1c9e9978f162487fb469094c41440b5f48016b9a66be2e6e4a0406d6eedb25ce4f5a860ba1e3dc924b81f63ceee3ae31117

C:\Users\Admin\AppData\Local\Temp\_MEI28122\wheel-0.43.0.dist-info\LICENSE.txt

MD5 7ffb0db04527cfe380e4f2726bd05ebf
SHA1 5b39c45a91a556e5f1599604f1799e4027fa0e60
SHA256 30c23618679108f3e8ea1d2a658c7ca417bdfc891c98ef1a89fa4ff0c9828654
SHA512 205f284f3a7e8e696c70ed7b856ee98c1671c68893f0952eec40915a383bc452b99899bdc401f9fe161a1bf9b6e2cea3bcd90615eee9173301657a2ce4bafe14

C:\Users\Admin\AppData\Local\Temp\_MEI28122\unicodedata.pyd

MD5 27b3af74ddaf9bca239bf2503bf7e45b
SHA1 80a09257f9a4212e2765d492366ed1e60d409e04
SHA256 584c2ecea23dfc72ab793b3fd1059b3ea6fdf885291a3c7a166157cf0e6491c4
SHA512 329c3a9159ea2fdce5e7a28070bcf9d6d67eca0b27c4564e5250e7a407c8b551b68a034bfde9d8d688fa5a1ae6e29e132497b3a630796a97b464762ca0d81bb7

C:\Users\Admin\AppData\Local\Temp\_MEI28122\sqlite3.dll

MD5 482b3f8adf64f96ad4c81ae3e7c0fb35
SHA1 91891d0eabb33211970608f07850720bd8c44734
SHA256 1fbdb4020352e18748434ef6f86b7346f48d6fb9a72c853be7b05e0e53ebbb03
SHA512 5de56e00ab6f48ffc836471421d4e360d913a78ee8e071896a2cd951ff20f7a4123abd98adf003ce166dcc82aad248ebf8b63e55e14eceec8aa9a030067c0d1d

C:\Users\Admin\AppData\Local\Temp\_MEI28122\select.pyd

MD5 08b4caeaccb6f6d27250e6a268c723be
SHA1 575c11f72c8d0a025c307cb12efa5cb06705561d
SHA256 bd853435608486555091146ab34b71a9247f4aaa9f7ecfbc3b728a3e3efde436
SHA512 9b525395dec028ef3286c75b88f768e5d40195d4d5adab0775c64b623345d81da1566596cc61a460681bc0adba9727afc96c98ad2e54ff371919f3db6d369b0c

C:\Users\Admin\AppData\Local\Temp\_MEI28122\pywin32_system32\pywintypes312.dll

MD5 f47d98aea03e5391b86c33c7f40fd66b
SHA1 12372012ea98b2f7b1e0a550b8c0653ff40a64af
SHA256 f6ac981875de69934fae45c60f912fb2bd219a53c85c06d122d14b049c936259
SHA512 52ab9e4af3df4913594c0a55daf4374281e92d52ac8837b61875eaba7337062c1fb200c7576104bf02f93cd077876f5634a142ab32cca6ae475ffa7f375d5a51

C:\Users\Admin\AppData\Local\Temp\_MEI28122\python312.dll

MD5 fb8bedf8440eb432c9f3587b8114abc0
SHA1 136bb4dd38a7f6cb3e2613910607131c97674f7c
SHA256 cb627a3c89de8e114c95bda70e9e75c73310eb8af6cf3a937b1e3678c8f525b6
SHA512 b632235d5f60370efa23f8c50170a8ac569ba3705ec3d515efcad14009e0641649ab0f2139f06868024d929defffffefb352bd2516e8cd084e11557b31e95a63

C:\Users\Admin\AppData\Local\Temp\_MEI28122\psutil\_psutil_windows.pyd

MD5 937fa2077ad3fb82f9edc419627969a3
SHA1 381011c5b575c03ab77ab943920b39ef8ec8e57b
SHA256 633fb691bc13e4d42b9caa0af3a0897e081c8cccdab37530745598fba597a4c2
SHA512 deb6f7f0dd850528aa78c32fdcb42e836507ed7dc1f198c4903810dbba47ef37b87cabae7f148f9017d6f628d93904250a11cdce05d5e29758a422285b01025a

C:\Users\Admin\AppData\Local\Temp\_MEI28122\_bz2.pyd

MD5 980eff7e635ad373ecc39885a03fbdc3
SHA1 9a3e9b13b6f32b207b065f5fcf140aecfd11b691
SHA256 b4411706afc8b40a25e638a59fe1789fa87e1ce54109ba7b5bd84c09c86804e1
SHA512 241f9d3e25e219c7b9d12784ab525ab5ded58ca623bc950027b271c8dfb7c19e13536f0caf937702f767413a6d775bed41b06902b778e4bad2946917e16ad4ef

C:\Users\Admin\AppData\Local\Temp\_MEI28122\_asyncio.pyd

MD5 47d2494ad68c102fd17022963dd85a03
SHA1 cebf8dbbd9df32c8f7807cef3bebf2d8d336ac78
SHA256 91564632078b61f99ba037122e5def178a0b8807f2ef29e039290e60935ee7dc
SHA512 1461d1c7b58239c23d294359c5200a0dda0ad3965e41c2e9bd6dc8e879469e7cadb752e4d0c6cce58d8a0dd4f105a33bc0baf4f03738aacf442dac2a02f2ce57

C:\Users\Admin\AppData\Local\Temp\_MEI28122\VCRUNTIME140_1.dll

MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512 ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

C:\Users\Admin\AppData\Local\Temp\_MEI28122\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI28122\PIL\_webp.cp312-win_amd64.pyd

MD5 dd1f5693413f2f85dddfb3f416822bde
SHA1 dbc3e29ac481e9f975158813ddc49310a6801971
SHA256 185b7aaafcf735d82d45d8af85e55aa84b8269c84d921ee0bdd0bd288ff26592
SHA512 5301149c70e126cd07f8f012b92d70f94e8de6763788e6177f0c749e7f62110bfe316689d5d063b3d0b1a998f3905eb33c19f7ca9e29c35dff0ec7d1192793d0

C:\Users\Admin\AppData\Local\Temp\_MEI28122\PIL\_imagingtk.cp312-win_amd64.pyd

MD5 5e1e0e7608e0d84416ef453e646dccc2
SHA1 8debe519cfde63b633e91ff257034ae8bc259e6b
SHA256 ddb530e6910b74785df6ff5698abd43c33e968e4c04da754a2f792cc95c46b68
SHA512 e06a15e0d5baa2959ad7f77332a6acd5874bd7340e109fb97d42ea4c3f88d0e102ab493d425cc9e5f9a5e1116c50c640e10a19f01e08fe246da813d68f80e98c

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Protocol\_scrypt.pyd

MD5 2c3ea7e1895d5a4804fdd5bdaedb282e
SHA1 96c51247ac56d3cc7525b2792c7a7b366f8d0aa7
SHA256 425dd18e3cd2619ff5dbbe4f1e2c043c5e053d839dfdd3c03b1aed432a0bfeb6
SHA512 8e3a67dc864b5fa1600c123d28ed2b38885e0db2177f07fef234e9b3de338168feacab1715ea2d3ddd2860e0984c937bebf3730d37de9e6c8b89a46e581664d4

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Math\_modexp.pyd

MD5 9fda28383ee442763bc32545edf7b370
SHA1 14c9c9d96182431cc050ed43ccccd9ee2ec9f8c9
SHA256 7da6853bdd8fd5f2e9f5ac98ab1f98ea8e69b1f524089bce6f9335494e677b69
SHA512 d26b391d38dd4246a846eb0a60a90b0de3dfff686027fd97e87495be06efa7ec60ee026ec0c44df92d64f2abbdc1de6d7467039333e56b65a15f5ad702414351

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Hash\_poly1305.pyd

MD5 ae630570348ec9928e418bf3cf84f250
SHA1 f3a74a373786d9d1263145e8755edf131d7ae4ea
SHA256 fddf13ae44fb2a5266a46c74e89a30428333298e1e0ba99f5b4edc37548cd2ab
SHA512 515229985587d42cd0d3928e66c32f64872327d998110b7835d1d3f6cbaead5930e92fedea438ea1679f48a7f25ff76598103331ec437f75233cf4f912466c10

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Hash\_keccak.pyd

MD5 bd2f14bf0eb8e592ed0390d723839aec
SHA1 db06ce883a9f2a14742d758fedcc7b98f1305f7b
SHA256 3e9366f3f0aa3c873f8e6f964ff36778c25c9aaf7f60ab625bce3fe4e93304a5
SHA512 2f9ee66078a8ea71f1d108f9062bf47ddc55e03bf926dd5a5dbc8760b6dfa29ef89dc51fcdd4646c877e35316006068ed477c866a34059006f8507697fd24f44

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Hash\_ghash_portable.pyd

MD5 141f0d92a6f9ccd1702a7398086b17cb
SHA1 eecb712b76097e34a2dc81e702800bb0402efce1
SHA256 148728b95f3f92b7174ef3ee2e4023b0f53747fccd84e3787aaabbab682b74fe
SHA512 ce06966d40beb2459a34ef6578cc251a0d73e01412f61e10f59cb95bfe4d80684d1d2fc623f585cd4ebf5272f85ebce01c24b637d4a465e90a203e3eb742a180

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Hash\_ghash_clmul.pyd

MD5 f739418fa4a594f21d8375f734979b98
SHA1 5945079860cf7f282eee3ae6e39e35866cbe7800
SHA256 e164faf2c12135ec632d465058974c93d0b48bc13ad0e6e0d48cd1cdd888c656
SHA512 fab93729286c88379aeb0c4eb8a00440a43ed458ab77123b307dab0b8dfcbe34bbca91c182002d637b02178b58e4d7a53a4f6128590b5dd0e97d664a15ccb6c6

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Hash\_SHA512.pyd

MD5 ec3eeaca979b60064e1b65b6d0507e36
SHA1 bb2f0ed88501b8dfb4c2295788748d99ddec13c4
SHA256 a3b3694c202e2deaab91671727ff704e3ffc7e08d80c09fb83b891ba30ec0643
SHA512 51b0cc2a3dfde4029183dc37d7098ec78c7f6f337288c0bf23623ba4a29b49261f9b795603e7723181266f6f930a69c6b70f77e0752e3f92e5c4ec768016f113

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Hash\_SHA384.pyd

MD5 78899500f9846a2e96c7c48fcdd009f9
SHA1 15f9606987423ec24c618f4caa92cfef9258f8ba
SHA256 82866e3650453d1859407e779932dacaca7adb8b9e2e2d6f1419c1c5d65e164b
SHA512 77fac5814cd3637a2b47fde6b2a094ec0356d9a849b47595821ee928cae8dacb0c3282904cf420e15667bd485f6408af67699d5c3a3036dd149437bed3029131

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Hash\_SHA256.pyd

MD5 012db77ec11f1e7eb110ad0520670783
SHA1 e2f18479a8178953e55c75bb001ff9ee870e8b06
SHA256 a9fa44a1b9ba35a463b5a2f6a8e124ea66ad54745759876b732989e188bff7c9
SHA512 faa4a0aa5a66f2d85812d991b6ed3c0c303309dc6a8e61379301884f4d9437c9a42db4113b4a50ffb1d7a677242fa4a635617ed38dfb8f285fe49ecb78a11599

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Hash\_SHA224.pyd

MD5 bd8c2a8bcee473703d2eb31635b88472
SHA1 e654b2b0639c7f6ab4256a71acd0c1af5cf21717
SHA256 f830c7acfc67080032e36408da16b4b53db7eac8b9b06ac08b7303c1577c99ef
SHA512 73599cc3c34a1cf662a445a17e1a1faf65a128f04ca6f824c76d0bf0b53c3b352ac617b8f15605f2269b2342b46fa990618b1b7913e747a4802f412e889cf3ad

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Hash\_SHA1.pyd

MD5 24611153e8f1b08d045209d461a54d42
SHA1 9d7d9119f80a0e6df72b8f55db638d6107c7aa61
SHA256 d76b2dc836f8ef43eeacc97e799cb1c3a1736a4f26e5c0d1f6c7031bcb06b78e
SHA512 db3dd23d94c6ca715b3e48babba35c16447a843b1f8f17316d340f0903434373be2fe1b2460a57ace84802656fceb6ddae183b74d62ee1ef9a928d1d2f8eef70

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Hash\_RIPEMD160.pyd

MD5 94a5e4f70feb0117893a46945350a48d
SHA1 992d6ab95e102431a08b712f576cb87f480d8a46
SHA256 caee802f01af1af46bf640afc67c846c492ef2958cff766ab094410576583c77
SHA512 cf27cde8b4c372026c53f22065d2ddde2deba2ba0d9ff3cc84283e8aa278c20af1570e7a5323b50edf2672b5f4da78aba0fa0b04585ab657200c88543fa6aab0

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Hash\_MD5.pyd

MD5 b6c328d1bd218f6d79150baf7aed0622
SHA1 e9ee3b8d774140fa7f045a00fe31f8cd9ceb2a46
SHA256 ea347942a8b2bb0780a1a79b5e0e88abd6d01091eea07f1d1f5360dd1d5d3640
SHA512 700d3d6eed41792c9220d4c2aec49992612c30debe7a3e3b9af799a3f83ae7101791a14d80d5952ed0428fd6f38f4b796bfa3423595728f4027b7bd5dba9be3f

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Hash\_MD4.pyd

MD5 6f7edd258178f5a5e4b84a2d8fe044e1
SHA1 6170118d8d9b71dc38cc4bea17fd33b053b7c277
SHA256 179be7f1a96c3a05b5a69acbaf2c0e05df02d6831e0c63f82b35f22cf43b8eb3
SHA512 05ca5d120a00482e6cb0cd5e1bc1724e0d634dc2d3554f75de6a48cb9a9eb22f2346b8e6c72767c0de332c895b61f1b59b34b6bea6bcd8a63756ef0da56db884

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Hash\_MD2.pyd

MD5 84c0eb11ed3bf596e9a42274e0673e07
SHA1 7c967d93782e91721566b230c9874e0454c8b264
SHA256 7b236622248990b3a8f8c0a331dd115e2fbfd4245e6006aa36aca07f7226b248
SHA512 62c91e7eea0c61b0fb62421ac219246b99660a25410d4d1d286581d688c64e393e7be028b0d51ffc37668755e99b28449122593f2446df76dc8d7c9b887cc093

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Hash\_BLAKE2s.pyd

MD5 526078b253e0bccd1da0deb45dd05c4c
SHA1 c43198e7822dee397b27b20605ea2e78f95e1d41
SHA256 1478f02374bcdda6b4e736c47501c6aedcef273de84240ff06e1797aa4941e84
SHA512 b91686f08551a13e8f1ba6098d9c7538751fbe29900afe1233b63bdfb4882a20b3772cf3c284db5473fbed48aaac7d7a5641e33f3bb326b3de56deb5ab2af8f4

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Hash\_BLAKE2b.pyd

MD5 cefa1801a2fc186822ee841a360b96bb
SHA1 002c7a9e5fcb59f4c5d5a2b122ac8cd7b1a9ecd2
SHA256 8a43f2f47689fc68cbdf07465950ff6571a884292b5014ea0793ffe26c056736
SHA512 3bd76f658c29c016c493359d044260a9ef2541910f17daf80d7a9f328903e5593d9980e93e1d048138741305da6d3f93b6c412a22d826c40d75b195a437e8d2c

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Cipher\_raw_ofb.pyd

MD5 6315a891ea3f996fc4b5ec384841f10c
SHA1 ed76ef57517e35b7b721a8b1a3e1ffa7873aec57
SHA256 087c238e1aa9038f53f8c92e7255f7adc9cd9a60a895256962dc39a73d596382
SHA512 083859a84ff84e865cfc255ff1674134940c5a64cc703c4ae7815501d586005b6b6cabc28e52239ae24cd38a1253d634d8de87d98a4a65f45df2b34bc24c2483

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Cipher\_raw_ocb.pyd

MD5 4f7465cedda4e01bb23ebe95467efaa7
SHA1 bc8153db28583d45b411e5040fb6b01ee36af83d
SHA256 2076f5ac5f56c43053cb61750b04933e120902c172053c0432e4686169431db8
SHA512 b97e1ce4979ec8b4a4abd32160abe54bac08e53e7aab771f6740a78eea45df531e9861ec3a1a4ab8fd1bfa6e28b2e8a933c92c7796fbc9c78d5ad7749b7cf2db

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Cipher\_raw_eksblowfish.pyd

MD5 9f06168b9d6a2f83d495ae2be9118edb
SHA1 3e38d6d3a0fdc8e3f2915fa5ed4b546b9cea451b
SHA256 1f1b0d2274576b2f36e79bc3eba115c545764b29f37dad5a2d62a3adc3049fc1
SHA512 30f23d139c493652ab962c4f4392f092dc376986375921c4d9ea1d338862e1961ebd51e5b5bb22df0e2f40208d4430a45beeecf073d28b6c2cf1f447d28921d0

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Cipher\_raw_ecb.pyd

MD5 b47c542168546fb875e74e49c84325b6
SHA1 2aecab080cc0507f9380756478eadad2d3697503
SHA256 55657830c9ab79875af923b5a92e7ee30e0560affc3baa236c38039b4ef987f2
SHA512 fc25087c859c76dff1126bbfe956ea6811dc3ca79e9bbfd237893144db8b7ce3cae3aeb0923f69e0bfffa5575b5442ad1891d7088dd3857b62be12b5326be50d

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Cipher\_raw_des3.pyd

MD5 7cefbe1123ed3489a630a7111127d42b
SHA1 3b2c7f2881cf80dce00eeb3322abdcb32036f15d
SHA256 4d61a89b941d29f9162812f3500d13bce99c452abf224e2f720204ad2a7a8f62
SHA512 65fc13560bf492c66240bd0c1fcbb2ea16cd645f90a8369e0444b5e9bb01c92c2e55452e4239faec8e6240e6f4af5881450a56fed4446f57c6f807e81b13bb15

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Cipher\_raw_des.pyd

MD5 b74e7ac2309bc4c6780522197605bafc
SHA1 d46fa3d3541ef9e64bebb653be5277a440c7c640
SHA256 1132f7f463c4928fb6ac4b77948b478075f2d5df0ff984406e28412542f240b1
SHA512 5ad648bfe05c9ce06488a287f645833cf8cdc0e02052c6ea07eab4fed7cfd26ce84182e84409950649b1e68f669406c6e097bb7238dfe76e3365220c464e3761

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Cipher\_raw_ctr.pyd

MD5 0a47ae20f5c45144eaa5c6af1ba33757
SHA1 dad050ea948c1e327369a3644c7cc65e7927bf10
SHA256 77d5d375fa405f83fba90ff51bda86c2233146a3aa768367f8ef582aba453aab
SHA512 a8eb40ae7a390d2d13deb0df6e753a3d3fd1f02597271020ee46c1326578908e402f3a527d8bc69fe9638cc1960330c7e81578a3dbdc0e93636b90d506ed5cae

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Cipher\_raw_cfb.pyd

MD5 4d651469eff9f0a3f904fcac9b1a41d2
SHA1 f9eb0d3ae58b8195e2485c6c378ce84f95c9ee54
SHA256 1b835a8c05dcc24c77fcf21ae0091ce34aca3b6b3d153415e3f0cf0142c53f9b
SHA512 0c10c6a52e2fa9bdf89229ad9964cfff6f3621eaad6f3aacebbbc8da6ff742e087c79af2d2d152c433160f25a9e45a2c41e13349cba758640163832569d37cfd

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Cipher\_raw_cbc.pyd

MD5 f2bf3f3cdce0e6a8a29bd7fad094736b
SHA1 7eb4af31b93ee38219eb31c2a867959bb7a3ec53
SHA256 d8a9edff4c8cbbd02cc89541cd1a9f8b1ba8381f000a86f910b4d6831bb9a034
SHA512 ea3dcdd0218f51bedafe9fb995d84a820d244673086f42276d7cb6c398c67f0e4f79ec343dd0a6fc0af03ae605aabbbd93c8c612cbfd7ddf641b9f8a8db13c83

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Cipher\_raw_cast.pyd

MD5 d0b0d6d172ee41d70b0f2cae5bc5d872
SHA1 de0198e65de559908fccce3c193243f6c13a8415
SHA256 300563c4557d1833b97470bb4a25aa1b502617bc75b9d96a99a9467806f11f8c
SHA512 1c1f5992d7962bb4943e0602fcf53e23e3812f565156de20e69a7babeddfbd1dc55118b0fa29cad81688fe6ac82753d3a3a2bf8f666660f22dc472d1d1931978

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Cipher\_raw_blowfish.pyd

MD5 0de940d103a8b74532698f86ee910c29
SHA1 87f904763d340afbc8d356b7d24d7b0c5e7beb3e
SHA256 e85aae1ee31572630a15370c9412228360bceac685d3ceaf96a18f9bc583f1d1
SHA512 d8b8aaba7969f23e6020651e26b62f89a17d20dcc1fcba06245ab6a74d8c654c6ebe0f48a90e2e4568e8110d70c586326e558733ff1c2c48d14921db298e96b9

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Cipher\_raw_arc2.pyd

MD5 b58db42a88c8990f7a8b4aa53be1b36b
SHA1 2c76d5cd8249671cfdf3a98b6b3c08689262a7a8
SHA256 6c4a39ea9a9e7fa31ae5493d93fb9daa5ccd55fab8425fe8b9847330f2aa708b
SHA512 600d202c52d4cce7f869188cf701b6310edb0295991b3f8db6d6cca8611e991f023c8f6b53fbe9199689a270c31719ad1abeae3dfe71ee7640a21edca1d40f88

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Cipher\_raw_aesni.pyd

MD5 17dd2e38faab69e6083043712025a48b
SHA1 b3bb831ce31fae52cf73629435facb420108b599
SHA256 d558e1603dbf729f3742881f5fca2c54459db00c90e8034840dc80c430e49017
SHA512 c42c5c0c3db379cbb9ae48dfa9cc4d13194752e8e8da3f6a6edb2ca5ebc3b2c3061ec111b7842819f962a00eab128b8ffd6aa4b21fd316e56c65d166fc55a902

C:\Users\Admin\AppData\Local\Temp\_MEI28122\Cryptodome\Cipher\_raw_aes.pyd

MD5 ac70e4d67a4b0b12b2ed3272f374d711
SHA1 0dc76997eb6bfad56e8497c30f85f0aef1d4dddf
SHA256 4d53d50cacae3824a82b53c802a376ef17240425f06cbea00e2783524b89e967
SHA512 ef412bdee8ff044928dcdf47a01db68e22c8076bf9efde88f789dc328aba4c5ff19d353b3d49932195642cc2ec4fec91e50bf8b670a4a9e9d3ab632473e1622a

C:\Users\Admin\AppData\Local\Temp\e0saDgb9jn\Browser\history.txt

MD5 5638715e9aaa8d3f45999ec395e18e77
SHA1 4e3dc4a1123edddf06d92575a033b42a662fe4ad
SHA256 4db7f6559c454d34d9c2d557524603c3f52649c2d69b26b6e8384a3d179aeae6
SHA512 78c96efab1d941e34d3137eae32cef041e2db5b0ebbf883e6a2effa79a323f66e00cfb7c45eb3398b3cbd0469a2be513c3ff63e5622261857eefc1685f77f76b

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 446dd1cf97eaba21cf14d03aebc79f27
SHA1 36e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256 a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512 a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 fcbfea2bed3d0d2533fe957f0f83e35c
SHA1 70ca46e89e31d8918c482848cd566090aaffd910
SHA256 e97f54e5237ffeca4c9a6454f73690b98ac33e03c201f9f7e465394ecbc3ea38
SHA512 d382453207d961f63624ba4c5a0dea874e6b942f5cad731c262a44371fb25b309eacf608156e0234169e52337796128312e72edb0290c48f56104fe5e52509a6

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 12:59

Reported

2024-06-06 13:08

Platform

win10v2004-20240508-en

Max time kernel

427s

Max time network

429s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\NLHyrbid.rar

Signatures

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133621528383388284" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2464 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 4780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 4780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2464 wrote to memory of 2596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\NLHyrbid.rar

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb8cdbab58,0x7ffb8cdbab68,0x7ffb8cdbab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4036 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4256 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4832 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7fa3fae48,0x7ff7fa3fae58,0x7ff7fa3fae68

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4852 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4212 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 92.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.16.238:443 apis.google.com udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
NL 172.217.218.94:443 id.google.com tcp
US 8.8.8.8:53 www-ezyzip-com.webpkgcache.com udp
GB 216.58.212.225:443 www-ezyzip-com.webpkgcache.com tcp
GB 216.58.212.225:443 www-ezyzip-com.webpkgcache.com udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 94.218.217.172.in-addr.arpa udp
US 8.8.8.8:53 225.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.win-rar.com udp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
US 8.8.8.8:53 163.68.195.51.in-addr.arpa udp
DE 51.195.68.163:443 www.win-rar.com tcp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 89556df70ee47f82aba38d3ec2636406
SHA1 f5e9b12f3c9b887ea606b6185ed5ad8670db3518
SHA256 4a3311a5f08794017c3b06ea5cadba0c20c5de7e14cd417069b4ceeca06d223c
SHA512 4b14fd27df8b88d6dff3efb8386d280501397cc27c63d8808064ee111f6dec4b2f780e1cfa2e436d245eff5bdbdae1d16825cc70dd1b7eee24faed894d5139db

\??\pipe\crashpad_2464_DCBOKIIEIFBGQEGS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ebef730ed019e0377f2e8c8415be6e3a
SHA1 644be35dfaa1840ebd4fa3ec3f305ad6cce28a39
SHA256 492b869ebfb0a5836256320c0d9fd0a9fdcb0cf5cc910901ebd8c3703c200a73
SHA512 a39d17faa8b7f0863815b695f77ff09b06a45eca88d2c5527423773ed8a0bc2d7f38b2d823d2a818dd75e61d25e3ec8a2333b57e48edd8459bc78e58d8c57c6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 51926fdfa40a9f9aac500e8743b41dd1
SHA1 1b57653d278b7c3e6f03fee8083e8ecad09963e1
SHA256 d8ab9138d4789bcc9b4ba79419f9c4e042f778ed7c72b90b72b16cef22c2b7f4
SHA512 50d8eebda7a89db723c57583d7ac0062177f3e65f809e6bc2ce1183741460bfd787bd24165d8cfec3c4af027a3249355aab5956534a0402c4041265e96c85931

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 edc23a14384746be910ee24ceacb4b39
SHA1 8b4f68a60c50244195d303e953405bf8f6852dbb
SHA256 50568c819b67a20a6cf26101384e17a764e5c1bacdaf41a3f3acad211eab85b1
SHA512 a1a6b9994ae2584012b2d64d8ad4e3318fd10eb8fee971409214b950b33bad36baf612dc3502da72bcbb2b461ae0d894b376cc39dd21c73166f9651114a6abcf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 9e18b67027592277e475269f1db03de2
SHA1 cd6d721a505f652a21b1e3bbf752e7800c68459f
SHA256 a9504af39f43a2cadb7201d365f5e8ac5ed4522959e4e110b536b8a97cc60872
SHA512 5e2bc287929223c597564d425fff4b4d68daa6e9a4779aec2ce60621d8ecb8614be1af885f7f1d468bd2de7c64e2d32d4c3de7669180a9567685eff4cf74b53b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cac3cb58d03b09881b96395b3b44777d
SHA1 5651e225d82c1a8b46a2fd949b6df145cbc83bb9
SHA256 fea1e3be0e46775f5446ae270aae24a2a5766320835487d7d8b08897e67bd5dc
SHA512 556f4e2b8c4de4fbba14c2cf1de0e78bf1cfda8fa21f09cf10ba388f92bfab956abb3c8b89eb12a2ef47339b6296a6aabe81a9b0ff8bf78be4ed12cbe775143d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9efce971e26d5465a6b7a31f5b0350c0
SHA1 0e0390339328fe009e512d4d53c6688495cf2436
SHA256 4ccab444692e3556c7cda3cb1862680f3705ad0af9781023c6dff0dd372f60aa
SHA512 cb6a5b31a5015ab216030b46f64463787f51a6fc348dda3a016b7aa88f2cda0b816aa0a401a717cc451dbed0cafae3c9a54a90bc033a9664d504a7ae1e60fbbb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 40b8343817da1f47e7ffc82a535e58fe
SHA1 4a19ab53fef4472f326e9e698045848aba1f0dfd
SHA256 4e682e938a5dcd32fb508952e964bce64a0f218d4abfc8e0dd46d3c25f19e5e7
SHA512 28efb4d384c11212911cd129068d84269ab96609e3c6bf9e34833f042a3d7bc8ca2e241548820d5c9cf3cd996b97f24ddfc4374b15969837050429c371475cc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 2b464769f532f50a7748378a8e6371ed
SHA1 09118343452bba2fccbbe88cf4ddaeaebc5de103
SHA256 7d73fa3bb7800636b99c35150e819d6c6ff3542e136b759ccb2c32b77b316313
SHA512 8e58eca2ed222e6ec2590cf4211d8e83e42f1547ab3992c6c095908d8bf2e98d5e4d5f4639ce920cc30fd6a780fc809b24b566ea1d94a4b8c4f2776512ea7a19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5d7283.TMP

MD5 c06f13eba8de4d024f8b6f7b389c65a5
SHA1 dc772c9383ac82a9ce015ea64517aec2683e7ce4
SHA256 7f029246349e3dc251b795ef4961a5bf3cab5d73ea1539958dce68db01b632b1
SHA512 f4fe6265a9b7b49ebc46f59b84a370cc7da28675f903154a739b06cc7570cb404443044a6500884ce317492ff184269f5756b21ea5136c46e0d1033c60fa6ee4

C:\Program Files\Google\Chrome\Application\SetupMetrics\20240606130718.pma

MD5 6d971ce11af4a6a93a4311841da1a178
SHA1 cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512 c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 95aed40d71e26e85a44fe0165058f64d
SHA1 ef6c0cefecc95ca342f1e9329840562cefd3fbcb
SHA256 7a92a2dbc2ee8aad88af4eed00d4529ed8ae15611a8a46838e1a0775064baa79
SHA512 3b91e27ed38c18c1b13d88313f3078c2f86a9260957a0237a1b7256cf69da63d754c54a140a59d0397250bbb9641193d41ea81a48c0acc4ae09de03f937f3a61