Malware Analysis Report

2024-10-16 06:09

Sample ID 240717-yvrxtswgnj
Target FlyByWire_Installer_Setup.exe
SHA256 db447f85ea814f4e165bf7a870b68d458a25d3d707640fdcffc3860696a9db36
Tags
discovery spyware stealer execution persistence antivm
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

db447f85ea814f4e165bf7a870b68d458a25d3d707640fdcffc3860696a9db36

Threat Level: Likely malicious

The file FlyByWire_Installer_Setup.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery spyware stealer execution persistence antivm

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Checks computer location settings

Reads user/profile data of web browsers

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Drops file in System32 directory

Reads CPU attributes

Drops file in Program Files directory

Checks CPU configuration

Drops file in Windows directory

Enumerates physical storage devices

Program crash

Reads runtime system information

Unsigned PE

Command and Scripting Interpreter: JavaScript

Enumerates kernel/hardware configuration

Suspicious use of SendNotifyMessage

Modifies Internet Explorer Phishing Filter

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Uses Volume Shadow Copy WMI provider

Enumerates processes with tasklist

NTFS ADS

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Uses Task Scheduler COM API

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-17 20:08

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:40

Platform

win7-20240704-en

Max time kernel

1443s

Max time network

1454s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 224

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:45

Platform

win7-20240708-en

Max time kernel

1562s

Max time network

1569s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:27

Platform

win10v2004-20240709-en

Max time kernel

628s

Max time network

634s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2852 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 2328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcb96546f8,0x7ffcb9654708,0x7ffcb9654718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,13322887149926729743,799857322245075040,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,13322887149926729743,799857322245075040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,13322887149926729743,799857322245075040,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13322887149926729743,799857322245075040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13322887149926729743,799857322245075040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13322887149926729743,799857322245075040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13322887149926729743,799857322245075040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,13322887149926729743,799857322245075040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,13322887149926729743,799857322245075040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13322887149926729743,799857322245075040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13322887149926729743,799857322245075040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
GB 92.122.92.24:443 www.bing.com tcp
US 8.8.8.8:53 24.92.122.92.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 google.com udp
GB 142.250.200.46:80 google.com tcp
GB 142.250.200.46:80 google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 support.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 10fa19df148444a77ceec60cabd2ce21
SHA1 685b599c497668166ede4945d8885d204fd8d70f
SHA256 c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b
SHA512 3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

\??\pipe\LOCAL\crashpad_2852_QPNAMCMVKZVNOADH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 75c9f57baeefeecd6c184627de951c1e
SHA1 52e0468e13cbfc9f15fc62cc27ce14367a996cff
SHA256 648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f
SHA512 c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e1b7381fc11847cf0d9da17f89d2b1a7
SHA1 3077f640302aa0787b9a4b36e93a57c0ca2d1a7a
SHA256 7707b5064f3abcda90ede1a795a296c54a388d816033324c58b6cdc6dfc44410
SHA512 68b39d450b5fcbd0737578c1426d46da0f3857543b15ce5df75ffae2cd91a1dfc5be61364276c18ce7aa817c38db93f11528dd57e7effe1a30dfe8d4008ee218

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 81dee93fc42923025dc6c8d1f8200c67
SHA1 5e5ad76e8b945b245f3558576e98c5b8ac682f90
SHA256 a357ab4f61511b29c1169a6af979f3293ef0874150e6d4ca6794d89653027430
SHA512 e1e5d56be3ca0dd41edcea4784631c6314c9da7a09d1621e2d874c65c9d9b788a663a080071283bd1260a1a05221ffc2a477527efcc626a64fdb45fb92baafbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 302f4e117664fede066552d9ffbb96c4
SHA1 0cc7d72a8c74146560faf3c8e407416a0ad542cf
SHA256 f45f1fa663952f999ea04a06b2109f7b3b84f814941574a1a93029413bcf136c
SHA512 971d6081d467d8164548771e45490643a04af36f235885941366b6c3f561e691b1324bd1d40c661abf3eb4c501a2d7c141bcc217a3638f5583e6542483c2e8f9

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:38

Platform

win7-20240705-en

Max time kernel

1800s

Max time network

1805s

Command Line

"C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe

"C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq FlyByWire Installer.exe" | %SYSTEMROOT%\System32\find.exe "FlyByWire Installer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1556 --field-trial-handle=1392,i,2285279300612700046,1937118234932238616,131072 /prefetch:2

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq FlyByWire Installer.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "FlyByWire Installer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --mojo-platform-channel-handle=1296 --field-trial-handle=1392,i,2285279300612700046,1937118234932238616,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe

"C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 --field-trial-handle=1392,i,2285279300612700046,1937118234932238616,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=3792 --field-trial-handle=1392,i,2285279300612700046,1937118234932238616,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp

Files

\Users\Admin\AppData\Local\Temp\nsu2869.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nsu2869.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\nsu2869.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

\Users\Admin\AppData\Local\Temp\nsu2869.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

\Users\Admin\AppData\Local\Temp\nsu2869.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\d3dcompiler_47.dll

MD5 2191e768cc2e19009dad20dc999135a3
SHA1 f49a46ba0e954e657aaed1c9019a53d194272b6a
SHA256 7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
SHA512 5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\chrome_200_percent.pak

MD5 81b5b74fe16c7c81870f539d5c263397
SHA1 27526cc2b68a6d2b539bd75317a20c9c5e43c889
SHA256 cb4fd141a5c4d188a3ecb203e9d41a3afca648724160e212289adcac666fbff4
SHA512 b2670e2dfa495ccc7874c21d0413cfbebfd4a2f14fc0217e823ec6a16ac1181f8e06bfe7c2d32543167bc3a2e929c7f0af1a5f90182e95913ba2292fa7cadb80

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\chrome_100_percent.pak

MD5 443c58245eeb233d319abf7150b99c31
SHA1 f889ce6302bd8cfbb68ee9a6d8252e58b63e492d
SHA256 99ca6947d97df212e45782bbd5d97bfb42112872e1c42bab4209ceedf66dc760
SHA512 081f3ee4a5e40fdc8bb6f16f2cfd47edde2bd8f3b5349775526092a770b090c05308d4289ecdda3d541cf7f0579ac64b529930fd128edad9b0991dfa00b0e9bc

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\ffmpeg.dll

MD5 f76cfe7237e96ea7c48d89d5aa73e919
SHA1 0a3b130a88c3ceee603b457392d23ee3542a61fa
SHA256 020d7df3f77e37e8ccb9c2ef657f0b9c909845dfe35d0b5c62d578dd7f8c6d88
SHA512 002c18110b7a5059e3f1767edf4fc815acf489c4215d0b5109138a151a926373cd895bc096c27ec49f8e93048efc13a87d24a80405f26cd18ca29c1e827905cf

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\icudtl.dat

MD5 2134e5dbc46fb1c46eac0fe1af710ec3
SHA1 dbecf2d193ae575aba4217194d4136bd9291d4db
SHA256 ee3c8883effd90edfb0ff5b758c560cbca25d1598fcb55b80ef67e990dd19d41
SHA512 b9b50614d9baebf6378e5164d70be7fe7ef3051cfff38733fe3c7448c5de292754bbbb8da833e26115a185945be419be8dd1030fc230ed69f388479853bc0fcb

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\libEGL.dll

MD5 b20372aa7f6ac78c8195ec94473f3a16
SHA1 e3b38ac6507a784277f4ef4ae60a6d9048a51ecb
SHA256 d49ee14c428b695bef18c187c56e2bd314276421f6f0eac49a4c16d3819806fd
SHA512 92ebd68070022f5339dd7cb8bfb08cc21b18c6efb1bae6628b83a693111981e8648ac41eb622215764c817fbb62526e634bf5a7d0a1edf954d2ee5e3d424ab85

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\libGLESv2.dll

MD5 40be4d846a32602f8fe21cf12849509a
SHA1 00671ccf19ec49c3f80b14bb14097ef4f7e4eb01
SHA256 210dc8fdd82f613b02ed690ba3a63006892f3b67355cd99ceb1176edc950f534
SHA512 da20a1ec64606fa7e512114a983697fb11007c820e6bc09a65a11bdcf8ca7e331bf272718126a00488b6da9f5828c9ed4f1eba91e36790e1c340eb56957def1d

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\LICENSES.chromium.html

MD5 d5b1f4d67bbb923ae30f5d5ac424b269
SHA1 e751270f329f8f5cc882e615157891421f569c79
SHA256 6bb288835bc59b4550338d8034ef8fb9f05714e890ec08c327149c82142cb4ea
SHA512 b8c5ebcfabf56c85467b27815d7b2cbb0ff922a5bf08a3e619772644fb53049393134d17a849d3191a29b6af1218feed32895bf26c7b77cf3ef0178552ccede4

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\snapshot_blob.bin

MD5 b53d90de72a43824936bf3a474e9c4af
SHA1 d8edc0e45e85dbe19eab3a9d3bd7808a46ed28a9
SHA256 5164c6e346a86ef49b4569d3a3a108304853b903c2e8862e3a7072de6ef66546
SHA512 74d71642a32085706337b34d72b954ea74235c441ed604ac3f662c13cefbcecac53f4e1f3eb8d33b418d62370514b747fddd03edda96ebc7c420396844deb210

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\vulkan-1.dll

MD5 66052c90b41814006934de8021a6c2f9
SHA1 f1134101fc6fe60a6c798bfbf9b91ab6fa027b58
SHA256 031ca66b03b3fb6e3a57b67f389d3589de0edfe6e59a8c6087e9cda54eb25333
SHA512 6d5c9d57d86dcac9c6a023a90e28c8b18bb62e7ec6d617aa4745adff6b8dac5d7b0aafb2a9de84ecd7ab6c912be6f034b5286ff7a0e49e21737e32cf4197e3d4

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\vk_swiftshader.dll

MD5 437a4269cc7aea218debaab8ab7ca37b
SHA1 4196d68677cd26c8a9fec5fe6ae4641c7294ea6d
SHA256 c96b3d44f112202b7d0cf248e579f6cda2a538cd3b2c9945ee54431f21ff9b43
SHA512 24e97e853ea440117dc8662e306f15e7b9ece6b396a369e1d3afc670f3e4e97c398d42b6190dd5a9fcd121be6e35df25c742e418acb7477c0fd361ffc24ead04

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\v8_context_snapshot.bin

MD5 43c5aef102ec1e10d696dc7db374df81
SHA1 6d8f1fd6291f847762fd67eb9dd0f6acae8f6758
SHA256 0024b5f18173e248b073525850b2ec28b594b90b6ffe995bafb19e8397770a2e
SHA512 f85466c10b4af582751bfe12f69e539d0bb54313e4861b65414a0c91f240c5e724fee21e3e67f79738615627a88cd0e7ecec49535007713058239551296c3408

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\af.pak

MD5 b293cc5ea7db02649bd7d386b8fa0624
SHA1 32169b9d009b7a0fb7ecdaf650c989e956291772
SHA256 7bb75adef02d28819f1bd3b42fa46ed56d6dfbeae072341997b09b8c1f52d8dc
SHA512 496bc72e7b798d02e453eb96d20566b91405bab774521527ef882c1fcb58f25e2d0718013ddc0d23f7fad883f4cde93b57c6caaeba8cd18a09665c9f6245f557

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\bn.pak

MD5 35f1083544e86bb85fe5860b36b743e2
SHA1 27ad8b23fc03f9b26eb5125e886d18ee3798765b
SHA256 28e1441c4950a90717ebd0641b1f0b4a087cbddeac39edb2618b7d24fbf5a58d
SHA512 69fd40b1d1ffab122c244a7111972fa8b2d6b38c595acee8c6b650a595eb756c35f0cd774d8a7b79656258ee1dca9b6fe0a72e6bc38901804e62ffcf9976ae1c

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\da.pak

MD5 3359150adb5caae93800a0e1a44793a7
SHA1 513c107874592c0de1a3f074c1b03c7b806bc231
SHA256 d499eed4ffe49c3eb74262c5c3ea3e0944fdbe8f4ac3e0fa6b6d1e776da1f70d
SHA512 d901cf61b96a9f5346037ac7f65bd51852f38f8620f76ed4be0c3f378a20bc59be66758ca7dc3f9ad7a2a09d6345eb7626e9b8b041e6a8c5969e4df464935cd8

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\es-419.pak

MD5 cadb1f5c595184a7e8b85ea5998f01ac
SHA1 08ddb4d32365a1eea76988e78354da26974bc0fa
SHA256 929f5fe6b8343a8acc33d9142e5367c6bb1c85962705b2675fd42665b6e24638
SHA512 b7cd01c216aa86eb661fec3fb4f9258c84b5b3d294bcd4c6f86913fc2c751a7192a66af2b3a309212228b4ed722811f6f57171a7a2327466bc550b64a73d5a4c

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\fr.pak

MD5 3cd3e6b45351be7521934d3fee1637d3
SHA1 412dd480924482ff5231a10146966e71980c6f8c
SHA256 7d8b3dbb9792891088e60b26265cd7b4f044d3ec2130a95e249ef979b7b7b286
SHA512 f892f075fda7197c7851bf9902e0e807bdec6bd62486ed054f68210ae1c090bbba23060a6b515c3cb07499dcfeece010ae6244e62e2014d24cab587ac14aea45

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\ja.pak

MD5 036e60d3d790534f29359c640a310521
SHA1 46aaf7448913b53f090de64e314470034576da81
SHA256 0a3bcfb01a5af85b5d7d354625c06ec7df254b3217b8fd0c3072a856ec3a7f77
SHA512 ced8568eeb7c1b6f5dbb8cc51f42888ee7693f2c2fb3d25472c6984edbea546b882148dbd384956b79021cbd32096c94a2e5c120edd74abc8cfba4cc18c237a4

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\nl.pak

MD5 e3b4d575dc7acae2f29ad962b6f073a8
SHA1 7947434ebc6ea720668f3e10cf9f5a9674a431f1
SHA256 71eba0a0280bf70a7cd596cad97ab4569217ae3278a046c6ba8dacd987a23df4
SHA512 1bb3994fc58ded17adca43f585481cb665b00ef88a4a9092e80591003c8e373cbe334a17af76e2dda0e0134e3357d683fde514fb5271a892d9dcfb0a21a5478e

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\sk.pak

MD5 055b58e866d3e20e1ace65308d3a191d
SHA1 1a34b45acb6f93a629748736ffeb00affb376283
SHA256 4f5e6ef643fe4b26e6607d7ab529515b356badaa50ccaf9142fe6275eb57bf0d
SHA512 cbbb0fda113393bc07afe51e60f59b268132fbfe2f09b230bfa22d5e781e874a1b9d8e3499cf68e6eb3d2fb34525e723a938ec84a3729a3194856b8ee440bb38

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\tr.pak

MD5 e3db24cd906584852693acf5f3e65f28
SHA1 67197cbcfed28236008af92d99c951984604de67
SHA256 f002403722dc15f1cb3f7cf0c61791b96be1a1a85c0e8571966c45c90fdfa0df
SHA512 cd2618d7a435c3825c83cb8778e668dfbbacc70d90ca6a972f65a38a1a40d64d945ff743fb536e924a996625f02e156e6dae01ab319a06ad6dcde9d9efb370d1

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\app-update.yml

MD5 1dc01350c8237eaebc8370169d2e8d44
SHA1 c74ba82e811f2a62165f30252f75bd67d9ffc053
SHA256 520c98bf1a8e3a503e8713a90e7ae0da69219c2641de9a16a2a5c4eb2cd86ec5
SHA512 351e959a4cd35b20ff208ed936ffd7b935fce3a80c6804315895ef6b83b4d89be2eea8e56c5b686a13690c382dcdf16de4662b08a1a5381a11b5cec195e63c4b

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\zh-TW.pak

MD5 b43a0f28e80be32df117b8f08abf5d5a
SHA1 0a3080781927f469e1e0fc09d8bab28955a00897
SHA256 a9b386ddc18a6e02b58f5175fcefc354cbc756948a5e9aba3b80284c877ec6f5
SHA512 177814d3e08168a66e8a368295a0c4c24f174bb72b0c0b181af9c5965c917dc8df902e6d3692c55956f460fa03a2936cb5d69aa863f29691cac461f5ea3d732c

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\zh-CN.pak

MD5 187ca06e7e8c675f24955a394932b659
SHA1 637da7934e66a6e6d1c53afa49222adcb96deb0d
SHA256 2a93fa7b4a404fd7832eeee03857d3cec41456d9d1e890b33d0c320e331db791
SHA512 68cd27295203b0ad11694b84b00742c3badf67997c1d7b0daae376a0310e2fa80af16563c364fd90ba3ea5917a435bf41b043d3161e86bb327b0886e9792cae9

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\bin\sentry-cli

MD5 b7c89ec5dfb8b15555f32a3bef6c3103
SHA1 a92048052f5fc0af532cd97ebf82c1a9fbf12342
SHA256 7c5c97aaee075241bdc4fbc610b356445747e962ac3d986c5016acefd66a6ea0
SHA512 c47baa0e0896684403760a13cfa6dd5826152ec7ae83f783040d186eaca8af70bc97530bbb22b720d7482a4ad18c3959ab1af8ccfe3689b19a51955e777884e8

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\app.asar.unpacked\node_modules\pdf-to-printer\LICENSE

MD5 cff99cf92a161507cefcac04640712da
SHA1 68b2b0c13ac2e11f88c84e135b0c0443df1727e3
SHA256 251d106cc80bfcd78d2bc0ad5bb5b6a42348953ea388ba21f89513e0e2912459
SHA512 aad3ca80ee53c3a627d0ad6e9a2e2bc2eb32226b7c596090356f53baf0c37801ac7879152e9eacda6185afa850683b591cb4e6d63975842feda9fbc1e83ddf4b

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\extraResources\licenses.md

MD5 d8fab0a5a3922d7e93db0140b0f69124
SHA1 3ac0bb1d590410a37d8f185b3887b568d814e2f4
SHA256 77c11f40bbe1e8f3849e12eeed29019e3e85cab2340e606365b78f00e17b4a40
SHA512 1f2e614654939230dcc8463f01094bd3d58369f082e4d780ca179a5eb2d77fc6ff7cb7f7bc77919fab0589549601674f85f0765aaba59d13ebcd29cecb3269d4

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\extraResources\icon.ico

MD5 210b2952a5f3422b47a7807d481f3b8b
SHA1 a4af6ed7fe30b637b86f54b3d6b6d99e5085276c
SHA256 20d83fbdf3bbd01ead89bae4fb9792ed2ee524c199a776db8c6a134d30649e5b
SHA512 7934e9d17195eb6d751f5479b131f4e46d12f35077bcccb1af5c65a87a52ea907e2378797ff360c85c06b2becb6efe6d05fc0a194fb2ca332bb73c659487915a

\Users\Admin\AppData\Local\Temp\nsu2869.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

memory/2552-711-0x0000000002C90000-0x0000000002C92000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\app.asar.unpacked\node_modules\pdf-to-printer\dist\SumatraPDF.exe

MD5 2a01c0ecb55b21666fad995413168223
SHA1 e652de616ab3384211904fe9776af926d763e750
SHA256 7f35436153011b4a16761d2dbd3841b5b1f26c2e44f80beca10feb84d4707318
SHA512 ecad732e6ff17383dbf1a8ea5de05bf6fdc4859b1be264cff8992f141293d02ed4d4a6ce1c39d950199752389cbbe5be400b709b678b5c3ba0a13f63fee40387

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\app.asar.unpacked\node_modules\pdf-to-printer\dist\bundle.js

MD5 a4436dafc3bc0cdd6b618c24b70a4255
SHA1 389581d579ab4c71bfa925fbbf4237a853c0e127
SHA256 597e9103c829ab5db817b1b44f1eccc1c606eaf72e4b370b77656ee8eee65715
SHA512 99edaeea7d81f6ad2c0b06193e5bef798ff8b87ffb3185ffbe7049b6b6ff75f07a1aa73e06ff98056daf92027806a846fc5946688978a0fbf656602a4222b7ce

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\app.asar.unpacked\node_modules\pdf-to-printer\package.json

MD5 0f8fb96962236942bb618f1c777db953
SHA1 0d45798abe784bd17d2b500d720ba6545e02234b
SHA256 6e03831a899e6bad39f4990b7f44c33d2e8fa1939d525434f91cf6607e8e6474
SHA512 e454e721d0564117e43287a50d2e942f10f1700a46a13468b5496f95e161534a3537ae17ab5385a2864c30aa0d16944e3dada124a08b438ef1a417ed8fbe9230

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\install.js

MD5 ba5d367d702dc0652df9c263cc46f6be
SHA1 51fdd9f3b5c39741e665cd3d05f0652711ad6fa7
SHA256 e60b36584fde5c13c6eb4ca4f3bc32cbee8055537e63e5c7db5f5f3c35d21455
SHA512 6bd8c8d729459b3c7b52c1315f3de89dca394fabd7e1289c018e158cd94a0822e839805e786fc040a248467be3205ae45f83e29d1b467e18a1d8b1c7f0000f5b

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\bump-version.sh

MD5 2ff8e17ece2c70eff9efdb2b1a524555
SHA1 d61c93df38f70f2244817c688a140224c9a99af9
SHA256 f07b481f34e732e74abe6402023f8b84f61281626ad6e25062a20fa8fd80ece4
SHA512 0f847fd2b05bd4627a56b452f065e878005b6307bc101663297afb5f45c24d965ddc48ea4818c34ab35bde06f5a7711cf29fb9182c8ed9cf34e17d6434c487ee

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\build-in-docker.sh

MD5 94b0fc212af523b8bfcd6c2aa5a5ab2a
SHA1 cc0cb35f7ce729f7affe6b2c463e57966515e476
SHA256 abaa92d196f6752f184b83b19aedd9b1e28d328e6817de213f61fbd108351e16
SHA512 af0a2174e0304fdaa56ddae249049c142450ad4a0a9c8975548f61aa2bc356837b1d7ed441108156af32c979da5647bd0233a49db700ff0bbf528f9fa2c862e6

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js

MD5 045649c63f63e8cb2dc0a72a46dcdebd
SHA1 0a280032adec3d54376627dc7069156f89ba7530
SHA256 e191f17cf5d8e633b095654aa321a31e8f0efa3a91cced73a170b7df375a9871
SHA512 2fcb5e3a501fe2d8c4aa05147975041507ab3d0a27ac3b2ddf0bc9daef22dd86d43d770b3235d39a61bd639055b28127e8d348dbd7cc41b65ff6eb0891d4dc93

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js

MD5 f42c24cde0162b93624df51f4e2abfab
SHA1 f819638944878ac4cb49438d8599d3fbd9081949
SHA256 3f2316e7fb20e82df9a8b08d6169a622a89808742806adee2e4d89885962357d
SHA512 67258cbaf9f46f1609cec9b87b7a577f855cde9c8efafa3d835a0d18fb3903fcc4733489bf81447cdf2c0a55701d569a75f11a81865dab8f624b722e76b7c674

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js

MD5 3b4d4e8ca191d02b68e50695e28708ea
SHA1 5c9c1dcdf89cab5a966e81ca1b24eb4a19249442
SHA256 e5a031919743e9d409ec517f20bbe9ad17df881e96e58477d88dfad65451a45e
SHA512 5b14a8f310ce3dfc6c297242b6d70577df0089b450edbc9a777a247f9e9b56c10c677be14a841ebe2ab99720bf71c385a2491e6a9522f934a226ca2695feb78c

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js

MD5 50c3a734036b84685a15d56217207d67
SHA1 1893de2684072a3a2961337fa9a9b45a52c52c0a
SHA256 171990f108cd5582f83432c1569f2c3e1aebfbfb159599f4ff2ab693c20a8f78
SHA512 3aa037d12cee7cbf51826fb3e2aa87b4543dd62f5ff5f2f8915128061c07472304601766bddf949647c5ca92e8ee768a77139bbe91bdfaaae99dea4405168ea9

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js

MD5 c76137400fc37368bd39937cf977cb0d
SHA1 5536a952e210c1cc05447e36773761ce6502e4db
SHA256 444d9757ade301f497f8ee10002a88965ae35f0a061565e3960f625e975b253f
SHA512 adfc2d38178ef55c4bda4e8cca14253877d84c5c80438d8569ac313a0e5f33bdaff5f7fed8214cfc9678d1ce3f39b34476e845336fcea35f57bfdd7e087ec0d2

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\sentry-cli

MD5 ec767881662038aaab804d833c9115ba
SHA1 7cceeb3fce8e429a9c78793bf94c23eb78f2406f
SHA256 e1ab2d6bf031e3ec632b3d336641615a65b0ffe81208e420a7f8010c2082574c
SHA512 6914e25bcc6c5227d454ca86f4008beea0bfd046e58a54e8fb648870aacc69cac3e783469b3fadc8edd1412ebcaec6fc1eaa43e2d5fdafa16774397849afa92a

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\package.json

MD5 7d01da7bcd67b3afcd10abe28ec99e7d
SHA1 2e89bb4188e8a4884230b1877e1fdc0fe9ece7bc
SHA256 d608744dd510ec583b510feacf5516deaf15e00ee39627ba93a5122d38ecbac8
SHA512 db35eaee6b6a3774c58704bf3987872733d38bd82a807b49a524ce1cdced8b1c141699f0bb7a340b0a092512404ac9f66ca096a2620a5aea9718b947ca5f743e

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\LICENSE

MD5 c2710cd00242ca7d7bef0fc98dbbc7f8
SHA1 ba49c34590b171487fd5e383ca28632f551865e5
SHA256 9503def7b54ceb6e3cd182fd59bc05d3a30d7eae481e65aaba4b495133c83c14
SHA512 1b8fed37b379cfaac4e67e4ae0d0ae1c7e8fdd5178f1e9a289b646c5adb016c68cdcd743266fca87bd37bffc0951e0b9ecba8a57f0600a7dcd5cb52cd783637f

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\checksums.txt

MD5 54ed1f1dba1e850bf3c8b617e430064e
SHA1 b56d6592db95dcfa850cd12d5b7f30a06b8e68f2
SHA256 2d023ef2cf4d2367b795c6e91f0c021468df1ba2014cc36a635104e56e00810e
SHA512 dfa867c16624b1389a8be3410930140e917819bf3817a7bfd7b4e2c8d34c7ec13ea8f73a3386ad51a22b0a9b6eb47dd2a8b24faa3bdbda4584ac0149cd6d7c91

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\vi.pak

MD5 e0f7f3d937afaafb03fd0ca59ef36eb7
SHA1 42792e176f8a048490bd38509831d5df120d1bfe
SHA256 c27447b90369ecb2ac7d78c841996cb054270b36defbdf316129e0fdd8a80430
SHA512 ca97ee205cfe193e179cfed5e95a801b5dd0e7d819642e8c050839ea794768f654ec2da23c42e9b73efc9a110c41c976da4809934a828fee5cd4d414d83501be

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\ur.pak

MD5 d85cb34c33a95ae444d49ca58f809b00
SHA1 f85c7c5c1a5f4b441fb70436f100b02907711608
SHA256 710f92ec980615110dd4ee66900060e2fbbc14dd2c42dab006c690ab3c23d520
SHA512 020ee46802aa3da1b5ac04dab7f97d72d4c04f54f7add0b9744dd95af6674ca35c8c1479dffe0fa8ada3235f72abd8f97fb5d5a5ce782701fe99297c289faf5b

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\uk.pak

MD5 89308cc5a533b72348de2a14962230eb
SHA1 b955cf0c6c34632119fa73d0e8558d51f28407e0
SHA256 177e94b0c6eca37a38cabfd9d52dc3f25f15278de1ac0ba1c81d0c1ce4a194a0
SHA512 d4aa5f695626c4a34ecb1167a8fdc438f06a9b22ad80bb1f89fcc23e6424f5f11f320cd92b7a25bea103a72d23fbc8943758bfd797d8615e734aa0ccda9a7b2d

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\th.pak

MD5 4d33f6f44edcf206f2408120f507b1c3
SHA1 52fe9f58177eecf7476ac8f827580504210470e1
SHA256 e1d9feef119988bd7d3800cc318eebc92e0d00b902558c073d634052a97434a4
SHA512 783b4a09ede8dab551da6a2f686c382422b3b2ad2fbf806fd58e99db197c2e2a102deaee3529f819be822c76b021049730ca3885717bb306e4d575c954e3b6df

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\te.pak

MD5 20dfde107bc16af8f0e0c2b9bb082582
SHA1 0460238f1fdbdc466798da0a65707f02b3884470
SHA256 9107dfb5184dd0e3c5e5b03624b30623eb9a508bb4dbee93a5b14d8ed112fbf1
SHA512 fb2aece4679c479e0e7eacd5e967da8846ed247e833b90711ddf26f30ee0be4d161ca2549f8656053f7952086adf9810bffb0d2bb13bd8302fc4eab370e984e8

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\ta.pak

MD5 abf95e05d798043abf4f2f514c0517a9
SHA1 b8c6c1cdcbfea03fb106c7a44385a3a8e6806aa6
SHA256 9cd624a97493282afed3b9b1e848b12639234fa54c04b22128169924f9c92777
SHA512 aacd7439df84ec76a3d0c69c39341b51031b66b24be53c87f3ffbced989b38fee416b19db2c3b36904eaf88f98b24e1e26f070bcc8dfb4ecc99dc7bb6f6b911f

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\sw.pak

MD5 c7b196938b6c5678d58ced6dba76e77e
SHA1 5a2da5121689b6d216f4757f0ea97118b43c7316
SHA256 bdd5f68349e39363558b3cfb6b0b7daeca53cbafc464009f32e96c9561fcc95d
SHA512 67ac24e6ab2e9ee5a6d69d62cebcf4e8af4b0153fbae9c8f400be490841a41532468cae81840431210bca49daa4e42b4a7f4e397c67d563f954cac9b6d151940

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\sv.pak

MD5 094d69544816535e4d040ef0ce923100
SHA1 5891cdc73bc4c112855d099ee112da0c3e9cea81
SHA256 110112c2f7ff5d3c8599036669d156e96ec19e70515fbba3bbcb2043ab994680
SHA512 023037077a3482a3bf2ac076b5c00922d7039bfc2098797275465138142fea0f97c1e003f77de71b9ab88f786b7401182618603610c51f634ad17a123faf5bd4

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\sr.pak

MD5 4d1ee9487f4ddfdc4471366d3965293f
SHA1 4e53084fe0d4bf4f46ea980f7423787084152ff2
SHA256 b75a222db70c3f5734a75042718da599881d5e84cc52b332e9162f78b32f4819
SHA512 a44a448203cc9388d8df4c39be9db5436546fa17add0975c18ce01ea0a5cba142692660ce6efbf00699793ca98af8e392e41a07dcd9c183fe03414574389609c

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\sl.pak

MD5 1b02b0834b8bbd12a77f7fff09e1d81a
SHA1 1898cfedde55aae307f7578b88cb0bcaf61e1d52
SHA256 b36e1fe2405cc4b9f34587e30da2feadaa6f03124769b02f79333adacaddb49b
SHA512 b1006053ace6f8842e9436c94934b2e7d1b502e3df9ecd1fe59ab39ae35e69e8f0dcff8728aee2c35a3a1eb7a27f0146d6113b4de0632dbab20eb0a37942bc4c

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\ru.pak

MD5 889741dff13d1d4aab592aef1307a949
SHA1 f0f6e30653418cef5f01c7e26f0a21f198fe7da7
SHA256 19b6d6f490b4b7b0fcfedad0f3b7667b3e6cf226909f995dca2398addda2fe8c
SHA512 473ffd82b7fd3e7374a4587f2db30eb09461340e14d20d54cb3dcafac08e316e88d9fe2803fc5a4084970bc69e39a5fc8d06e8967f0949eabf26f436ef43c42d

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\ro.pak

MD5 6805d8f53fb301aa1c70ec9886df8769
SHA1 78cf4ca5fd24ce88e912c172da308bb1cb6b1070
SHA256 a322744798d3930738fecacfcdb5a474a4de656aeb363f2b2f11503e6333801b
SHA512 ffd82bd9070200545974a4e02b312bb9407b881fba126c8151f5f5feb8314a8b9f7a4349e4061a1ad41a71c6f03fa7ae52016ff2fb2b094c9732e7410e562dd6

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\pt-PT.pak

MD5 446671881e8266ff7a625d36e75c1e8f
SHA1 f4600e32d359d2af354a609e48e36f0c917c6dec
SHA256 1c90b118fb760f6acbcd000e908a390ef4687447ba72003cf42fd998b4d0e239
SHA512 da370bf9a5c2959a51408e4eb98e2418a82a5f0d04b230f01e229fa91c6140a294dd85d445f0a58b905e7598865c46608cb2538a23c0388f3704816b5f1e36ec

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\pt-BR.pak

MD5 cac1e9d9f5c4308aade742d031655778
SHA1 6885063c4300dd41e81eade47158afcec3208d46
SHA256 feca01a4f67ba8c4f19bab7e4c0d06fa41c28d23abe464b4b9175b207505111e
SHA512 bc719c4874dd77eaeae9961b4774ddb3b31eb3e638efb862634456b46d3bdc7aa2082b007d4c9c10481883cb351f8418ced782068d3498f2b117e6e15394557a

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\pl.pak

MD5 cec7e878f86c3d60d9b37a1bf9e1c792
SHA1 f0deab58aa38a4d925d742b895675355d6dd367d
SHA256 2e9384816d17eb39240b0b26e93caa5bee232836dee6384f76a4c1ba98dfc734
SHA512 657406d7cf1a531b52d74063cfa46c90349067f02eb32a9447705cb91301bff3db8dc600ae667f5f3e60927c55dc30b29ca8990085cde8a76cfeb236a07fd93f

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\nb.pak

MD5 2c049b857245143dbccb6da34140e0e0
SHA1 c46365eab7de55a09f63f63d454d27a8942f5073
SHA256 51ad51f7b864ec66f1d26ccda649d7de24fde452832ad536d10618213d649392
SHA512 420856c2424d0b54130871f1b507341486e3fd9be50b95fd6b8ee61cc54c559820b4dc338b735e6cf2e564c0c99a08b1d972dfec55d836254b119661afa6f359

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\ms.pak

MD5 2c4056d84b980267faadd69d52c17086
SHA1 3b3c5fcf182d86a170c8f35c041bf3869a82b362
SHA256 163eb7ba5f0c61acb6443709c24e38ca6370a33f89a12e13d0a57c258a87ca16
SHA512 47285ab42b46cf7d6556eac2a8f7afb9a9c9abe8cb026fe847b2504e4dbddd481a98c1ea959c74e31f195ecdbb618a3d93df8f20b797411a8bf2b3856fc9b963

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\mr.pak

MD5 1c25ee980e9c7634e90c2b1111a2d164
SHA1 d1344caba555bf39307a4e88d491ea3f8c439fb8
SHA256 a769f502c5f745d97d710950add0d069b63d6ec328269058c5c668fbf0ed9117
SHA512 28c111f0ddc13caf701402bfac8a903f0918afb0022c2fabfb21b07072c693df653991d41d0e726fb8619ef05c159b2f8b00ce6b42088aa2f59e1eb1dcc1673d

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\ml.pak

MD5 d7b31f00e4f650f40e10c2c8379ab7b0
SHA1 da94e2b3fbb935a9abe76d080e0f85cbe631cb16
SHA256 6f203a64bc4766cce23ba6ff5756875b450e945e894afe471d998bd2ac71dbc0
SHA512 f18e2a33047355007c3b4b3c1e41455812e38a1b10f37614b2d0e391664198dc89a5244251bf56348be596659c9e733d75f13d9808066d78172a0e3540b01896

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\lv.pak

MD5 efbffd8c85df4a3a1d190f1f50c0d82b
SHA1 363df0e02fabae4339d90e3daa2172576c355ab0
SHA256 af1f3deb4bad0a8933ac9ba122557901061518a6bc41cbab129b3a1a17362bcb
SHA512 ce85ccc9f81d6b7e133032cb9ebedd6f9980a7b74f1899880ce36170480519a6fc6f4210e231d8715021916927a2a7a0aa8b8878d9bd938fbc7bd1b624a067b8

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\lt.pak

MD5 f40e916fc2e1abbff97d39964250d0e2
SHA1 957a575fa4b0cf406201aa15fc39d84911d66ab9
SHA256 3f380b4772aa391ae562318247b7d981d7ea128cb41657c25a9bfd1052e698c1
SHA512 4b113dbfade34023fb899351a8e7c2c08d6818e2867b8ad572229f4bc2fb97b2228d1403f6e8d3cc0bf07c71b452673460c0587de968265afa53dc6669ef7efb

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\ko.pak

MD5 fde2b0f2a810a2d853a46bda17d452f6
SHA1 8a04e5473be00bf3dd80bc44eb5e0196f4fb0622
SHA256 70f9b65c9b554ac64b4e690c77bfc7a524c4c483cc063254bedeea20ee437d15
SHA512 60f6dd69b7ed889f13ff75005faf8a836b962dbfbe01a654d227dd46b8d6beeab28c7dcd69b447223cefc197cc629b1bf387d3e765f3234371f745d3dcd44242

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\kn.pak

MD5 ddca808d22cee754c4a1ea19a8a72599
SHA1 810dfed70b25d77fd4bfdf2ef20ef61df92ab3c8
SHA256 0b46baa0bdf16ec57931de7db936ee66c3ec2522bc625dfe14aea36156bebc71
SHA512 56aec4484f853b9c1f4a1ae2f68aa27b04a84b392c0ce3bb7c1669edb1af74a8203a0762b160b4a64833dad084658168f0d052759c932e6ff990031d5b9784f6

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\it.pak

MD5 cd02051650a0e8b16f103a00fe9306e6
SHA1 0ae9bd2ab6d45108ef90bed506c7c3669ff5bdc2
SHA256 469ec834f65f1da6daeddb618a709abbd881c22108455fc02839722fa0e337a2
SHA512 efc34728509dd31338eb20842fcaa720a613687d25b33313c7afb8c8c319ae28901926525adf7c3aae344597a3ea205468767f3050b2c83e640f641640f9c2fc

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\id.pak

MD5 0d3851266ed3b4e07a002ff2bf5379ce
SHA1 1ab781a9279c0e2c66f698540e20172779e43750
SHA256 fe417319039aaeb4b2d29b1a3bef21ef063a5cef6150740f8c9f7cc6d0e889e4
SHA512 ed12c7d51763a9e17db8e41061f20e8f094e8bac3dbd538949bec3c472eb4030e3cdaf4848bb0590a5f2d924cee76c289634d2be9bb18cb6c44a4e2e8c0f5276

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\hu.pak

MD5 2fef83993a62f73f8e4b40a6e28a085c
SHA1 8bae181f3eed8d5ea8fb0f912c679e608ee7c008
SHA256 ca4b4c7c7be45ea0871abf7d5668ab948f712a02facdc1d6bbc189b1b3522446
SHA512 6eed29acd38b662f62381a5c00ebfb254915a57de6fde8e6da77f60dffd13d4846b26b1897d710ef852bcec5728a4460becaed2367f1a06a066da77521701324

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\hr.pak

MD5 3d5f088d95b854817af4061420a7a9a0
SHA1 8ad81851ace5973972d80687024460a6e93b81f3
SHA256 3920c973ec7c1fd32a382dfbf8c3c3f80c89979aec1d4089ed9bdf5912818538
SHA512 23725a69d73013ce31bf767820c8a985541c92aa12239b0051c6368fdefb6bea713ed3436bd808a1ce0c672b66e8076dbfa01aafcbc58f9dd44e5ff11c5cf07b

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\hi.pak

MD5 72c3854d7952a6f980bd723d7f85172b
SHA1 b4990d41dc295eeffde76c2f01954e4ca366eebd
SHA256 d9bf8e36abdd922e14c2d151278e60b3542d4a95c296ab95ebcc999214aeefab
SHA512 f752910176ae7a8598f7a6b67c7c63409d6629f66276aad72abc9b15a5b3dfe94e8fe31622b7fbb42e1355cbc4a6f7fe095f3b9fdfab93763267f05a9b809719

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\he.pak

MD5 f28cbdc222c1add9aa3d02a80610e336
SHA1 0ef40078e53b2a9da9d8bd17852391c56bced8a7
SHA256 2083581fca2ee89abd9a1f932856037ed176f58d22c2f7ae997637f501e073f6
SHA512 bf62f81c4e12325fc8c9f777efa1b07c5e168424933e927a7a8b876dfe4ed5601bafab1b7076792fc519adfa58119cd491e73f4bb3867474ff83b275ccc492d5

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\gu.pak

MD5 0c33e2a35eaaed3572f31e7b24d4493b
SHA1 278498568109ea7d6cb34c634316f95b04155b64
SHA256 0f0fee8a2f22f80a0c4a758e7f4fd90d40be4048dcab0d824135caa5e92efd5d
SHA512 4eebf9be5a8c317d2d2e8e9b1e607774f5c7c35af7d8bd6c80326fe3c6e2e05089f04485eedde8be8c7b71a7b49e407289f361361d86802c0463c5b6b296f2a4

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\fil.pak

MD5 2e6a6728bd5a09339ac01a38bf686310
SHA1 619e27f30c99eff8f2df3ba2287c6f7fe0b5b063
SHA256 e8f03c2e9c88adb04648ef93f9ea3cff87641638ac97c9a6752b751e7f7a8a20
SHA512 0452ac74eafcf971265de92041659c006b5e559919b895b41795bb1307ee7c302e873440b006485b7cffcdab0f6b908a119683fab40a664d5bf3591239427c00

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\fi.pak

MD5 f87a1ccbcf3db6988e95e94333bc5a4f
SHA1 e85f8446eb74d8bd4318354ec98135c17afe3248
SHA256 052a72c9d6f2bb55f02fb1c5c4c68525a32b8cc9120c270d07d7b813d604f7dc
SHA512 c4a7ee0552b343010fce8ceeef70620acf672c9ab56fc24ccfb88abdbad23aac4cee65c8b241c594b7ec92d0841087485aeda583d2e887cf4c823a10b2e7cd3c

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\fa.pak

MD5 78118884dba6734d242d9b6d05387d6b
SHA1 f6f378dd43f63f10dccc28abc4174f8e1e61377f
SHA256 9b04e80533e622f12171f71f1fd6db34be091624ceda835505750f6cea9e01f2
SHA512 7314f85dc7df8f115ceab0c47e3bc695ef0bf613b13716d7624d529267f8883e4ed648af7ac49fbbf62f75b6daff074003f2b25a1ac351ebb16140aaa8de7918

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\et.pak

MD5 ccd361017778964de23bf1d741cb888a
SHA1 5b0305538762987901b7a8332635f3d7996c09dd
SHA256 41883af1e49cc180fb48e02659e75b0169d974d77373cf7bb2a4ea02dd654e26
SHA512 a9d7c99c07229d382e8ba7cc3199bc66fc39df5fd9b58e6a76e423b865f8c05f53398125a17a20c27462b2db595f3d778b4d94b1853121d8447b771f9284e5c5

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\es.pak

MD5 5a37b7bca4b48b2c10c1ae4ba0e1cf2f
SHA1 1a44fcb25a32cff1701d3716c768d68e4dc79182
SHA256 2366e4cc45f679c7729fcff5d3f81d575cf0fec363f2ef78aeef21113dcd3372
SHA512 dcdf48dc362357a29a5cb99a0036b65d892c6172ed1e2ea74e1f6b06aff7bf16f51f1f7c9cff30c49e9cf17367f3eb14e9a743016ada6e24e47744f5ec60d1b7

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\en-US.pak

MD5 06d28839ea0b3aab4597ba8646a53a96
SHA1 9c6a74aae8c783546d613c6f38cbfc8f5e3736f1
SHA256 69c1a2e1b30d83612decf1a8dd7b124a04f58e9f2465876726f02f7f7d5eb54a
SHA512 a432542dc98795ce0ea6fa4a6bbcbae8ba126f1fda025a9ad6ff3fa67eee85dcf7afc6678f5100bb1543c4d00ac75043ea92e64b65c9ef6bd946ce3dc4d5ae71

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\en-GB.pak

MD5 14a08302406137fd9230e34f810ff93d
SHA1 1ce0c7e4376c9997745e829590ea84bf4a582f0f
SHA256 0641568b90623802a4de681ff9d02aa2f79c74c1ddbf1760664f2633834e649d
SHA512 200bb766298c8aa5d82ddbd80e8340f37b067313820e302fe88994b5dcd1212db93560e79a5047616313c495f79ee50a306036ea2e04b317ab5481afc8c770fe

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\el.pak

MD5 33309b3685f75753aae6316b8d4aff8a
SHA1 4d53b3f62f020e2556bbdc4aa6adc050fee36d96
SHA256 795baa943e85a4c4b425163c7a27f08fd02a825e41387e24330921bca2a4a35e
SHA512 bac0dbe03e4ad63e7ff675481acbc29497dd2711e9b06f17c337c05d40aaf3e1c9f71e8221fd2c0a1dee9ef790fab12b3a070713cc89a139a160b4fc33c10a33

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\de.pak

MD5 169d036fc78554a8011c72644d7c8129
SHA1 5bf6df20d0f4383c1162e787d019e822cea6a87e
SHA256 5883c8b60f43c5e12437eefa5d74dacf9c16e6187526df74a53f2eca9e6f3d62
SHA512 e9bb8eafc47986063892070ae57d6da5a996d68b2c2460f1672abe4e047628b50410cdf72d627d38e15abea7647c686bd30bd7f80648f1058f9a9f3b7a10309c

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\cs.pak

MD5 f311807c2f5db6fbdd8f513f660be938
SHA1 f5ec379b83e530e67ab44964e75aed409984dc03
SHA256 60cad724b1fd9820fa6ed7278b61e65a410255abb0335eec2e5195147e827939
SHA512 8dfabea5b46d550877bdaebebbd0891b72d47805396de827b10c30ce13545ea260d6b22eb653e13b215d9581e3da8ea20e52b5dbde2f0767bd75e1974606aaaf

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\ca.pak

MD5 2cddd012546caf0aed6775cdf5cfdee9
SHA1 cacce951770feefd1bcf89de5be97bb39606e7ee
SHA256 02d60b97f70c31f5c5003108321fc3ac3c79bf39a36392c3adaf7735b9cc1c1d
SHA512 b75d9b2946b11b9fc7430c5773835422aae6e716504d7841c1b08413ec18d454d9d6faa5ed63e19c59ab2e1ee919822283fd7e21a97f54482685d541e4dd2519

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\bg.pak

MD5 5f629042a1c501b290eec5ea3fcc6779
SHA1 d6b304838630bbbb375c21a0e6de3e1ea600ead8
SHA256 571e87f9c62cfea2a2303674f93ba879d9b899afce4dd7e47ddf5e6781b7d4a6
SHA512 e30f92453bed2dd0cdd5a2a2f70d1e240e983b0a65f056a9623295ed01e9a87869706fc4acb40cb79ffe7c60f5121a95893662c1d0299c0a585b8ab75888c14b

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\ar.pak

MD5 7c9df38ab75162cb7e9b361d7c76abb2
SHA1 7f5660e4fe6ef3aafb1c12ea4de6fc39b4fa6324
SHA256 b9ad29ed41a589fff497d8d536789a616741b4947ec673f24804f9fac232d1e3
SHA512 aa071440d5d422ffb94128eadb58c2d9251bd5f4d89e7ed7f987a996e6fdbd53d7eaa91b5b504f029fc9cb4cb9b1041bcbc7b72541c0b25f0024508a29e6307d

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\locales\am.pak

MD5 d3f48b60620c5bbe519db9c0cfb634de
SHA1 7b54a0bf25b2ecfd78c2ad7dfb6f6a09bfd20abc
SHA256 1974de0984976556288a4612d5f38fe0ff21e868bdd877ba5d5fde3bb4c9e36d
SHA512 279a7c162e53b2d4e7a92a57de3ce3c919cd9a9700595af6a26ebc53f925773127656b2c817e91cdead87c2b1f5dc00bb0b134d6d51cb083149d85598a2d5b85

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\resources.pak

MD5 4e87f6a2c45788e9c7627fabc66c0dc7
SHA1 dae2e629a4c220f164e03df2b3f3a54fe7e50536
SHA256 cfdd2ee957eef2e1a90572ee1b853f6732275f1008b3cdae54940d559f903a0a
SHA512 4c3b7d9b9acf0f36be1b263d340cfabf00cb3d88242e83324f96618fd0342caf4fcc7430719029ea623cecae0487a56b224c0fdf9817f62e8f04098dd54f54e4

C:\Users\Admin\AppData\Local\Temp\nsu2869.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:38

Platform

win7-20240705-en

Max time kernel

1213s

Max time network

1219s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1592 wrote to memory of 1636 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1592 wrote to memory of 1636 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1592 wrote to memory of 1636 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1592 wrote to memory of 1636 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1592 wrote to memory of 1636 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1592 wrote to memory of 1636 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1592 wrote to memory of 1636 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:41

Platform

win10v2004-20240709-en

Max time kernel

1801s

Max time network

1786s

Command Line

"C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A

Reads user/profile data of web browsers

spyware stealer

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe
PID 3236 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe

"C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe"

C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe

"C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\FlyByWire Installer" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1720 --field-trial-handle=1724,i,470658672605713037,15539491913575610431,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe

"C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\FlyByWire Installer" --mojo-platform-channel-handle=1992 --field-trial-handle=1724,i,470658672605713037,15539491913575610431,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe

"C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\FlyByWire Installer" --app-user-model-id="FlyByWire Installer" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2224 --field-trial-handle=1724,i,470658672605713037,15539491913575610431,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe

"C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\FlyByWire Installer" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3176 --field-trial-handle=1724,i,470658672605713037,15539491913575610431,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 38.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 cdn.flybywiresim.com udp
US 8.8.8.8:53 cdn.flybywiresim.com udp
FR 143.244.56.51:443 cdn.flybywiresim.com tcp
US 8.8.8.8:53 cdn.flybywiresim.com udp
US 8.8.8.8:53 cdn.flybywiresim.com udp
FR 143.244.56.49:443 cdn.flybywiresim.com tcp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 api.flybywiresim.com udp
US 8.8.8.8:53 api.flybywiresim.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 172.67.216.92:443 api.flybywiresim.com tcp
US 172.67.216.92:443 api.flybywiresim.com tcp
US 172.67.216.92:443 api.flybywiresim.com tcp
US 172.67.216.92:443 api.flybywiresim.com tcp
US 172.67.216.92:443 api.flybywiresim.com tcp
US 172.67.216.92:443 api.flybywiresim.com tcp
US 172.67.216.92:443 api.flybywiresim.com udp
US 8.8.8.8:53 flybywiresim.b-cdn.net udp
US 8.8.8.8:53 flybywiresim.b-cdn.net udp
US 8.8.8.8:53 51.56.244.143.in-addr.arpa udp
US 8.8.8.8:53 49.56.244.143.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 92.216.67.172.in-addr.arpa udp
FR 143.244.56.49:443 flybywiresim.b-cdn.net tcp
FR 143.244.56.49:443 flybywiresim.b-cdn.net tcp
FR 143.244.56.49:443 flybywiresim.b-cdn.net tcp
FR 143.244.56.49:443 flybywiresim.b-cdn.net tcp
FR 143.244.56.49:443 flybywiresim.b-cdn.net tcp
FR 143.244.56.49:443 flybywiresim.b-cdn.net tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 42.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 21.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
FR 185.93.2.248:443 tcp
US 172.67.216.92:443 api.flybywiresim.com udp
FR 143.244.56.49:443 flybywiresim.b-cdn.net tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 248.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 171.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google udp
FR 185.93.2.244:443 tcp
GB 20.26.156.215:443 github.com tcp
US 104.21.83.69:443 api.flybywiresim.com udp
FR 185.93.2.251:443 tcp
US 8.8.8.8:53 244.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 69.83.21.104.in-addr.arpa udp
US 8.8.8.8:53 251.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 104.21.83.69:443 api.flybywiresim.com udp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
FR 185.93.2.251:443 tcp
FR 185.93.2.244:443 tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:443 dns.google udp
FR 143.244.56.50:443 tcp
GB 20.26.156.215:443 github.com tcp
US 172.67.216.92:443 api.flybywiresim.com udp
FR 185.93.2.248:443 tcp
US 8.8.8.8:53 50.56.244.143.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 172.67.216.92:443 api.flybywiresim.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 8.8.4.4:443 dns.google udp
FR 185.93.2.244:443 tcp
GB 20.26.156.215:443 github.com tcp
FR 143.244.56.49:443 flybywiresim.b-cdn.net tcp

Files

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\config.json

MD5 d690d09a0a9ccc9b74193f029a1c6c14
SHA1 a4e1b747fdc2de90ef6435ffcc4d4a7fba1a3cf6
SHA256 22874e5cf0ade327968d66eedac3979cb3f8e154f49643c65910f3fe7d8e8e57
SHA512 badd757823f88078b9cef865606223d11b971b43576b548c6f7128caacdd8c63139f9fdb462598a99dba93462c6f2e25d328e29079e84f274ef9c10317514502

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\config.json

MD5 4d20b56f9d468c90eef20d0028ed46e8
SHA1 ef29f9169208f4d94763d4bd7078f5f39c4fc24c
SHA256 637e6f561a356325f1f023709e480949a8434368cad1d3bd939ffa97199ca30e
SHA512 686595c27648b6639b9857c754a7473435809d1179a42075eb91dae91b735dc502b28885cd601a356223e3590c53ea8be40b131dc6e8a5684c8f7fe12f405600

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\config.json

MD5 47831bcf61948ea19968009247dc49b8
SHA1 056b2b5a25b7628adbee6c445ae6f259c376aa2b
SHA256 024f282743c93e9ae6f241b539888c04bcd58f2bd39f12ad5c263909f2cb9fe4
SHA512 c885c608dfe5d537b532d8f516266f678319886998dddfab751dceaabbd6f50b681afbeb480e565760e57d165429576ffe5fd6b6031c31ff6fd2c79bf53ba2b5

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\config.json

MD5 87fdd4910669ca521496207408cea40b
SHA1 d75c23632466a81b4e915ed8df525e2ab217bc92
SHA256 a5182d12cf7063fe63f0c794854b961c14929e34a7f8aec4871734c7fccd20b4
SHA512 d7dcfc791a7d99cbc616d70e063a04a41978623594a1fa68f0ec20732be31e1653c2423442a67ba0dd3e8a9dd95d42675d450814654b0cd1bde807381107ea3f

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\config.json

MD5 6d771fbd10c4dc1866df513cf3d80854
SHA1 2872449257a241335fc91ddcd73a9f6d6f52bf08
SHA256 c9cdbd088b4e6a41f554c5719a90ec2f944caf0cdc6c0c300d9c2553fe12505f
SHA512 55d1e276e9eeed17dafb4f0afe8240c448a894a1e81de42d3bd8b04e15e7e3c4ed153346ee2b92a121b8906b996d111fe11a1a17edae8604952df506953cfb9d

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\config.json.tmp-12470908496b821c

MD5 7a0db45da14af265aab112258cb3bce3
SHA1 2d5925b8f3c7c1235e93284fa4a5424596b906d6
SHA256 9aec3855fea087f7e1902568a590618f7baf9d49191b54c8da2f93b1a2681304
SHA512 549dd84ab8d588c9685a9b791c2e1b7cd28c5b3e0a46992a3c97c9eaefaf4684d2eca23324a238f9d5d8406a9e8d5f356c249ce41114b083d8afbf2dac71ddb5

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\config.json

MD5 3ced43adc49ca4f4c6744c3ab51564c5
SHA1 60470cc4d32cf19535cccd168aff08fa1ad5e027
SHA256 49ac7d11ff32a6acb3ac0db2e75c90b8af4c55f695fbcf8a822cdc90a7bb36eb
SHA512 9cfc1ea62b24355dda612bf1c9ab819a4ac3064dfa0b9cea3d271d3d2385ad7273c8204bc8c393b5e078fd8107373bc101057a505b87517a37eddc00998fc1d9

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Preferences

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Preferences~RFe57e465.TMP

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\Network Persistent State

MD5 dc2affc3c9b3abdfd9bac20bea18fada
SHA1 8ed9c894264172b5c06234ab92b5cbb8dc7ab06c
SHA256 dd2e870f6a559e90cba80c544106ad00443cefa2f76da0d80f081ab6b1348239
SHA512 9de8bbba06739cecc95dffe1d48eeb3942ae7aa3db669ab1c24c6d900f664443af96b3e8778a3ffec659bf277f8dca5b2de9cdcc5380f27cdcd90185abe57cd5

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\Network Persistent State~RFe58ceb5.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/4548-238-0x000001CF9A590000-0x000001CF9A591000-memory.dmp

memory/4548-240-0x000001CF9A590000-0x000001CF9A591000-memory.dmp

memory/4548-239-0x000001CF9A590000-0x000001CF9A591000-memory.dmp

memory/4548-244-0x000001CF9A590000-0x000001CF9A591000-memory.dmp

memory/4548-245-0x000001CF9A590000-0x000001CF9A591000-memory.dmp

memory/4548-250-0x000001CF9A590000-0x000001CF9A591000-memory.dmp

memory/4548-249-0x000001CF9A590000-0x000001CF9A591000-memory.dmp

memory/4548-248-0x000001CF9A590000-0x000001CF9A591000-memory.dmp

memory/4548-247-0x000001CF9A590000-0x000001CF9A591000-memory.dmp

memory/4548-246-0x000001CF9A590000-0x000001CF9A591000-memory.dmp

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\TransportSecurity~RFe5c7cd8.TMP

MD5 754b0fe13ffda2b0f181fcf9890d51e8
SHA1 67216f5a1e1ce87d541182752f35ad570b6f074d
SHA256 a4e175fc48d5db90a22bfe8dbaaf799dc33bf2bc1b006c6bff6e30c41ab9c2d3
SHA512 4fd94f2fc8683f7a0f12f61b6eded10ef15509a7e14698701a9fb8d6af1ebbe539b0468ea9ed589609c7a8b5e0a15454b4836a4bb8daee81873e420ae6e59907

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\TransportSecurity

MD5 f592f7d3ba8d03797b6b786f620dbe23
SHA1 cbd3ae98f2ecb3c006b4e40423855a7c629e9041
SHA256 8c43b3483a6b18a849659cbe6ecd6616c1db2e33058aa19c3b82986bf87c8486
SHA512 48c6164ed159732ecf2af929b2080d6c44e0a197aeebc715df15d83a2c60f6b9e66a3a321576146963a048c61b15e214a6300c195c9c236dc6fd2bfcbefe4bbe

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\Network Persistent State

MD5 1b1ef6b3999b41fab5a117651797d276
SHA1 97160bd391b63fde3818b7b9aa7b1e63648f4b7e
SHA256 9e4674aa58b31b4a7ebbf5129b8890f1f0a046567637b0d78f7407a36c0b856b
SHA512 30e8c8c56b18a8b3e985e821eb6d70fe965721c0051489d4cdf0fb301f93962d88d5cb06c0ad1bd5c0d1fdddea591c03a607f0c2648f6657358de5b7c1042e36

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\TransportSecurity

MD5 d2a2de5130f23883630171b1a4ebc221
SHA1 799654e9d73fbf6d16c39e808188b1ec56afdc19
SHA256 ed2242629d3166dbb004852596631c31a57b884dd2f6f2fcf0f35fd699918cd1
SHA512 bfa46ba297dda7b581bd9ec76c38fb469388006353c3939d9b861e2175a4c69297ee1279b77bc2e2bdc7331aa7cd729bac3e299a945c4e6b030636bfdb44cc87

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\Network Persistent State

MD5 ac8adcebd4ab7106f3d3da6c046e865f
SHA1 599c1b3109df33145619d7e5f62bc951333098db
SHA256 4b222ca4f19277d95c75dd5ee670e2f658ce4bf2c5f5332604c415789dd9d520
SHA512 ac1f8155093239f956e2ec8c523369334d0986d9b2cd25f03242316318ed15b28f8ffe7515d831027ea1969e968c42f26fb87e8232950f9d46f65f9676613551

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\TransportSecurity

MD5 5d96d3dd957154900fc0dd7dbb56fce0
SHA1 9a4e3a711b297f5cadae7b4c8903b4792ed55604
SHA256 0cd3c472378dfae248675b418079d6b476e05f4516d9854d658723eefcc483fa
SHA512 b46a3f2c62102cae3f598a852cfa1b3c96ebec7d189240bc1e823c83b707ce9dd74fd7b62869c403458edeab613a0e23364a0240222fc1615a65da0a42806f95

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\Network Persistent State

MD5 6ad43500e33ce3f600932e1b92ab1163
SHA1 213eb0cef97d4bf80defb6aac08a7d321facfee6
SHA256 8d3eefbd630a83d02f2e7f5242e915d68aee7c2da2180b83b074e33fd77173dc
SHA512 43d147c9af14ab3257cc5bdd4912eb190e130d889989e1f7eb475df2e2ef90cb39898b7279260d89fd20d208794cdd06f0b6d48c0d8de83909508bf69496b408

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\TransportSecurity

MD5 7d6a6102b187e56494dcb42082a2a8a1
SHA1 98a188106adf9344c2840941323cf7fa0a9e2b2f
SHA256 46d381fd4be9a83cd28ddee39af287ca3b038ab95a79a1a694ea87766ac2ae18
SHA512 38278dacf93173371f9bcf08a46b9ed85524aaf31a9fac343dab992c5851c8e4bbf7637a102e8f85d9a2a30a6ec528fa1065f41236e44652f8611c8dcb999544

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\Network Persistent State

MD5 c9fb3a254c05cc37ab4493ea84888fa0
SHA1 ca60d16bbfc02bab88a2bbe977846985d3208493
SHA256 0997e1a829df26cc016a97e0d7cad9a97f4d776f7ee71b221c217abe38e3e88f
SHA512 fe8998f293fae34d2e07a1fe645600e00abe121091f970e3aff9f06affa9a2f2f6f4a210a3a09cd9aaf9b140e122eed671e7392505e2284238455ae395a028d9

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\TransportSecurity

MD5 83f7af5bb8352c79db3a3d85acd50239
SHA1 6ae462882ffaf5d60bcfdc5150ba26e36a855283
SHA256 0c32567afc2d5be11bae4c78e10763c35c3cf8c7a125621edd8a55cafdb5e979
SHA512 32445efadbf86f902b3d3d91d7adbaf9a44fe72f8953ebe30a3b400422174154f2ee9573f9b454a47098a40a45b61b0938b1872d3690ef53f2a39ad0480f412f

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\Network Persistent State

MD5 cabf6f593a1d1ff3c481ab6ef7bdfd2d
SHA1 faaf663d32e6ab036cc53bf966d1c871e63d2a76
SHA256 322b9f5cbef076667ac119d5e4b92e330c3fe04054676444ae9a043bd200b5ab
SHA512 e226f211ef579d9943519b0a866c5d08a8449febc4c1de204e4248db02bac7facc5a12a8f974233247940facf471e3bb8c10e5a7947bf1a94f50163bc1eeb711

Analysis: behavioral14

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:43

Platform

win10v2004-20240709-en

Max time kernel

1795s

Max time network

1691s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2412 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 1372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 2956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5b2946f8,0x7ffe5b294708,0x7ffe5b294718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7133079664665696126,15451563221505635524,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,7133079664665696126,15451563221505635524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,7133079664665696126,15451563221505635524,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7133079664665696126,15451563221505635524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7133079664665696126,15451563221505635524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7133079664665696126,15451563221505635524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7133079664665696126,15451563221505635524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7133079664665696126,15451563221505635524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7133079664665696126,15451563221505635524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7133079664665696126,15451563221505635524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7133079664665696126,15451563221505635524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7133079664665696126,15451563221505635524,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3596 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 44.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 27f3335bf37563e4537db3624ee378da
SHA1 57543abc3d97c2a2b251b446820894f4b0111aeb
SHA256 494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a
SHA512 2bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485

\??\pipe\LOCAL\crashpad_2412_GOXNAIIQKYIVRANC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6c86c838cf1dc704d2be375f04e1e6c6
SHA1 ad2911a13a3addc86cc46d4329b2b1621cbe7e35
SHA256 dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb
SHA512 a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2185356e5ea09589a7583594f2bc1d73
SHA1 a82e425aa34f574c7be3ea803d51d71402d472ac
SHA256 d21fdc124f19668d223bdd570f91a55c76d2f232f51f648ed8f41669d36c5ad8
SHA512 bba70bf583a0a21755351f2b78ee0baa1ee0625a8b1c90dcb647433014bcd161f3e51ad4a43f3b48a19905959e7279582cc3a5872f87a12f7ea99b625b6d8474

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 906f2f12a213e7f3932a6fe38f7f72f0
SHA1 5f5ea8fb700ab7d8229f1e4805d6b34422fdf117
SHA256 30caf53156a7c63a871129a69142053515bf217b12115774959466c8b45b92a2
SHA512 d9df6dbc47a6891dfeef4a20a6ee32ffe6d4eba3f7ddebcc3cdbe03c23886e3209ad036fb4fbbcb3aeb868c3926306ec773c940a46703818e0126c18c05dad54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 48f0f20dae4b7602c45f0c17533453dc
SHA1 0cf43afb29eeb77c22b6e3535be70cfbf3ec7bb1
SHA256 a42f02028ae7142e4408df17649ab54c8315d6ae3e9ad7610f2ec2848355f025
SHA512 ba703217e5e94d387a4a8ed48c49065065fd7b4818a68ff79f1fb4133defdf16cad14c99260c552a96bf4a5b561311c09e84ea73a0e24976f148e107365482ce

Analysis: behavioral15

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:44

Platform

win10v2004-20240709-en

Max time kernel

1360s

Max time network

1155s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 37.58.20.217.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 21:09

Platform

win7-20240708-en

Max time kernel

1560s

Max time network

1568s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:38

Platform

win10v2004-20240709-en

Max time kernel

1661s

Max time network

1157s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3136 wrote to memory of 744 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3136 wrote to memory of 744 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3136 wrote to memory of 744 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 89.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:40

Platform

win10v2004-20240704-en

Max time kernel

1718s

Max time network

1155s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3792 wrote to memory of 3220 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3792 wrote to memory of 3220 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3792 wrote to memory of 3220 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3220 -ip 3220

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 213.80.50.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:41

Platform

win7-20240708-en

Max time kernel

1784s

Max time network

1778s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\software\Wow6432Node\microsoft\Active Setup\Installed Components C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Key created \REGISTRY\MACHINE\software\Wow6432Node\microsoft\Active Setup\Installed Components C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\SETC7F6.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\SysWOW64\SETC7F6.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp50.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\BonziBuddy432\empop3.dll C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\RACREG32.DLL C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Uninstall.exe C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page6.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page1.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page9.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\BonziBUDDY_Killer.exe C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Bonzi.acs C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page16.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\book C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page0.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\BonziBDY.vbw C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\t2.nbd C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Options\AutoDirPatcher.vbs C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb002.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page0.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\p001.nbd C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.bat C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page9.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\book C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Reg.nbd C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\BG\Bg3.bmp C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page11.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page2.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Apps.nbd C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\j2.nbd-SR C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\j3.nbd-SR C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\ODKOB32.DLL C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\book C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page15.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\t001.nbd C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page8.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\~GLH0046.TMP C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page14.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp001.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Reg.nbd C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\t3.nbd C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Options\registry.reg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb007.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb014.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page5.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File created C:\Program Files (x86)\BonziBuddy432\Reg.nbd.temp C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\AUTPRX32.DLL C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\s1.nbd C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\sites.nbd C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Runtimes\Readme.txt C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Runtimes\actcnc.exe C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb012.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page4.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page7.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page1.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page6.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.vbs C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page1.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp003.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp006.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page16.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page3.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp004.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb010.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page0.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\msagent\SETCD81.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SETCDA8.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\tv_enua.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\lhsp\help\SETC7C4.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentAnm.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SETCD6D.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentDPv.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SETCD71.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\agtinst.inf C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SETCDA8.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\chars\Bonzi.acs C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Windows\msagent\SETCD6D.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SETCD70.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SETCD81.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\lhsp\tv\SETC7C2.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\INF\SETCD84.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\fonts\SETC7E4.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SETCD6F.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SETCD82.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SETCD83.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\INF\SETCD84.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\chars\Peedy.acs C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Windows\fonts\andmoipa.ttf C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgentCtl.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SETCD71.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SETCD95.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\help\SETCD96.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentSR.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentPsh.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\intl\Agt0409.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SETCD70.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\mslwvtts.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\help\SETCD96.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\intl\SETCD97.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgtCtl15.tlb C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\SETC7F5.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\intl\SETCD97.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SETCD6E.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\lhsp\tv\SETC7C3.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\INF\tv_enua.inf C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SETCD95.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentMPx.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SETCD82.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\SETC7C3.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\lhsp\tv\tvenuax.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\lhsp\help\SETC7C4.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\lhsp\help\tv_enua.hlp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SETCD6F.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentSvr.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SETCD83.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\help\Agt0409.hlp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\fonts\SETC7E4.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\INF\SETC7F5.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SETCD6E.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\SETC7C2.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgentDp2.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 78315caf86d8da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb00000000000200000000001066000000010000200000006c391365073144db120ca5a9ca71c66a346027e470dd320050c872a395d50812000000000e80000000020000200000001bba9725e4d9cf9d93d6e7d7ed838d71b5a08afdbd5b9ad6b4099c15850f06a4900000006a9371f45d8ae84551264d15c3cd6f794d3524dfcee79d22b2876e1f5c0879b4342fde23f17b170070776128809ace43f1497c60aaed8cd1beda9794150d6d3602995b7b39fe8645f4287b2e6706bcea13d10628812d9e256536d6c66ca2b61d185659860ebfbb0e6873d16008fc5a738f9fd6ad20430b8bf38e0a8cdb87d38c9e5d994c09d7c740aa79c9371fc080d740000000a19e3ce1ee3deed34f29ef99a57708ad6e5333a480259b6b7147ac62c4b5c0166287150dfcf4946564c4552ab5edf95b23ad355f1a3297c8b5269970b58eab1f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427408969" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c00000002000000030000000083ffff0083ffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C7E93341-4478-11EF-B8BF-428107983482} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb00000000000200000000001066000000010000200000005701a1cef70ac6ad520b39ac64ffa9ae64bcb732667038a4801d70e629e146a2000000000e8000000002000020000000a5419ca526599b7316e5254e76b833586ef9955f5bb9f2e4e9d04e80b39f90ce20000000251b655ae1414686f8f9157357b758d8faeb347ac711d7439b7ad13d2bc52a18400000009e848a7ca404c215f2774c26081d2c1923bde939450a4ae3e78e8d220638706c1e3f068c34dca3c3f56ce28c742d678b0a54c4bea669e87d892a7419d59b44cb C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0f1d09c85d8da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD7-1BF9-11D2-BAE8-00104B9E0792} C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628} C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E3867A4-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{916694A9-8AD6-11D2-B6FD-0060976C699F}\ = "__RegiCon" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}\3.0\FLAGS C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{065E6FD3-1BF9-11D2-BAE8-00104B9E0792} C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A031FBF6-81A7-4440-9E20-51ABB2289E4B}\VERSION\ = "1.4" C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53FA8D47-2CDD-11D3-9DD0-D3CD4078982A}\Programmable C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CFC9BA3-FE87-11D2-9DCF-ED29FAFE371D}\TypeLib\Version = "1.0" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5A31F2F-122F-4615-A9B7-90841538EC7C}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E91E27A1-C5AE-11D2-8D1B-00104B9E072A}\ = "ISSTabPanelControl" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\ProgID C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}\TypeLib C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinForm\CurVer\ = "ActiveSkin.SkinForm.1" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3C01387A-6AC2-4EF1-BDA2-EC5D26E3B065}\ProxyStubClsid32 C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{53FA8D48-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00E212A2-E66D-11CD-836C-0000C0C14E92}\TypeLib\ = "{E8671A8B-E5DD-11CD-836C-0000C0C14E92}" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDA1CA00-8B5D-11D0-9BC0-0000C0F04C96}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{972DE6C1-8B09-11D2-B652-A1FD6CC34260}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D31-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{311CFF50-3889-11CE-9E52-0000C0554C0A}\ = "ISSTask" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F55ED2E0-6E13-11CE-918C-0000C0554C0A} C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{37DEB788-2D9B-11D3-9DD0-C423E6542E10}\ = "_ISkinSourceEvents" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\RegistryControl.RegiCon\Clsid\ = "{6B1BE804-567F-11D1-B652-0060976C699F}" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Programmable C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{916694A8-8AD6-11D2-B6FD-0060976C699F}\TypeLib C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EB52CF7B-3917-11CE-80FB-0000C0C14E92}\Control C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDA1CA00-8B5D-11D0-9BC0-0000C0F04C96}\TypeLib\ = "{0A45DB48-BD0D-11D2-8D14-00104B9E072A}" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Control.1\CLSID\ = "{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F581B2D6-E4C3-40BF-8A1E-F68CDFD8FEEC}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA478DA1-3920-11D3-9DD0-8067E4A06603}\InprocServer32 C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\HELPDIR\ C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E91E27A2-C5AE-11D2-8D1B-00104B9E072A} C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{972DE6C2-8B09-11D2-B652-A1FD6CC34260}\TypeLib C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.ComProcTextures.1 C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53FA8D4A-2CDD-11D3-9DD0-D3CD4078982A}\VersionIndependentProgID C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\ProgID\ = "MSComctlLib.ProgCtrl.2" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792}\ToolboxBitmap32 C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDA1CA02-8B5D-11D0-9BC0-0000C0F04C96}\ProxyStubClsid32 C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB61DB30-B032-11D0-A853-0000C02AC6DB}\ProxyStubClsid32 C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{22DF5084-12BC-4C98-8044-4FAD06F4119A} C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\TypeLib C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB52CF7C-3917-11CE-80FB-0000C0C14E92}\TypeLib\ = "{E8671A8B-E5DD-11CD-836C-0000C0C14E92}" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{065E6FE7-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\Version = "3.0" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveTabs.SSTabs.2\CLSID C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{159C2806-4A71-45B4-8D4E-74C181CD6842}\TypeLib\Version = "1.4" C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0\win32\ = "C:\\Program Files (x86)\\BonziBuddy432\\MSWINSCK.OCX" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TabStrip\CurVer\ = "MSComctlLib.TabStrip.2" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8E20FD10-1BEB-11CE-80FB-0000C0C14E92}\ = "ISSSelectedDays" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{95A893C3-543A-11D0-AC45-00C04FD97575}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F} C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53FA8D41-2CDD-11D3-9DD0-D3CD4078982A}\Control C:\Users\Admin\Desktop\BonziBuddy432.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2272 wrote to memory of 2204 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2272 wrote to memory of 2204 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2272 wrote to memory of 2204 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2272 wrote to memory of 2204 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2604 wrote to memory of 580 N/A C:\Users\Admin\Desktop\BonziBuddy432.exe C:\Windows\SysWOW64\cmd.exe
PID 2604 wrote to memory of 580 N/A C:\Users\Admin\Desktop\BonziBuddy432.exe C:\Windows\SysWOW64\cmd.exe
PID 2604 wrote to memory of 580 N/A C:\Users\Admin\Desktop\BonziBuddy432.exe C:\Windows\SysWOW64\cmd.exe
PID 2604 wrote to memory of 580 N/A C:\Users\Admin\Desktop\BonziBuddy432.exe C:\Windows\SysWOW64\cmd.exe
PID 580 wrote to memory of 2336 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
PID 580 wrote to memory of 2336 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
PID 580 wrote to memory of 2336 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
PID 580 wrote to memory of 2336 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
PID 580 wrote to memory of 2336 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
PID 580 wrote to memory of 2336 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
PID 580 wrote to memory of 2336 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
PID 580 wrote to memory of 2564 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
PID 580 wrote to memory of 2564 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
PID 580 wrote to memory of 2564 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
PID 580 wrote to memory of 2564 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
PID 580 wrote to memory of 2564 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
PID 580 wrote to memory of 2564 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
PID 580 wrote to memory of 2564 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
PID 2564 wrote to memory of 2680 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 2680 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 2680 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 2680 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 2680 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 2680 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 2680 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 1688 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 1688 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 1688 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 1688 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 1688 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 1688 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 1688 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2564 wrote to memory of 2120 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\grpconv.exe
PID 2564 wrote to memory of 2120 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\grpconv.exe
PID 2564 wrote to memory of 2120 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\grpconv.exe
PID 2564 wrote to memory of 2120 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\grpconv.exe
PID 2564 wrote to memory of 2120 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\grpconv.exe
PID 2564 wrote to memory of 2120 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\grpconv.exe
PID 2564 wrote to memory of 2120 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Windows\SysWOW64\grpconv.exe
PID 2336 wrote to memory of 2188 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 2188 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 2188 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 2188 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 2188 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 2188 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 2188 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 836 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 836 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 836 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 836 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 836 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 836 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 836 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 2332 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 2332 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 2332 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 2332 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 2332 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 2332 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe
PID 2336 wrote to memory of 2332 N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE C:\Windows\SysWOW64\regsvr32.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2272 CREDAT:275457 /prefetch:2

C:\Users\Admin\Desktop\BonziBuddy432.exe

"C:\Users\Admin\Desktop\BonziBuddy432.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "

C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE

MSAGENT.EXE

C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe

tv_enua.exe

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentSR.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"

C:\Windows\msagent\AgentSvr.exe

"C:\Windows\msagent\AgentSvr.exe" /regserver

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2272 CREDAT:799799 /prefetch:2

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x558

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"

C:\Windows\msagent\AgentSvr.exe

C:\Windows\msagent\AgentSvr.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5bf9758,0x7fef5bf9768,0x7fef5bf9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1532,i,14276311214527824206,16792777219114843864,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1532,i,14276311214527824206,16792777219114843864,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1544 --field-trial-handle=1532,i,14276311214527824206,16792777219114843864,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1532,i,14276311214527824206,16792777219114843864,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2040 --field-trial-handle=1532,i,14276311214527824206,16792777219114843864,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1632 --field-trial-handle=1532,i,14276311214527824206,16792777219114843864,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1604 --field-trial-handle=1532,i,14276311214527824206,16792777219114843864,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 --field-trial-handle=1532,i,14276311214527824206,16792777219114843864,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3716 --field-trial-handle=1532,i,14276311214527824206,16792777219114843864,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3828 --field-trial-handle=1532,i,14276311214527824206,16792777219114843864,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3660 --field-trial-handle=1532,i,14276311214527824206,16792777219114843864,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5bf9758,0x7fef5bf9768,0x7fef5bf9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1384,i,18299673503595426289,17714394589165386327,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1384,i,18299673503595426289,17714394589165386327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1384,i,18299673503595426289,17714394589165386327,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1384,i,18299673503595426289,17714394589165386327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1384,i,18299673503595426289,17714394589165386327,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1124 --field-trial-handle=1384,i,18299673503595426289,17714394589165386327,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=988 --field-trial-handle=1384,i,18299673503595426289,17714394589165386327,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1688.0.1063247287\1806723839" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc8efe4a-c921-4b68-a68a-a156ffd46b4b} 1688 "\\.\pipe\gecko-crash-server-pipe.1688" 1296 122d5558 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1688.1.232835253\386679905" -parentBuildID 20221007134813 -prefsHandle 1476 -prefMapHandle 1472 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46909b77-7f95-48f6-97a8-82720936bd69} 1688 "\\.\pipe\gecko-crash-server-pipe.1688" 1488 d72558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1688.2.717399473\1999926530" -childID 1 -isForBrowser -prefsHandle 1944 -prefMapHandle 1940 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {648b6338-7e21-4745-9449-88aac4e6c740} 1688 "\\.\pipe\gecko-crash-server-pipe.1688" 1916 18833b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1688.3.26501518\147444902" -childID 2 -isForBrowser -prefsHandle 608 -prefMapHandle 1680 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba4ea917-e6c2-4dc3-8497-f70108e4474a} 1688 "\\.\pipe\gecko-crash-server-pipe.1688" 820 d70458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1688.4.1530019121\858670072" -childID 3 -isForBrowser -prefsHandle 2884 -prefMapHandle 2880 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55298476-93f4-44ed-9e97-53204eca0771} 1688 "\\.\pipe\gecko-crash-server-pipe.1688" 2916 d62558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1688.5.316346812\251114663" -childID 4 -isForBrowser -prefsHandle 3808 -prefMapHandle 2776 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {295e92c0-3b68-475d-9e0c-5fdca8617fbb} 1688 "\\.\pipe\gecko-crash-server-pipe.1688" 3828 1dac4558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1688.6.2023396827\2042662218" -childID 5 -isForBrowser -prefsHandle 3924 -prefMapHandle 3928 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b69898b-c8a8-4607-92a2-46e460788524} 1688 "\\.\pipe\gecko-crash-server-pipe.1688" 3844 1f07bb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1688.7.1048339269\856970231" -childID 6 -isForBrowser -prefsHandle 4116 -prefMapHandle 4120 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e30375f-c908-4c65-ad91-7883ab6d5600} 1688 "\\.\pipe\gecko-crash-server-pipe.1688" 4104 1f07c758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1688.8.31944804\444379644" -childID 7 -isForBrowser -prefsHandle 4404 -prefMapHandle 4408 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8db6e628-30c2-43ef-90e1-8e591cff50c3} 1688 "\\.\pipe\gecko-crash-server-pipe.1688" 4376 2210a958 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5bf9758,0x7fef5bf9768,0x7fef5bf9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1324,i,17170587953798585471,11223044794697495841,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1324,i,17170587953798585471,11223044794697495841,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1324,i,17170587953798585471,11223044794697495841,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1324,i,17170587953798585471,11223044794697495841,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1324,i,17170587953798585471,11223044794697495841,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1132 --field-trial-handle=1324,i,17170587953798585471,11223044794697495841,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1412 --field-trial-handle=1324,i,17170587953798585471,11223044794697495841,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fc37688,0x13fc37698,0x13fc376a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3728 --field-trial-handle=1324,i,17170587953798585471,11223044794697495841,131072 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2e4

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 api.bing.com udp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
GB 92.122.92.24:80 www.bing.com tcp
GB 92.122.92.24:80 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.122.92.24:80 th.bing.com tcp
GB 92.122.92.24:80 th.bing.com tcp
GB 92.122.92.24:80 th.bing.com tcp
GB 92.122.92.24:80 th.bing.com tcp
GB 92.122.92.43:443 th.bing.com tcp
GB 92.122.92.43:443 th.bing.com tcp
GB 92.122.92.24:80 th.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.73:443 login.microsoftonline.com tcp
IE 20.190.159.73:443 login.microsoftonline.com tcp
US 8.8.8.8:53 a4.bing.com udp
GB 92.122.92.24:80 th.bing.com tcp
GB 104.117.183.97:80 a4.bing.com tcp
GB 104.117.183.97:80 a4.bing.com tcp
GB 92.122.92.24:80 th.bing.com tcp
GB 92.122.92.24:80 th.bing.com tcp
GB 92.122.92.24:443 th.bing.com tcp
GB 92.122.92.43:443 th.bing.com tcp
GB 92.122.92.43:443 th.bing.com tcp
GB 92.122.92.24:443 th.bing.com tcp
GB 92.122.92.43:443 th.bing.com tcp
GB 92.122.92.43:443 th.bing.com tcp
GB 92.122.92.43:443 th.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 mashable.com udp
GB 92.122.92.43:443 th.bing.com tcp
GB 92.122.92.43:443 th.bing.com tcp
GB 92.122.92.24:80 th.bing.com tcp
GB 92.122.92.24:80 th.bing.com tcp
GB 92.122.92.24:80 th.bing.com tcp
GB 92.122.92.24:80 th.bing.com tcp
GB 92.122.92.24:80 th.bing.com tcp
GB 92.122.92.24:443 th.bing.com tcp
GB 92.122.92.43:443 th.bing.com tcp
GB 92.122.92.43:443 th.bing.com tcp
GB 92.122.92.24:443 th.bing.com tcp
US 8.8.8.8:53 bonzibuddy.org udp
US 198.187.29.31:443 bonzibuddy.org tcp
US 198.187.29.31:443 bonzibuddy.org tcp
GB 92.122.92.43:443 th.bing.com tcp
GB 92.122.92.43:443 th.bing.com tcp
GB 92.122.92.43:443 th.bing.com tcp
US 198.187.29.31:443 bonzibuddy.org tcp
US 198.187.29.31:443 bonzibuddy.org tcp
US 198.187.29.31:443 bonzibuddy.org tcp
US 198.187.29.31:443 bonzibuddy.org tcp
US 198.187.29.31:80 bonzibuddy.org tcp
US 198.187.29.31:443 bonzibuddy.org tcp
US 198.187.29.31:443 bonzibuddy.org tcp
US 8.8.8.8:53 bonzibuddy.tk udp
US 8.8.8.8:53 bonzibuddy.tk udp
US 104.21.78.241:80 bonzibuddy.tk tcp
US 104.21.78.241:80 bonzibuddy.tk tcp
US 104.21.78.241:443 bonzibuddy.tk tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 95.101.129.43:80 apps.identrust.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
GB 95.100.245.168:80 x2.c.lencr.org tcp
US 8.8.8.8:53 code.jquery.com udp
US 104.21.78.241:443 bonzibuddy.tk tcp
US 104.21.78.241:443 bonzibuddy.tk tcp
US 151.101.194.137:443 code.jquery.com tcp
US 151.101.194.137:443 code.jquery.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 216.58.201.99:80 c.pki.goog tcp
GB 216.58.201.99:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 216.58.201.99:80 o.pki.goog tcp
GB 216.58.201.99:80 o.pki.goog tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.219.237.129:80 www.bonzi.com tcp
US 8.8.8.8:53 secure.bonzi.com udp
US 54.219.237.129:80 www.bonzi.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.67.3.58:80 www.bonzi.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 34.117.188.166:443 spocs.getpocket.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 44.238.192.228:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.219.237.129:80 www.bonzi.com tcp
N/A 127.0.0.1:55018 tcp
N/A 127.0.0.1:55026 tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.67.3.58:80 www.bonzi.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.67.3.58:80 www.bonzi.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.67.3.58:80 www.bonzi.com tcp
US 54.67.3.58:80 www.bonzi.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.67.3.58:80 www.bonzi.com tcp
US 54.67.3.58:80 www.bonzi.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.67.3.58:80 www.bonzi.com tcp
US 54.67.3.58:80 www.bonzi.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.219.237.129:80 www.bonzi.com tcp
US 54.219.237.129:80 www.bonzi.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.67.3.58:80 www.bonzi.com tcp
US 54.67.3.58:80 www.bonzi.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.219.237.129:80 www.bonzi.com tcp
US 54.219.237.129:80 www.bonzi.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.219.237.129:80 www.bonzi.com tcp
US 54.219.237.129:80 www.bonzi.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.219.237.129:80 www.bonzi.com tcp
US 54.219.237.129:80 www.bonzi.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.219.237.129:80 www.bonzi.com tcp
US 54.219.237.129:80 www.bonzi.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.219.237.129:80 www.bonzi.com tcp
US 54.219.237.129:80 www.bonzi.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.219.237.129:80 www.bonzi.com tcp
US 54.219.237.129:80 www.bonzi.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.219.237.129:80 www.bonzi.com tcp
US 54.219.237.129:80 www.bonzi.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabDBE1.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarDC80.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85fd8d482df4073b0e0cebdc84105a28
SHA1 b30cad425c4014f7f0a7050df1e7449ecf00c2c5
SHA256 063222a18516ec23e2144c427b7875e14aa7d95476b119bfe46393a8c016092a
SHA512 775c263080b1ad540c4e6a500e7973c517458c3b9773e153ebaa31d3d1ab4364931feb74eb478f96d0017868475cd8d8b771c5368d1133e38e835a419bb6b1d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eeb4194f3bca28bcdc84f16637fb4f0d
SHA1 2908febcd84950b921bc8b4b2ce66e48514c18a4
SHA256 01bfecf4de5551e926ab0a74c460066d1f7a95f62b90caf7573cca24e39514b1
SHA512 83f75532b643bbeebd650b34c3204e16e05b24834f3ed91b4213435876c5a98761a64747254af84489f91205b99e1ad7728fd1e8bc9a1c88ac3dbd45378b514e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5dcade45d510ab264a5bd066faba79ea
SHA1 46c79740adba3d26b4470aa2bf8ba99ff0be92d6
SHA256 324e82800411fa1f6780398eb3ce1974cc86b369cca129e01390cf2fc45ed716
SHA512 5fb94432c66cc883501d9778d86e74b53e51a288083cb3088e1452b93d7e97a1faaf83a417f708d503fc053a11068fe8dcffec60e6fa5d5003db7252a0fe0381

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1fe63fea1cb823ce7c6f5803855c23e8
SHA1 feec90a68fcd9cdc532d50e59c295d403aa94fdd
SHA256 ade83aa31078717d412c51f9f375c3e51e48db534a903f58b324caf107798a6e
SHA512 befd7a6c83a056392277de9c4cf67a45a271ce9cd2c7ab21a68454a5874e7d2ab1c16410649464d800d192b2cde731e2f0cf4f6f328ea00715e42735ccae8b43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a3fca11aaf4b677a2459ef44d526675
SHA1 a2363cbf7735005d286da17d7c10e0c2ece264d1
SHA256 5daef4243d7707da62dc01484dbdbb17e2bdc9c48761260b2604e35f039cec36
SHA512 a0c18a4c229f957bd4ccc002d4070006969a5c6f965f383c127338e88950d8947f849b60805f5e9a02c36fe36c71e3addc152989a865deb340412fbcaef9c447

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 226443f154779354eea13dff8ef1cf2b
SHA1 2a8d185b888ddc67943fa6c2b5bb1c2e744cdaec
SHA256 0819119f30bb4bd9cf79f6b153a6ea0ad8f88a36d446859036c4bd44d4b8fffe
SHA512 e1ec3b64618c71ad637b3e7a198ed87a00f9855fff7966955cea7889f8c2c78637993b3c6fcf3af2e967465ab83694fd8a608e89d26baefb50bfb1a2b9ebe015

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aaf1a22fc5f7ae78f80e53bf4131c7e2
SHA1 60cf95b05f6ddada0a8abbac124ffc050626d668
SHA256 8b11ecd0dde97349c54f8cd79cb931f7816f63115817f9af5ee073771dfb7585
SHA512 8e3d0edba37cda24b28838af403e09fa07e0ebc694ae50f221b6951710a255484ec787cc35f039eaf0e520cc7390d98463d43411f3325cc69fa1c07b18c84185

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5278970c3fae64fd8b1cd38545d85c8a
SHA1 7fb1e6d914c7d2561418e36d710cc2cd4d76eb76
SHA256 c477a46cefc0127c6a9aee4e54b6f789ae42aac625e95486d988e15df309a98d
SHA512 f230b0609aff4ef4a1e22844536ff712841e0c470893b94355eed98807b3028d2acc59af5689f0afca44886dc151ff843d34c0491084d342fa1b4075119771f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f16a6eb4ab4f1e7360ade82bb8bce849
SHA1 130689b06e3e3d4086013416650b5932030f3ec9
SHA256 e9e9d14592e493fc8b3e03094e30369ddae8703d897744e6b2a13126f43c9808
SHA512 512541bc5be2ee7b5a19b6a891ebabf1bb8730c5e94c626610f7d489a69405773e8cb6a1f164578067984b00b6e72265cc9f8f7a3c088cd008e1ab6fced16f23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de5a902b4bd5587cd1d732ec3a8a06c4
SHA1 e903bf11ad493e4a452ad2b1b5826f55103b0a04
SHA256 05f297f27122b021e2fd8d46a7d0f8e5fac724223399b7945a457732b4117c03
SHA512 e3195d22b57939001b507da9924db61329484ceba8ef876d087a21745e94292705ff38fe6a0a8ed797ded696c99cbcfb05951d739d673a446f5649f51ed55c8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa752c411f9751d94cb68add64ff0e8b
SHA1 1ea3179cce5ad3e49daf247988c6be694d5dfd97
SHA256 c027bb41887fb5513dd12c60a0480a3dfac39239953a236291dec0f16ce183dc
SHA512 c5f274f3bf753e85167515a5c07500b3197ee903b6d7ca7476d8450aaef075fa7c53edd7abafcc7421d4989deb5ab31cbbc26ebf4db6cab8ac5d8bbe5301345f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bb6b0478c7cfc72f79e4a2a61441337
SHA1 0a3b2de7fb879e368b21a7d2aafacd3b87f9c4b2
SHA256 3e5ef1e7c62734d9803b2000a7b2401229280180d501ae2849af7ec579866da1
SHA512 839ac131ad799db5a34d21b9d53e613bf412a53d5741eb5584ef1891898fb0e77aeefd4f0cafd245c58bf2a2cb581ad710f3aa3f73b647f67b8fa164caf4b513

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60e53d587016b90feee3cc57c806c9ad
SHA1 e2a1fe0104288d9bf509649a150edf2651ed48ca
SHA256 ab97574cc1b6a8e98f0aff2555422b72334a6bcde765db689fd12315b82ef4f4
SHA512 773caf742c6f02ada0748e18dbe385b2ed55ba5b284e7521404e5706842415c81b95df87f3cf0b3dd8e4a6235c6fa63fe12e059fbbc3218dc30d322517a6dd1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27b9550ec261068af6f0094c827acd78
SHA1 fd94a02f5c5aef622d9d775b9fe0af796f278021
SHA256 bc18966119f217bd52447609bc4b644a6913aefbd71e68b277193e20bd34b512
SHA512 bf92e410a523ac878459197f5a6e58a7d0ad79bb7a5512639b3e0d4f11628a87877d0ac4eda43627a3802cde53c97b9dcb97dd3eb1a7c26324345aecf598305d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ba64f7186af8a61f147ba967ea5ac34
SHA1 9b3f7b86fe6611506afd3844f33a71ab086b9f52
SHA256 18966604470f7579c5514c10d156872642ab08a65bb94bac4c22329f8b28fce0
SHA512 dfbf9d3cbef5ee7f3de341c9f4a296ffb3849a7506813658484cb8617244ca091739727a4283d5d8c07446dc3be5e98405d15f9c1c759d261409aa04a0ffb196

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1101ab0951381adb69aa1f702351950
SHA1 9c6b7478a2c06604d6a22d51c2a89541b94e540e
SHA256 f8220ad98a562cd08508a46c3a6fad6e2f96240149f79c1c7e0940f0a6bec771
SHA512 96b16ee3e8ba3625b923a7c423b7ab8f5622368463b00c292146a15839bbe1617565c5ec2cbaa2adb856472b7a613ca637604f63e33c78414de38d0e594e1ebe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dea550495125b659233289e27298b625
SHA1 72371586f747fdcf47654cbed8613a682968e7ec
SHA256 042b56ad26f928a55123a71073eb7b2b4beafd7b37272ff67e3c392a6bf5e49b
SHA512 8c0f103d93ebd580f34528ef15fc5578e63e133d5a7d5d8c89921f4f580f7b516943658a501e5e7492b73ff518a2471b5ce4e48a66a9cf842b268a6331f4a79a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54740597096013813ed5794f216822df
SHA1 b297901345b69974c482a0f449bd36445752f0b0
SHA256 17cb85f6296d4a9d1a430e0de5b2aa07bef2d52e19a5bf2e2a3420c364f9c04d
SHA512 a1d6e6cb4533bf5e6d54fd390016a48c9d8f2d12d9a80b7628b09f300c53e8091174c3bef50a2e918c48424ead1fc6a8dc9f75c192ad3abef88303b70ee6e913

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad2e65b019c4db490860ee7b9d5f0a72
SHA1 692379c93a35edbd62837dde0d164971738ac0d8
SHA256 d2a554b3a711e7bdd23bbe9841cb42067f41775bed0cc5a8e63347c8fea9dcab
SHA512 c6ed490d174b1942291910ef82bab88222d6f433db843a2330c6ea13d0d2d656bc18d97221a0b02739bed13b4c1d1e8a2a7b44fac2b596536183e2460126c9d6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUZ2JLF\qsml[1].xml

MD5 c105ac5d9febca7759d0bea2a0611576
SHA1 2dd2b620f71692735592ae262edf32e5a696b133
SHA256 c79f8c84c4439c14cadc25306f2852595ba07d74979e3da5f3a00c05628a0146
SHA512 c9c20664ee0abd25bc988f3cae905d6bfb00fde949903e9d15cbdd239bf6db3c2006c5b157fed7c9752957fb2ef8b1c5d638c015cd64f25dda3bfda614133f38

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YW15VCHK\favicon-trans-bg-blue-mg[1].ico

MD5 30967b1b52cb6df18a8af8fcc04f83c9
SHA1 aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588
SHA256 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e
SHA512 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ivwlua0\imagestore.dat

MD5 e0013a9c7273a5e14363726d365d3975
SHA1 45a9805806aed05c5b50be30c3d0056fe12fb091
SHA256 f61e825522db25e5dd1c138398411e5f98fb1d933c1a8d1a48bbea6fc8c4c9e1
SHA512 b732d2078752cceac3bb59092a2d826f9f7cadb7b446cf241f1af7cf61074b13f184c0036bf257a09424545d56755d2bf139fb1ae84627f8169f7873de959321

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ivwlua0\imagestore.dat

MD5 d815007a05ca9588b72ec0b86265e85e
SHA1 376a0a0b397e8288acfe097199083709401886c2
SHA256 8ac3d198f8929102d955a3e511f232246f1a6c06c02d5d0166eceb4882b72c41
SHA512 88999497a423f4d1ed545649e411a8bc5a902af4aa310e207f7762ad73e11cb6797a0bc4bb627226ea3b0a3f3762f51de7e7a887c50787124c85bc8eb6d1ab0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e24e7081fcad757a01d6abeefc5dfe0f
SHA1 48d83da0d14b86da848fd86ac56417976e929ea3
SHA256 14a292a63dc899501299c1efc38931443368693c63adddcb376a80c422dbdf30
SHA512 0e5aeb6a3f7a2e11ee94968e205cd7d32159fedf75bf427ec0aa4ef33ab7ccb3b428ae733f5c4c01f3f414f82d46985da781bf40ef188939e306010f318a5060

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49f6ffcabbf685fbaddb0ddf8a474dde
SHA1 86d631762c0d8f17a690c5f63a4f5438b889401f
SHA256 f0c90ea469c172f27973e59822c17f1bda0a962288eab31680539736c1a458ec
SHA512 a3908fda916802ead4cdfead9384f736edf8b4ce2cb7a9b3874183d59314d77e1efdc40bc5bce7480ee60c10e1e9f6997e8b59e6e40ce66fe414dc15435ed556

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b2974ec6df20e5a7c634b2374f29d5f
SHA1 5f950b0604c487ce1ac0490877275a7b7b9416b6
SHA256 711542639fc491cab88fe1bcd835d9d445da4756b3b9a77b9c10833f1540ce1b
SHA512 7e0381e3d22184f46ae7b6b8850aa2ba44edb5e444b11197c9bfb0a86635f2c9008accc9a264610b0224c86dde303e09419fb26a2afafac87502ac05405f9390

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97e68ee14d0f54760c54bd8de10d2078
SHA1 fa337a268ec7a6c16f2eb379ff41e7b32b085cd7
SHA256 419be70208ed5204c1865660b11bb955c49a8c9c7cafba68c5f5b2a5bfd252ba
SHA512 17c76efe28a1a5bbfaa14914f3b2580402584f46eb49a75d297a39068fd7b13fb056acf4e0315d58797642d5be34fcff84721f1c0a13b07bf10ceef8e280297f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

MD5 f55da450a5fb287e1e0f0dcc965756ca
SHA1 7e04de896a3e666d00e687d33ffad93be83d349e
SHA256 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA512 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1144b49e69a69158384c669239194ff5
SHA1 4feda27805f1ff161f2055df2d91985fdb718e1f
SHA256 6206664340504a51b2590517a61dd0f03546c87e3c03d242bf3d974812c4fbce
SHA512 0e9b3f6154d93889ee21608f15f2c5b0a54ad65773bbba2596c521e1a3c7b7332eeee3320f9ce2c30caa75712d2bbaf1966e5d966bccd3524b46ba1c143ec7c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

MD5 f7d1d73ed6f07494d1131fef545c7532
SHA1 721b504c214cce2e881fbbc5eae0f9b492fa91f8
SHA256 f151700857d43ad84bca4ef9321222dfe4a5e9961f84e6f20c9943acf4fb4995
SHA512 8e69684735cc341615e23622231cb8e958ff79f5ed11f5d79150570aa5f50b587d97d2c29eb94dc1a2500a6f1cb6375a0d2995d40362de098759bd9a25c4579e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 144090a8f33a301ff2f711a3900cd5f4
SHA1 cdb17686d7960887fe4d77fad2b770d962ba1ec1
SHA256 75fb9668e776eba19b9d767dcf1c9695463b85df20538771f7f1b7ec27c15902
SHA512 04be4baa80d8e0584bf7f01df62d2dd7f4aaacc57c991884aed317ce97a254d3fc56f5f0aa421dc02fcbf72eb98a9253fc8d0f92f08e51291f7ca2c9a6a38123

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c97e192c04998b756d2e21f61960d7f
SHA1 57a8ec715e867f4864bb75eff157b6c26fefdc1e
SHA256 54c55884e3dc5238f47f17b356d8a89dbf4239b04f7514fd0acaeb1790616451
SHA512 020cb927c506ebc1cffdcb919c31cd241452c82aa6ab80d602b254a27cea2d84cff73d342f57cff84d0579947d4ca1186be09e060a8a3de3950141523b32670f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ad541b2d0ddb198e8391b30d1bdf7ad
SHA1 fd337876da854fbf0db27a541be00b21c0d1336c
SHA256 4983909c575f8335bafbb8ea35a11d9b806bf71d7f2d2a3201bdd5c19f520d4a
SHA512 15a50325d8b5674ce59331ef3cb413662621e3f0f202853f5df98f2b0541fdae289932d110fb4da88d8884631d618efb78472fc5ead911e4fd2e2b84cc8a20b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba23e3f789f24d1070d65d17fbb7e55d
SHA1 231f34d40035ab5c410a4c5ff3ee7d8e6d07ecb1
SHA256 92467babc72a4b1136156e32e3bfd1fbb7e5dc62b7a04e44ffcfb4e69e6cb139
SHA512 3cefe2c733fba36c8cd780602685cbdc0f991be3d3d690fc5f60e42ca6d5a43de61ff1190d1d6f2d76c44886d50db7ee9282e4cc38da69680cf4c6b51a350b65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f10c5ec61fdf8327e7fb33de4d0c86f0
SHA1 dac8cc13e05a4940d20c6d0355608ad9ceb15f3b
SHA256 e31b2194a9f12565b8ddf2d825d3df1dd83bf28f09d811ebd8b3ad9c72691b40
SHA512 c7d1a93d2b75eb15476039b3f230f0b63abcb1befbc2cbbfb5f5130d2d10a160723b763a6f5ad1a83a7886be017f6a737a167fff4fee22ea6a6e5d3abd793386

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4647739adbb02979c74af7f34da2e590
SHA1 c9976f7c5f567f714cd38d6d4c1247c9a336edc5
SHA256 fecc2df27ef2a9f04bce747bededd3c09c825bb3313c64c3d240d395b6407bd3
SHA512 b49af86ee0e41291ec7534efdda1a27db4ba3bcea14d72a69a96b714f5ccdcbe53c8c0386d74714a88fbb199e6d66fb05bcac296926ff8dfc041824565c3b4a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88dae8aac53159be95988cfa1309da76
SHA1 16e03cf83eb66556ed83b767d09d0a43524a5868
SHA256 a897f1e5914a1bbd37b1a70f003ffe12fc0e8695c0e569e4bcc7dd0b3e0a918c
SHA512 49709839eecbe8f05122de8c4e42d67a889497eb3c7a8c6e3a02868dfe0f4818af561867838748ce0fc9ed236b3238a9702fb93df2a43e07c726fd33811b3d39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7df7705e7aa98101618416f51a70ab0
SHA1 c7c80a73ad015d7c95a46c39beff083be57f860c
SHA256 2b820690eb763fdd469cf9047d7a1f5b62357481e7f24240d3afab17ca909594
SHA512 4c0b4fa2714051e633645a669512a62849ea74601474800fd7fc0cfd66fadfe45e49e6f767ec52548e6b314c090ab2aaa090351bc2cc93a4ee343b577b3b334c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b807bdfeed63239057c712312a7c50a7
SHA1 e4ff79ef1e365a393403fb0f9f4f032a4f326cd9
SHA256 10083b3ff04f842e6f846e7e1c81a8667696cb44d2dacfd52d96cf4355d97175
SHA512 4ae525b91dd7b6b3adb79f856014e6ff45eed8c3a01d6a2bef58b4427e98e323554e488bf60d06955c32991f9917242cccb953911d0e760a7aaf5920939857f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e98dcf0218e0334062fc3b298967f6b
SHA1 f4cc53a1d30390de52abaedc284795246610f4fb
SHA256 7fcaabb7ecc6ac72f200ea780bd9491070477a2376afaf45cb884337f6bee239
SHA512 cde21c659182820c7c199432087c039e841fbbdef3aec93e8ed7c8b50b79c46b69a537d265c8278a376c5c052f3b73e7bbc16a02298dd64a87fc7d52591b41f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa105c0a94fe739210f707763c24d32e
SHA1 44e70fccdb3d32c9646ab1bd12417ef9660428d0
SHA256 9acaca480826c000bcb4655c00dddb2285ef8c13e8b6445213fd1298aed58b73
SHA512 f05074bc2e2fb59576deb9fff5ec5cd7bac9be97b3d06c6bf6ad59b01ab19c8281db8fcc99fcf629e90ab8a83ee9ee3526da8b1d9f561fb77391332f19be630b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4abf6d6c854267616277f44085e28911
SHA1 32596acc74ef02a3c6ee582aca38d8ff70c1dad4
SHA256 205f8eb22249a0e305ba2e1c4ad5edc9783b719e46d0dd21280374c21bdbada5
SHA512 03d45913c3df89fbc5270f8b610e0edc426c4789ef7f1b90ae1094fb8fbc0ddf7ddfb3f04172385f96c1c63be26830fbe3360843e606731edabd90d8a2811dbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e57303e422477923e9a3806500fb550b
SHA1 dfd68a01cec1951d7a2802c6cbaaa35c4d807e77
SHA256 652ebe7fab3e9e35c3eb57a19242a8803e456a99e48c3b1dafdf687b86106b09
SHA512 8a753fbea8f13b6be370bf992ce19ecf7525caee9842e9295dc92adc05f8d9da881fafa9e6a21119efe5d0621c88a2fbfc35338fb72f02fc2b4ba892b72157dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1e02ad1652babb69a10ea26741aa49a
SHA1 7bfbc9210c9901357d1e599c922c81aae4f0b596
SHA256 a10d5d89aa152897a754464ababe119e6bdc52974e462b36bb64a71400491dbf
SHA512 5bcd2831d48b5a710dc7e8701cb989d9d9b040385e784dd42d8cbcbafcb743809e4a2a2349eca21947c9e81ac947ad5e7e1db6da075d907666fed675a4aaea27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3cb1986ddc52d5fbc41c284a8e3d20cb
SHA1 d208d0a650b60d2a5a3dd2449be6f7922d5102a3
SHA256 75c26c41df18ed37f5fc13b938345fef9c599f73dac97d9761be020d9dc7c212
SHA512 76b521aec16afb5919fe757b38da5034522145a8b89e24cfe133bad3f57ba3241797676b89dced52f298be0def8e10c9b5dbbecafa89ad113262ef8cd84a29a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9915c3ebef900c63726b41653b96f391
SHA1 2b0b9c1462453e81960acc477d88033640dcd9be
SHA256 76f21f34569c2b76555affaee71e5ddea277e9ca549d827c9cc3b53a05cbce41
SHA512 499b0f4c6cfe5b40ed1d6465e9918e4710409c0f5b275c295683b784bf1b17e15470dbc9bc2072ce3a89ef44413d0fc89db91851c0478636bcff6afc736f11b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 703e0a53c6dfd88dfb86aca2213682e1
SHA1 55e8f0b7f4062f375db55f57377d2ecd824c59da
SHA256 c945851c88905c0e5c16d29417a15f3f6fa9e891bd4aaa9a0410e487b8fc95ea
SHA512 7f476ed7e91e60e8911a8ddc1c8d5d3b300f4edf9d35de7384e74d1141da83b0adcf38f590d6e7d06d7e862864bc0d54642d3a506cd20ddd33a50c81d65adc7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 899d55ddfd7af9f58f4fd6647cf41cf8
SHA1 93072e15fc6e2e7e889b02ba09aa25b81b62f2e6
SHA256 b8c2bf5641499205a478bb5730e26c20e8ee9d05d1c978dcada8713debe04b6f
SHA512 b0f220009d96b7bb8e3ff4153abf4b78a55a7ef9b49ee6db16880dccff8cd6f4958db52eb2723184b639f7e4b7973984c6b8aa9fdc8df84b451244946e08d3f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e93c8f73355462f1b662d67e5ea21c27
SHA1 b3844869208c7d71ffab141efaf4d7153fc8ca86
SHA256 1a1ace557d8a9a0bc827ac198aa631c8a1d6e6b47e375577e09ce185d106422e
SHA512 8a57e597f0d4e04483871aad3d4fa672b42703e1a0afa8dd7008e112f70f841bca13eec7b7bd4a14ee5ab7f4e609d1177f4a3735c5fc8018debb21b6a5400eb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31867f34321236b1f7908e1a998a79b2
SHA1 845416bb1633e3ac18de7ba83935b807cf8b723b
SHA256 ecb9f4a9174509f09212643858289faf93e4b4c618385b441309cffb1c6332f9
SHA512 6314d101cf7fd5cf4bee3e4dc63f1b8e864f9f0e59689180c89375129101c8871dee56b2c8d5b981f2adb2badd610a1ca93ce9c841ef3bddbafb1ddd057cd974

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30b92d71d3adad70272ff90eed6f4b19
SHA1 2bfb20cb021d61d61bde4f71bbaedb0fdfc06cf7
SHA256 6d246f61a287cd87b8f5980eb1c8fa958935636e8a4c2bcce5870b9e57148f3b
SHA512 16bca7d390309bc70044206b6c944660efcfc261df50fa5c73debe0507e9e9a5b2689f90eb0871d51e6fa08ee49dead3916d54bc16fe0c5800dd7826226b2e1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bf4e94e77a6ebe5f5315387c2ac7668
SHA1 5f1b8fb81df1f66dd0f8bda9b82e07794179c437
SHA256 323dcc179caa227f9dab4932df0f20b4a49da41101ce082315e5ec704d4fc2c9
SHA512 e9e20d11b03288e895b0d00820fa57b2e81df2ceac025fa7c0eea26dd519f925d0b0a5f712f462dbea1793ac9aba610f0c90f8b1a5e07c7c5aebde3b819b11d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73a82e23c436e1fb654e549284f47c47
SHA1 1a5656d2de6227093455a92415de83f4200216b9
SHA256 1e7fd0a981e10416b6659b341ee3b55a204d1378ebcc73b9d553ef3572b0af57
SHA512 4c793d91fd77cf7d84459ef079bfb4ac8c126c15f6c6314fb57f3fd4d5c52ec9b809eae6c65283f56c72050accbe15ed60675b9c15ad0579d8209424dd282e34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ac89ae104b27c9cf0a32d03e970b011
SHA1 53c79c6a4c343ed061603b447e074bc557e8c560
SHA256 c14a4a6d46bb33c009eb8564cc53d626120ed2b140fdfa8aa808bf8afb4014b1
SHA512 d8888af1fece12c8444508fe35c13e6428029b62be50300ceec24128cc1f57fd5298ca74364f97d5ee348769edc3dabc4e5c4c6a16ad1320a04ee263a21a5bf7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHDSWW5V\CrmTxQ9X-RHbrTT30VBInDn1eVI.gz[1].js

MD5 1ca51e9050f85757917cd83ed63649b6
SHA1 7ce957beef79f6ea090f6796dbf3dbe51c344715
SHA256 c535be6a940ce136ebe20c950466771c21fafd9038669110474a62da112a3ecc
SHA512 3bb2214097a559070fb840faabdf4c566ab777f5700e0a72b999c619b4b34dfb3a30acd382125a742ed1dca40689b80c0be751950f802e300df4f65c5ceacf1d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E1IWGZ4\T216orvW6yyZuj72fNrfvtY47FI.gz[1].js

MD5 e51b7eb6cb390c2123c4fb6beff38fe0
SHA1 e30f700b250bb6c43c07ff2a654b7c5a464c6d5c
SHA256 3350bf7fb98eecb656369997de56fb9f8a8c97c28780cae0e64b70e5e7575604
SHA512 c03f314a5d882bd94843bf9f651bb6d9150f6580a78ab14d470ae7c2be54c9ab3e68196d889b27ec590ff87ab0151cae7655d80e1efdb1c4a43d9d2afaeef3ec

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E1IWGZ4\I_X4iL4YNLvZcqQoK4h7Zv2Rspc.gz[1].js

MD5 a329d68c29b855079673cd57fdeb17d5
SHA1 6e60280fa765a583a2bdf359ad3d3d8289963f25
SHA256 c8c9892bd8650d840fe82c698c2b49f3ef711b95fecf617c23bf33eeb310b0ff
SHA512 ac67fe7cbd8844179e7eb6df0643e30694dd41e87c90215b9be37046c95cae10e020cd176ea3a4f3ea0620b7e3f574d0ee2a770299b122b6cf65e767b457cac5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUZ2JLF\LI6CzlNYU7PeZ9WzomWpS4lm-BI.gz[1].js

MD5 56afa9b2c4ead188d1dd95650816419b
SHA1 c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6
SHA256 e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b
SHA512 d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUZ2JLF\Y806JrL6RagU8tqNI_iN1M1S1mA.gz[1].js

MD5 02b0b245d09dc56bbe4f1a9f1425ac35
SHA1 868259c7dc5175a9cc1e2ec835f3d9b4bd3f5673
SHA256 62991181637343332d7b105a605ab69d70d1256092355cfc4359bee7bdbfb9c6
SHA512 cbb43000a142807ff1bb3bfac715cef1240233117c728f357c824ce65b06be493df2306c7b03598817f09b02e9e36ec52314f88467679c5bef3ee1504a10c7e6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHDSWW5V\jk2F-rpLS_Gysk7hn3CVhA9oQhY.gz[1].js

MD5 3ff8eecb7a6996c1056bbe9d4dde50b4
SHA1 fdc4d52301d187042d0a2f136ceef2c005dcbb8b
SHA256 01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163
SHA512 49e68aa570729cc96ed0fd2f5f406d84869772df67958272625cba9d521ca508955567e12573d7c73d7e7727260d746b535c2ce6a3ace4952edf8fd85f3db0dd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUZ2JLF\yjXVFOxf6UdoTA2BOwEH6n4ClfI.gz[1].js

MD5 a969230a51dba5ab5adf5877bcc28cfa
SHA1 7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265
SHA256 8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f
SHA512 f45b08818a54c5fd54712c28eb2ac3417eea971c653049108e8809d078f6dd0560c873ceb09c8816ecd08112a007c13d850e2791f62c01d68518b3c3d0accceb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E1IWGZ4\ihC7RhTVhw2ULO_1rMUWydIu_rA.gz[1].js

MD5 cb027ba6eb6dd3f033c02183b9423995
SHA1 368e7121931587d29d988e1b8cb0fda785e5d18b
SHA256 04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f
SHA512 6a575205c83b1fc3bfac164828fbdb3a25ead355a6071b7d443c0f8ab5796fe2601c48946c2e4c9915e08ad14106b4a01d2fcd534d50ea51c4bc88879d8bec8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YW15VCHK\cJksCHwhB_Z32I0ytWPMUDsybak.gz[1].js

MD5 a5363c37b617d36dfd6d25bfb89ca56b
SHA1 31682afce628850b8cb31faa8e9c4c5ec9ebb957
SHA256 8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f
SHA512 e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YW15VCHK\PgVOrYqTvqK49IEnVEVlZVYfA1U.gz[1].js

MD5 f5712e664873fde8ee9044f693cd2db7
SHA1 2a30817f3b99e3be735f4f85bb66dd5edf6a89f4
SHA256 1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2
SHA512 ca0eb961e52d37caa75f0f22012c045876a8b1a69db583fe3232ea6a7787a85beabc282f104c9fd236da9a500ba15fdf7bd83c1639bfd73ef8eb6a910b75290d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHDSWW5V\fDgf7Oh5R8mPygWLQcaNRoJGj5Q.gz[1].js

MD5 3104955279e1bbbdb4ae5a0e077c5a74
SHA1 ba10a722fff1877c3379dee7b5f028d467ffd6cf
SHA256 a0a1cee602080757fbadb2d23ead2bbb8b0726b82fdb2ed654da4403f1e78ef1
SHA512 6937ed6194e4842ff5b4878b0d680e02caf3185baf65edc131260b56a87968b5d6c80f236c1de1a059d8158bc93b80b831fe679f38fc06dfb7c3413d1d5355aa

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUZ2JLF\pXVzgohStRjQefcwyp3z6bhIArA.gz[1].js

MD5 47442e8d5838baaa640a856f98e40dc6
SHA1 54c60cad77926723975b92d09fe79d7beff58d99
SHA256 15ed1579bccf1571a7d8b888226e9fe455aca5628684419d1a18f7cda68af89e
SHA512 87c849283248baf779faab7bde1077a39274da88bea3a6f8e1513cb8dcd24a8c465bf431aee9d655b4e4802e62564d020f0bb1271fb331074d2ec62fc8d08f63

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E1IWGZ4\kzHfYwAwahpHm-ZU7kDOHkFbADU.gz[1].js

MD5 fabb77c7ae3fd2271f5909155fb490e5
SHA1 cde0b1304b558b6de7503d559c92014644736f88
SHA256 e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c
SHA512 cabb38f7961ab11449a6e895657d39c947d422f0b3e1da976494c53203e0e91adfc514b6100e632939c4335c119165d2330512caa7d836a6c863087775edaa9f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHDSWW5V\GK9SuRKiu0QbKYnVgoAlgmuWrNU.gz[1].js

MD5 17cdab99027114dbcbd9d573c5b7a8a9
SHA1 42d65caae34eba7a051342b24972665e61fa6ae2
SHA256 5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de
SHA512 1fe83b7ec455840a8ddb4eedbbcd017f4b6183772a9643d40117a96d5fff70e8083e424d64deba209e0ef2e54368acd58e16e47a6810d6595e1d89d90bca149a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHDSWW5V\5g-N9K-X1ykUl3QHEadPjpOM0Tc.gz[1].js

MD5 f4da106e481b3e221792289864c2d02a
SHA1 d8ba5c1615a4a8ed8ee93c5c8e2ea0fb490a0994
SHA256 47cb84d180c1d6ba7578c379bdc396102043b31233544e25a5a6f738bb425ac9
SHA512 66518ee1b6c0df613074e500a393e973844529ca81437c4bafe6bf111cba4d697af4fe36b8d1b2aa9b25f3eb93cd76df63abfc3269ac7e9f87c5f28a3764008e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 345089f29e4580040e6832c2b5ed781e
SHA1 a75066aada31cf589d2c0ac589358a264242ed96
SHA256 533e2dfc459583f3c33bc21cb0578f929d83b147f9a16b58b4cd634257b9678c
SHA512 9a28072becdfa081045da9348c90dbc9e910856b8e76b0ad21ae7b88455f91d752112dcdc1a385a42910e4a1b8a60d97a7eaa2eede3fa090f8886edf34afc7a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d67806081512d7933276ba94b2295765
SHA1 45afb1d0e80dbb0c78014c596005f14c542265a2
SHA256 aa5967152c03869df5e3849595ff4daa3e4c9e10be4c5f5fa9e6d98b84d8447c
SHA512 0bfe9d1bf10d8d082a6e7313caf0f3353ac654dcd1d1b3dee2d0a9ae95f1bdbe485df755c8cc2ca3bef9bcd22eb5201b3b26c3456de669928ce7a2e1c020805a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8aaea582415cbb12cd03ea1aa048434b
SHA1 572202551dd8761eeea6c902191b99efb2d9585b
SHA256 815008eb467a31cf096501cf37e2259b87c1b4b6976d2ac93c6520c9525dfe1e
SHA512 adb7e6c60b790bb2a34a99c44678da6da02b12e113f81cb7daf08a2771ad18cf9a743f665d30db07bfbb06c95a9178aad70554fd9644ae0a2d5576adeaa5dcd5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4efba90f3d1336d3621b4863fd5654c
SHA1 53d4afe344d78d3bccaeb77ea4716d496357363d
SHA256 dcd1abe6583a926dd6873055240224ae15c769817db30e2d6cfb76b66d9dad49
SHA512 5f38664132eb358e529419bad33e584a2d83295826dd467f3358414996dbadcb4ba25a4e2cf25aba300a9730fee704f1345298c54e633a2426d611edd765f9b6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUZ2JLF\2IeqNnpxuobNf8w1fP2Oy2HEFfk.gz[1].js

MD5 22bbef96386de58676450eea893229ba
SHA1 dd79dcd726dc1f674bfdd6cca1774b41894ee834
SHA256 a27ce87030a23782d13d27cb296137bb2c79cdfee2fd225778da7362865eb214
SHA512 587d5b5e46b235cdcdf41e1f9258c1733baee40b8a22a18602a5c88cba1a14edf1f6596c0ab3c09f09b58f40709ac8cf7e1bb33b57293aa88eaf62d0ab13fbf4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YW15VCHK\43BJuM7qM_8Wd1WfIZM2_oK9zrw.gz[1].js

MD5 b743465bb18a1be636f4cbbbbd2c8080
SHA1 7327bb36105925bd51b62f0297afd0f579a0203d
SHA256 fee47f1645bc40fbc0f98e05e8a53c4211f8081629ffda2f785107c1f3f05235
SHA512 5592def225e34995f2f4e781f02cc2b489c66a7698d2feff9ac9a71f09e5284b6bbdb065e1df9c06adfb1f467d5627fbd06e647abf4e6ab70cf34501232126ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c13828329a9e75f6d08d87291d2920aa
SHA1 191c255ef1ade7876497c30dbb514dca8fde6f9b
SHA256 03660de216d6c5d7878b977be0c5b2e89c4cef7fd68d6e6179e788c9b4fbbc66
SHA512 0d4f3faa1d8b139bb19cd6074fabd652fc479eae794573aa6f81be8bf6d3dc20459b29e01d1f719e89e28f252e7a71d40a1a662a8287bb6fc03476182723fd12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61b10a86140d64cf0ffe7078d890a007
SHA1 cd40461ceb2755746bffccb59a84bc6c6ccf9811
SHA256 62f40cbf77859d53d17d45329e9536ce1670ce5da8db89e0aea77fbed389a136
SHA512 ff8a5d3eb7e295680e0fb5903c2b41f520415c3c848f7d70aa8072cd88365fdfa349e4a566f278198628a3c92ff8fee8a1f1fa8b1527dd8da730a28616920a0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cde1205090a29154ce4202ad88c7be36
SHA1 ca49aded7a4e5c478238b683c280ce07304eae81
SHA256 70ffd9c152ea2bfcb13a6309cd85f588cb9bb0dd2960f3a69403a94a7a7dc0bb
SHA512 540581ce5441f1e321dfa62b3e649ee23050600a246b81460a7eee591b5be6cf10afa08c6dcb2c9e59ef6003687b1636dbba60d33ac3db7b25bca9b93f794ddd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfab7ee5513a5a471de41ef2566d72af
SHA1 f22f9a17a46ffe4c213c92cf20e385c54ea791f3
SHA256 55964f1ff1217e0aa6976ebcb7fa5dfb55e3d6459967c17c0976455821c4b93c
SHA512 3ef8fa4acec437b4a243da5c9cb133095cd21b81ad4fef92796da7f0e8a538e17cac71588ad09b4488e06c024e314c332522c1e872404432f63f38f4b8b407cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8f41ef31240b9d0e2ed159c3c3658c9
SHA1 ce1bc3557ee42482590dc380fe7c45111589e54b
SHA256 05c97cb16d72a00f8c2167548f43c8f30293f4bb02facdde8c511dffcde0a8dc
SHA512 229ca1eeb3507eb190843ccf3492b21ce4ddbcf03ca7b192f0023e2f12bf06c97f937d1e9b7c31199bf8ab5ddc062ccbf2285bc27860bda8f5bea772e8e672a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d0239147f7348ec3f8e7ddf8999f9b3
SHA1 1e6c686625a6679867275ba9bbc3e9c907fd91ac
SHA256 ba147e3a86be96788f0d559d76b12765fe6df2a436df45ee79f213fd38c44446
SHA512 e0add14283c8c500e7b21fec04b6d2c9f12d58dd58164d6f45b88f4af907c4db27f1cd7cea654194324b3514b58e965a68066355c6b266fd1f4a6393cbd4b5a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74eab65005f292684480986fa9249c55
SHA1 f66f9276434951ad402ab46aef4c34e36fb1cd5b
SHA256 e5d98a0c68ca440e5e180e20bf9b79fd845524a552419ef02051ad8a31db7b3c
SHA512 40afdd25acc10b6e1a9beabf73b6d2b6ccef6057656bb4f3b815b5086f7350ffc0e9180e64f994b409544ade5d7275bbd24fae8d8118789d9184950614fc787c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20170ccee85a7633626f950e340632fb
SHA1 cdafe08f6e1a309e82d2b055337fe042b0529bb3
SHA256 6d974e9eb9af33244cd425b567184bf7ddb98c64121be4ed19c979322c229b8b
SHA512 34ae4c836830003b0047c85dc96ed601c0948b86cc33cf76ca47de3305ece3c896db7382b6b17fc56adbd452bec6b8f167d6071b48ce8f11fb3c2c20fff38a76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 748c6dcb0c7cb71c90a45a2be46fd536
SHA1 e607f5297a33f12152048ed437091b0737a2f4fe
SHA256 f498571def7480026bc9541e2a5d8523dba3346692760fe7f046af14ebbe12b8
SHA512 4bf2cabfa412e6f0ff3807697d8aae89be2028011c90ccfa2a92ff7479a9686cb4aea4f551426a1f44e5ab4ce7f91698f7770d70db1108646cee1c89dc92e231

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4075d12e3df3abddba64b27beb56ae1b
SHA1 a39dcbd1fabc59f6c1c231fda9a59723de73ec50
SHA256 ca224e8cddd5166e0afeb2b0f9d5cd8a687e9f3f418a5cf71b1713634ee27268
SHA512 efb3d9a6f1b8a015c29477797c3b338c09f61b4507d2fe44f99185cab3caaf6b8f6d3e3538329c3d03f7e7f6bb49728b34cf5ad78c05560448e59d157e83424b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ecac6ffff1d210af8cfd2a992208ec1
SHA1 ac29f2c4893686d5631b9e339333e6a2eeae2a72
SHA256 4af9174435efca812d75f38946531e40ed7e2fc8781d2f32a29a85cba04c78d3
SHA512 c381cb41a35c7f3cee4cb8373c5cccd2f5a9656e8ad30e53fae56896cb88238f1f8730398312d612959e99cb8af000be4fd45b5d0f478425f8a07310c0125158

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6162914ac5f720ec8e50a14ef3aaa45
SHA1 8c690f16d1850235bbeed5c3315045802d0f30f0
SHA256 c1f9f711f2261bc46d752755c7b70074e646929be247d696f6e7412475eea944
SHA512 c264486203e007d33d6d11ac7eadef22638e79a5aaa2d3180ed77b9e85c11bde608fd821034d4b1cab18d2dc19963e740eca7cf73cb992c147fff49ef052b1fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5624b99df994b4b300e0733e67c177c0
SHA1 e10aae37396f781a852fff24249a814f0360f4bc
SHA256 7d903afc43b3f46f3ade08d97802f5b25c4ef829ddc581357b1cc1df9d34f4f3
SHA512 3cb1f9267b677bd64f4cd2f03e1fab9566fa63f21b90967d54df230def47aebdf0ef4d6ef4252d03735d25440debe19c562b22b4fac422c5094192ebc248f232

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfe0479eb148bbe92f8d80a02e68de8e
SHA1 77515f686cd9f6b160c24573f4984593e17b2823
SHA256 25b9eb822055fc0f3d38cf267a95bd0b9f7ec3e05c65d32c13d17ac1af9bcf91
SHA512 b6d0bd2758f90770702a7cf3a3b0c7839dc526fc607c5740eebbe5238a14a5887381869765494de3912b7bf1019024cf34de437b051bde1f5a66ea566267a81c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7408ea4475d92cb7dd582a8e8340e8b
SHA1 8f51cc09313031be95c90406830ea95abebdbb40
SHA256 a0f5509710539495d3ec90f2dde64ed3ccbc5ea5f89e7e5a64b1b1a0a548e40d
SHA512 d12f82cf818e22392e668681a8bea2382208cbab06faa7cd0ad8a68848205fba911a8d48349e50612618040bf665f85496d848cc9f8339e6dde1ad923bbbf800

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 586b4e44e562efd81b112ae8631dc5e2
SHA1 74aaaa8ed4fa2bcec4b5cf1b96830ab19641aaab
SHA256 7ee8becb5a9611e2d117102ea30eb8c6f1c15736b0b0eab425fcd40a3ab5b9f0
SHA512 3bb7f6cdfedcf8a6e087d7ee6e478f9f6bc985c4e643afc623b43c8d2c8303fbf1e3f5e9753c27c8ee1193f564eff469f10a7db3721fc04c96c386710511fb0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5dfa89aaad2ba3321bc91a3dd4bf161
SHA1 826b7c1b5c88a3153932ec0326daca9c3eb55658
SHA256 54c19d127aef7fcae8f320d29d3aa27692835fdbc044b01cfb08fc84d0619391
SHA512 f24226a532fc26a69444ebc184dac6fccd888b7bff995cc7160c165aba2bef9cdc08a3cc2ea16acb3c3e810329ca6e5a4cddf14d957bef2559f520b41dfc46e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b10ffcdbfedee46a0f9349c097ad2e9
SHA1 2193e7c07720f731a4cb38f79ad04e1343f06135
SHA256 104b30bf2245ad0328e4e3c555904cd30b0de0793f647b7b7c72520761ccd88d
SHA512 88d4cf0eba02207e2339b862ae127590314126c644727e342de67dc66433686cd357bb4513120813e0fd4a100c2988cb071d40749baa01c990aadd68f65cd05b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c72fa98dd13f1bed05b30455d95f9553
SHA1 ef4caf8d2a6cd7d8b95c0eaaecd7401596ec3425
SHA256 27cff477c2662f66ac8862b33871b905d3344224f90aef571b1ec193967023e2
SHA512 708a06072dab3d6aa0a511a58099add469d898bc4ef212f02baab1268fc2adf21efdb25085978c7c4800d09b3cc751de2b19592091c5ea6d3605c60b727c8d8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fb02297ee2caf6df77903d6735d6426
SHA1 91a80ad4165af2e817099956eb4196e29835f7cb
SHA256 e0eeb9145295d32c223fa457c20d4026d3baa378529093353e87ac2c30fb7461
SHA512 08f473ede90f25bb3acbdeae2afecc40d5c49794285559e06130c08678f677e310b0019b9ff04d9b902122c83487f613375da1a3609219ee6cb64218c224e6a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00ccf48d15d418cee4d82890f434e027
SHA1 84da662455aec2780b51b0d734957f6c8f8efc80
SHA256 9573d0dce6926e1bff191d4df6df31bce6881cf7efc0dc553c266dea3b71c065
SHA512 d8ee451e5e118fe3d84f5e6435899390541ec87bd7293418671282ef85db1a829f4288513cbf9cef89746e7e2b9952e70c0c380de3bd1a3feb39e224b4527fa7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acbb9f99ff5182e7b5e2a3f202659f7f
SHA1 ce3e1ce162f7fcc17d08a1a60b0536c5533787f2
SHA256 00f2451f382ab8942f11f68527fc604584de6146d2262c744d345cebb4e72e09
SHA512 e4a6d98da0ebcf14431e4e5c0a52f7c21cb3e6bcfb9d54784ef2d805ce237ab3682e409304ef68adeee25aaa28006479f4c76b02d6635eb42f5f102128df48f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f3b4a4ca561aca875c8ed32254ef434
SHA1 ec9782ac9b8a4028e562d379f285fec4b8f30706
SHA256 6483e8e9632bb2039fdae047e066f33a17aed7dbbc0725b966bc74b68889ea20
SHA512 423744a663a03ca007aa0727b1583f1985c09c47e3f7261191df80d7e2070ede648fdf4e5323efd3b2c417a7de42ff1d66a4430d764398883b980ae284b7cf91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88843d2199fe18821b8f984632c0d597
SHA1 44e071f479569fbcf8fac200a8939860ce6c1628
SHA256 2fc3779cfd9cd2d4deac3bae83faece7cf5359105900515ab5ae9cfbfd09deec
SHA512 f6304d6e7a738db496b6ef94368791c2328be77ad0a47b393361dc349a2e55747e0243728d69b016827f0769c91c4f3fbb2d7df4a2f82cadf98d982ff4eba637

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf8cc71dc98f0cce692955a9e2b8eae5
SHA1 5338ebcfe7412ddf2f73c549b1d00355bb4bd555
SHA256 f0a6fbd54f95f2477b7ec33a4e7ac840e7ebf44c194ac26ea536d3d1cf12c9cf
SHA512 e48225bd34f55272eef4fd6a07e1be4c598a047445587b9d229625ec61c2a666d066d991fa4f5ef9ffdf7d4202553dd3d87c63cd7b8dfcd53d66592859edc2b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65cfe64be41ec036cbc9a1ffc6ef725b
SHA1 3187afcd8921e19a1c52e02f757bc912bc0bf223
SHA256 0261b6145c6afd81c959f51c20ec956eb3d72c5e8f8725d0e50584241a6a9e93
SHA512 fbdf29c2405b9ef581d66f3d68011144edcc972cbed2518c1a118fafaf379cfa1f17e81c93ef1b9176ac6920625adea5de480f9665fa1802e896509f525cc962

C:\Users\Admin\Downloads\Bonzi.zip.wju708p.partial

MD5 65259c11e1ff8d040f9ec58524a47f02
SHA1 2d5a24f7cadd10140dd6d3dd0dc6d0f02c2d40fd
SHA256 755bd7f1fc6e93c3a69a1125dd74735895bdbac9b7cabad0506195a066bdde42
SHA512 37096eeb1ab0e11466c084a9ce78057e250f856b919cb9ef3920dad29b2bb2292daabbee15c64dc7bc2a48dd930a52a2fb9294943da2c1c3692863cec2bae03d

C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

MD5 8e15b605349e149d4385675afff04ebf
SHA1 f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b
SHA256 803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee
SHA512 8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

MD5 596cb5d019dec2c57cda897287895614
SHA1 6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa
SHA256 e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff
SHA512 8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

MD5 7c8328586cdff4481b7f3d14659150ae
SHA1 b55ffa83c7d4323a08ea5fabf5e1c93666fead5c
SHA256 5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc
SHA512 aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

MD5 4f398982d0c53a7b4d12ae83d5955cce
SHA1 09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc
SHA256 fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2
SHA512 73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

C:\Windows\msagent\chars\Bonzi.acs

MD5 1fd2907e2c74c9a908e2af5f948006b5
SHA1 a390e9133bfd0d55ffda07d4714af538b6d50d3d
SHA256 f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95
SHA512 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

C:\Windows\msagent\chars\Peedy.acs

MD5 49654a47fadfd39414ddc654da7e3879
SHA1 9248c10cef8b54a1d8665dfc6067253b507b73ad
SHA256 b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5
SHA512 fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

MD5 94e0d650dcf3be9ab9ea5f8554bdcb9d
SHA1 21e38207f5dee33152e3a61e64b88d3c5066bf49
SHA256 026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e
SHA512 039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

MD5 e8f52918072e96bb5f4c573dbb76d74f
SHA1 ba0a89ed469de5e36bd4576591ee94db2c7f8909
SHA256 473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82
SHA512 d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

MD5 108fd5475c19f16c28068f67fc80f305
SHA1 4e1980ba338133a6fadd5fda4ffe6d4e8a039033
SHA256 03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b
SHA512 98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

MD5 b3b7f6b0fb38fc4aa08f0559e42305a2
SHA1 a66542f84ece3b2481c43cd4c08484dc32688eaf
SHA256 7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b
SHA512 0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

MD5 73feeab1c303db39cbe35672ae049911
SHA1 c14ce70e1b3530811a8c363d246eb43fc77b656c
SHA256 88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8
SHA512 73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

MD5 8a30bd00d45a659e6e393915e5aef701
SHA1 b00c31de44328dd71a70f0c8e123b56934edc755
SHA256 1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a
SHA512 daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

MD5 93f3ed21ad49fd54f249d0d536981a88
SHA1 ffca7f3846e538be9c6da1e871724dd935755542
SHA256 5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc
SHA512 7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

MD5 578bebe744818e3a66c506610b99d6c3
SHA1 af2bc75a6037a4581979d89431bd3f7c0f0f1b1f
SHA256 465839938f2baec7d66dbc3f2352f6032825618a18c9c0f9333d13af6af39f71
SHA512 d24fcd2f3e618380cf25b2fd905f4e04c8152ee41aeee58d21abfc4af2c6a5d122f12b99ef325e1e82b2871e4e8f50715cc1fc2efcf6c4f32a3436c32727cd36

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx

MD5 3d225d8435666c14addf17c14806c355
SHA1 262a951a98dd9429558ed35f423babe1a6cce094
SHA256 2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877
SHA512 391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx

MD5 66551c972574f86087032467aa6febb4
SHA1 5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9
SHA256 9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b
SHA512 35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe

MD5 c3b0a56e48bad8763e93653902fc7ccb
SHA1 d7048dcf310a293eae23932d4e865c44f6817a45
SHA256 821a16b65f68e745492419ea694f363926669ac16f6b470ed59fe5a3f1856fcb
SHA512 ae35f88623418e4c9645b545ec9e8837e54d879641658996ca21546f384e3e1f90dae992768309ac0bd2aae90e1043663931d2ef64ac541977af889ee72e721a

C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX

MD5 ce9216b52ded7e6fc63a50584b55a9b3
SHA1 27bb8882b228725e2a3793b4b4da3e154d6bb2ea
SHA256 8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13
SHA512 444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx

MD5 48c35ed0a09855b29d43f11485f8423b
SHA1 46716282cc5e0f66cb96057e165fa4d8d60fbae2
SHA256 7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008
SHA512 779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

C:\Program Files (x86)\BonziBuddy432\Regicon.ocx

MD5 32ff40a65ab92beb59102b5eaa083907
SHA1 af2824feb55fb10ec14ebd604809a0d424d49442
SHA256 07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42
SHA512 2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX

MD5 9484c04258830aa3c2f2a70eb041414c
SHA1 b242a4fb0e9dcf14cb51dc36027baff9a79cb823
SHA256 bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5
SHA512 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

C:\Program Files (x86)\BonziBuddy432\MSINET.OCX

MD5 7bec181a21753498b6bd001c42a42722
SHA1 3249f233657dc66632c0539c47895bfcee5770cc
SHA256 73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31
SHA512 d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX

MD5 12c2755d14b2e51a4bb5cbdfc22ecb11
SHA1 33f0f5962dbe0e518fe101fa985158d760f01df1
SHA256 3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf
SHA512 4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX

MD5 97ffaf46f04982c4bdb8464397ba2a23
SHA1 f32e89d9651fd6e3af4844fd7616a7f263dc5510
SHA256 5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1
SHA512 8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx

MD5 7303efb737685169328287a7e9449ab7
SHA1 47bfe724a9f71d40b5e56811ec2c688c944f3ce7
SHA256 596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be
SHA512 e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat

MD5 4877f2ce2833f1356ae3b534fce1b5e3
SHA1 7365c9ef5997324b73b1ff0ea67375a328a9646a
SHA256 8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff
SHA512 dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE

MD5 66996a076065ebdcdac85ff9637ceae0
SHA1 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce
SHA256 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa
SHA512 e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c

\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe

MD5 3f8f18c9c732151dcdd8e1d8fe655896
SHA1 222cc49201aa06313d4d35a62c5d494af49d1a56
SHA256 709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331
SHA512 398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7

\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

MD5 81e5c8596a7e4e98117f5c5143293020
SHA1 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA256 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA512 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

MD5 0a250bb34cfa851e3dd1804251c93f25
SHA1 c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA256 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA512 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

MD5 ed98e67fa8cc190aad0757cd620e6b77
SHA1 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d
SHA256 e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d
SHA512 ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

MD5 80d09149ca264c93e7d810aac6411d1d
SHA1 96e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA512 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

MD5 1587bf2e99abeeae856f33bf98d3512e
SHA1 aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256 c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA512 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

MD5 e7cd26405293ee866fefdd715fc8b5e5
SHA1 6326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA512 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

MD5 497fd4a8f5c4fcdaaac1f761a92a366a
SHA1 81617006e93f8a171b2c47581c1d67fac463dc93
SHA256 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA512 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

MD5 c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA1 4567ea5044a3cef9cb803210a70866d83535ed31
SHA256 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512 f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

memory/2604-4806-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

MD5 4be7661c89897eaa9b28dae290c3922f
SHA1 4c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256 e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA512 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

MD5 7210d5407a2d2f52e851604666403024
SHA1 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA512 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

MD5 e4a499b9e1fe33991dbcfb4e926c8821
SHA1 951d4750b05ea6a63951a7667566467d01cb2d42
SHA256 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512 a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

MD5 f1656b80eaae5e5201dcbfbcd3523691
SHA1 6f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA256 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512 e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

MD5 0cbf0f4c9e54d12d34cd1a772ba799e1
SHA1 40e55eb54394d17d2d11ca0089b84e97c19634a7
SHA256 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512 bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

MD5 466d35e6a22924dd846a043bc7dd94b8
SHA1 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256 e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA512 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

MD5 316999655fef30c52c3854751c663996
SHA1 a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256 ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA512 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

MD5 b127d9187c6dbb1b948053c7c9a6811f
SHA1 b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256 bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA512 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

MD5 b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1 d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA256 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA512 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

MD5 9fafb9d0591f2be4c2a846f63d82d301
SHA1 1df97aa4f3722b6695eac457e207a76a6b7457be
SHA256 e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512 ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

MD5 48c00a7493b28139cbf197ccc8d1f9ed
SHA1 a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512 c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

MD5 4fbbaac42cf2ecb83543f262973d07c0
SHA1 ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA256 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA512 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

MD5 5c91bf20fe3594b81052d131db798575
SHA1 eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256 e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512 face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

MD5 a334bbf5f5a19b3bdb5b7f1703363981
SHA1 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256 c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA512 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

MD5 7c5aefb11e797129c9e90f279fbdf71b
SHA1 cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512 df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

MD5 237e13b95ab37d0141cf0bc585b8db94
SHA1 102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256 d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA512 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

memory/2604-5027-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efc7e6744adb60c800cfd73e0bb2c6ac
SHA1 1f6d3eb62eabb587434b79159a3f39285ff4ae8e
SHA256 863d1c78481aaa08b89ba64bea5dbec702b60719ffd17d749ec6865da581000e
SHA512 afe1bbc83c203ca4d07006cf8a87793dee6ea77fee2955b76341eaaff6157f1a8e96da4bfa5df551ad14fe3d74d7a642bef973ced09e2bbd893b3bc02c2398ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ce5e4f715a27c16781d9d966af279ab
SHA1 9bd91df0354463b5700a8f71d9d2519d7db78d3f
SHA256 32204c79e759c6abbec062cebac6d843dee4f88f511f7b15970381969e4b1a70
SHA512 a0f48b73dbe41f54c7d97f0990e9d2750c7a262475d67e10a063a619107768d7f75f046df7152d57bd5fb9405f163bb8c212ca44cae5a5178e28b2b13b295ea5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bcb18352315e46378fdb85d4810e41c
SHA1 ac98b04a2da089eb795c944b07ab9269c140a7c6
SHA256 0d427d138ffbd33063415c0165af47e81a72452ac9d765fa19e8860546321448
SHA512 c382807aa74511aec3a283576fd4a51d4c9c3b36120bf254640265fb32fc917c1c394ba493c5146327d75d32a7468cde9423524df1524b2a2391dbb228d3219b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b6a11d450fdda06d0cc790c5da96b0c
SHA1 531346e73fab1b9c9f6e7720b58f96c6b9cade43
SHA256 d631751651938eff9b538bad622efa2806efe82e73422fa22c2129d3959aa1f8
SHA512 2eb00bd7b0aa494393c9e8767df7c850f9c1dc1852394d3e29cedc71b2e7461e15dfcc6ef24ea4a4c0bbd91151cc16cd55f7a18b4fe7cf94c3e85685d0753123

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ab26347ab406f361511fe813d07625d
SHA1 ec7849a701cf43fe433e20fbac643692f35ac3ca
SHA256 506e7dc15830909007fb927a9a8008efefa65beec27f039b97954d9725f9dc81
SHA512 79f90aea5152f6251a4ad30173f99fcd832a9f1655d580e1227ff2245040e5c2518421a1ed8945b0be39a62e3cf54d7a0e396005c803e9732cbf9419ba4262b7

C:\Users\Admin\AppData\Local\Temp\~DF3A1F8789AA9E96DB.TMP

MD5 d988e3b7596d0da37cdc6762c56c0126
SHA1 109e12272c9ecd7ad25044389971f3ed9fd9bf24
SHA256 537f0dfc1ce606c7395fe256a9e6663b639ce1ad982d02099d5ff378064f7672
SHA512 1a82532fd21215abf0753ac1c12a4f97f51d6911eb6c2db9b1d25cb9b49d16d214679cd0c90182e9ea47b46b9c16ec7f4452d80e7f3299d3e30f22beaa946bb3

C:\Program Files (x86)\BonziBuddy432\Reg.nbd

MD5 a8ed45f8bfdc5303b7b52ae2cce03a14
SHA1 fb9bee69ef99797ac15ba4d8a57988754f2c0c6b
SHA256 375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b
SHA512 37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

C:\Program Files (x86)\BonziBuddy432\Reg.nbd

MD5 210678bc978f626a2fb5297105f65469
SHA1 b4f50ae7e327bc728d862de0fa816aab70f254ee
SHA256 1579ec96c8e6a16a45ecf9249b5c620a9196dcf1fedeed5e9bccbfea348f44d6
SHA512 ca959712626baee59dcabb27f92e9d66d93ec53d8d51c4ebffb6beb3fbbba6dedce2d79311bfd13454300fef05e26573ee4a66e95ca75deb959c601824a2dd1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 00eb296faf2733af5ed9b5ce73801cad
SHA1 b97df0ae5985360326eead31c447a688f04a935b
SHA256 cf9817990ec1e8351df5cca28c8c9f26d89ba174842f870e024ad2816f21ca76
SHA512 384509f335918ef66f0c7e491fee5e23740e309101373799e0406cb5995a71a270125fe4a8f7aede1071474caad7d65373c7f7855aaefc594dda114c49b0c6a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4bcf3f6d1b263d7537c08291efe0ac67
SHA1 bdee367170558ee99a98aec3aa0f1a9957e46d54
SHA256 1c9823e13a125a98835d5ca4e612eecb2e5f157d010961bec9b50c51b8b58429
SHA512 ce03c00c0a4af455e32a36b61440e4dc4547f1bab2e56f9db9462b98c3e61323d587685981d9cd548143de5bf374a58e001f1b12e1ca76f548a15fe8b39467ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a35a637f630c2e4787f1aec7e2150ce
SHA1 3eacaebea75c45a69bb0b1be1acf1f75d94b4262
SHA256 9d0fd8a3cbb581df4b31bb68ba2a44e25f4bfd2461d6b12c502f476561b65b35
SHA512 ea278feea31e04fa8600200828d72b55f3dd36c79aa0643eb5d60226a8f5291238caa9d6311235fcf952f219ea21acf238522f4850cedf45b3b9473d45959f69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b89509e630685873fb2727d32d7bf33e
SHA1 156edc8aa50335201ab61b9f0a611391ad88e325
SHA256 9a48cd29cd618e9689a55a9f2c6bfbb270db19f0860207499b3b5982ec2a33d8
SHA512 6cac6623e96c6dedd0a695ab2f781513c4cb82df1fd405c59186bc7a9f3622c9db59fb99448ddf9563d8648b3cede8a31968c9c2310dadc2722fdc8c81c0b84b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a75f5b4ea835708ca767e06b8f45e50e
SHA1 e7f8232207774555a330af8699328b564b8cc187
SHA256 44de54b624b0e01f216775e21c55d23aaa41719947d5dcc7e3ea70bf7beedec7
SHA512 621c4ef3ea73cbb8f3b1ecf6c708930af74a93c5b8a236f68e97ac4e587892e5601f49a4ab818874310344adff5f388125492f5372d8c5742fbe8cb2db7d3bd0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 01d38abf946898e610862233361b0baa
SHA1 43747374e89404917b6ce9d8df22feb598bbce20
SHA256 d9a8e6cf717d244072d0fb5badfff4f8f6a7381da5fc7bda434cef967ebdd66b
SHA512 66686661dfa6bf3d91e5f1aa3176048ca693adc88a5e7178ebeb33c338e02c1586e67a4e32584297fc0af21e6309c76b475572e91b6c8bb6cb773fa800f337c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d378108e773a015b9804fedbe27ed7db
SHA1 8929bedd4659003d7d5975f2d486bd0f871dd2ee
SHA256 405dd94983dad3f316b7cc33163d3a8332c69e962ca87e71129aac4da5ba1bee
SHA512 6f02dcd2fba468ece88738e61f2ea2039bb1e140f009bbb6182dab29cd80053c5f1cc0826cca39b9d66db235ff4797d4d99a00805fe7d7d2c5963a411ad5c070

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\06afc45f-7817-4d48-b0fd-22e16c84b18c.tmp

MD5 4adfa48c004855237ba38a7b5db97a09
SHA1 31313169c9422a62e345be8733084f9554880ef7
SHA256 4c3c919b5fdbcc2ed87713e6e1b29ad525cb41807fbe25028c656610d98bab8c
SHA512 956026248957146bed18583fc500a6369b1350a4f5a185e894b0e0447978feffbdd9037a9c7eb1dbf780b9cacb78839d6d55fb6e2110d7150118b23cf83f0965

memory/1032-5571-0x00000000046C0000-0x00000000046C2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

MD5 979c29c2917bed63ccf520ece1d18cda
SHA1 65cd81cdce0be04c74222b54d0881d3fdfe4736c
SHA256 b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53
SHA512 e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2eb728e0-1f28-439f-8d29-885859a08387.tmp

MD5 d1acccd3b64c810ae8a6df1017d90e94
SHA1 0c62ed8a501a9f1f85944c0a1249362a32127514
SHA256 3d282955144dd0af55fd13858abd706a52dc4d5fb9ed3a1b7428aeb39884d34f
SHA512 d59c28122bbf0fb33ef760de25992d111edba6860a99f7f872ac68d49363c803004c0e475707e5e9fa57670dd229be93c2b1355a5045763495532cd61c44cb47

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\db\data.safe.bin

MD5 a75f7009b65c4173a584b2ca9356448e
SHA1 dd1e93e078fa93a61d76a5b5536126978ec25513
SHA256 2d05243e3fd3b189b3bedd9f324410cd76c84003aabfe05d0293a7169e91ab93
SHA512 da5d58d1079703892cb7bfb3da5b5f8fb18636b1bb12334f26609709b9a9ce02cc3379e21f1cb03cf753ff7d6fe01f070b15f160102f7e068fdfa5d0f968b978

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\pending_pings\4c430c28-41ad-42f6-a90d-7964a2b0bcf2

MD5 fedc5248f83f8a01177db091625b4bd6
SHA1 3163df4c5ba834d8630c3fb720367d0b6e828873
SHA256 f93955b7439fb2137a2872f54cbf47505ae04e5f8aa1e1ed861f0df7149fae53
SHA512 dcbc2ef3d4be558a96e0b871ddba69877b6c2c1aaea836e63d7deaf5a5598a577adcebbc279aeebd63774251ca0539e41f420ba88f9b1515f5ebe50dc7252b51

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\db\data.safe.bin

MD5 d5a5a848d24b11fafb000fe9a537d135
SHA1 4649718266b47a39e157655ec7c1470a54bda742
SHA256 cc5027918027f7e299d1341d382b3249cd0399db78dffaab6cb4ecf21b595294
SHA512 b8443274efa96b29bfceeab8373868fc4e95da9ab3b308be0e152819961774cb4ebef7cfe37ed54c570e5f666e7b838e2832754a1336c551e97ff6dbed912282

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\pending_pings\2fd56d6d-248f-4955-a298-d7bced820225

MD5 5c8af1ef2661cc0fe4c9e0055c574a6e
SHA1 b35971eff790b59bf0956ba2814559b5b650b4c9
SHA256 4c47f0adef402b3ea565791943a94531e20c8718b182cd4e80b2d59a0554b04a
SHA512 db80e184c14da91e4e800992d9db0bfc0b35c983fd991c4aee32ac333c28a88b64a417242feef9df03ad4bf257ccde65364196145a90c15676d6632e4d4c5ff6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\activity-stream.discovery_stream.json.tmp

MD5 037bbfc4ab72cf45980acd4b2e9c8feb
SHA1 409746457e1ea258a9ede0c9139425681481f58d
SHA256 20cfadbef49d963253540409b4ff8df0c1f6e5cc27a7ea36c0fa23381ba97543
SHA512 3b1aa35c5d3266c7698adf29459e6c6df5ff7ca5b9a1747c1a65e527a0267e788c009ae89b5f20c3befa011560554d1a2d393a8a7f4cb2d3d552be948440e3af

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\prefs-1.js

MD5 f7dea35a044d5e3bc9e3d2488284afdc
SHA1 f542f9b203ffcb76c45d5294d00f19c20c2778c3
SHA256 b4334cecef88191a38cd0d81ff5d7893cd9ad6de0798da75a92b86fe06038d04
SHA512 8b36ffc20daae18887229e23f40dc3d912c8553a7a0c173a68007dbf2996ddb286c1dd26a436e07777a1fa96eacd2a58631a362a8a9352ad1c9dc3d15e4b0a11

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\prefs-1.js

MD5 cb03e8a700df1431d4d1925873175b3c
SHA1 b9b6576949da6e69df7a89cbc0fa86320a592369
SHA256 8a80458507b8ca70a2a961c24605f8dc4214c43866d1d37890994772b1c53de4
SHA512 d82d91c419fe78e39987b825a7819d84857ad784daa8b47996a17072300ac29987339f3d696debd72cd49e5d1f6471c79f8a85397324df735990e85c2f894674

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore.jsonlz4

MD5 d1f45417ffe748112c3611eac621541f
SHA1 cf7d55d1f73dbe7c2e9a71f43d8fafd0b54183ea
SHA256 aa45f9550aad68bd0ff4ea8a6983e99daba2a1f8af9ebde377b5bc4e5f956903
SHA512 36f4eede366f8cd03114847673462f9300877b5b8c84d39881045f5b53ef6ec63b7610ca39125fbd1527ba241b3f5d34eb9814555522ddb7949a34dae23a7396

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ef23bf90-da06-49c9-a658-8734b6ff056d.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 a6813b63372959d9440379e29a2b2575
SHA1 394c17d11669e9cb7e2071422a2fd0c80e4cab76
SHA256 e6325e36f681074fccd2b1371dbf6f4535a6630e5b95c9ddff92c48ec11ce312
SHA512 3215a0b16c833b46e6be40fe8e3156e91ec0a5f5d570a5133b65c857237826053bf5d011de1fcc4a13304d7d641bcba931178f8b79ee163f97eb0db08829e711

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000011.dbtmp

MD5 6de46ed1e4e3a2ca9cf0c6d2c5bb98ca
SHA1 e45e85d3d91d58698f749c321a822bcccd2e5df7
SHA256 a197cc479c3bc03ef7b8d2b228f02a9bfc8c7cc6343719c5e26bebc0ca4ecf06
SHA512 710620a671c13935820ed0f3f78269f6975c05cf5f00542ebc855498ae9f12278da85feef14774206753771a4c876ae11946f341bb6c4d72ebcd99d7cff20dcd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0b3672e4-8e27-496d-a2f8-e6818ae08ed4.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 82f3393b3ae5be458e587440573d22b1
SHA1 b0a2488ed3c75317a6bbc2b3ecfcfdf3fe90b3a4
SHA256 7f382cbccc60f1bdded6c5efcd488b647c27946d9d8fe94a6b52e69a0bfe453d
SHA512 71136c03ae39b8f7801ffa5dd3442abb125ca84206a2f193a4c1d4c6bcdfd5cfa04b0d4443bc16f6f8472fdd68cde90260aeaee24a3efa1f5ee75cb90d5020d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\762fe440-1d6f-4e9c-8791-5b3c4f5c5b93.tmp

MD5 2ae743283d972bd9eb4dc8ea0df6e769
SHA1 192cad2f2dca7b836a5a3c49fc90a98f5ef627b9
SHA256 9356f71b5592d10b61d85f89eaee3c28fe016e093cac6b5390e2a86992e1aa9e
SHA512 537f1867cc8c9f7f84ea5a7209296154d85f855a562f286e1a23bbf469e121acff728ec50e526e72d5213461a6670c1e0fdef7a4b3082aab7f5f7553dad16a17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c00234c91e2e6bad9a5fdd0741717329
SHA1 7bf9a9651a63dc1012c92675014515dc89c4ee0d
SHA256 a2ff4aac27b09fb2e7885977eaf829227283c807ac92caee56feeb10c0a5948e
SHA512 245e1dedfdfb1a2e8f05e63cd1df09a18aa434223bd23ab4d70888a24f6fab407cd643721f5f52b21e65e10e4933adae60e92684d4513552851aa767184a2c2c

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:38

Platform

win10v2004-20240709-en

Max time kernel

1801s

Max time network

1800s

Command Line

"C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks installed software on the system

discovery

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4444 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe C:\Windows\SysWOW64\cmd.exe
PID 4444 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe C:\Windows\SysWOW64\cmd.exe
PID 4444 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe C:\Windows\SysWOW64\cmd.exe
PID 908 wrote to memory of 4876 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 908 wrote to memory of 4876 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 908 wrote to memory of 4876 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 908 wrote to memory of 1668 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 908 wrote to memory of 1668 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 908 wrote to memory of 1668 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4012 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 4012 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe
PID 1616 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe

"C:\Users\Admin\AppData\Local\Temp\FlyByWire_Installer_Setup.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq FlyByWire Installer.exe" | %SYSTEMROOT%\System32\find.exe "FlyByWire Installer.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq FlyByWire Installer.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "FlyByWire Installer.exe"

C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe

"C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe"

C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe

"C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\FlyByWire Installer" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1760 --field-trial-handle=1764,i,7950603720569234934,8186742942491435927,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe

"C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\FlyByWire Installer" --mojo-platform-channel-handle=2032 --field-trial-handle=1764,i,7950603720569234934,8186742942491435927,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe

"C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\FlyByWire Installer" --app-user-model-id="FlyByWire Installer" --app-path="C:\Users\Admin\AppData\Local\Programs\fbw-installer\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2264 --field-trial-handle=1764,i,7950603720569234934,8186742942491435927,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe

"C:\Users\Admin\AppData\Local\Programs\fbw-installer\FlyByWire Installer.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\FlyByWire Installer" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2268 --field-trial-handle=1764,i,7950603720569234934,8186742942491435927,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 4.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
FR 185.93.2.251:443 tcp
US 8.8.8.8:53 cdn.flybywiresim.com udp
US 8.8.8.8:53 cdn.flybywiresim.com udp
US 8.8.4.4:443 dns.google tcp
FR 143.244.56.51:443 cdn.flybywiresim.com tcp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
GB 20.26.156.215:443 tcp
GB 20.26.156.215:443 tcp
US 104.21.83.69:443 tcp
US 104.21.83.69:443 tcp
US 104.21.83.69:443 tcp
US 104.21.83.69:443 tcp
US 104.21.83.69:443 tcp
US 104.21.83.69:443 tcp
US 104.21.83.69:443 udp
FR 143.244.56.51:443 cdn.flybywiresim.com tcp
FR 143.244.56.51:443 cdn.flybywiresim.com tcp
FR 143.244.56.51:443 cdn.flybywiresim.com tcp
FR 143.244.56.51:443 cdn.flybywiresim.com tcp
FR 143.244.56.51:443 cdn.flybywiresim.com tcp
FR 143.244.56.51:443 cdn.flybywiresim.com tcp
US 8.8.8.8:53 251.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 51.56.244.143.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 69.83.21.104.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 185.199.110.133:443 tcp
US 185.199.110.133:443 tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 20.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
GB 20.26.156.215:443 tcp
US 104.21.83.69:443 udp
FR 185.93.2.248:443 tcp
FR 143.244.56.49:443 tcp
US 8.8.8.8:53 248.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 49.56.244.143.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 104.21.83.69:443 udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:443 dns.google udp
FR 185.93.2.246:443 tcp
GB 20.26.156.215:443 tcp
FR 143.244.56.51:443 cdn.flybywiresim.com tcp
US 8.8.8.8:53 246.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google udp
FR 143.244.56.50:443 tcp
US 104.21.83.69:443 udp
FR 185.93.2.246:443 tcp
GB 20.26.156.215:443 tcp
US 8.8.8.8:53 50.56.244.143.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 104.21.83.69:443 udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 8.8.4.4:443 dns.google udp
FR 185.93.2.246:443 tcp
GB 20.26.156.215:443 tcp
FR 185.93.2.248:443 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 8.8.4.4:443 dns.google udp
FR 143.244.56.51:443 cdn.flybywiresim.com tcp
GB 20.26.156.215:443 tcp
FR 185.93.2.251:443 tcp
US 172.67.216.92:443 udp
US 8.8.8.8:53 92.216.67.172.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Programs\fbw-installer\chrome_100_percent.pak

MD5 443c58245eeb233d319abf7150b99c31
SHA1 f889ce6302bd8cfbb68ee9a6d8252e58b63e492d
SHA256 99ca6947d97df212e45782bbd5d97bfb42112872e1c42bab4209ceedf66dc760
SHA512 081f3ee4a5e40fdc8bb6f16f2cfd47edde2bd8f3b5349775526092a770b090c05308d4289ecdda3d541cf7f0579ac64b529930fd128edad9b0991dfa00b0e9bc

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\chrome_200_percent.pak

MD5 81b5b74fe16c7c81870f539d5c263397
SHA1 27526cc2b68a6d2b539bd75317a20c9c5e43c889
SHA256 cb4fd141a5c4d188a3ecb203e9d41a3afca648724160e212289adcac666fbff4
SHA512 b2670e2dfa495ccc7874c21d0413cfbebfd4a2f14fc0217e823ec6a16ac1181f8e06bfe7c2d32543167bc3a2e929c7f0af1a5f90182e95913ba2292fa7cadb80

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\d3dcompiler_47.dll

MD5 2191e768cc2e19009dad20dc999135a3
SHA1 f49a46ba0e954e657aaed1c9019a53d194272b6a
SHA256 7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
SHA512 5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\ffmpeg.dll

MD5 f76cfe7237e96ea7c48d89d5aa73e919
SHA1 0a3b130a88c3ceee603b457392d23ee3542a61fa
SHA256 020d7df3f77e37e8ccb9c2ef657f0b9c909845dfe35d0b5c62d578dd7f8c6d88
SHA512 002c18110b7a5059e3f1767edf4fc815acf489c4215d0b5109138a151a926373cd895bc096c27ec49f8e93048efc13a87d24a80405f26cd18ca29c1e827905cf

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\icudtl.dat

MD5 2134e5dbc46fb1c46eac0fe1af710ec3
SHA1 dbecf2d193ae575aba4217194d4136bd9291d4db
SHA256 ee3c8883effd90edfb0ff5b758c560cbca25d1598fcb55b80ef67e990dd19d41
SHA512 b9b50614d9baebf6378e5164d70be7fe7ef3051cfff38733fe3c7448c5de292754bbbb8da833e26115a185945be419be8dd1030fc230ed69f388479853bc0fcb

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\LICENSES.chromium.html

MD5 d5b1f4d67bbb923ae30f5d5ac424b269
SHA1 e751270f329f8f5cc882e615157891421f569c79
SHA256 6bb288835bc59b4550338d8034ef8fb9f05714e890ec08c327149c82142cb4ea
SHA512 b8c5ebcfabf56c85467b27815d7b2cbb0ff922a5bf08a3e619772644fb53049393134d17a849d3191a29b6af1218feed32895bf26c7b77cf3ef0178552ccede4

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\libGLESv2.dll

MD5 40be4d846a32602f8fe21cf12849509a
SHA1 00671ccf19ec49c3f80b14bb14097ef4f7e4eb01
SHA256 210dc8fdd82f613b02ed690ba3a63006892f3b67355cd99ceb1176edc950f534
SHA512 da20a1ec64606fa7e512114a983697fb11007c820e6bc09a65a11bdcf8ca7e331bf272718126a00488b6da9f5828c9ed4f1eba91e36790e1c340eb56957def1d

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\libEGL.dll

MD5 b20372aa7f6ac78c8195ec94473f3a16
SHA1 e3b38ac6507a784277f4ef4ae60a6d9048a51ecb
SHA256 d49ee14c428b695bef18c187c56e2bd314276421f6f0eac49a4c16d3819806fd
SHA512 92ebd68070022f5339dd7cb8bfb08cc21b18c6efb1bae6628b83a693111981e8648ac41eb622215764c817fbb62526e634bf5a7d0a1edf954d2ee5e3d424ab85

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\snapshot_blob.bin

MD5 b53d90de72a43824936bf3a474e9c4af
SHA1 d8edc0e45e85dbe19eab3a9d3bd7808a46ed28a9
SHA256 5164c6e346a86ef49b4569d3a3a108304853b903c2e8862e3a7072de6ef66546
SHA512 74d71642a32085706337b34d72b954ea74235c441ed604ac3f662c13cefbcecac53f4e1f3eb8d33b418d62370514b747fddd03edda96ebc7c420396844deb210

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\v8_context_snapshot.bin

MD5 43c5aef102ec1e10d696dc7db374df81
SHA1 6d8f1fd6291f847762fd67eb9dd0f6acae8f6758
SHA256 0024b5f18173e248b073525850b2ec28b594b90b6ffe995bafb19e8397770a2e
SHA512 f85466c10b4af582751bfe12f69e539d0bb54313e4861b65414a0c91f240c5e724fee21e3e67f79738615627a88cd0e7ecec49535007713058239551296c3408

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources.pak

MD5 4e87f6a2c45788e9c7627fabc66c0dc7
SHA1 dae2e629a4c220f164e03df2b3f3a54fe7e50536
SHA256 cfdd2ee957eef2e1a90572ee1b853f6732275f1008b3cdae54940d559f903a0a
SHA512 4c3b7d9b9acf0f36be1b263d340cfabf00cb3d88242e83324f96618fd0342caf4fcc7430719029ea623cecae0487a56b224c0fdf9817f62e8f04098dd54f54e4

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\vulkan-1.dll

MD5 66052c90b41814006934de8021a6c2f9
SHA1 f1134101fc6fe60a6c798bfbf9b91ab6fa027b58
SHA256 031ca66b03b3fb6e3a57b67f389d3589de0edfe6e59a8c6087e9cda54eb25333
SHA512 6d5c9d57d86dcac9c6a023a90e28c8b18bb62e7ec6d617aa4745adff6b8dac5d7b0aafb2a9de84ecd7ab6c912be6f034b5286ff7a0e49e21737e32cf4197e3d4

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\el.pak

MD5 33309b3685f75753aae6316b8d4aff8a
SHA1 4d53b3f62f020e2556bbdc4aa6adc050fee36d96
SHA256 795baa943e85a4c4b425163c7a27f08fd02a825e41387e24330921bca2a4a35e
SHA512 bac0dbe03e4ad63e7ff675481acbc29497dd2711e9b06f17c337c05d40aaf3e1c9f71e8221fd2c0a1dee9ef790fab12b3a070713cc89a139a160b4fc33c10a33

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\de.pak

MD5 169d036fc78554a8011c72644d7c8129
SHA1 5bf6df20d0f4383c1162e787d019e822cea6a87e
SHA256 5883c8b60f43c5e12437eefa5d74dacf9c16e6187526df74a53f2eca9e6f3d62
SHA512 e9bb8eafc47986063892070ae57d6da5a996d68b2c2460f1672abe4e047628b50410cdf72d627d38e15abea7647c686bd30bd7f80648f1058f9a9f3b7a10309c

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\da.pak

MD5 3359150adb5caae93800a0e1a44793a7
SHA1 513c107874592c0de1a3f074c1b03c7b806bc231
SHA256 d499eed4ffe49c3eb74262c5c3ea3e0944fdbe8f4ac3e0fa6b6d1e776da1f70d
SHA512 d901cf61b96a9f5346037ac7f65bd51852f38f8620f76ed4be0c3f378a20bc59be66758ca7dc3f9ad7a2a09d6345eb7626e9b8b041e6a8c5969e4df464935cd8

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\cs.pak

MD5 f311807c2f5db6fbdd8f513f660be938
SHA1 f5ec379b83e530e67ab44964e75aed409984dc03
SHA256 60cad724b1fd9820fa6ed7278b61e65a410255abb0335eec2e5195147e827939
SHA512 8dfabea5b46d550877bdaebebbd0891b72d47805396de827b10c30ce13545ea260d6b22eb653e13b215d9581e3da8ea20e52b5dbde2f0767bd75e1974606aaaf

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\fil.pak

MD5 2e6a6728bd5a09339ac01a38bf686310
SHA1 619e27f30c99eff8f2df3ba2287c6f7fe0b5b063
SHA256 e8f03c2e9c88adb04648ef93f9ea3cff87641638ac97c9a6752b751e7f7a8a20
SHA512 0452ac74eafcf971265de92041659c006b5e559919b895b41795bb1307ee7c302e873440b006485b7cffcdab0f6b908a119683fab40a664d5bf3591239427c00

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\hu.pak

MD5 2fef83993a62f73f8e4b40a6e28a085c
SHA1 8bae181f3eed8d5ea8fb0f912c679e608ee7c008
SHA256 ca4b4c7c7be45ea0871abf7d5668ab948f712a02facdc1d6bbc189b1b3522446
SHA512 6eed29acd38b662f62381a5c00ebfb254915a57de6fde8e6da77f60dffd13d4846b26b1897d710ef852bcec5728a4460becaed2367f1a06a066da77521701324

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\hr.pak

MD5 3d5f088d95b854817af4061420a7a9a0
SHA1 8ad81851ace5973972d80687024460a6e93b81f3
SHA256 3920c973ec7c1fd32a382dfbf8c3c3f80c89979aec1d4089ed9bdf5912818538
SHA512 23725a69d73013ce31bf767820c8a985541c92aa12239b0051c6368fdefb6bea713ed3436bd808a1ce0c672b66e8076dbfa01aafcbc58f9dd44e5ff11c5cf07b

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\hi.pak

MD5 72c3854d7952a6f980bd723d7f85172b
SHA1 b4990d41dc295eeffde76c2f01954e4ca366eebd
SHA256 d9bf8e36abdd922e14c2d151278e60b3542d4a95c296ab95ebcc999214aeefab
SHA512 f752910176ae7a8598f7a6b67c7c63409d6629f66276aad72abc9b15a5b3dfe94e8fe31622b7fbb42e1355cbc4a6f7fe095f3b9fdfab93763267f05a9b809719

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\he.pak

MD5 f28cbdc222c1add9aa3d02a80610e336
SHA1 0ef40078e53b2a9da9d8bd17852391c56bced8a7
SHA256 2083581fca2ee89abd9a1f932856037ed176f58d22c2f7ae997637f501e073f6
SHA512 bf62f81c4e12325fc8c9f777efa1b07c5e168424933e927a7a8b876dfe4ed5601bafab1b7076792fc519adfa58119cd491e73f4bb3867474ff83b275ccc492d5

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\gu.pak

MD5 0c33e2a35eaaed3572f31e7b24d4493b
SHA1 278498568109ea7d6cb34c634316f95b04155b64
SHA256 0f0fee8a2f22f80a0c4a758e7f4fd90d40be4048dcab0d824135caa5e92efd5d
SHA512 4eebf9be5a8c317d2d2e8e9b1e607774f5c7c35af7d8bd6c80326fe3c6e2e05089f04485eedde8be8c7b71a7b49e407289f361361d86802c0463c5b6b296f2a4

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\fr.pak

MD5 3cd3e6b45351be7521934d3fee1637d3
SHA1 412dd480924482ff5231a10146966e71980c6f8c
SHA256 7d8b3dbb9792891088e60b26265cd7b4f044d3ec2130a95e249ef979b7b7b286
SHA512 f892f075fda7197c7851bf9902e0e807bdec6bd62486ed054f68210ae1c090bbba23060a6b515c3cb07499dcfeece010ae6244e62e2014d24cab587ac14aea45

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\fi.pak

MD5 f87a1ccbcf3db6988e95e94333bc5a4f
SHA1 e85f8446eb74d8bd4318354ec98135c17afe3248
SHA256 052a72c9d6f2bb55f02fb1c5c4c68525a32b8cc9120c270d07d7b813d604f7dc
SHA512 c4a7ee0552b343010fce8ceeef70620acf672c9ab56fc24ccfb88abdbad23aac4cee65c8b241c594b7ec92d0841087485aeda583d2e887cf4c823a10b2e7cd3c

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\fa.pak

MD5 78118884dba6734d242d9b6d05387d6b
SHA1 f6f378dd43f63f10dccc28abc4174f8e1e61377f
SHA256 9b04e80533e622f12171f71f1fd6db34be091624ceda835505750f6cea9e01f2
SHA512 7314f85dc7df8f115ceab0c47e3bc695ef0bf613b13716d7624d529267f8883e4ed648af7ac49fbbf62f75b6daff074003f2b25a1ac351ebb16140aaa8de7918

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\et.pak

MD5 ccd361017778964de23bf1d741cb888a
SHA1 5b0305538762987901b7a8332635f3d7996c09dd
SHA256 41883af1e49cc180fb48e02659e75b0169d974d77373cf7bb2a4ea02dd654e26
SHA512 a9d7c99c07229d382e8ba7cc3199bc66fc39df5fd9b58e6a76e423b865f8c05f53398125a17a20c27462b2db595f3d778b4d94b1853121d8447b771f9284e5c5

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\es.pak

MD5 5a37b7bca4b48b2c10c1ae4ba0e1cf2f
SHA1 1a44fcb25a32cff1701d3716c768d68e4dc79182
SHA256 2366e4cc45f679c7729fcff5d3f81d575cf0fec363f2ef78aeef21113dcd3372
SHA512 dcdf48dc362357a29a5cb99a0036b65d892c6172ed1e2ea74e1f6b06aff7bf16f51f1f7c9cff30c49e9cf17367f3eb14e9a743016ada6e24e47744f5ec60d1b7

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\es-419.pak

MD5 cadb1f5c595184a7e8b85ea5998f01ac
SHA1 08ddb4d32365a1eea76988e78354da26974bc0fa
SHA256 929f5fe6b8343a8acc33d9142e5367c6bb1c85962705b2675fd42665b6e24638
SHA512 b7cd01c216aa86eb661fec3fb4f9258c84b5b3d294bcd4c6f86913fc2c751a7192a66af2b3a309212228b4ed722811f6f57171a7a2327466bc550b64a73d5a4c

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\en-US.pak

MD5 06d28839ea0b3aab4597ba8646a53a96
SHA1 9c6a74aae8c783546d613c6f38cbfc8f5e3736f1
SHA256 69c1a2e1b30d83612decf1a8dd7b124a04f58e9f2465876726f02f7f7d5eb54a
SHA512 a432542dc98795ce0ea6fa4a6bbcbae8ba126f1fda025a9ad6ff3fa67eee85dcf7afc6678f5100bb1543c4d00ac75043ea92e64b65c9ef6bd946ce3dc4d5ae71

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\en-GB.pak

MD5 14a08302406137fd9230e34f810ff93d
SHA1 1ce0c7e4376c9997745e829590ea84bf4a582f0f
SHA256 0641568b90623802a4de681ff9d02aa2f79c74c1ddbf1760664f2633834e649d
SHA512 200bb766298c8aa5d82ddbd80e8340f37b067313820e302fe88994b5dcd1212db93560e79a5047616313c495f79ee50a306036ea2e04b317ab5481afc8c770fe

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\ca.pak

MD5 2cddd012546caf0aed6775cdf5cfdee9
SHA1 cacce951770feefd1bcf89de5be97bb39606e7ee
SHA256 02d60b97f70c31f5c5003108321fc3ac3c79bf39a36392c3adaf7735b9cc1c1d
SHA512 b75d9b2946b11b9fc7430c5773835422aae6e716504d7841c1b08413ec18d454d9d6faa5ed63e19c59ab2e1ee919822283fd7e21a97f54482685d541e4dd2519

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\bn.pak

MD5 35f1083544e86bb85fe5860b36b743e2
SHA1 27ad8b23fc03f9b26eb5125e886d18ee3798765b
SHA256 28e1441c4950a90717ebd0641b1f0b4a087cbddeac39edb2618b7d24fbf5a58d
SHA512 69fd40b1d1ffab122c244a7111972fa8b2d6b38c595acee8c6b650a595eb756c35f0cd774d8a7b79656258ee1dca9b6fe0a72e6bc38901804e62ffcf9976ae1c

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\bg.pak

MD5 5f629042a1c501b290eec5ea3fcc6779
SHA1 d6b304838630bbbb375c21a0e6de3e1ea600ead8
SHA256 571e87f9c62cfea2a2303674f93ba879d9b899afce4dd7e47ddf5e6781b7d4a6
SHA512 e30f92453bed2dd0cdd5a2a2f70d1e240e983b0a65f056a9623295ed01e9a87869706fc4acb40cb79ffe7c60f5121a95893662c1d0299c0a585b8ab75888c14b

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\ar.pak

MD5 7c9df38ab75162cb7e9b361d7c76abb2
SHA1 7f5660e4fe6ef3aafb1c12ea4de6fc39b4fa6324
SHA256 b9ad29ed41a589fff497d8d536789a616741b4947ec673f24804f9fac232d1e3
SHA512 aa071440d5d422ffb94128eadb58c2d9251bd5f4d89e7ed7f987a996e6fdbd53d7eaa91b5b504f029fc9cb4cb9b1041bcbc7b72541c0b25f0024508a29e6307d

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\am.pak

MD5 d3f48b60620c5bbe519db9c0cfb634de
SHA1 7b54a0bf25b2ecfd78c2ad7dfb6f6a09bfd20abc
SHA256 1974de0984976556288a4612d5f38fe0ff21e868bdd877ba5d5fde3bb4c9e36d
SHA512 279a7c162e53b2d4e7a92a57de3ce3c919cd9a9700595af6a26ebc53f925773127656b2c817e91cdead87c2b1f5dc00bb0b134d6d51cb083149d85598a2d5b85

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\af.pak

MD5 b293cc5ea7db02649bd7d386b8fa0624
SHA1 32169b9d009b7a0fb7ecdaf650c989e956291772
SHA256 7bb75adef02d28819f1bd3b42fa46ed56d6dfbeae072341997b09b8c1f52d8dc
SHA512 496bc72e7b798d02e453eb96d20566b91405bab774521527ef882c1fcb58f25e2d0718013ddc0d23f7fad883f4cde93b57c6caaeba8cd18a09665c9f6245f557

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\vk_swiftshader.dll

MD5 437a4269cc7aea218debaab8ab7ca37b
SHA1 4196d68677cd26c8a9fec5fe6ae4641c7294ea6d
SHA256 c96b3d44f112202b7d0cf248e579f6cda2a538cd3b2c9945ee54431f21ff9b43
SHA512 24e97e853ea440117dc8662e306f15e7b9ece6b396a369e1d3afc670f3e4e97c398d42b6190dd5a9fcd121be6e35df25c742e418acb7477c0fd361ffc24ead04

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\it.pak

MD5 cd02051650a0e8b16f103a00fe9306e6
SHA1 0ae9bd2ab6d45108ef90bed506c7c3669ff5bdc2
SHA256 469ec834f65f1da6daeddb618a709abbd881c22108455fc02839722fa0e337a2
SHA512 efc34728509dd31338eb20842fcaa720a613687d25b33313c7afb8c8c319ae28901926525adf7c3aae344597a3ea205468767f3050b2c83e640f641640f9c2fc

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\ko.pak

MD5 fde2b0f2a810a2d853a46bda17d452f6
SHA1 8a04e5473be00bf3dd80bc44eb5e0196f4fb0622
SHA256 70f9b65c9b554ac64b4e690c77bfc7a524c4c483cc063254bedeea20ee437d15
SHA512 60f6dd69b7ed889f13ff75005faf8a836b962dbfbe01a654d227dd46b8d6beeab28c7dcd69b447223cefc197cc629b1bf387d3e765f3234371f745d3dcd44242

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\kn.pak

MD5 ddca808d22cee754c4a1ea19a8a72599
SHA1 810dfed70b25d77fd4bfdf2ef20ef61df92ab3c8
SHA256 0b46baa0bdf16ec57931de7db936ee66c3ec2522bc625dfe14aea36156bebc71
SHA512 56aec4484f853b9c1f4a1ae2f68aa27b04a84b392c0ce3bb7c1669edb1af74a8203a0762b160b4a64833dad084658168f0d052759c932e6ff990031d5b9784f6

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\ja.pak

MD5 036e60d3d790534f29359c640a310521
SHA1 46aaf7448913b53f090de64e314470034576da81
SHA256 0a3bcfb01a5af85b5d7d354625c06ec7df254b3217b8fd0c3072a856ec3a7f77
SHA512 ced8568eeb7c1b6f5dbb8cc51f42888ee7693f2c2fb3d25472c6984edbea546b882148dbd384956b79021cbd32096c94a2e5c120edd74abc8cfba4cc18c237a4

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\id.pak

MD5 0d3851266ed3b4e07a002ff2bf5379ce
SHA1 1ab781a9279c0e2c66f698540e20172779e43750
SHA256 fe417319039aaeb4b2d29b1a3bef21ef063a5cef6150740f8c9f7cc6d0e889e4
SHA512 ed12c7d51763a9e17db8e41061f20e8f094e8bac3dbd538949bec3c472eb4030e3cdaf4848bb0590a5f2d924cee76c289634d2be9bb18cb6c44a4e2e8c0f5276

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\ms.pak

MD5 2c4056d84b980267faadd69d52c17086
SHA1 3b3c5fcf182d86a170c8f35c041bf3869a82b362
SHA256 163eb7ba5f0c61acb6443709c24e38ca6370a33f89a12e13d0a57c258a87ca16
SHA512 47285ab42b46cf7d6556eac2a8f7afb9a9c9abe8cb026fe847b2504e4dbddd481a98c1ea959c74e31f195ecdbb618a3d93df8f20b797411a8bf2b3856fc9b963

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\tr.pak

MD5 e3db24cd906584852693acf5f3e65f28
SHA1 67197cbcfed28236008af92d99c951984604de67
SHA256 f002403722dc15f1cb3f7cf0c61791b96be1a1a85c0e8571966c45c90fdfa0df
SHA512 cd2618d7a435c3825c83cb8778e668dfbbacc70d90ca6a972f65a38a1a40d64d945ff743fb536e924a996625f02e156e6dae01ab319a06ad6dcde9d9efb370d1

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\zh-TW.pak

MD5 b43a0f28e80be32df117b8f08abf5d5a
SHA1 0a3080781927f469e1e0fc09d8bab28955a00897
SHA256 a9b386ddc18a6e02b58f5175fcefc354cbc756948a5e9aba3b80284c877ec6f5
SHA512 177814d3e08168a66e8a368295a0c4c24f174bb72b0c0b181af9c5965c917dc8df902e6d3692c55956f460fa03a2936cb5d69aa863f29691cac461f5ea3d732c

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\app-update.yml

MD5 1dc01350c8237eaebc8370169d2e8d44
SHA1 c74ba82e811f2a62165f30252f75bd67d9ffc053
SHA256 520c98bf1a8e3a503e8713a90e7ae0da69219c2641de9a16a2a5c4eb2cd86ec5
SHA512 351e959a4cd35b20ff208ed936ffd7b935fce3a80c6804315895ef6b83b4d89be2eea8e56c5b686a13690c382dcdf16de4662b08a1a5381a11b5cec195e63c4b

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\zh-CN.pak

MD5 187ca06e7e8c675f24955a394932b659
SHA1 637da7934e66a6e6d1c53afa49222adcb96deb0d
SHA256 2a93fa7b4a404fd7832eeee03857d3cec41456d9d1e890b33d0c320e331db791
SHA512 68cd27295203b0ad11694b84b00742c3badf67997c1d7b0daae376a0310e2fa80af16563c364fd90ba3ea5917a435bf41b043d3161e86bb327b0886e9792cae9

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\vi.pak

MD5 e0f7f3d937afaafb03fd0ca59ef36eb7
SHA1 42792e176f8a048490bd38509831d5df120d1bfe
SHA256 c27447b90369ecb2ac7d78c841996cb054270b36defbdf316129e0fdd8a80430
SHA512 ca97ee205cfe193e179cfed5e95a801b5dd0e7d819642e8c050839ea794768f654ec2da23c42e9b73efc9a110c41c976da4809934a828fee5cd4d414d83501be

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\ur.pak

MD5 d85cb34c33a95ae444d49ca58f809b00
SHA1 f85c7c5c1a5f4b441fb70436f100b02907711608
SHA256 710f92ec980615110dd4ee66900060e2fbbc14dd2c42dab006c690ab3c23d520
SHA512 020ee46802aa3da1b5ac04dab7f97d72d4c04f54f7add0b9744dd95af6674ca35c8c1479dffe0fa8ada3235f72abd8f97fb5d5a5ce782701fe99297c289faf5b

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\uk.pak

MD5 89308cc5a533b72348de2a14962230eb
SHA1 b955cf0c6c34632119fa73d0e8558d51f28407e0
SHA256 177e94b0c6eca37a38cabfd9d52dc3f25f15278de1ac0ba1c81d0c1ce4a194a0
SHA512 d4aa5f695626c4a34ecb1167a8fdc438f06a9b22ad80bb1f89fcc23e6424f5f11f320cd92b7a25bea103a72d23fbc8943758bfd797d8615e734aa0ccda9a7b2d

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\th.pak

MD5 4d33f6f44edcf206f2408120f507b1c3
SHA1 52fe9f58177eecf7476ac8f827580504210470e1
SHA256 e1d9feef119988bd7d3800cc318eebc92e0d00b902558c073d634052a97434a4
SHA512 783b4a09ede8dab551da6a2f686c382422b3b2ad2fbf806fd58e99db197c2e2a102deaee3529f819be822c76b021049730ca3885717bb306e4d575c954e3b6df

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\ta.pak

MD5 abf95e05d798043abf4f2f514c0517a9
SHA1 b8c6c1cdcbfea03fb106c7a44385a3a8e6806aa6
SHA256 9cd624a97493282afed3b9b1e848b12639234fa54c04b22128169924f9c92777
SHA512 aacd7439df84ec76a3d0c69c39341b51031b66b24be53c87f3ffbced989b38fee416b19db2c3b36904eaf88f98b24e1e26f070bcc8dfb4ecc99dc7bb6f6b911f

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\sw.pak

MD5 c7b196938b6c5678d58ced6dba76e77e
SHA1 5a2da5121689b6d216f4757f0ea97118b43c7316
SHA256 bdd5f68349e39363558b3cfb6b0b7daeca53cbafc464009f32e96c9561fcc95d
SHA512 67ac24e6ab2e9ee5a6d69d62cebcf4e8af4b0153fbae9c8f400be490841a41532468cae81840431210bca49daa4e42b4a7f4e397c67d563f954cac9b6d151940

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\sv.pak

MD5 094d69544816535e4d040ef0ce923100
SHA1 5891cdc73bc4c112855d099ee112da0c3e9cea81
SHA256 110112c2f7ff5d3c8599036669d156e96ec19e70515fbba3bbcb2043ab994680
SHA512 023037077a3482a3bf2ac076b5c00922d7039bfc2098797275465138142fea0f97c1e003f77de71b9ab88f786b7401182618603610c51f634ad17a123faf5bd4

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\sr.pak

MD5 4d1ee9487f4ddfdc4471366d3965293f
SHA1 4e53084fe0d4bf4f46ea980f7423787084152ff2
SHA256 b75a222db70c3f5734a75042718da599881d5e84cc52b332e9162f78b32f4819
SHA512 a44a448203cc9388d8df4c39be9db5436546fa17add0975c18ce01ea0a5cba142692660ce6efbf00699793ca98af8e392e41a07dcd9c183fe03414574389609c

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\sl.pak

MD5 1b02b0834b8bbd12a77f7fff09e1d81a
SHA1 1898cfedde55aae307f7578b88cb0bcaf61e1d52
SHA256 b36e1fe2405cc4b9f34587e30da2feadaa6f03124769b02f79333adacaddb49b
SHA512 b1006053ace6f8842e9436c94934b2e7d1b502e3df9ecd1fe59ab39ae35e69e8f0dcff8728aee2c35a3a1eb7a27f0146d6113b4de0632dbab20eb0a37942bc4c

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\sk.pak

MD5 055b58e866d3e20e1ace65308d3a191d
SHA1 1a34b45acb6f93a629748736ffeb00affb376283
SHA256 4f5e6ef643fe4b26e6607d7ab529515b356badaa50ccaf9142fe6275eb57bf0d
SHA512 cbbb0fda113393bc07afe51e60f59b268132fbfe2f09b230bfa22d5e781e874a1b9d8e3499cf68e6eb3d2fb34525e723a938ec84a3729a3194856b8ee440bb38

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\ru.pak

MD5 889741dff13d1d4aab592aef1307a949
SHA1 f0f6e30653418cef5f01c7e26f0a21f198fe7da7
SHA256 19b6d6f490b4b7b0fcfedad0f3b7667b3e6cf226909f995dca2398addda2fe8c
SHA512 473ffd82b7fd3e7374a4587f2db30eb09461340e14d20d54cb3dcafac08e316e88d9fe2803fc5a4084970bc69e39a5fc8d06e8967f0949eabf26f436ef43c42d

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\ro.pak

MD5 6805d8f53fb301aa1c70ec9886df8769
SHA1 78cf4ca5fd24ce88e912c172da308bb1cb6b1070
SHA256 a322744798d3930738fecacfcdb5a474a4de656aeb363f2b2f11503e6333801b
SHA512 ffd82bd9070200545974a4e02b312bb9407b881fba126c8151f5f5feb8314a8b9f7a4349e4061a1ad41a71c6f03fa7ae52016ff2fb2b094c9732e7410e562dd6

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\pt-PT.pak

MD5 446671881e8266ff7a625d36e75c1e8f
SHA1 f4600e32d359d2af354a609e48e36f0c917c6dec
SHA256 1c90b118fb760f6acbcd000e908a390ef4687447ba72003cf42fd998b4d0e239
SHA512 da370bf9a5c2959a51408e4eb98e2418a82a5f0d04b230f01e229fa91c6140a294dd85d445f0a58b905e7598865c46608cb2538a23c0388f3704816b5f1e36ec

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\pt-BR.pak

MD5 cac1e9d9f5c4308aade742d031655778
SHA1 6885063c4300dd41e81eade47158afcec3208d46
SHA256 feca01a4f67ba8c4f19bab7e4c0d06fa41c28d23abe464b4b9175b207505111e
SHA512 bc719c4874dd77eaeae9961b4774ddb3b31eb3e638efb862634456b46d3bdc7aa2082b007d4c9c10481883cb351f8418ced782068d3498f2b117e6e15394557a

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\pl.pak

MD5 cec7e878f86c3d60d9b37a1bf9e1c792
SHA1 f0deab58aa38a4d925d742b895675355d6dd367d
SHA256 2e9384816d17eb39240b0b26e93caa5bee232836dee6384f76a4c1ba98dfc734
SHA512 657406d7cf1a531b52d74063cfa46c90349067f02eb32a9447705cb91301bff3db8dc600ae667f5f3e60927c55dc30b29ca8990085cde8a76cfeb236a07fd93f

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\nl.pak

MD5 e3b4d575dc7acae2f29ad962b6f073a8
SHA1 7947434ebc6ea720668f3e10cf9f5a9674a431f1
SHA256 71eba0a0280bf70a7cd596cad97ab4569217ae3278a046c6ba8dacd987a23df4
SHA512 1bb3994fc58ded17adca43f585481cb665b00ef88a4a9092e80591003c8e373cbe334a17af76e2dda0e0134e3357d683fde514fb5271a892d9dcfb0a21a5478e

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\nb.pak

MD5 2c049b857245143dbccb6da34140e0e0
SHA1 c46365eab7de55a09f63f63d454d27a8942f5073
SHA256 51ad51f7b864ec66f1d26ccda649d7de24fde452832ad536d10618213d649392
SHA512 420856c2424d0b54130871f1b507341486e3fd9be50b95fd6b8ee61cc54c559820b4dc338b735e6cf2e564c0c99a08b1d972dfec55d836254b119661afa6f359

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\mr.pak

MD5 1c25ee980e9c7634e90c2b1111a2d164
SHA1 d1344caba555bf39307a4e88d491ea3f8c439fb8
SHA256 a769f502c5f745d97d710950add0d069b63d6ec328269058c5c668fbf0ed9117
SHA512 28c111f0ddc13caf701402bfac8a903f0918afb0022c2fabfb21b07072c693df653991d41d0e726fb8619ef05c159b2f8b00ce6b42088aa2f59e1eb1dcc1673d

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\ml.pak

MD5 d7b31f00e4f650f40e10c2c8379ab7b0
SHA1 da94e2b3fbb935a9abe76d080e0f85cbe631cb16
SHA256 6f203a64bc4766cce23ba6ff5756875b450e945e894afe471d998bd2ac71dbc0
SHA512 f18e2a33047355007c3b4b3c1e41455812e38a1b10f37614b2d0e391664198dc89a5244251bf56348be596659c9e733d75f13d9808066d78172a0e3540b01896

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\te.pak

MD5 20dfde107bc16af8f0e0c2b9bb082582
SHA1 0460238f1fdbdc466798da0a65707f02b3884470
SHA256 9107dfb5184dd0e3c5e5b03624b30623eb9a508bb4dbee93a5b14d8ed112fbf1
SHA512 fb2aece4679c479e0e7eacd5e967da8846ed247e833b90711ddf26f30ee0be4d161ca2549f8656053f7952086adf9810bffb0d2bb13bd8302fc4eab370e984e8

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\lv.pak

MD5 efbffd8c85df4a3a1d190f1f50c0d82b
SHA1 363df0e02fabae4339d90e3daa2172576c355ab0
SHA256 af1f3deb4bad0a8933ac9ba122557901061518a6bc41cbab129b3a1a17362bcb
SHA512 ce85ccc9f81d6b7e133032cb9ebedd6f9980a7b74f1899880ce36170480519a6fc6f4210e231d8715021916927a2a7a0aa8b8878d9bd938fbc7bd1b624a067b8

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\locales\lt.pak

MD5 f40e916fc2e1abbff97d39964250d0e2
SHA1 957a575fa4b0cf406201aa15fc39d84911d66ab9
SHA256 3f380b4772aa391ae562318247b7d981d7ea128cb41657c25a9bfd1052e698c1
SHA512 4b113dbfade34023fb899351a8e7c2c08d6818e2867b8ad572229f4bc2fb97b2228d1403f6e8d3cc0bf07c71b452673460c0587de968265afa53dc6669ef7efb

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\checksums.txt

MD5 54ed1f1dba1e850bf3c8b617e430064e
SHA1 b56d6592db95dcfa850cd12d5b7f30a06b8e68f2
SHA256 2d023ef2cf4d2367b795c6e91f0c021468df1ba2014cc36a635104e56e00810e
SHA512 dfa867c16624b1389a8be3410930140e917819bf3817a7bfd7b4e2c8d34c7ec13ea8f73a3386ad51a22b0a9b6eb47dd2a8b24faa3bdbda4584ac0149cd6d7c91

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\package.json

MD5 7d01da7bcd67b3afcd10abe28ec99e7d
SHA1 2e89bb4188e8a4884230b1877e1fdc0fe9ece7bc
SHA256 d608744dd510ec583b510feacf5516deaf15e00ee39627ba93a5122d38ecbac8
SHA512 db35eaee6b6a3774c58704bf3987872733d38bd82a807b49a524ce1cdced8b1c141699f0bb7a340b0a092512404ac9f66ca096a2620a5aea9718b947ca5f743e

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\LICENSE

MD5 c2710cd00242ca7d7bef0fc98dbbc7f8
SHA1 ba49c34590b171487fd5e383ca28632f551865e5
SHA256 9503def7b54ceb6e3cd182fd59bc05d3a30d7eae481e65aaba4b495133c83c14
SHA512 1b8fed37b379cfaac4e67e4ae0d0ae1c7e8fdd5178f1e9a289b646c5adb016c68cdcd743266fca87bd37bffc0951e0b9ecba8a57f0600a7dcd5cb52cd783637f

C:\Users\Admin\AppData\Local\Programs\fbw-installer\resources\app.asar.unpacked\node_modules\@sentry\cli\sentry-cli

MD5 ec767881662038aaab804d833c9115ba
SHA1 7cceeb3fce8e429a9c78793bf94c23eb78f2406f
SHA256 e1ab2d6bf031e3ec632b3d336641615a65b0ffe81208e420a7f8010c2082574c
SHA512 6914e25bcc6c5227d454ca86f4008beea0bfd046e58a54e8fb648870aacc69cac3e783469b3fadc8edd1412ebcaec6fc1eaa43e2d5fdafa16774397849afa92a

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\bin\sentry-cli

MD5 b7c89ec5dfb8b15555f32a3bef6c3103
SHA1 a92048052f5fc0af532cd97ebf82c1a9fbf12342
SHA256 7c5c97aaee075241bdc4fbc610b356445747e962ac3d986c5016acefd66a6ea0
SHA512 c47baa0e0896684403760a13cfa6dd5826152ec7ae83f783040d186eaca8af70bc97530bbb22b720d7482a4ad18c3959ab1af8ccfe3689b19a51955e777884e8

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js

MD5 c76137400fc37368bd39937cf977cb0d
SHA1 5536a952e210c1cc05447e36773761ce6502e4db
SHA256 444d9757ade301f497f8ee10002a88965ae35f0a061565e3960f625e975b253f
SHA512 adfc2d38178ef55c4bda4e8cca14253877d84c5c80438d8569ac313a0e5f33bdaff5f7fed8214cfc9678d1ce3f39b34476e845336fcea35f57bfdd7e087ec0d2

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js

MD5 50c3a734036b84685a15d56217207d67
SHA1 1893de2684072a3a2961337fa9a9b45a52c52c0a
SHA256 171990f108cd5582f83432c1569f2c3e1aebfbfb159599f4ff2ab693c20a8f78
SHA512 3aa037d12cee7cbf51826fb3e2aa87b4543dd62f5ff5f2f8915128061c07472304601766bddf949647c5ca92e8ee768a77139bbe91bdfaaae99dea4405168ea9

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js

MD5 3b4d4e8ca191d02b68e50695e28708ea
SHA1 5c9c1dcdf89cab5a966e81ca1b24eb4a19249442
SHA256 e5a031919743e9d409ec517f20bbe9ad17df881e96e58477d88dfad65451a45e
SHA512 5b14a8f310ce3dfc6c297242b6d70577df0089b450edbc9a777a247f9e9b56c10c677be14a841ebe2ab99720bf71c385a2491e6a9522f934a226ca2695feb78c

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js

MD5 f42c24cde0162b93624df51f4e2abfab
SHA1 f819638944878ac4cb49438d8599d3fbd9081949
SHA256 3f2316e7fb20e82df9a8b08d6169a622a89808742806adee2e4d89885962357d
SHA512 67258cbaf9f46f1609cec9b87b7a577f855cde9c8efafa3d835a0d18fb3903fcc4733489bf81447cdf2c0a55701d569a75f11a81865dab8f624b722e76b7c674

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\uploadSourcemaps.js

MD5 045649c63f63e8cb2dc0a72a46dcdebd
SHA1 0a280032adec3d54376627dc7069156f89ba7530
SHA256 e191f17cf5d8e633b095654aa321a31e8f0efa3a91cced73a170b7df375a9871
SHA512 2fcb5e3a501fe2d8c4aa05147975041507ab3d0a27ac3b2ddf0bc9daef22dd86d43d770b3235d39a61bd639055b28127e8d348dbd7cc41b65ff6eb0891d4dc93

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\build-in-docker.sh

MD5 94b0fc212af523b8bfcd6c2aa5a5ab2a
SHA1 cc0cb35f7ce729f7affe6b2c463e57966515e476
SHA256 abaa92d196f6752f184b83b19aedd9b1e28d328e6817de213f61fbd108351e16
SHA512 af0a2174e0304fdaa56ddae249049c142450ad4a0a9c8975548f61aa2bc356837b1d7ed441108156af32c979da5647bd0233a49db700ff0bbf528f9fa2c862e6

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\install.js

MD5 ba5d367d702dc0652df9c263cc46f6be
SHA1 51fdd9f3b5c39741e665cd3d05f0652711ad6fa7
SHA256 e60b36584fde5c13c6eb4ca4f3bc32cbee8055537e63e5c7db5f5f3c35d21455
SHA512 6bd8c8d729459b3c7b52c1315f3de89dca394fabd7e1289c018e158cd94a0822e839805e786fc040a248467be3205ae45f83e29d1b467e18a1d8b1c7f0000f5b

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\app.asar.unpacked\node_modules\@sentry\cli\scripts\bump-version.sh

MD5 2ff8e17ece2c70eff9efdb2b1a524555
SHA1 d61c93df38f70f2244817c688a140224c9a99af9
SHA256 f07b481f34e732e74abe6402023f8b84f61281626ad6e25062a20fa8fd80ece4
SHA512 0f847fd2b05bd4627a56b452f065e878005b6307bc101663297afb5f45c24d965ddc48ea4818c34ab35bde06f5a7711cf29fb9182c8ed9cf34e17d6434c487ee

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\app.asar.unpacked\node_modules\pdf-to-printer\package.json

MD5 0f8fb96962236942bb618f1c777db953
SHA1 0d45798abe784bd17d2b500d720ba6545e02234b
SHA256 6e03831a899e6bad39f4990b7f44c33d2e8fa1939d525434f91cf6607e8e6474
SHA512 e454e721d0564117e43287a50d2e942f10f1700a46a13468b5496f95e161534a3537ae17ab5385a2864c30aa0d16944e3dada124a08b438ef1a417ed8fbe9230

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\app.asar.unpacked\node_modules\pdf-to-printer\LICENSE

MD5 cff99cf92a161507cefcac04640712da
SHA1 68b2b0c13ac2e11f88c84e135b0c0443df1727e3
SHA256 251d106cc80bfcd78d2bc0ad5bb5b6a42348953ea388ba21f89513e0e2912459
SHA512 aad3ca80ee53c3a627d0ad6e9a2e2bc2eb32226b7c596090356f53baf0c37801ac7879152e9eacda6185afa850683b591cb4e6d63975842feda9fbc1e83ddf4b

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\app.asar.unpacked\node_modules\pdf-to-printer\dist\bundle.js

MD5 a4436dafc3bc0cdd6b618c24b70a4255
SHA1 389581d579ab4c71bfa925fbbf4237a853c0e127
SHA256 597e9103c829ab5db817b1b44f1eccc1c606eaf72e4b370b77656ee8eee65715
SHA512 99edaeea7d81f6ad2c0b06193e5bef798ff8b87ffb3185ffbe7049b6b6ff75f07a1aa73e06ff98056daf92027806a846fc5946688978a0fbf656602a4222b7ce

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\app.asar.unpacked\node_modules\pdf-to-printer\dist\SumatraPDF.exe

MD5 2a01c0ecb55b21666fad995413168223
SHA1 e652de616ab3384211904fe9776af926d763e750
SHA256 7f35436153011b4a16761d2dbd3841b5b1f26c2e44f80beca10feb84d4707318
SHA512 ecad732e6ff17383dbf1a8ea5de05bf6fdc4859b1be264cff8992f141293d02ed4d4a6ce1c39d950199752389cbbe5be400b709b678b5c3ba0a13f63fee40387

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\extraResources\icon.ico

MD5 210b2952a5f3422b47a7807d481f3b8b
SHA1 a4af6ed7fe30b637b86f54b3d6b6d99e5085276c
SHA256 20d83fbdf3bbd01ead89bae4fb9792ed2ee524c199a776db8c6a134d30649e5b
SHA512 7934e9d17195eb6d751f5479b131f4e46d12f35077bcccb1af5c65a87a52ea907e2378797ff360c85c06b2becb6efe6d05fc0a194fb2ca332bb73c659487915a

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\7z-out\resources\extraResources\licenses.md

MD5 d8fab0a5a3922d7e93db0140b0f69124
SHA1 3ac0bb1d590410a37d8f185b3887b568d814e2f4
SHA256 77c11f40bbe1e8f3849e12eeed29019e3e85cab2340e606365b78f00e17b4a40
SHA512 1f2e614654939230dcc8463f01094bd3d58369f082e4d780ca179a5eb2d77fc6ff7cb7f7bc77919fab0589549601674f85f0765aaba59d13ebcd29cecb3269d4

C:\Users\Admin\AppData\Local\Temp\nssAF9.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\config.json

MD5 d690d09a0a9ccc9b74193f029a1c6c14
SHA1 a4e1b747fdc2de90ef6435ffcc4d4a7fba1a3cf6
SHA256 22874e5cf0ade327968d66eedac3979cb3f8e154f49643c65910f3fe7d8e8e57
SHA512 badd757823f88078b9cef865606223d11b971b43576b548c6f7128caacdd8c63139f9fdb462598a99dba93462c6f2e25d328e29079e84f274ef9c10317514502

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\config.json

MD5 1a44c6280b95ef81efa5292742f7b587
SHA1 6490ad94dc3053b2ab4ec0a892f408f52aede2d9
SHA256 45b2c8888349da699e1a902abcf4fe859bc36390283b966c63b6ffb4451f095a
SHA512 1072f738d916a34b7b065332d74c4a332f334887db1e6ae24ea24cf114889fd6d8702443a229a92ee44c2b57bf4491013c1f37e314e04ce88eb40c96391e8724

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Programs\fbw-installer\Uninstall FlyByWire Installer.exe

MD5 0b604ca3c65a16b9f99678dd89452125
SHA1 b7ced3c7c6eae6b08e33e56233dae7bf244d6b94
SHA256 0b8e59cfba703b95f0cb3e3e3aa6b61f42d13e22f434b1af789534c41d40ffba
SHA512 7bbcc17f7590c41ea2181c33e8a81d1bc0d385303d12d599d3be62f1b953453064155e205842c0d9811db76efffda075f971853f6f145d7ae66b5ee865397996

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\config.json

MD5 ad2fb1f3b17f76845107981682d112c5
SHA1 4eb537398f1be315471bcf1fe3a71b25322f3d56
SHA256 d1743d5cf8ffa28fd9f030a7c6edab8633b8e7a6551aec75193a1cdaafc52a80
SHA512 861fe8d24edf19b5a422891d8805bacc5cfbbc002094f80534dcc77e216fd0cd27373fa820f9f6ca898522abc8011eed709be4d75da28e453926e6b4e93ec0c5

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\config.json

MD5 ccf79973aa0483f87e1e572cfa69b745
SHA1 c773c43069e49d5bac819b6d7f9a5e9f325d3fdd
SHA256 cbd1776888f68b4ecdd25b835eeca42671b1f8b4f344e45d1affe4b5062ea45f
SHA512 8880368aa6e1b0bc54a0007b51a011a392fd2a2d5dda3f1ff4cc148676603d7161afd12628afaef0d7f8134fadf2fa71475571b9abc6478a6104e131d08fc84e

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\config.json

MD5 99d5dafcafe71175b110eb9ec9351eaa
SHA1 1e9cbf7189eacd5ae68f1e764f29b3d1c809caee
SHA256 0fc3ef9db1fc46631d23c0ae591c8918ea67f534acb46b2d0b3a3ef0bc4bb307
SHA512 2d7017b532b2a9d4082d63e7dca8197f3df893ed5942728c95ba4e1e7d32280d25b88d250cc853aa923be0381ec91949f4f25781618f8c24329e6ee3ba63779f

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\config.json

MD5 b9d21dac80ace3afd1dec7bbabd31777
SHA1 6da0f1d8edb7e5efa7542f194d43c47ba87edf37
SHA256 a85d013fc9aab5512ebd519a76bb8e8633f342de7b85e796ec7969c09d954356
SHA512 c5c525558d7e74ad0807185d2baa3043cd8bf9050ad329fe56a950938dfd45885a96209628256552dabcde37cfb4f277b3cfe347390f4657fda0c68c6a301198

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\config.json

MD5 17d0b563bb78fe5f3be4b011b97ac1d5
SHA1 c7c3de1319276d7eaafff09bbcbf47420c6eceaa
SHA256 6705b4e47a08e6792d33374120b08eec664efbcac85126cfe1ca922979975f35
SHA512 e91824e0e0888a2af9e782219c8256b1dbe6f54fd7270eaf37bc96d28f284374aebe65a5bda5ce01e9d359f3c5d73e2f6134d85d9d84a19c27e20d004df09d15

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Preferences

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Preferences~RFe58823b.TMP

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\Network Persistent State

MD5 e87c110bca722730e0fd080494666502
SHA1 2c33403885a00a66b10a3b99c7f619131d29f483
SHA256 e96603621e157fe4547adff5bf654f4cb7d80d3924e7cdbd1ee5bf83ed4a6d14
SHA512 06c3ec582b931abd724950a078fea410accbd64c01caa97b6e0296d2939216fbb83829595e8a129143d082348ff54f06babffcd3d74ab31887d76f09b9108fcb

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\Network Persistent State~RFe596b24.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

memory/2392-1142-0x000002127E200000-0x000002127E201000-memory.dmp

memory/2392-1143-0x000002127E200000-0x000002127E201000-memory.dmp

memory/2392-1144-0x000002127E200000-0x000002127E201000-memory.dmp

memory/2392-1148-0x000002127E200000-0x000002127E201000-memory.dmp

memory/2392-1149-0x000002127E200000-0x000002127E201000-memory.dmp

memory/2392-1154-0x000002127E200000-0x000002127E201000-memory.dmp

memory/2392-1153-0x000002127E200000-0x000002127E201000-memory.dmp

memory/2392-1152-0x000002127E200000-0x000002127E201000-memory.dmp

memory/2392-1151-0x000002127E200000-0x000002127E201000-memory.dmp

memory/2392-1150-0x000002127E200000-0x000002127E201000-memory.dmp

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\TransportSecurity

MD5 1122fa4ce28b626ffb2178e626569b77
SHA1 6e22fe58b5771d31a4b6758735decebaf22f69f8
SHA256 91cbfad9b54474f668442c10b543c48774436692b0df25fbcd155f71a7eb1448
SHA512 1ba8e51918aa71b830e6da1e3c15f2d03d6b8abc05db0588fad08d93cb82dfe6c9b7006b6f825862d684b5abfabd0e876d1ff458c9af129e82fc18b770a19606

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\TransportSecurity~RFe5d1ca3.TMP

MD5 0fb717b8f3fee24edf84c0ea51878f6c
SHA1 34a0eb6920b2c0a9c05612419576e0bd8914816d
SHA256 c4a6d7aeab176ab61c8862c453aa26fa534a48da75eebd5352c707e84ce29d3f
SHA512 f0dda96705d9cb5d84616e4eddc9bb95d5641d89365a993006e4aada458f9760f81c5192d0c8816027304910e5f8e15f715fc7c4be8dc4a00bd38afe07ca0d91

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\Network Persistent State

MD5 e262b3f54d565f65ea0ac498c0fd00eb
SHA1 bd5abda13af81263cb34e5ddc9b212d7deeb2606
SHA256 016636be42c19c947b107e74b971cdac73ab8c8013120fb861c728ce6ae47faf
SHA512 44633677422373395f98e62af102490491183e3485a740d26197715e50ca6b93ce69912ad43547e264222dddd7560681b0140f4396ff15547698d28cb6de3e3c

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\TransportSecurity

MD5 b2e63c89d23c7b843b2837a0ce4347db
SHA1 e88a7cad43ec9d2259d412be5c50bb302f64a085
SHA256 e8e326d2933b6591c1026d5a180c7d4e9a4cdda2f5a6a66d449e58f00f0484b5
SHA512 e4ded1174308efef88fec73848631dd4724e42050dc8bfd51ba48fcb6ad498d0dda615bc792db2b6765bc6b8df9599eb9667c8c66dd62dab82ea6711a563f3b8

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\Network Persistent State

MD5 f21222642137ea352c8fec1b6a5793fb
SHA1 4a140b6cae3029e6489696013cdc9bad95ad6ebf
SHA256 937a48c41bdeb8fb4b45d3cde6905298ae790393141ab6422207d6210855f894
SHA512 8f2bf557b3c411d6251a52f8d53429f9aab665e7c6fac7c2ca4a5644588f360ab8d0ff15fa08c8b14b8dcf3c1992c96775a10b6862ca393926a2c6325d9f0d65

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\TransportSecurity

MD5 589167013d3eb43f4597b724f6ac00b9
SHA1 1b15a148c0066a81a8aa13a7eded1cea39fc6293
SHA256 1d23fb827f1d09c6702dbe65e6df8605df162dfe1981cbbf9a99a327e8ea4052
SHA512 ed771bd01126b9c603e4e0e31e7c1bde0d957499afa5a2a26073e7b2a7db276aedcc4b533f538dae59934ea6a83295d9d2145fae9a9d613bd41077daf0e772c4

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\Network Persistent State

MD5 d4937a14ff28a1243ee5335bed4999a3
SHA1 660d0ec82cf040d20976b46cb9cbbf2a5bdeda5b
SHA256 a0afe6f5a94a4640017fb74d23b3b8e1f17d2829c9faef99993dd535ae22e0fe
SHA512 7a5c9aee56f6a0247fda9182d79505177fe93b78a42833b73170c7fd86ea841773d2428f2e1b700a018630b0f46851f5cb732e6e9196ba8f46522df328d3e326

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\TransportSecurity

MD5 8bfeb1981fb0ac312180b2c6f07af5fa
SHA1 e320c3b9c2459b19c923fd3c5f1106b4726062b8
SHA256 d5b38417438ceb796085927d206a435fee2303f7fe970cb3ce13b17c5c4766bc
SHA512 08739cda8cbf4585e3cebaddc4bf640574598cea8410e7d3aad9759646052d7b6741ccee55acdd200d52a4ff9d83caf4e61fc6628c78d47298fd9610740a5bf8

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\Network Persistent State

MD5 c447b29cba681c84251c0b7e2bfa9821
SHA1 1b1bacffebf99a7425a6edbec1ce7b48d72b010e
SHA256 e30d3c4fcb1dc865fdbd7421534e3fb2a68bc7ed78797480768fd38f91d9ca3b
SHA512 cfcadbb1e6b8fcd3cbb77de0065451782e2b7b4d4d1189be425730e51594883e512fd5af51e0c66ccbc8f8447e3fd85cd8020575380269238cadfe141ab471ed

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\TransportSecurity

MD5 c2dfc5b349f9a7ff78daef063459ea99
SHA1 94ebacf1522099c82635834bd377993368784948
SHA256 04fa815c4a2c788fe28869f057bdded0aa8b7b5c20373320f49aa5ce5632e5cc
SHA512 9072765f85ca030f040b4e01db027f1974ca605fdd3e18758f9c37a1fa10e972a5bc887f2f2bfa8169ee99382efbb65965d48a799778becfe6b94b9958406208

C:\Users\Admin\AppData\Roaming\FlyByWire Installer\Network\Network Persistent State

MD5 ff4ea6ba1577d1909f4269ce628aa88e
SHA1 7ad7bced63183c2c65070d949f7d1bacd30657e8
SHA256 7ef2e2d035a1e942a7627c4a10c8929f4800cdf8ae55417d63fa2cb3316634b1
SHA512 4d5be42b1ad394f4ee7cfb9adc29384f3c75355857a7448e9e7c103530dbfd162d8d0e3c51ed470c1d375aa805f0b85c68ba1ff4c260606d00b68c8f184ce745

Analysis: behavioral8

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:39

Platform

win10v2004-20240709-en

Max time kernel

1799s

Max time network

1696s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SafeMEMZ.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Crashpad\metadata C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe N/A
File opened for modification C:\Program Files\Crashpad\settings.dat C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133657209806167182" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-464762018-485119342-1613148473-1000\{71FBBC2B-370A-4C82-A56A-D100596476E7} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 766001.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1856 wrote to memory of 4644 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1856 wrote to memory of 4644 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1856 wrote to memory of 4644 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2956 wrote to memory of 644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2956 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4644 -ip 4644

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x40,0x128,0x7ffa249046f8,0x7ffa24904708,0x7ffa24904718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5096 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5248 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2cc 0x33c

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6052 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7456 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3128 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6852 /prefetch:8

C:\Users\Admin\Downloads\SafeMEMZ.exe

"C:\Users\Admin\Downloads\SafeMEMZ.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,10811034694068038614,9870517198753216295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa2638cc40,0x7ffa2638cc4c,0x7ffa2638cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,16541283946990142118,18330699042064702860,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1900 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,16541283946990142118,18330699042064702860,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2360 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2128,i,16541283946990142118,18330699042064702860,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2648 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,16541283946990142118,18330699042064702860,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3448,i,16541283946990142118,18330699042064702860,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3460 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3756,i,16541283946990142118,18330699042064702860,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4624 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4464,i,16541283946990142118,18330699042064702860,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4916 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5052,i,16541283946990142118,18330699042064702860,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4948 /prefetch:8

C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff77b674698,0x7ff77b6746a4,0x7ff77b6746b0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5128,i,16541283946990142118,18330699042064702860,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa2638cc40,0x7ffa2638cc4c,0x7ffa2638cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,8762778105986874491,5766210009576689807,262144 --variations-seed-version=20240717-050121.926000 --mojo-platform-channel-handle=1936 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1964,i,8762778105986874491,5766210009576689807,262144 --variations-seed-version=20240717-050121.926000 --mojo-platform-channel-handle=2096 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,8762778105986874491,5766210009576689807,262144 --variations-seed-version=20240717-050121.926000 --mojo-platform-channel-handle=2280 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,8762778105986874491,5766210009576689807,262144 --variations-seed-version=20240717-050121.926000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,8762778105986874491,5766210009576689807,262144 --variations-seed-version=20240717-050121.926000 --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,8762778105986874491,5766210009576689807,262144 --variations-seed-version=20240717-050121.926000 --mojo-platform-channel-handle=4580 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4384,i,8762778105986874491,5766210009576689807,262144 --variations-seed-version=20240717-050121.926000 --mojo-platform-channel-handle=4880 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,8762778105986874491,5766210009576689807,262144 --variations-seed-version=20240717-050121.926000 --mojo-platform-channel-handle=3704 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3708,i,8762778105986874491,5766210009576689807,262144 --variations-seed-version=20240717-050121.926000 --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3540,i,8762778105986874491,5766210009576689807,262144 --variations-seed-version=20240717-050121.926000 --mojo-platform-channel-handle=1240 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
GB 184.28.176.82:443 www.bing.com tcp
GB 184.28.176.82:443 www.bing.com tcp
US 8.8.8.8:53 82.176.28.184.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 184.28.176.82:443 r.bing.com tcp
GB 184.28.176.82:443 r.bing.com tcp
GB 184.28.176.113:443 th.bing.com tcp
GB 184.28.176.113:443 th.bing.com tcp
US 8.8.8.8:53 113.176.28.184.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.2:443 login.microsoftonline.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
US 8.8.8.8:53 archive.org udp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 8.8.8.8:53 polyfill.archive.org udp
US 207.241.239.241:443 polyfill.archive.org tcp
US 8.8.8.8:53 2.224.241.207.in-addr.arpa udp
US 8.8.8.8:53 241.239.241.207.in-addr.arpa udp
US 8.8.8.8:53 analytics.archive.org udp
US 207.241.225.195:443 analytics.archive.org tcp
US 8.8.8.8:53 195.225.241.207.in-addr.arpa udp
US 8.8.8.8:53 ia803405.us.archive.org udp
US 207.241.232.195:443 ia803405.us.archive.org tcp
US 8.8.8.8:53 195.232.241.207.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 36.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 95.101.28.33:443 aefd.nelreports.net tcp
GB 95.101.28.33:443 aefd.nelreports.net udp
US 8.8.8.8:53 33.28.101.95.in-addr.arpa udp
US 207.241.239.241:443 polyfill.archive.org tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 184.28.176.42:443 th.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 42.176.28.184.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 rr3---sn-aigzrnse.googlevideo.com udp
GB 216.58.201.118:443 i.ytimg.com tcp
GB 74.125.168.200:443 rr3---sn-aigzrnse.googlevideo.com tcp
GB 74.125.168.200:443 rr3---sn-aigzrnse.googlevideo.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 118.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 200.168.125.74.in-addr.arpa udp
GB 216.58.201.118:443 i.ytimg.com udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com tcp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 84.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.193:443 yt3.ggpht.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 216.58.201.110:443 youtube.com tcp
GB 95.101.28.33:443 aefd.nelreports.net udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
GB 74.125.168.200:443 rr3---sn-aigzrnse.googlevideo.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
GB 142.250.187.193:443 yt3.ggpht.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 polyfill.archive.org udp
US 207.241.239.241:443 polyfill.archive.org tcp
GB 184.28.176.91:443 r.bing.com tcp
GB 184.28.176.42:443 th.bing.com tcp
US 8.8.8.8:53 91.176.28.184.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.122.92.43:443 r.bing.com tcp
GB 92.122.92.24:443 r.bing.com tcp
US 8.8.8.8:53 43.92.122.92.in-addr.arpa udp
US 8.8.8.8:53 24.92.122.92.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
GB 142.250.187.238:443 www.youtube.com udp
GB 92.122.92.24:443 www.bing.com tcp
US 8.8.8.8:53 fpt.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 tse2.mm.bing.net udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 tse4.mm.bing.net udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 95.101.28.56:443 aefd.nelreports.net udp
US 8.8.8.8:53 56.28.101.95.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 memz-trojan.en.softonic.com udp
US 151.101.129.91:443 memz-trojan.en.softonic.com tcp
US 151.101.129.91:443 memz-trojan.en.softonic.com tcp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 images.sftcdn.net udp
US 151.101.129.91:443 sc.sftcdn.net tcp
US 151.101.129.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
GB 104.124.166.60:443 images.sftcdn.net tcp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 18.165.160.104:443 sdk.privacy-center.org tcp
GB 13.224.84.18:443 c.amazon-adsystem.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
US 151.101.129.91:443 sc.sftcdn.net udp
US 8.8.8.8:53 softonic.com udp
US 199.232.213.91:443 softonic.com tcp
US 8.8.8.8:53 91.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 18.84.224.13.in-addr.arpa udp
US 8.8.8.8:53 60.166.124.104.in-addr.arpa udp
US 8.8.8.8:53 104.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
US 151.101.129.91:443 sc.sftcdn.net udp
GB 142.250.180.4:443 www.google.com udp
US 199.232.213.91:443 softonic.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.21.237:443 bat.bing.com tcp
GB 216.58.201.110:443 syndicatedsearch.goog tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
GB 13.224.84.18:443 c.amazon-adsystem.com tcp
GB 52.84.141.132:443 www.datadoghq-browser-agent.com tcp
US 8.8.8.8:53 91.213.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 btloader.com udp
US 104.22.74.216:443 btloader.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 storage.googleapis.com udp
GB 142.250.179.251:443 storage.googleapis.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 132.141.84.52.in-addr.arpa udp
US 8.8.8.8:53 251.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 172.67.38.106:443 cdn.id5-sync.com tcp
GB 13.224.81.65:443 config.aps.amazon-adsystem.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 apps.identrust.com udp
GB 95.101.128.209:80 apps.identrust.com tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 104.26.6.141:443 cdn.btmessage.com tcp
US 8.8.8.8:53 api.btmessage.com udp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 65.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 209.128.101.95.in-addr.arpa udp
US 8.8.8.8:53 141.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
NL 139.45.197.253:443 notix.io tcp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 h.clarity.ms udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 253.197.45.139.in-addr.arpa udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 151.64.8.51.in-addr.arpa udp
US 8.8.8.8:53 id.crwdcntrl.net udp
IE 54.195.184.161:443 id.crwdcntrl.net tcp
US 8.8.8.8:53 161.184.195.54.in-addr.arpa udp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
GB 95.101.28.56:443 aefd.nelreports.net udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 142.250.200.46:443 google.com tcp
GB 142.250.200.46:443 google.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.200.46:443 google.com udp
US 8.8.8.8:53 chrome.google.com udp
GB 172.217.169.78:443 chrome.google.com tcp
GB 142.250.200.14:443 clients2.google.com udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
GB 142.250.200.14:443 clients2.google.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9622e603d436ca747f3a4407a6ca952e
SHA1 297d9aed5337a8a7290ea436b61458c372b1d497
SHA256 ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261
SHA512 f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

\??\pipe\LOCAL\crashpad_2956_SWJZHLJHXRUGUMQQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 04b60a51907d399f3685e03094b603cb
SHA1 228d18888782f4e66ca207c1a073560e0a4cc6e7
SHA256 87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3
SHA512 2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3b54cb3b9f9eab90c4c1a221d146d525
SHA1 73ce76575136f19664419b7009f3f6ed1f52af53
SHA256 5825187a8499377d0f559b64d23f92b296e7d842ed2b6cba1e5f78ab4a187aad
SHA512 7688f65b146c1b5862703be91b18e469d193449f34418403b135a75b3dddcef0b436656ab0ba7f66f068b7eabc36f649686af8f446c577b7480e3f304f3a3229

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2c422fdcf64d866d06c265aff659c659
SHA1 00a09f3de48f9cfb66a9baedc1731010d3a06fad
SHA256 1f62dab9fbb2b823ef7fc91ba635ce59b1f141a3dd537308b2e346d98e071490
SHA512 fc86cb74c6ca77e2cf01b436beec3bddc93d9c191512abd1d563b7cc940a083f6187c204b02744663039161d50d7257bc04c0373ff4d26843ef696eca4f33a1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3d6dabcec066d6b6374be221bf442da8
SHA1 cb5213ca9f38b039d233a61e433de14f4e290b6b
SHA256 2edc61622acd6ca14fcf70dfa9a7062b99929513c43a5ef272f5f785d3194d41
SHA512 9e5ed0af30dec67965fd61ed3bb13d615df52c7b0c22e91bb4001610e9cfafd6ee5b5a7888de41b43cd178de4ccbcae241a3a48c9eac67b6524b3075d52cd98f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a89a95585947702a93daf44dbf3485d5
SHA1 d9ae00373298a53798293d0fb6664696314b8573
SHA256 66faed3f89e224ce52d7955ca4d0f06307551104e03bbc301f5c776a49497da2
SHA512 30474edd2976951b4b606fffe96a09d2bf40632c490fa2d7efb3113d6742435a1e63ec77ea818c6c8ea4991f0d54bada8f960dadd5fb974c4c4f27c6589022f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bdae.TMP

MD5 e62dc20622e4cb9793a082dfac5cf0b9
SHA1 f2f03901a0c270ac660c8585ab9c4fc1664c5581
SHA256 362e0573f17d154982ea071a948359931a11b01a3429d456e0a80fa07fee580b
SHA512 0500ed0b8e1664c2b4879187180e9cb7d149e48f1aabfdc56d6435be228f9b8ffe76c97f359658e63fbd07819597ea138d0a80486b8c8ce1b88746b7246c9a3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 346de9c9c6230c7e527874bd3b079ec2
SHA1 b50d12dc13827f5b802642e921a5abbacf97abdc
SHA256 fe07bc4e62a7e99124fe0003bcc9221bce566fe1954da9de3c03c2a2e472852b
SHA512 24373cc7e324f2b7bc3c8e21f8e9da7cb2555bce979cde187d8c4bc35da1333a7dcab59844dcd17ade9990c845d52ca891a0db3b9b7c6154e9a55c70111982e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2eb971b811008b99ce3f1fb5999f75a8
SHA1 7520f65a7e19485537a1ac25ca76f324b6cd6d45
SHA256 efd888b6dd1fead879895981f391704281eca3f9da28b2264b0bf1e9096d922b
SHA512 bb686a3171d213fb386cf5d7e4d6769432b6772e4a4062a14e0013ff4bb580fcf71a1788814161c5b151c736c0eabcbacd12614a5dd94ee3b8452fd72c4ef850

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 96979ec631bde78535ceda11b38ee5b1
SHA1 ce569339436b6ddb4a16b4b76e1603d63510b6a7
SHA256 10183da9938b1a3a6cba711b36d79f6562011440a572579dfce7496f41a6f818
SHA512 b1ac4486463c611dd918cf6cc34be2a4501ba1b14adbea5824ede8693165325f2a68349a0b55acbeb34db3631e924d7d8914b264358a2e90ec76f033b7ba68f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ed9a9eaa297b073b3b375a92a1d0fb81
SHA1 0fe6a26a1a5b89a6a30262b9bf905efc702a7f27
SHA256 9ae1d79a187efe3aa8b8509972918aedc2aab5b953728fd5c507d32d1ec7be5a
SHA512 44b056adac66d38fb2e7bf7b38236c5905d5c25a9d54e20ef2b00205378f223467714a8ff8534fbdedf353e884600cb07fa36ba9a4ba755c2ce4d51c8c307df7

C:\Users\Admin\Downloads\Unconfirmed 189703.crdownload

MD5 203bf79589a480b8fc7e427912cecd54
SHA1 9b53fe0f542d3e5752543e1566898961b15d107c
SHA256 da08b642717e670cabb9cc0459864101256d1db3d6f5e4a6cc23f7ba7b0c4b09
SHA512 604bbb25e8ac50902764cbc7c9a5f70aac003f0671c9cc53341be4141c4177938efc15ccfe3646b6e9fbb59fd667082fcfbad2fe6e7d26e1245bf09f3b6b1348

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 899b84f68383823a5681c6ef44bba951
SHA1 e37478efd159b630597f49d63d74284482473b32
SHA256 2f914b638ea1a2ba525d1a52053ee6da9fe3d4285b56ac30896be7c0c77f9bb3
SHA512 06cf5d1faf8433ee76e58fd509bcb5cf52fbacfc03a7d52766d117e51f6d321c77bcfcdf7878331683973927492430f96c8dbab175409929ea57fd02420673ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 958e72d173944595320c1377b3015e44
SHA1 ba650126f7d4e739dd399fe8e2ab9939df2e359d
SHA256 0f26af205e088a2d95b5bf8a01905d6beca0acaedca901c6dfab31dfa114ac0b
SHA512 684a460c6f17bfc866d5d3ddd8486f068bb48ddebcc08c99a8117658a9a562fa4e982cd3ea64dcaca2336cd670d058d4be49de477cfe56b7db02014bdef00acb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 29d9b4d0151907490eef8f4e50ad3fec
SHA1 f864bab65d27a0a9a324fdec2385879e33727f70
SHA256 8a8813366a6f019767599c0ccfa599ed4ab0219706946b291407b6fccdbf8a9c
SHA512 b25a3f002ff01d7d645daa26a96a688eec1840d661eb5fa40840f6836e8f6c0b54f231530d55132a1ebbd6f20a3a0abe3bfcb85f086db5b799188576f71cb123

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4caff40a6cb3db6f499cffc8f3627db2
SHA1 91e7b271212e9d791e5bd4f5e1eccc31ecae6e39
SHA256 28c7cdcdf6424e6fbc9e9df6bd6b9e1572f648dead71323904f697906a26cfbe
SHA512 b325b0efafe4ef04fd4d05f64b0c8239c81fb9958c1f9692b2226303f8317899104cd12bdb040ab15c5b073954736a261bf8bab1b1bfb4668afac13fc8ca3ed2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d16c8b01-4908-4d40-b3ac-4d954afce89b.tmp

MD5 45bdaaa1f801d2999ffa3ae81e76313a
SHA1 976c91301a391030a92abb123c6c51480f92301a
SHA256 30772fc25b453ecba0c81f262d757146ff582984892edb46fe9b5e0d36a74cac
SHA512 0c3431d6bde8f45948323c923b6ece5b898ae82dcb3f8023bac65d024dcb26598fe7f95487a80c6d274c4509b5cf89cd76da0d9c9dd2202315ae36c934870950

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 335f9ad2b8779bbf40ff6aebb61d40d1
SHA1 09737925004d93d8d695b9bc21eae10160c8601b
SHA256 2b940b806bdfc3e01fbed48d8aca25dcf3c7c32087af5f3ee03d51a655a55633
SHA512 a4aaf391e5cec7583afd3bb0b1c73c6cb224bb4a9802b771b467015c194b6b7d71762484d7fa42c59a485f327d049dee91743a006dbc32cc873f48a0961ede37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8a39e7d6493f348e845b757c9b7dca38
SHA1 a40b428ac3d95a5708285481ed1f94f3d9fea1dd
SHA256 22d0704e6acb983d8e3eb61923e9ca88464807911771db7aa5234161c3c87d51
SHA512 aa01e03d30d33fcf372cf0b2aec413b25d7c9e446e7c11215677e1d028c150cc5fc4cf822568e68e218eba972575303e60b7fc11f77050ff7211c7a519af52ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 9d3881d3c9400536a0b3d78c867ab8be
SHA1 8544210a4e0bb56e91b98a7615e0144432fa4a06
SHA256 147e0558bde7300e6fadc9284009077a4cd6794ef77d909e502510b23e69f7bc
SHA512 2c5a1665e3c3c459b9917944009b1c9027912e7876618cf584eaf9e72040494cc547aa232c925032e7d9a461e95590d1c2cce9f8b1560fcfb714bd69f731b5c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 7d5e1b1b9e9321b9e89504f2c2153b10
SHA1 37847cc4c1d46d16265e0e4659e6b5611d62b935
SHA256 adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af
SHA512 6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 931d16be2adb03f2d5df4d249405d6e6
SHA1 7b7076fb55367b6c0b34667b54540aa722e2f55f
SHA256 b6aa0f7290e59637a70586303507208aca637b63f77b5ce1795dfe9b6a248ff3
SHA512 41d44eafc7ade079fc52553bc792dace0c3ed6ee0c30430b876b159868010b8676c5302790d49bed75fa7daa158d4285e236a4be3d13f51ff244c68ca6a479ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b8da257d009d409915094edb70fb61f5
SHA1 2524f05ff6ef18cb83103a9ee25cce5312c35790
SHA256 7d0b3d0ebf1edfc9c1e6a79fc024964675551600b4f32c6db6fe8700c8186564
SHA512 fd5db61458a506ba58a286de06448808b8f7b05098a28899cdcb50c09e3ef4d054abf8f05d0e230b8c18883188006a8cc6921731a9ad9956ee153fa2b7f1e6a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8f863235502189388af16281b2e6d6bc
SHA1 e1604a6093aa96d0e5d11b7cf23340cd2d5474f1
SHA256 d8fd6331b057bcd35d9d55c9d3fd52bd5ab435e42654f4a1fe8739b52b514c72
SHA512 9bc95964674377556c07ae144b6509da823429e470fdea55772c99e9d624b4e35166e94646224488bfde6e2dafe6ac559da6b04c2760b5ea7b814f591f25a1bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a0137830e23a06387de9ab7034fac23e
SHA1 2dc2871d0a02eddd9898f60c9234ec5797fb0f00
SHA256 f20f71aca99b5b897065889f6d8b4970e75e8175b9d17ce76b29b0d4c8b5fa6e
SHA512 c10c8f24c3f4dc35edb075f4e1ca41c5a9b343f824165aedba862e58a1c0314de75064f85a69dd068cda9294ba55615d90775795280c623646f7920e76787a36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a1c82.TMP

MD5 dddd9112abfd5de2f8eb9de1f41dc1a4
SHA1 c031816ab5034be30af0da8a5702f784e080fe00
SHA256 40ca11fc8ac06844128918a6b7636ee0c2e8ea5ea5a3dc28077ab1ff337ea395
SHA512 549134c722bfdb99213ca471eb7a54ed94db5320b11fbb6f0d420fca31b9794757901bafbfca5af2d2d07c7d2225524217c2f9e67df87f6ee07dc953a52a581c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 cc3aa3a353c31849d27402ba1044c850
SHA1 b35168c78194ed69d495cc44e34f6e54f3f7eb2b
SHA256 e6e5d3d7c061dad0a6b5ba90f2ae5e2f805721ed5319568ec3c9519266911774
SHA512 5d32b0a84ce49bce391a9720eae075661690a4142f7dd42feb3231df4858a6bb68d4609ae7c2f9c54275bc1841a88b5e99bac99b171538aa2e4b55c2b60647da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 60c56623abdac44333ed702697669fef
SHA1 bc9b0f88d5a9bd7e2cadb785ebfdfa90e5cb96e2
SHA256 059fe0f35ca2190e4d1b3d04a83f8d9e22ef648b8eacfdab7afe55046774c751
SHA512 be5f49d60395231590ef496478bed3ba461a0afc7fb1f454b68a66ff497672b3558f174bbd6c92ed139b1452f8633531a80486bc7a3c69ff64064dee02b2d794

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 90a40b33152687df21bb829777236457
SHA1 130fdc19f1f51b240120efd2349c4ee53fc61801
SHA256 6c246beea5e1efafb46f0c742ae7af2b37c340cde924f5ef360092c5b9fb39b8
SHA512 ee7b83edac2d8cbbecbbd53cc2b0ac654f6d705fda1be4f1a055fbf407549902f8ecf159423f211d8591463af422cc441521682d55e57efb7cf7c5167215ab0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 054ab3e5eab360b904fd95334aa3eb28
SHA1 ca92349f493ff3ec23442c02e6acf5130e2a2660
SHA256 2f08b2363ba2be6e1d1249355f73c44d69cea4ef73dd4262d0497ffe60200e0f
SHA512 12ae490a88eefed87dd261db1bded3cd9ee9f465d06689ea46dfb486347f657402765dac67bf2a24b44f1c377dff4fac6d0f1f72847272dbb24d9a7fa30be75e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0b7acdac-0f8c-4f5f-af30-b9a83c2ba46f\index-dir\the-real-index~RFe5a6860.TMP

MD5 e7673c558417cc36cc64c81df4443f65
SHA1 d261a858deb7aa85407fa7133165c1d46efd2a6d
SHA256 1c9cf575b91f36c2bc58653ef9d04746d4800f732e83cbe2fddc3707be407581
SHA512 4d26ef501994e749a93f5fa319e75c4939ce19b7ae12629bc7102d15d21034d977349ec8cc8d41f1d727b0b1eaaa0b773d684f5aba404ec28a97890544613786

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0b7acdac-0f8c-4f5f-af30-b9a83c2ba46f\index-dir\the-real-index

MD5 53d6cd32c8d35ea48cd4821622aae0b0
SHA1 08deb1d35d078b195b3962229cb3aee31defb59f
SHA256 a7db3c09a34fe7c32051491af256dfc538ce112fbce9ff66f882ca58bcdef7a0
SHA512 b6d20efd0471edcb1d881f9a25a690e40e124099ba070e580fe004a415e101bdf83b8284d5d51984de9054604a36f2ad94885ab48fb8ce4f621de89de3965614

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 84ce3efc0315827c955f354d11d3a12b
SHA1 a378d5b27ad38d709866325f87877ff81d73f258
SHA256 8287facc21e5a4126c00a9f0d2806265dd0b9c6e12fa8b2677bd0b6a4346717b
SHA512 d22450d2e8b17dadce1ec5c7d3c683ace36b5eb50f4133bbf2c491b6e725f547d3b7d74505ae3641073c4154f67a32e4b4e6efbcb33e819d7350af5a1df4a155

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8fe15fe8-5f57-4da5-80b5-a01016a89ff9\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 33dbcbebc936d9ae53edd67eac6f4dc3
SHA1 7ab99d5bdf89c05ef99e59ca08ced02b58be7eb9
SHA256 bf318cc442145468ae88f5f77d7d949c9e50701f65b1ce86212b0d3693cc18ef
SHA512 92cd793814eb5f11ef612fc57dd048358a483722bf3bb559c3438f05ea601b02f95c82df84ba5cb8efda9c31c8f818545ff99250455eb1801dbd95287bb3dbc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 202c1e1aac3437b7d2be68ce11127f43
SHA1 656718ac31c87fdd4cccf348be6f78b5a695fae2
SHA256 8f8e9dbb3c7b1c3f3e202acb5c3fb86fe32259a64961950e329102251b959446
SHA512 c964eb7f0fb31c1958cd5b3a382bd36ee89d0c3924eb588b2a82e48c12267ea6012162fac5b2997a260594f088647c5ee10c0223d32dcdefc5e57d56751308df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 83f0149c9a6d13069500f017b159e8f4
SHA1 d2fef89c5137aad47f16abd166d3e30eeee6ba45
SHA256 e8a67deef8383943f93b4265b69d80914cc3fd43e740db2821778f650f01b6d8
SHA512 c14a241bd10ceb1ff4a0c92b990c57f520def74e9c7eb2ce533249ac9fa5ee8f05d804ca323fa534fe442658adee16c1b00d4a1d080566c777e25a0bae2b4573

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 34f1c9d8b58f970c6439101e00f02aa6
SHA1 59467f0fd7c62f03dd6792d4769de57162ded2fd
SHA256 165491be20dae0db86d2b19294b7e0b8ffbda6aa9752c1792817668583a4385f
SHA512 fad268c748dfe7fcc1e6a27a659a0dde078387173aaa717e150eb1f2175bddfe15f8491a024d3fb2c62e4664f1a21a14557abf9f1f48b6f3e555121bbae14011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 47b0c6d2d520d228c7991379c31b5e13
SHA1 6a857f7e6f4c4c258670663dda8350afe88fcd5d
SHA256 c4ec63cfc052f29ddc202e9ef273e2ce4c466ff8f79f070630c8c087d66fc72a
SHA512 dea019efcfd8661566da63cb7b21578a5593efa9d1a1f75e89e31f435769a91c803ffbb084d27f8f2df411a0961c9300e9b6dc562761238075d0407ebabbd046

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 6f430b356c450efac8573610a51ac989
SHA1 c7adb5b1daa170fe038f45e522151b0158e2a983
SHA256 44dc93e647cedf4b7382658e892b77b1f99c86a9d97679f6b1cfa67fe4784907
SHA512 a8f9260e1f3f2e8e69249cf9e1c64cf149ee6b5a9cc95481f2395ed0b811adb13282c265886195286f42a1de482951b7a6d1dc64b4c1a8def182d0d1d2dc2310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 896b0dfbe55eb9420fa905ded0ecf9c1
SHA1 2074714e4122db0c2115bdeaeefd632d7035203e
SHA256 542e078ccd99f79bac9dfabf64811357109d77d92725120116c22c8ee5456145
SHA512 1a12dc204f82d7701613e34e8531f2f250eb71da3ffaa44296056ba889648d8255cea1de40c073f11b6d66a5d2ce997a6fbbd51f33c7050f0617981ed99c2df0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1526c6c491c7952fcd10664e33f88d78
SHA1 5324d4d5d1b806a8f55e158eae5db614da3fc61a
SHA256 8e79d797faa5e324b6994e9e9630b8723762ea04a6fcd148c39c63de00f5c4ef
SHA512 5a69791a4b252827d0f1d689a0abedc56c2e68826fa98f7f226b434a572c995f4a4b4e3d34b0ea68ca058f3016d67148a2cbce7bcea626cd540f071a429cec3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 a2d5e7ef0d1411078f4b16bfc0df6fcd
SHA1 a10e34003fba1273062b68aab801c3eb2934c736
SHA256 d2f2f93593b503da7de44bfdfb10ecbd3369412c4f200a2598f69067358c8575
SHA512 73cc0418070847e8a1ad349e6f824fb059e81cfeef0bba5e000eae73f2eef82978038ddf4dca91214351ac1b8cf9bca5ad9fb3620abd906a876e50455d5d2d01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 36ee88ffa7d72e1de8f2a1c5ed273ee6
SHA1 9500ee713855b706ecbd0110b26a428717d25294
SHA256 ac706f558871fe0d09dd78e98310b8f93fd5a477473014df4ee6d8f1092e1e8d
SHA512 7976c5e7bd36f780da9743c759e6d36081b4d1c61017002fb04f0dbdc55656cf25d5b160674ad388f2c5770509ccd066ee6ef1c3dc019ae6913acfd7d0cedee3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 f336917b1848c5369fbc13e6d8a1f1ff
SHA1 fd915c4128c69791af422ce6784e497b0208cc80
SHA256 1106917be92c10706bcd913c6a1f2299ac87da1adbe6900410fe08ccb2dcfb51
SHA512 49411ac159208bc89471bf957c52a6de11e11024734499c1f7ffc47e5991360e2413162db714d1be0fca39c7e8a9c739598a9efd2fec2467d0f6b5b4fafd0147

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 97cbb6a97fe7f8a5ffd33c319d65b548
SHA1 dbdd751361faaca7b02edd323187da6bf30347a3
SHA256 734fba308adae0ccb0a3965caf9a5af31273697538a62bfa2393c8a64ee1b7bf
SHA512 923d3fdb5a8456bf9f6355ab6bb8ef755a7976990fedcd802b569999625f12f3ea164eea98a8591f9b1a729cb64aed9caeb1900b56a8e3388e7f49dfa1d8470b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 b07f576446fc2d6b9923828d656cadff
SHA1 35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103
SHA256 d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496
SHA512 7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 209af4da7e0c3b2a6471a968ba1fc992
SHA1 2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f
SHA256 ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403
SHA512 09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

MD5 23ced994f489c53dd5cf76881b89b6ea
SHA1 b2324d778a106bd99578f9c5a5aa67a255a9a2fc
SHA256 2a31930ad122d842efae9182b0a578d92bdb839ebcf5deca5f31164e96ef60a9
SHA512 d6ce0366b7a931b3827638366f14cb70919e264d5bc0ee98c166cbd169b8e5070fb370e45c7b820201c3a9fe2536ebfc060708e94f48b0687b9ee275d129c7d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

MD5 dd01eaba09d17c1f27ece84af74c072a
SHA1 f31c28cef2fdcc4f3b2b5c4abed8a554e8fda428
SHA256 d5918a6eb81e0d9ddbcf5fd01f187c1605c4256c6a030cc81b406158aff0aa61
SHA512 be73aadb8f403ef2cc3741d5338fc4f71f609e41d132f1766cd43d0caa31dce4cc0ef21f754cae2448633e2146e993cf35086ac4118e0a448872cf43bcf97651

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 68f0a51fa86985999964ee43de12cdd5
SHA1 bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256 f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA512 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 3051c1e179d84292d3f84a1a0a112c80
SHA1 c11a63236373abfe574f2935a0e7024688b71ccb
SHA256 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512 df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a81deb7dc5ad391b380a5338bf7f79fa
SHA1 db51db8f4334ce81d9a52e3f69f0176c49c0e434
SHA256 59968b114557b76b2d49706d74041c49ef91f79a95f307ab8ad9ba6bfb60f6c0
SHA512 5bcb6bb5d6b6cf542379011ea302106aa1739b4ece16781d8598600d2e9a684c8a5d38e2d0a0e87be66f81997477f2c7a2616ca07896dba8333700a52e3a0487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 76bf08e68c1a5a1e9715340dd1da6c57
SHA1 6afdd6e32f40f6064086f4725d8ab71cf019a40a
SHA256 eff83f18a3ff36571218ada52a19e92b0075ed50382111eb0d3f7e01124b7540
SHA512 a51de003b4e1505bb418148a6510e79a4f02be49c1f4aaaee4f41c37858e91fcdae758251ed123e94b7139b6b0dc84301635b9caead3bec3219e358c195ec908

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5abad5.TMP

MD5 998a07215c0cc2f1680f050b453bd491
SHA1 6abfcb27a87af8ae72fda3c89779e819fa05e8e6
SHA256 100e49157945e18b8803816e5b3ebef18d133a476ee317e82280940abad023dc
SHA512 209f434dc95237daafa07656f9c9b484a0485b975b4d58d2dda188db7d5a9b71f9741bd95871c3aee36b86c48e8285ff1a5c26f75fd1f91bcccb8673d85dd644

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 647e225edd1a46f9280f8432059b9e9c
SHA1 e64ee83bda21cafbbca1e7673535605c500059e0
SHA256 c9783a0eadc334f04f5d1fb1eaf4d4581d87c7b30253f5068fff62225e2840f5
SHA512 e1951011eb1d7fa70f7def0f8599a57c8523fdbc144189c1dbf9ea4b38b1444ff7a81f2a510238a07fb79818a5fedfda39ca6757f8baf0dcb93f932470d5227a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\edc285fa-095a-4cde-b1ca-6c7eb712875a\index-dir\the-real-index~RFe5ac3de.TMP

MD5 6795cfb77fce136bbf604c007091edbe
SHA1 29a1996f241928801b4dcb95d8304911ec1d87e4
SHA256 3dd45c7b3302ac874cdde906bc3302ee646d49767aebc789efd096e268f1a64b
SHA512 51b6a616475125f9fe8f860d1a2697db896c13422586d09037d9988e6515a8784a1d1dc4071dbc816033c9f7b40bf606d878c5a979f26f1ce394435dcd0299e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\edc285fa-095a-4cde-b1ca-6c7eb712875a\index-dir\the-real-index

MD5 e028ffac99c79e98ade412b311f9374a
SHA1 309a6291a3ebcdb6c766d3f4ed28e3c4032c74d7
SHA256 895ac088cf3f07165661907a2c194d83f89ea07aa6fc88507558135e12eabd2c
SHA512 1c4311c0fa6bb69d397c00a5d494fcce5b0cd72dd9382ddc328a61b202b1c67b24f4e74c8ebb2025970f8576ba4f5e5a27b5d3e80a7ca06bb4d6f01f0fdeb38e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0b7acdac-0f8c-4f5f-af30-b9a83c2ba46f\index-dir\the-real-index

MD5 a5e697d87454d5f30a3796a4910235c8
SHA1 3731c173e6703eeeb2a06b5f17173c2a8be17e24
SHA256 8cf81170d675161582ec49ba62e44a3d5b5528dc2c1969bd5cd66da8a037c5fc
SHA512 aed17c2b68998cb5110d2130d60bb64907b75a816ca3dd2908a3bc53f50b199d9962e70fffd9b21a3edada7d3a09b2f160e978dd854bfd2986498bbc17c54e41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3e37c3573c63255472bb11435d8cfc76
SHA1 ae1fb51cd72be342f14ef20cbc8fe51b6b0a121e
SHA256 e8a3c835f7dde12f7e84ebad9e8dd00ed6d700791cd38f6b380565d55f741ec5
SHA512 fa3c02dfb6e8bf23f2ec8d29efa5ac341a247b3f0b000f5ce12e74bb275cfacacd7bf13692561ef92f9ed2688995c5b499ff28bb57c75023dc9725f264470f38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1a7df5090e286d49f75c3b0f10ebdb47
SHA1 8426f54f9815afe3236f63ab7758df1bce984276
SHA256 2e0b4b59d37930a2fc8cd7e46c31525e405012221bbf154cfed2610b45398693
SHA512 e496c90a09b946ec4ec1b9852eca9f42f0a509ba3a5b22ae7f2d4eb2855051ab16e25fce3e8155e4a6020dcfc8acfc6e36cea1193998cc420965a39b1972a9fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 f9a90d58144602c12373f3a51ae11c3e
SHA1 50930fadc719a0cf689f480f053fe55eaab64817
SHA256 477adbd55274ba5f7057f114fd4c4908fe46d7f486c7cd6dfe452a80ff0b7c82
SHA512 0f06561a943bdafdc0f6355ce4a5dd2a3daa348d621ac8c0d95632d5bf0458b4068803af0f3e9819496ed750299a63e6eea88c53bd2816c757a0e4c721d7e4f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 f379276efec34127fed6f06101a024d3
SHA1 279e8e9dc86c622343e5bba17043d893c9224086
SHA256 1f92cc266344c34ab3ba73fd7107c0b7d53de896e47f3683c9e7ea4b1e74b8cf
SHA512 a87e994179341eedf39393fd4b7a57e8ac341f43bcd846c3bc16da9632921c08566be9ccb1b3afc0a1b9a9152c6a1339bff584401aaeb7f1cff7a36af66db5a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 01088b35a7144b96e1c65db9ecf5aeab
SHA1 3d5b4a4fafdc3867adca4a4a640d6296bba06f82
SHA256 66616d0b8be2030b1f40d1da2a80bdf930172335226111b7965a4480bb584f1f
SHA512 bf639e6539792c3ebab0ddb646b795a1cb14e4359fe97726db69ba2e082debdb920c15d5eb96a552613ead61ee4320de0331c02aaba3f14dd83956cc7affba89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 8fcb818bc23425964d10ac53464bf075
SHA1 396f40d25a7d38eed9730d97177cd0362f5af5d7
SHA256 8b56333cda4211c50ada778d598348b8a846d557ed9117d8b265e004db31e9f7
SHA512 6ec7588257bd1261f9b2876c3aa57fba2b6bdc33a2a68830c8d8d539f449c552cf6923a5e8afb5e665d12cad253a10d68ad665d9eb74ff8250c6daf2f61e6da8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 883db639bbca3123c523cc7e29d3f8f1
SHA1 dce0983b3bf9c7609bee34e61613ad77416d66d6
SHA256 fea376c85578151c41dba3e47f73358361ef059464d657ac944e3ae98ed37622
SHA512 7c72b0954283b802fa89d25f06061132d5456383930ce6db4cc1decd33c9864a5d3a5fa0227fdeec446ea59649ace1440b73082857ec644d3f5c31cf7b416601

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 0f3de113dc536643a187f641efae47f4
SHA1 729e48891d13fb7581697f5fee8175f60519615e
SHA256 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8
SHA512 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 6f0d8c2d86b40b21934ff819a3961667
SHA1 2e411280d2191d0f9732fe01ebc522aa87363b34
SHA256 8ef59cad09decea1d3b42a9ddd4a9b25a6c7d7bdac03d0621b4bef1448276c88
SHA512 b9406b8e4f3ca0fb1a45d3ce677d12a84c83c9c1039be109b0002c4a42435d68107cacaec2e07474b7e9d48e6e00df1734e33d1b18d6aac7a604ea6500e01024

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 6686ec56c4536362ed40e1a3471e4a1e
SHA1 a0f9d0126bddcb40743d717cc9322c6b91d35b2c
SHA256 823063b7a7f06616d10539be8eee67b351e66a7e7cdaf928679ce88c9bde42ca
SHA512 067ed2eb82ae2d10a5d7a05cf2bf8dc82f8fea0eea1722d93ed95caba12583f8382245348634365ff92fffa547a55f579957ade966226a674875c43a6f18191e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 015dfbcf0c986f99bc0c1d6ab9fc162e
SHA1 6dff455e6dcdec9ee55ca25edb5f8edd1803f3f1
SHA256 291c3acf9855517f481cf0d64ba43f4e085381d857589ed5fc75905c82133951
SHA512 1d34e7bd775cc7b70371a579de085824a0eee0c6ae81dda89d51500c51eb0163987055a2dbcbd9ea191ee8b35ee0cfe4813bde076bfa5df0428ba7e043a6522a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 289830876febdb51a7c05c5b67982d9a
SHA1 dbf3bdb50d28f4ee4d876463c674f48999f0b4d1
SHA256 b5bfff9f2e505b0ecddd776227db4c930141f47802cd1ac513740f997671b138
SHA512 136f5ae908d4924397a20c252e06c0098fce90821a1cafddfaa5f8d96b5ac6ed467ed1af625718648ad0ef6bf22374e384c0434fc7a4f797b5d050767651f3bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e106492de41c8b69ef71cd0f5ebe607
SHA1 8c85a047e4357a297f13aad836e52bcd5038577c
SHA256 97fb018b394a5d47a182eeafad99553d891f646fba259b0207055c2960f3f4ef
SHA512 53f298cb23d6624688802a1a862f16e72490a7b8d14185ec1e3a4bd218943bfc12c78d1297e110786286930f22649b7f47da274b898e03ec2e52120a10901245

C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip

MD5 8ce8fc61248ec439225bdd3a71ad4be9
SHA1 881d4c3f400b74fdde172df440a2eddb22eb90f6
SHA256 15ef265d305f4a1eac11fc0e65515b94b115cf6cbb498597125fa3a8a1af44f5
SHA512 fe66db34bde67304091281872510354c8381f2d1cf053b91dcd2ff16839e6e58969b2c4cb8f70544f5ddef2e7898af18aaaacb074fb2d51883687034ec18cdd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 820c9daee06b288d5cd046bbfbec4264
SHA1 0258818388ea841fbf0df4c11ad58329b92cb721
SHA256 44c268d91d74f6a4f8b259af9c224cf00f960d429a4cbd2f3130646361db5b69
SHA512 256b520ce18e6977826a68edd06bc170b8484e4ac2e2fbd0718557ecffa7bbd3b83bdb045f11bd1e53ce1c46a3c86a75adaafbde04534b0e96b51c554fa82b0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0b68044570b44cbb897f765860b77298
SHA1 2f97926cdafbd556ec54d6390d5264b113f78b04
SHA256 e89c5f36e413c32d3728b259082970c8ee896a530b7a5780000cab2fa835a442
SHA512 323035b7160a812fc864b1799b2ce66590db227b401527d90d0163000514611f4179c43c57e7fbbf4e71dabcf5ba4ad02c991c2d13d4817a33bea7ce3fbf787e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e3421b18741bb8ea003434192c0db509
SHA1 a8d55e0c8b24b470a2b147697a47456038adb570
SHA256 212bc62837bdab6a922e61729ddce56d733ffa5b80148f53e0d71d2638d810b1
SHA512 9506fdf23a922c7ee029a58ef0b6decf5b75d2194781f5e37814cb271d8feeae45a74765aac983f8a21f293db9579ce5dfe0580c27a2a8f1261b869807c19a1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6e287c3f22a323f894eb016ef4becadb
SHA1 ab67799af3d93ed26787c1aeebec2ceacf21d6cd
SHA256 ffb97fe4ea78698400c000e0e01f016f3724c4cecca6ffacc6019a8b057d4203
SHA512 3466432e58403fa8593600e5a98e62e7e7244e7d9e235df1cb2657e1c7015ee46e8f9c8935ff0421b639b29abc001937b95c848634b504f6094e6ed0bee24630

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2d9d9b8d0a25b9448dd0d4fc2e8686b7
SHA1 a5ce871f1ac6ec83a55d4b52cd604a2b3e74d29c
SHA256 c064ec3bd5e7fc31320ef6a28494d57d7738f3d05a445580e0c7bd89cdb706b7
SHA512 1858869fb0cb82f5d44e3f0d2c0f97cb0681d5943d9570273e7ec98db1871b0e36e95d276adc08ce78fa91a24950d7d9121414121d93ef79d5f5c4f523f754b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

MD5 79cf281e295fae7a4fccfaba4353e016
SHA1 b0af6e9bc2086a2ce26b9a36a49d517d74057a10
SHA256 c5e15d8f2cc0d2a4e53902b78f2bf5471315499b4a250cdb15317ea7ae3608ba
SHA512 d68282b803886f2d1d750e3c846685dbb3ec63e4c69bac83a7bf98f6e4b3973efa8c896a3d29a7539b0fc57539e6ef3da4d78f00df8ed1536993380bfba65d0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ceb88c56dd50d3e6_0

MD5 d28e50a2c93c66b9433cc13d9ed1a649
SHA1 5166eca5c166abeb16e60531b75198c008995577
SHA256 3df0e417f226d5ea11d73e140620c8e55533e3276150f5a24d880e3b474bcdf8
SHA512 9be57a4d47fa441631b01c5294143907c61d5e9e4439bfd3b37e5bcad4482e21655e42bb8400b73ca87e1b79aa5660361ddd6387328b0dda6a1e9ea4cc01b03c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

MD5 e92652825d7337a29392895a68fcb6f7
SHA1 c3a967d4205f1b8599a4adf5ee0b490f7ac724be
SHA256 ee5b32224f87bb0b2fb377368ebef49c5ca84085a15d0af290251f8f42eca2c3
SHA512 f1688518344fd8de2169c757e15587c88c05b8d570724e55e130fc35283903d7c1c6ef9ec09c20193ad3072f1fce2d323b1b572522dc95978b4971659081bed9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

MD5 b7ac2c32a326c987ede5e96891d0eb74
SHA1 7d74488d8cc25f81f361cb10f8d2bdcc50cf07a5
SHA256 a45a3d50abb5b264b9afaf67854e18db24edc58e744cdce446dc47f3638d2765
SHA512 3a779afbabdcd59be1afffee8e716f6199080ad1af3a7a87d8524a4b986e68d1ec0f1a2cd81e88ef08d189fb40d156e34bfb1ee6235701f910beeba32f5476f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 acbc7b1893294578810b5553f3ef6cb3
SHA1 3aa4f0e85c39a79ac95bf6a4bbf49c7d578effe1
SHA256 cc3b37d118349c3259fc73e2681d3b31f7e106d44f22feea2b3fd409353c8b66
SHA512 d931abb5682632c88a50337c74591049090f6086d2b7bc26c028fcc0309ced8edd78f428af79bfc14c226b6e6da8ced0b80e313695a9fb1e36e63fa5a3fc38cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d539fc415c83adc12589d913855a06c4
SHA1 a4bf1530f0d8b31f69506ee6aca71c5425785e87
SHA256 fef25ebe46c43e60adcb8c3450a11dde405df1935dfa42fff8773c9551d0055e
SHA512 ebe73e9ba2d529ceca492094df953910bc3fcf46908d8edd9e668e7cbf3ecf49778966a7f3f47148f829c0b91a2ffdff17b553f3dba5eec18d6097be275c7439

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e4384637ddacf994_0

MD5 83a1b981d4787f31ebda40b1bc44c245
SHA1 401e534a8261774aa55df7d92e0ecbb49483039d
SHA256 e3af3885ce868d6f0e72cb442f6e00db1f364e19d3b6c6e3ec84234e1d6d4d68
SHA512 02a89db72fe15ee9fd67fbd3419887eb5618f795ea4244cbd0564de642b7ad6e462a7461217574ec000eed8b1d9b9f7f02839b6f673d98417fb9dd6b13764e24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26a7bae82638801c_0

MD5 3a323474c3a14a737c82404f2382a8e8
SHA1 1dbb24b4876c3b541b2dc92a95d1966e65a6144e
SHA256 6105276d1fe5cb0376ad9a64ff8b75534f7fb7d20fc4b44153bb12923afcb59d
SHA512 67405eb6afb64ff5fbb76706350ca6250cfb8710aca26a0efa7f4877d755d277bd6c4aa6b5d8b5a4f16611dad5405872fdf9c4c638cf5190887031def0f00c59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e23bcf4dbf5c221_0

MD5 7c62189e2db177cc05b1aacefd61228d
SHA1 23b9a8bddc82280284427de2f5066792dbb32181
SHA256 b5397ce4691971532d05e9d524c92be62d91433c0c125ba7d6ed89cfd6a02d7e
SHA512 566e3428178a1b9cb9661736f9845ae7adacf20f9829b92e6e3bd09f928437899a547b8a32febe4fbf635f53ababa0f629e5785b7dcaeb1dcb1e9c0415d2f8c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f02c4494b1a18ff_0

MD5 f95e30e29bd4b05100123d1abf58d64b
SHA1 c98b8955552f083b4c8d96ea18973dbd625fdefc
SHA256 e2f4d887a6bab8050d33e68b7d933ecad13ced6d020fe1fc0958512c14eb0d57
SHA512 25789457666980a450c854b299cdb29a2ad4fc959801c39946bdf23b21c0b9b1273c152d76f677d3b638730954accbd0c84e0b5fdbba281afbfe5dc96c97c596

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

MD5 9c7053bfc8707f3159ac93491e5d6c7a
SHA1 e4de8f2639b42dc891676bbd5131ce4cb9d34c9a
SHA256 a6bdec1b100900d8fe29a24f7766b80c89a8cbb839f6a04f440747ae999c8a93
SHA512 1c9c901deb13007d12ee2f3f6a2b31df28acc0045e9da2d115e85f209e5ede8b6f688c2b49ec0a8dccb3adf110c5579b30b1b34030200e225b19a0cc07c34330

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\357b29534e270383_0

MD5 5b294d3e21f13f3960f740ba41f87475
SHA1 bec4a6668f4de7dd9091634adea4c80ec3e4d9f8
SHA256 8d1de15a57ae1727c8666221146420a39aca8c4ac64b529c9689eded8c3be8d6
SHA512 9a3277fe93c9c3dc3cd25e5884173a747109e6f22bbfc16a73b1e29e3848333d592be4a121762f1d0b7d2e870bc8f1c849a1e7b6f91ddea69b85ec9fb4c11a21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

MD5 b7250be94fb6a1b7735517cdcb87a7e9
SHA1 d43945a760546cfba09f205229f3cba11e3fd3fd
SHA256 bf5a2b349bc60f38a26230de28b4c1848cb091d4e65a0546260b3af03bddf0a9
SHA512 d0b1c32869018e130c745ceb4b681f75ccab361277f032fdb1dc0a47761b399399425b8b56a74cd4635a1d80a12e9c79965249631741f165ad8f3a502cd4cbf9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bfd9b5c29c5c8524_0

MD5 62dc5b6bc3013625c9a374f301ffa893
SHA1 ed4a022a9eea8af070a1eb07216d72b7d900bec2
SHA256 0c55139875944eb4304ac7eade43c711d781459c365711dbb045f7131c0d2ae1
SHA512 6177b158da71fabae1a576e41b27de58990f3b9161dd5f77921a6d77b7c7117078a34823cefa1aafdf77d0950ebb2ce40df66f16dea4d00f1f20ed0bb4c78d55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\43a97ace6a91d146_0

MD5 33773ba0da4b715e1334984566919efd
SHA1 bdd10c26d0210cc0faf6233391ba75b329ac3129
SHA256 33a4106692c381463274e4e19e31cae7832e3e6ad675e9ec5d02dd7d94c60730
SHA512 82c0443e1b075b691fb8b251b85e37b6ca18fa7634ef5ff36c332708ba2ce91ae6393b06bbe4cbfd7e87d3958c9fd62dac16a03164063bfce341bb7c880f0d48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e504183595893c5c_0

MD5 9102a126d29472c78da5f0372ac7878d
SHA1 98b34531c1e0810e628bf1ee1734f93848e3a32b
SHA256 c989a46707eb76d3ee2b14df5ad7fbb15736d2581057ba603da07fe40ead2dbf
SHA512 9214b6c95e420858774eca2f5c8a410116cd127dd1757fd8878764f800486a26591c496de6d51e5a808f6ac4e80670ed3c4ab59dbc3d1778014f64c09e939963

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 61eb2b30225187cc926f1a4e20343ae1
SHA1 f7fdca88579c12f7d2e751aca3a4bce2b4039df9
SHA256 e23229852d93d60c464f2fadfbf5a037216e7ec1b0c42707ad7ec754789157a4
SHA512 58b7b9c9fe73b8a5119a9518cfecfb96ebd736633940d7b38a222766542fd898beb83092ae2ac633584add57992f6cccee1b691b6d11171dc0ebc6df0a207204

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 1db7f2672a5ad104fa4596894f0a3832
SHA1 8eaed162d3fe15d2bc8ba867ede366a54e15a6cb
SHA256 7025c6e6b6eda9fe848f024ff45a20ab1a6679ebdc1d5f80185a0a70c337ee04
SHA512 69f420d277f29ea18c66cc0b12e958bb3815a887ff49f61b96a037d7f7cec65903d5f61c59dcda255dfd71520f7e76bb3f999b74dd4561bdf3ae7eb4757ed935

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

MD5 31905461a960700f3fa8b9d790ceb9f4
SHA1 0bddf779b90d8e2da33f821993a74a522ad48003
SHA256 8a3cd5a37a8a3807b7005c3ca6e1002d2529bcb55d4c09f16a0b9305289eb5ec
SHA512 c24bf516c710966c2cea29324218d303150d10e0cbbd2fc0f7c17b82f875437a15ebe8f86217484b69b79c823976dfb8faff9f3ce58637e728a7238731da18fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 788e246f06a406a3c5789e4a27107831
SHA1 4081973a780515821cc32bc708907fce60fcc756
SHA256 c28584cfc1e654f456d87417f77197b737e045ba9c75fce4a191701e046e677d
SHA512 91f0f9b50317a0832cb53697f594b4d46a98eec12c935b3195b7c71fe4f6827d7719e0375f6caa257b32fb7d4c2849a53bd6adccf47ca470c09c2aee0afbadc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

MD5 bb6207dd95700a0549725379ef6ba8fb
SHA1 74f6bc5c1a5b367b6b9b942139113b05d6abe96d
SHA256 95af7a8007744661c4eb44e87b96e43227e478cde4cc48b1c404f0756c459ecd
SHA512 47c86421d1a7bb18157023724c3f4279011cb2ee7d4104d9d460e42b7d37cc7160537abfcb88e189c49279573662df1ae20eeb1b6bf242fca938d1917a3b6198

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

MD5 a60ea91f6f4074c98834f47a82ebd8a8
SHA1 064e73878de7fc97d3a56a2cc84c5ff987cc82af
SHA256 ea233086013d35cf09a7a8d68d9ae233429f3e834cf68eaa017f5d74430a09c9
SHA512 faa073a4b7b0102ae7cbdd9f3efe1e7aa1560bd55f7cc178b36f1f6dc77e2172df4106d8648c4ef2d546ab206068d2e28db4c1425512e79ce3b1fed64c56908a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b2a2ea4987d45e0f_0

MD5 5c0dbde65b9d8134673e61f4cee146fa
SHA1 41856521f91a347241fcf5a01cce7d4e7c5713a1
SHA256 2dbb180f7cf50113789ed8125df6845c46f86560a9512429cd3e646933378d94
SHA512 d510e3e6cd7cd4964b8804c471da1f1349a8c1587ef88582d3d419931c56d34c45c17a0114c6251efca63706e83c3bae5ef8ea772ff14d2f9ce206126ed00004

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\168251be7271d371_0

MD5 97b7c9705f0d37f84139ce5875e2143e
SHA1 12936f8a1f2423cf645f08ce412f18f4647d1489
SHA256 fa21caef11fb0f217d9cff3a07659b7d01ed4678707512f555f89e6dcce41c44
SHA512 f4d43cb2f9623627b807a2cb94315c2739a4f1b85185285940d2ce8f9135792d72319e6e5fe4c3c9bbf7e3546f3bb2f5f5d337216d340048741957e2218f4c4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

MD5 0d2775359aa05e114c54b74aa07c08b8
SHA1 eeb1a28fbf065474c32602a8c11a01b9a590ab85
SHA256 7fdca564aa6d9dfde8f9c8cde0a6e58d860f47b8d42d1343b5346d7d03a27a68
SHA512 39448c373b134a69cd41884e58b51cf561b70291399803a2a7bb9170f41cacb8d41aa64b00e150aa4d2a7141490e29a45228ccc0557fa9fe0635629842e7e1a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

MD5 8ce7bf0ba55d8b6cd590bcdab034c73a
SHA1 4f84b8a93abfd53b4f6ba5fce9f9412328e72e87
SHA256 6897ea20a103f03125d087b6ea2e92865e636ed3547efbfc4ca588311a0575dd
SHA512 ef1bcd590ddeb5fbf712235d48fd073e2232d7a20314449f576650fbbb2edb36a0f82c9667a0d69ebc40286735afedf4013be5329b38b213b4794ac7a094ec29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

MD5 d2a4532bf6042c3fe58cf7a24e36235d
SHA1 bada4b9e51d6a68d05cb1fb2457022cb4735fb69
SHA256 9f43f5b8491f9b5f6780dac74519f3363368df6b573e3e40709650cd85efabc1
SHA512 64692478124647eebdd3166c287e30d769a96bcefa2b82759118d52b00094d3fb4f7013c78cb74a0a1fd82541d6b6a5f34b8f248cdca24e285fcd605aab009eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

MD5 0f242dad0017cdcebec784c06c64becd
SHA1 45ad3872e16ad29d59d216d52a90b4f1cba977c5
SHA256 3781d11b6cbb13ca9d118b36b6faa94b1fcb6ebeb632982b303c419c77ce6779
SHA512 2512cb9db9728e46d6dd8444536d1a5a634e2f527f0297a5a4559e49183b9b223aaf64b3b407887bd0d20daedddda94dc4141628d5d1cf7563dcbbdb9f724b12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1b9ab5592f5b2149_0

MD5 26b659d57af5af59c2f8ff1b73a0cfb3
SHA1 89e1f6f306e7a8a6d1255ca123701be3b9196138
SHA256 1d8dd33d0b0b6d0baf35ac356bd5350c3badd07c76e184af1233a3b60777fa49
SHA512 2b37f70fbba4bc49fbbf552decae52699d288d7e9eb28acb1fd73c505c96e18a2657c6f5b8aa0d404f0ea13540c5752858e78a7a45801fbe2e97b401b18d664e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

MD5 971f98d58c62037d69357a13f569488f
SHA1 f1eb6ae67c1a253fa293f346a54d585975272e08
SHA256 5dac8d23084bd7d4339f3537594ac17c4aba61de184da7e4e80cb692b1224244
SHA512 56994f2427c45df56dd667bc35d2f6153f9cc88d08742972ff674af16be0dcde8fb3c2e5d8df8a577432fae0ea6168765cb8e02662e76fe506da632d9b48e316

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

MD5 d2619ea1cb1a1da81462a28321bf68c6
SHA1 135e245e3f1bb35e95572dafa75731c3eeea1bb4
SHA256 1d21498dd0f032dc2e23c13fbc41e51283b6fe92a11a8355bcfad1518e71cc1b
SHA512 34f0c9d7247349a372f9d5acf37f4d8ea5f2d31807b7ce925acad4c228ce332f29df1c4a9d6a9ec18a289c7b6fed4904e8f16e2e54002a2f0418dcbc8bc456b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54621936eea23565_0

MD5 c8b0125260b0b744992ab138fba87b41
SHA1 2ac33679c7ac3bb66acb945a3c91d673a27adf61
SHA256 8027c6f04c46115f0b84fb50bcffe047f92b59be0d6302dcd562e25c6d6bb075
SHA512 766246533539f1340bdb8f2cdaea15d2ee36ac642c40b5e27b5e6893317074156e3b91a189fca5d319ee9a7f178f4c714ee2cb717e8921896d8cbbed799a147b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

MD5 1128f24b4e7ecfe4842c824a8e2d2d60
SHA1 aa5eb253b8a0ddbd1102a98e25c9f9b5899650e4
SHA256 ce77a41b796e671a9133f9271c6c3460f6dd3b503f3c1e98e4a35e03f0d65c27
SHA512 d703ad0921970d9d4b3bd584391ff15c9f163ff0f8f4486d9276f32b8d26836bc162578f783af4b7f10861a5da44e6cabae75afc0906f5685c43e9b17d601684

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9aee5cd509922cea_0

MD5 fa706ae6518fdf61d7ed58bac89584ca
SHA1 492be6395310b30a54fbd53040ca7d9545e0b573
SHA256 b6b5e628838b6643cfbb19a1557cd7e9717000eb880c44d629a1edd84c93ea6d
SHA512 2f0197cb62502a2f948e83bdad02647ec70676f658931fe3e3c6bc3a9632aee74a7b0310f4491812d6b9f677fde1211cd29b83ffb0cfc74f0b3c4b7165d7aca9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daca09b4eb185a45_0

MD5 5b18b2deb0b4bc68feaf0d6bfd195000
SHA1 31170e84287510f6c6460c84fb2cc20dde6aec70
SHA256 ff68151c61d82c2329e9a49d44d544cf607048ceb26d8d63aa7cc5f2d86574f4
SHA512 40fbf6380d4c3017291487e84cd63672152636cd54fca007fedb7fbfae430491dff8791bf8376f06dc0c099eb51f0ec421e2535986c8420199fa7969fa596e62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1cda1b29cb1b93c5_0

MD5 b36d1db79ffeab6a96c188388e679712
SHA1 8f33a2cd0b3671968ea2d600995c9a8ba8289193
SHA256 701bcb780acd66cd1a9c759b7b8b8e931828577c612fb6f813f31649b5b0f6eb
SHA512 5899b7f0f3be5e576147921c375c49f3bbf9f21cdc0101e6f4f21350180fe6bc4c1a6d9f7849ed4d4ccb1bb08fec58febb4ad8f2e1d4b724e0df1d9a11cdc09d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9e3a3940e2c1a578_0

MD5 d055dc55cce7e84355bae36cb418b584
SHA1 853424dae2f35c6bd1d8782979f6a1dcc6818871
SHA256 356cdf1a4bb3d96a0c97d78dced9fb3a41f5c7d0abe74bd5eab47b6b1ee86ff7
SHA512 63c1f802eb43554013db05167555d51571fbfb25c78e896fc808e7533fe2f75a004db06930ddd1d3488eb884125d244f4b7d3807f1755781a15463faa6ea0368

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cfcb24477065ab66_0

MD5 dafe4dcebc65b11222ff40607fc29382
SHA1 d88a07239c98d17af737f7b4c237f7648f34831a
SHA256 610026f5b6d3d4adaf14966907689405bf32806a264b49b7ddc36ab69b20b7ed
SHA512 841fb5a114a91458787c1780172455243b8643bfcd24e97148fae9ef5357972814bf3eb5db42de29d87761277c1668ad2e19af0d159b1b17196906a7322eca01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

MD5 c61128b4fdc1a53af623587b296ef8c4
SHA1 e7c6408f62daeae8820581a9921158e60f8d9051
SHA256 abb939e15fd2b5e76b3c71b46d0ec9c34f5e6819a04f391dc134d94e2bb5bc4e
SHA512 52e225232fcd9fb23f16fbdc70582749a67ac41e5c99f75fbe66e40c3d8a51da5986487a2761e79c8bb4ac7f021a98a14aeca6d424ba3afe1ab9c72ebd903cb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0

MD5 555bb0c447754877de20b4252a03fdcc
SHA1 00cad7531a9b31d4c0933d95a902de6ea22ad346
SHA256 578dc4b6f1361b9741feec28307e5356f78ff604f52d098925cc68b3c535717d
SHA512 effed6343d491b46f37b92bb4cea77d32c32bf94786bc7cc30b58d4712236e9eb9feb9b4e3958a1571ed730eddf862169f6afd6e7fed9c185932bfe7961c5275

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa20c296787a3f88_0

MD5 a62a9164f6d2ba1443d4b251afc9acac
SHA1 d170fae416d221d3c44cc9d786314a34fe9af5af
SHA256 aab114e6bcaecab5a51483969c2872aed04ba8f1edc8848dd0e36d6e2757d4c3
SHA512 45a3dd1c1c277c44dab5ff1661d9354df69eaa4a6e1cd4f12fe670ed7ed6ac69ebdee93e4b9be73801991edb2a87545934c24eb18584f38e3732f759dedcb4d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0

MD5 25aba72e78323a9f0507a176fdba2fe8
SHA1 3b9a3da8f40c154c3fe9ea1111aa029eaaf91844
SHA256 87e62fad1e20f45fe5e9cd3d71841323bac85ce6e4698ec567834b806aaa6295
SHA512 831d7ca7af137e55132f3b067689333f9281423ee1d9f786aa9dbac36e32c1ca201b283982f98fc6489b1768c9e4aa95e6d58553c30de075f21b4a01d2221660

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\68c7915356b38751_0

MD5 815f49dc64cf3f90e5ce10016d123f3f
SHA1 b76cda4b86b8c24f7dedb19c8adf14afae939661
SHA256 9eaee47675c882e4dc0d003ab877256f8035528b45947edf8b91b64335da114c
SHA512 1dbfbd08e10f6872358d451176d0f536102e76c1be6ac7c0897271f12f4da9fa4748a67723a8df41b54e3bbc475dd80641bcfc2d4d0bdd023b1ca4262c0eb532

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b2f11f3f15a5775_0

MD5 834590b3b579b90a0739efd5cf9d9b15
SHA1 b866e4646bc464a447a5298e4eb9ffba60028d72
SHA256 356aac55775216042783d936f3d469b55f9ea57f56f7976487e9f120febc416f
SHA512 b46b2aa3858e85adb1ebc5aa0da3d6e4b22e13cd260f61faceb496278dd226ac08123a36330e2a230643c1929009de65c67f8093e5fb569a4f6ff05708be2337

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

MD5 191d94c7cc864f7f155abe94c3de4fa6
SHA1 f0de225f23031229f0e4a7c3d251488205df2c12
SHA256 d40f7dd033014f2af9cb91069d5dc3240db1eee834d8b76c396c6f8d3a438498
SHA512 49e43126ddad5c11666ce565dbfdf1ed36782b26849ea4857bfd7cedf016d4c677bf3e94f4d7e621abdeb010bfa61cec28e6f13205bfc3a564046721963613d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c44b2d1b8c99d0b5_0

MD5 27a02f608425b9223da60d3363b26332
SHA1 fe5ec56db290d60236d835c02be46affe49a7513
SHA256 0e2198ec6ccfe2d2b83a7fa5ee8e144fa91209c52d50a0c5d9b3d3db776bf103
SHA512 5f63c6eafa9c6c6f18603c9839b858582a0436f1358729797a905ccb5f6180bd1c908464c15ff8f431a81639e6e241c1c11bd929659f5d87f741c6c11cd28821

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

MD5 9316b998f7227c240afc5367016c6a2f
SHA1 2526cbc94f044fcb16a986429f3ebd3225a22bfb
SHA256 0eeb1b511b3e380664f0174e3fe40d39cd074762fd4ed89e6da3734b466a767b
SHA512 8abc9a9d38f153b783eb309a7d91a3fdd1fb674bf976db1f9de92eebee90b4d2eaaefa1dc65570f284b1a05cb6212ebfc5e5e900cd23551578f39d6481b4f0e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9c0109f54c03223c_0

MD5 277eeda5aa081584f69885a0095e6426
SHA1 faf7cc5f1576ab774ed7f8cdd3942cc2985588bc
SHA256 7f8b3c7055d7c31a3ee0b10a09eefdacd83d7a00dbe6ec8c2cbc12f5c8e46455
SHA512 ab5ac48a4fe0501c7621330dfc2c65ff8b92546295590515f29f9b3452e90ee5be2d36a3d1e88956ce964be2a4fed192982e498ff98b6999e73a2f50daef1e21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4292a16d7dc35ffe_0

MD5 90cdcf91d75e5a09acc8306df6247000
SHA1 c4c1d79bdd96643cc904a715fb2670e49e794861
SHA256 296aa3e6762e9732234d6bdf9c024d159bcaa7e6b89ef9558bfc58c8839ab18f
SHA512 732756a7f59a13604259fed6da2f786b960323f504391621f9a231a63945cca017d601e9cd63e29f1fb70a77ce1189b4c0dbc9b91063c9cc641233d390697a3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

MD5 4e731e4393c15100969fbeffbb3e28c2
SHA1 c1c7694ace95933312093035c9063cd2a552986a
SHA256 ad6b43abcac73baef32790f9faeddc24333ab7e713ddee7d1a1467a1cffc5ba2
SHA512 ebff4c4eadaa55dda16da77ae2e4f86fc6d269457e37881f86a2fa4d3dcb246351f15b447f377a61ced452616395130e091b5938a6b92cb9a3ad241c3a9574e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ac8e8d5997f5f44_0

MD5 9e438db41d10de0f8e2f215a3bc38917
SHA1 60bcc408e77b1cddd16de9fdcf6d50666caf637a
SHA256 8fb669324b226027e5f3bbe190eb92351eafc7df8a8cea39543299f1eff3a67b
SHA512 bac723be71f21103e2e22964bb700ab2b7094d6db2eb5c277eb48acb2afd2a9de3b24a46134ca77ba31e27dc02a1f0d0f9a501b01e448086e29b5b45713b89d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae8d0b05a4b538df_0

MD5 7cafd144739d486bdfd00c5921e26784
SHA1 e77676b58d5d807ad70ce74df78e6f840b6f71ee
SHA256 6d5205e46b328ba06c92aebe2224d48ebc3c15c66faa47126a030759bc797833
SHA512 dc49a372fd77ee288dd6d768cdd1fd16341ac59ecb6d67b6e8708501be3ccd5ca1129c45c719c49be977277e531461e97a7c6435abb3f586abe911e9a81b8a03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

MD5 b57fc6e83caf15f2a70194926366471a
SHA1 7409d9747f4acfc54ba6464c5b8ef17b33f1ff96
SHA256 916f222f6f773ed87f7c9c60ec248855328bfed5f042bc3727fe240f95d5d3e1
SHA512 ec448aae90339ac848b708da0ac711c4905f5a310057b3f771d3eae12543abf09370becd08f425618fd0a425bd59962ecb1114248979600bc2530c40cc8bff3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

MD5 85ddd855da9ea45a3aaef3cd12987732
SHA1 0490db88d6f3d89665e7e1c7b2b5b1dee1172e31
SHA256 1220b23f44903cc2d2760d3d1d86a0587119024ae20dd003099cff054a78110e
SHA512 7eff75cfbc2157721aee847f87cb6ee62ba4e3585cb4e0fae82cdabee6685fced0490612d1ac72262a22b75285b67a5b4b555cbbc6e4dd23ff3230f6eee501be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81764cdb356c9506_0

MD5 1f91e85d36686aca5a054f45cc24c648
SHA1 09512644cafac8be0d432d512884de425910ae65
SHA256 e3e5aeec6a2071345e777c4d3a168d86932f82513bb76692e811feac5e410475
SHA512 7ab58f21135f1b9d1d91152af1f496065a9d920ca9cc237b74356bdc84a491f501dd180a804445ede7a40aeabdd7a7724622f6d5f6d0ff5ce3a7f979ffacb48d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

MD5 afefde1b38f081f5f7f6b24242efe951
SHA1 735693eefa322e374a1f85d1be8b33650f5a49cf
SHA256 b0cffa89f8b070f5497107fb6a7752878893966ea422501d995e165464593db3
SHA512 04283d699e45732b80c62dc2912e30a08f5f4e6ea528002339a06fb04efb076627b8926bae3943d6bf5cfa4d7595601189f9e35a8953802e68343b81c8e8dec3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c807b8e9088e4030_0

MD5 b362af6ccc0745c4236351cdc9a1314d
SHA1 d9b74fb3b2308a7077cd92323d2e137bee6dce73
SHA256 cc3c9f27f13e7e574f6dc6ba3cae9d1a94d774d07b0e4abca9dc315e81b2eae5
SHA512 e30884dfba1d12038f7a2ce1158acb25c51974819e5526aaadc776cc1a83503a15397a855e7b58e2f98fc168eb57620c1964c4473106b5f2ee3fab1eace179f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb3b6840a8ddc0a_0

MD5 919722e4d39432bf3bfb6e639a44342a
SHA1 082793918dd9f4440e541cf478e30900f1284870
SHA256 b6a5f6bf975995074072bc0c16820d5f45d210ebee84f3764a8b9b06968ce68d
SHA512 bfbb19fd48074422e1d591a1183e09100f4f0169353c926b1f8f83f64b327683480d600770935e4b7e52f3c8c26a8a24b41145692ab71a0466e7deefddbf6246

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

MD5 a5c8ff16ccae0b0f7345874d431edd08
SHA1 1e72b333775f49c3ccba7d9ef4050c40af6511f9
SHA256 155c6666ca22ea7521c9d083beb9be9caa614c684e0eee95c4b35c5012607ff4
SHA512 1b3503e361a27203a38e6555fd0d8a09951316920c2e00afa2593fad3bdc501ddaa18d25aab10439642845c87dbb823de7a9d6ae774f9eb89a422cfb1c553397

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a37ad9a49149528a_0

MD5 28347ff2c72367c4b03eb6ae230ecacc
SHA1 2fa4f3859a07736daf43021c6b8bb22db85f9754
SHA256 d6b0159d7a25704a7e7bb378d9b091f6a216f25263fc5f767c46978f662ebd65
SHA512 ac5b09cf21f1d23c1ac71485f799b4c8e310ee24594bdf9edbd9ecf53686fc4244316636e27ad5da43ecffc3b777794e8ec046edeb1f8503c2921eb2f0ba5b79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

MD5 fc64a2052855f6c7ab403982d6b4d695
SHA1 d180c26ed63f439e040fb3ca981f6b211c8918c3
SHA256 4383204b3bd969be8fd73c0e04c5ebdfe3e8bab311278173934c83b38a5d8591
SHA512 8c760d67c536e05ae8a3f01ec37a5977026c55c9c58252236ef7d5b4d52ff64498f3120f8820a330ead5c7d6525022856b367894fe815fad8ef747e06f96cda9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99110e9a19c3c06d_0

MD5 652190ea44f3612063c66bcc08e30c81
SHA1 81759e89dd2ed2dbb839798c1bb72bbe5bd2611f
SHA256 4bc01633aed0f766dac653365ebdfdf948ceb0e802434b1ffb02d417feb704db
SHA512 62d1b6a174552f95203502ad28683617377cc59b89e500d4a18e094c1f1b0d8ae2afeadbb79175dc046f43c24b052a293bf97d0f1f4013975feded485855187d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718aba49c9504085_0

MD5 44a2a40d164c09ed38e29cdbaf3908cc
SHA1 07ce63d67cbfd74f4a2960e7ac94d0dfc66650d3
SHA256 db2a4eb34fe53a5119ea5df2fdc69095b198968aa0ca4a5a9242c7b0f4bdf479
SHA512 5b3ab87d2e3f28cf84a47bccc9b99a52342451ebbc49b3a0280f6e88fe74ebd2e6258753dc6fd41eb6d127530938dd2619c0b694c8975840f8fbd23dc728b59b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\59fc8adf66a76ab9_0

MD5 702afc33976f3ab99ece656a7a6d4ece
SHA1 7e841833b89ccebd46f883fd9381f08162106c84
SHA256 367e5099e9d91af63745d8c86bad87b365f579ed76b7426a8a8c6ee704d557d4
SHA512 de20bae099ca1343d8bd63eb0814d13ad995de143c9a780e1eb93f673665b6f73a2e9d5f485fe0cb4aaa87b2a887b5856d6e06ba280f13d9fcdaec8672b97ba5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5801d3329fb36c59_0

MD5 2ade53cc376778a17e350002fdae2f48
SHA1 04267d039513dc4e2d47c11f9cad55211684a754
SHA256 06822ea8b4745dd1e108f9280b8674bf62c20a7aa6089216915c8364d1e97923
SHA512 e92d8d7bb87f0f9e3750b0d210853b47c239b6544f6c8f622a49758070be98a1af04501069ba8c330887191d6eb001536020dcd79441a1c2b4e09dc626332ff5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94f93ada55bda7c3_0

MD5 ed6472327c9b8b0f9ed975df8b9bfe18
SHA1 59d750804fca55ed0e3cf2fb55eb7f5b2224e7c2
SHA256 fa675c4c54a6eb4df28d2edeb48534e2e75da47df5fb77edbd39f64c917e6ddf
SHA512 d93f11f42e1ba12e2e6d30ee1b04a1708fe1b1f69cba7d548a3843c0053ad05dc097284834bba3a775d4b0d97e0e3e17100a4c64db5925855c76e577fd172945

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e3d18be5d494e38e_0

MD5 49a13fd6a1b24a45a0f1fcf9678e236d
SHA1 11e8b963673c79715b30e4fee61be83dbfc4f3bb
SHA256 9e9836e73909e8a7c4d922c55b4c5943ebcf1d1f143490dcd96088965454cf30
SHA512 40b24801665059e3e5a62086e81f6b1c35a48c8570caa2217a15983c6044bc12a83222470c94e1724660408edd46ddf79c9cac0a5a13c06b071cb2018cc36d9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\960f838b42b585c9_0

MD5 9a1481a4cb57c38a1b1adb886a406796
SHA1 a9b0ca283948196bee07fcba943c9ad79064d6f7
SHA256 3d65121845d768e2f67d293e020f115eed79be767d885a08ea903349199c3dbe
SHA512 344e93cbb40c79f1593754b17780786a3129fd0a6357b00d508d26b402cd43ed6a849312bf2b57fa44315937f822aa5eca12804bf8faed126a8e33891366a50b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e3d4e045555bf6a5_0

MD5 78ba93513dec47fdbf151884822bd792
SHA1 52347aa2bba5420c11ad4e41a6495d5c2ba6df40
SHA256 534379b85af756fdc9f88e939e172326cd949e45f29bc618c8fe59811e3ebf5e
SHA512 81db7e891776a3325c5c495502d258f980a72631623376ab7b4c19b53214dc46a331f9b9efdf712cd692adb73eedddd0d559f9c76df7e2c8f67f4a155ff2cb19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87bfea9426cb2ef3_0

MD5 6a80f827a5afa7ecc57d6b4710f81074
SHA1 a199093d1a0f9772073076acb70a3238a24d18c9
SHA256 e4018275247d99a562275cb8963fd9005fab4dc6896620750716f73c47794b30
SHA512 f709b8da461684474fe711a53caf532877287dcc19592b882ba97982ff474a8eae8c01dbae356f460cc27aaa096b9e6cd4c9a99e36af00b75e5aa6d9153a6db4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\632e260441be7404_0

MD5 5a3cc11496fec90d7c3d58594fdf3b30
SHA1 151f0f7aa9925bd398271a5ff970048c14e0ebc0
SHA256 deab1a79fc969a2c0592c274fc12793771622b1e3f0b8665d6ff3332bf9a9ca2
SHA512 46256b58a57f33e932c051e76cee10976971bc0bede2355cddffa122cdd06022d9c9ae4e8056b3db29c9c67341c9b5d78567c014dbd0f3466d5eff2a149bd078

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ac673f66e12ce14_0

MD5 de39a9172a8ade6f54e9de1ed5a06a64
SHA1 a32d68dd32125af6ef1f99edcebc30c607a523fe
SHA256 883363cff8ceae4e0b8539d8cf19c17c9bdacf56823b73382b77334d62811591
SHA512 a9192e300178aa5d66f651db8b1b04f9b294de2c5c79cda77c6cd92c1ddc6c20065972011f2fd0bfb43369e8f0853c23e4dbcfd44ccdbfdc91a4369fb22f1a70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b07f53c03d60c350_0

MD5 e586ad816f4958b8f8b742b919c77168
SHA1 b2096ad8496b45a1650089fea20c14b017996b65
SHA256 aa0cb398b4327c66028a1458818081b9d4f99c677aafc8ab7aa88f66876cba92
SHA512 6e0217cb20b5ff94ebeb0fb8e4d5e937a0911780e5ca193433f72afa00d0b174622310a63f82dec342780447f5c7eb0765415efa3f08b44bd4e38373a079fb86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8f6640eef188435_0

MD5 5b557c7739824d7942b6bb9cd261660b
SHA1 a5120c2328b455a1a8c33a21746f4b494b477c24
SHA256 653a45085a9b92000f07359db76af84ba6893a8bd71c45c0b6262276659bff98
SHA512 519ca306627336cf751a21fa79444673273c46353ec0750ec89cf84686c047ee6a29338012ea090356080e03aad9c5d7dd5a4b0e6cb25083920bf5adbe62dc1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1acbc71653e61c35_0

MD5 47b59a76402c1c11f7ca76a403738921
SHA1 983b115fe6f607b5e1b8e7529f32009b36e63fb1
SHA256 28bbcf9c58f672b762a0aa94dc4f43fdbf6d310811a7ae25c399a34d15737841
SHA512 91f04ac7e8ee16af3f48963fa1efdd45adc2f54f4370575988d7616df6c27a5d03c2749f0670a8c77fc1f8747c6588278527432f0f9d4c2138d8884be2cc3b94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\603d2267d522446c_0

MD5 94408597116f34d577dfdff3f0779fd5
SHA1 ec146062d1728b52af9f655189afd7296e36761f
SHA256 e65428790f34ac4e44ecaa07125b88affeeb817389349f8d88a0e9f6875500c6
SHA512 82e0697bd0b605baf0efdc29c9e97fba75cff951e9ce452dac30a13fbba3800233fdc935a5e1808571c9c050215eb78fbebffe16a9994a23e1197a35de42b87f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6537dab24e365f9_0

MD5 9eab72bf76d1834d264693d907456525
SHA1 3894bd7fe29fd51a014444f497b063807a5f804a
SHA256 8c34d03701359e69b199ff0bf3cf20cd23033a2678e5045c5089d29805b6e744
SHA512 3d3d688cf6abdc068487ef43c87fff1df5c536f743618680e0f686fbc166ab82f989493bdcbb5547e758d15c91329ae2cae367ab4c26ca5661d22054cf810109

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0

MD5 08ebd5c977e8920953461cd0c50276f4
SHA1 3a8125c5f27173b7655f8fd14bc7fc94f9c1157b
SHA256 05c9a464cb22b7d17db12b4a79a497a88a59dcef6bd5320b298ba4c5f29e83d8
SHA512 c5e9995010daa84f99e4a440211f3ea2444084b13a98ca9724ed8d2c62f555b7dc6442a1e239670eba2e918fb99c82ce47d0ac9367514e1ca029a92d9c5b06cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87e1ffb07d850b0f_0

MD5 38a239b2f960a2ab6e8e6d427e33a82b
SHA1 fc5c5ebdc5d035b732fe3a025ee67dae52ee6d31
SHA256 cfa16c5e8b79a4ec480b8628272bb33671e568c1fab7d7c92740cc3deb8de93c
SHA512 b44ea19c59a87d5e417ffebb8abd388fabbeb4d1c6f98d7143f8a15cec111e3db8e39950b865ed1a14636dafd15f41f195c1cc3094f033e79915f78f927ae9a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a93a5af80c0c9ac_0

MD5 6754d16772d02403e539b3e369cfbf1f
SHA1 e0110574e81ee64c6ca60929f997c1c48787d2d7
SHA256 cc7209fc6fba29ce46aca69c8185f213e70f14a88fa125084bf16225dfdc3c3e
SHA512 271d6a93235b6af23c95ff14851f2cda0ba697d33cefc4ceb9fd0d462824dfb619c5901e6d1e32530e876a22d0b476636e9825181ab126e5245c8400614d939d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cc2f0fedd3e9608a_0

MD5 fee98705cb2462d28f2fadcc24642b81
SHA1 40a2a11514a876ed134010cfa7dceee0f043c373
SHA256 03cf3bf5d290cde55c574b44d47a762b4411d460d07e0253972f1cd8ba1f1107
SHA512 ddb3714e6f36b286c9ebeaa8ce189e59c613639dadf42695ea6433880b45c3548ec21b08a14eff08afca9ac7b4fe5bc2dfb12248fa05a3d944e28ced7c0ca593

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2b7ffcd51b01561f_0

MD5 2afd714395ef5ba6c28ab8d38e85327c
SHA1 e189ac36327f734fdbed5df301370ae5f6e36ad1
SHA256 fc3206336caa731f8b77e5f996c453b9ebd509af7f21994d57bfc700d8e99f0e
SHA512 7db5dc904e5ff5b6532a8a3ae45e0b90fd8211e9a39f4b740905fc3bfe90697978259c6da57918ea48c373274053ee76617d3587298f1045390f0e207289d668

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b47ac5b29488cde2_0

MD5 9be6971accfcf9d10045fd3e0b3de55b
SHA1 67963a841886f5f689f8067d958566a3fdbe311e
SHA256 a0929942f9ca3f8444fcf61fb378f7ad4f3df43dda6ad7b4a347ff3273a662a2
SHA512 5802c4c417acf63193960745a5c485c85e21365d54758c6b7245fee5a1c1f53fc81ffb2fcde92371ddc5d2d980724411a48ec8a4221c900f166ece974ccf907b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\816bf2739a8edf30_0

MD5 b455c177be19ab30a9492c821d289cd5
SHA1 bbbddfd6d50184a9624d3acec39e4e41e830da77
SHA256 4aa7df7e51686b06c12f311d4fae3c7e2bcc380cea8c135f32331e4eb287a359
SHA512 71d1e8ea2f278058b644b14f42230b3cfb1992741ba059d68780d3b9e511baee4f51340fc4a9774442bd6d058eeee59c0791cb9f76ae35e03940ccc7282ed63a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

MD5 ee7a2dd359acf8acbed72625a5c3cd06
SHA1 a8ce26aeb7f1d109e517d5e41a5da56460623970
SHA256 486b0e825c9ca1d1aad931a2fbe52e13fb8ff7ae1e7177376cc9ec01700b5a1f
SHA512 7820fec5637f4932324f6a331fb168756d97f5ac00959105a2795a332509c46783194123527f71bff0efd6c1f9a2f31894f78d761ab7c92f74065f5ad938c4e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

MD5 4401f071fa7d262da4a88b139abe6a0a
SHA1 0bec81713e7146d66139df40261dcd2cfb48413b
SHA256 46297f8afdd13e85b9c79d9155e36b24ba45702ada17e4139f4951f329e71a47
SHA512 fdc2ab3d80dc9bc6a3aecb6ba7a745a21375f2bedcf293cf4372b3a067206c97a33c3c88caefb76e39d3428ea3aaef6b58b09227e9177732f2af9224ead87702

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

MD5 314d718eb8d0873e0370e97e15f4707f
SHA1 26437cb5d0cfa5f4170b20915a80217c0da1792a
SHA256 740206138957f6a9d7a3e0a8a1ffc68aed164153f0746adb95ceca7bcb1480a0
SHA512 0d17b7700f28f77e3ce2437caa32d6eaba6e8aa16c1f4bdb283a3a6dac4532b6277d6c521d59ce2e0df2849f20e554cd11e8146dd85d01b9532b24f81b0e706f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4f7a48c4bb682b17_0

MD5 95173040b91129e0cc05707f3d7eaea2
SHA1 d52302e5a024bc98b021438f4f099f8dfce56a7e
SHA256 a3d16fc562f3812ebb4e44f295cb99100768b268993572ab94c615b164a9d837
SHA512 8efc0c0df69c9ba59e7bd2ac3c617491c82ec1459e44a17a461264047f1d1323a0c4a2872181864e7b4a50a78864dd5b59c55fcf396d65b843969229a14084ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 335b2a57f1cbd23b70a0c301bcf69b73
SHA1 abe875e6ab2fd05159be5afa355e036a250af593
SHA256 b2b869de55036564678e3b7018cceb8cd5c91883a7d9115e85b06433b8f16504
SHA512 789515240108f073610fc97b1faaf077f10949d20f913f9bb832a33c8c25fe89eab43b3f3db76b79bcc61301640931f46b8f8b3ba5183bcce78244d185a78fd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a3ca7ded60ce354c0e31d1b3ff55b038
SHA1 55f72da0fe95b14df3bbd0b5a7edffd702ce5796
SHA256 1101c6a07672de67026a5b4d97d325c47f145cf568e4afe724832fcc75982ca7
SHA512 5d933704d6e0104acf006cc8f34d5a21fa204f07486360bc2cfc7068e14dbc4219f6fab026485c1e58a8e6f7cbe443c6ad34418f79a2df70770a529ebf337671

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f4fda8ed37eda9753c17390a7bb7a4fa
SHA1 a7530732a2a85ecd5b0012a39355a220cf93f5c7
SHA256 a9fa68ab40b741cfcd527cedfcfedb8c968ebab2641a1b98314fb787d07298e3
SHA512 bba8bfc7558081616ce2dd88156a926d6760867a85be2f363ded98277212b10afc383072c0463397adcfe00b80825a31fba4609584e123721d651ef60d51e6a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2fd261467d29799e25181a609a9e9780
SHA1 54c8b767a4d043bc8f16265c7a3f87775d8d0389
SHA256 714c511b80839c763ad4e958046de5c61c574973ce289aa872630efdade7c8b2
SHA512 ed1eb9f299b2fdeee9498bc88180eeba2f564cec317b0a484995ebef8312c2ea3fc2e8b0ab48e8a5e2904d3e606e0af1379d443f93ef081441e3778a4cfb618d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e83209db5a4154b4df8d6311914f1a5c
SHA1 fbf1260ecf652fbf3c291167fd8c771a1dcd9fb1
SHA256 f2dc3f080c0898ede68db716d84f86f70f11b175fcd91d9d0e66d4a4a8675e96
SHA512 8041f0a0b38473df63f6a48e0264e7a2a7bce5c4e0d533935f4627c8b166959f7c5ed9106fe763c9b544770f372d2419f11c38ebd6f06d72eeef6810e6cf7edf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 57533330773510206bdd1fbbde6a257e
SHA1 1944ec61924a045c338353f498dfd018e29fc54a
SHA256 d0f066893c3dac50e03aab3a8e7f29cccf13b1b73624b23a86c76ef2529460db
SHA512 757503bb4c83d6e4d0e7f3a2f8765c82d16d1ef499fdd3559b222a1e959a396f20dd79a197353f8d0d53df8775620722e9cadf424dc8addaa5f8c254c63940a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 d7580dce32412dc9d53e8911beeac7e4
SHA1 fb93b2d7546f30ded645e40c4ad2ae962bced731
SHA256 136b2c40697b50198694dcf1ccae005f9a5dcd15b3d67bb48745df477a49df06
SHA512 2440ddd41e5d17fae4ff5e261d2d4694937f27d94292f1424c398585471f71cd20131f2babdf3332176ca2aa191bde920aeadb15705843fed3d4183fbfbe6e43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 dfd5f82ea82263420ec1531a363ebace
SHA1 1015f0647044d3b31f4063e0270d2de382207c8f
SHA256 63f200a1acc6d8cc5ffa5b88bfcc402f7f7a85098f7e8caafc324ffff6d46aa5
SHA512 678f5a516c5732c6eb6db73bc68838e54a6d90fce632d6e7b3c36a2ec3be36b8e2b60bae0545ac3676ef690a0cd2c0f79276cca4f6618fac8320e152ac12d1af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aa1a16728bb6e5743ee30a81d2bc4dff
SHA1 48195153c33a9d3735f559c3f3e5975ea972c2f5
SHA256 2d47f18ccfbee4d08fbaf71b6b56a7a359024ca41a9d4ec12f192db28b5675d9
SHA512 9a4b5ba3f8ebc1a7a1d2059c17c003588dc1e59e9d060fe4b25ec2b3f291b228061f081262aa346adfc7fc5bd444d3c70c17cbe93cb30ac06a451eae57fe446d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 177f4a7cff66630d864bf8293d9b5913
SHA1 daa68ff538bb3ea5fa1bd087afd8fca1b2706879
SHA256 b5fcb1bc71b110c141387beda381978ab00e23ffedd08e43d7683c8d00794783
SHA512 fb69ae5371ff77fa2ebaa1a3a4fe5a3d65a7a72884aaebb60102d65fa84c607d7b9fca1abc50b1aae0f984653907ca7ee09ddc482edeab972c2dcc1db272523f

C:\Users\Admin\Downloads\Unconfirmed 766001.crdownload

MD5 cffe1f958643d6120ca4b41ffc8c88cb
SHA1 6f65c3011fc96dc987411be51992ce40d411c890
SHA256 e6aebf723ca843c4c97532256851fd7bc6daf9d9acbcf5fff2b2135616f1e434
SHA512 2694ea6582521849d13a1dff07b9c30d5fe29ec21031bea0f683be582f7e949c7f0065445e7943c930c7906bc13267961b85b067c39f7ed12a9f87f3de922cc6

memory/3416-2850-0x00000000005C0000-0x00000000005CC000-memory.dmp

memory/3416-2851-0x0000000005490000-0x0000000005A34000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c0502b15690e9758a76ceb0af74b4f4c
SHA1 8762efa98ab1810c59ffe302037c140292fac7fb
SHA256 58cafc3a2fc39e1c6ab3d0f7b7f4a1441678ae9a3265accca82a0630d2c33ac0
SHA512 370974c86f2626201753f390bba3c9b007dfaffce2a04c7f7e5266f60ce4907c7b14fc9a98d12abfac3219ad1c1347e45a219e3e6c9198f5c51ee0d5ea06ecf7

memory/3416-2861-0x0000000004EE0000-0x0000000004F72000-memory.dmp

memory/3416-2862-0x0000000004E90000-0x0000000004E9A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 875ab03ce3cdbefe8b68a503c554d4ba
SHA1 3b9812019b0ee360bafa39eb180561dac16debf6
SHA256 99d6de4b53583c64a8041df4f486755e0526155a9f649a7536ee97a0d2178aa1
SHA512 05f62691a84c9e5ddcd7d44a77900f9d27f967fd3ef1a4530513b83a1505b8ca6e811d57dec8e58d6df4f9cd7c2fed13ab4e0d469611ff5f8bb7ff3ea2fe8f62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5003cfbe66d20f8dcc7809eb7c1538cc
SHA1 3c890a8dfe918afe5a4ed4864dac3e8f4ea383e2
SHA256 6a7be31779dc1dc95f234efed86eef23eb49dd093abd30f57acf17bcb45facff
SHA512 f45fd005330c390b85946bdeb7e6d4ee41f01eab6d90cb44a0e1d7abc10fe3b8984f07e7feaadc727163559faa8fe2ab8df5b321a8ad0bf5116883ff7641c96c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5de9f44e801f6134_0

MD5 999df67210eb252415c3467c7f58c533
SHA1 4e7db212a7a8ea41bc81abfae4f8f75b3349c714
SHA256 3ec39a26604d4cac46820c35b33df664495e696f2fe41fe88922a7c00739bb34
SHA512 ceeb8b2bcfd4f4574e5caf057ea289a6c3bf9fcf83eafc9d00fba858ddacec8e71b6d58454c47f2b0a301091d29ec3c4d7adc5b7a9856d8faa69d104feb2e6aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dd7e53eb4131523db684b6a79254dc45
SHA1 b806eab925adc4b3365c75540b2dea8387410a9c
SHA256 781e69eb30e1236c7b40b1688979952b499147c7b45721eb17a33b3d5fd22d0c
SHA512 97b7a5c83647566c4e0e36cb87f4158b711668ef63333bc97bc373fbca69475d6fdcdd4fcbd41d4ef59e26224dfea99b6b7e61c6eeffc50dd0355c24e3401f7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 946f2e1cb319b1431747306ea1bdf1b3
SHA1 3525382875aa293521817e1e7a6f706cffcf2be2
SHA256 dab1966487fdca9b188a7550ad56ff9e38dcaa8d0baa8961514c32c4811b0c74
SHA512 5ecde6ac6bafd5850d44c20bdf02856cac5afb1f1f42e7bc9a10e6ded43d3691f7efd0d547c49b8c0bc9037ceacdbd2ce5699ce376d9fb2cadcb4a56993a604c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 01f85d2191b58c2465eca3fd79d116b6
SHA1 6ea94f87f42bee06b452b135357c571c784199f6
SHA256 a9afb9dad9540b94d5a34833365c22e349a9722d78d89408542a0a2684e7faed
SHA512 eeed82c98d6e251d5647c8072804aa6ab205fe2996577a0818535ad4d0743e47d601aa2f2595c78f50912ecda8244c7bed9796abcd400285a77684c9ef169ee0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cf5aaaa8a1ea1d27a00ee47b1809737d
SHA1 67814d6d957c25dd709e90908c86d009c4aa710e
SHA256 e0d87b8a5070e116b72a0b75ee229326eadc4eeafd9cc3c594b56201245a0f7d
SHA512 5a041958828db9e272fabb135a1acbcc91a3f1d219ac79beea97c43da1ef3bbf68e0ef7e2fd6ec35d238760db417f65d497222451bd249593c7cdaf596b92217

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c9c50a017a24e5de427bba3a0d06f4d3
SHA1 fcce56bbb25b30f654520c504e30d7a6800ec1da
SHA256 eb5d0d28024eeeee1a2dd23441100f4350e56afca9694c76bed0385418960cd5
SHA512 d3d75aef820f837b00643e1771086ad22ca7d668d793af3268e6bf14a4b596e39d58a4c2c4d8c3b601bb2bc7fb4a1339e26689d13f99c486de4fe599477a9e18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 09c2eeb563dbff9168869a5dd643d614
SHA1 52085ce5d9fed612cc8a7a81e0be8d218298c4f5
SHA256 c10821d672a79b939108a01c33adf5930371c5055beae618e399117540ce02fc
SHA512 138946c513e04634b1bd6a66ff22bc44d3a6ce9deae6accebee1dfa58d69aef3c3126bb91e7708f9e6bdb30d950730487589f43381ad2118833a199d0dbea7ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 bc31238c47a1d609728e4bdaccd73f8e
SHA1 ea953a3efcea8b4aaf329a6dbc673a7c83372533
SHA256 8b25989b6dd4ba4c6ddd281500f0f2047ce66116296d725e5d9ca286fc7c43ce
SHA512 bf15dab67b1c4d56c009c5f460a0944f35eb976a92d30d44ffb46cdfda1603195a46f0ead20bddcd87b275a686cdd857645044c05bfb91b078a8fa25c6083c37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3b2d9f4d58de016c46731b9425c82ffd
SHA1 6ca6dd3c1e7dfba6dfcb32ad2865cf0a73c0f135
SHA256 8b2e926e122f32a1a470e6d32cf26fa366a676c39cf0014ec8d95a147c297c97
SHA512 74e394c21b4601f89ed07ed8f0004da7df1dd7163c5ec652eefb44ca6dd79a852bf076a9e4a0a09c9ac6000f7a118acfa9dd6975132cea4ab791bb355b96ac6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a3aaa4849c87c7c03c2f4332008d3cf6
SHA1 63f73210a317096b48c050e1bc512977a3717518
SHA256 97748b23eefb2ec21c79fc559def5cf6801de1cf3a4fa83f154885a3f376098e
SHA512 041af50aea6e0486038f68e72184f8fc7a6a7a590585e36fd21bf1e0fcb90bcacac34609ecbb0d4d23dfc3e342bac8f5b045470de063a81bd5ccee496307ee75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6637cf5dbf525417a5316d7ad4136b2c
SHA1 1357ae0be765af506045e2c2535bf905e1c94b07
SHA256 014b7371c5ca491199c2dbb67a721d318d7c3b61e5afe9a1b4ef61c22eeaae7c
SHA512 7271461921af35b86264789401cef8ced523fa491afaebc359925930f7af9456e3daf75ff3abe0073a15f0573588f35071396acff6b478d4c1eef356a7771c9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 834b70d0f31b219442303ea78db3bad1
SHA1 c2391f8ca626ec4390e8a31d4410a5990fafd400
SHA256 7cd7ced3a59118dd2cd6a27e157ee170cee796b087439ef904f3f6f7ffb87dd7
SHA512 a188b5713292e58f6c9dc97dfc6e9ffd3264d92fc44e5e1ac943aa66cde7922553ab7d872d2e9d448cec3765acee7dfef03e98a64de8de143c926f0c15f54fad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5ca3512ee16b1b491983dcd176bcaf74
SHA1 93a28d5918602a118eaf2c9b262c1c1e32e09bfd
SHA256 f5e2064e396f7c87424abf28874a5c7c14c8f513e66474e03a2746bd11124539
SHA512 b5acc17772463942870935f45b6501b80783c3c5f58c67eb2374991afcf29cad1e72593a2937bd8c300102b526c3c739accffd759e2f0b632626a16ad2fcd2d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 35960b6cebf2d2a00296e22f6b699648
SHA1 d6dfe3ef62dd035dd4de0a73b23cf3abca803156
SHA256 d73f5d2393bbd9a0d3c755a64fb291d901cf4e9fc477db59106313e4d2237671
SHA512 3cea19a8921478a8a14aa3e64bceb27d9cfe7a41f4d466172b98c498009db6394df782c4b0dbaede0f808314e75e3ded52f1b2eab9c63daad9aed619f438752a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 00e803a33a8c86fc967efef1cd04b393
SHA1 d8acdb51c57089964b9394b4d66fa344d2cd02fb
SHA256 1fb6526866cb0ce840ea55548e6600e78dc6cd5088bcf578ceb4ca7fd08e9601
SHA512 8c6790be659de11a3943ca60ec86c5a91cb2b42a7287c3eae6cd0173042f3d6e71c56014c11620023e68e9635a55c556da23ef0f13e125fc79b2571cf8d19734

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6ddda10a4c61eea97794dfca8535ac60
SHA1 5a36b3803b3ebdb280754ee4aa151b297bc80539
SHA256 c60706509906fc6fd8b153abdbad5d257597ede6f408a3a1dbadc907e83263d1
SHA512 1cb06b01ef2842a66aebd1969f3071eb341662307ee410e50b309fc12f8ebad0d3382e33ca48d6f680512deb710884c84f7bcacecc216761eeeb8c33f2f91d1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 46118eff4f0598ba9db9464b8f151d87
SHA1 73f870a45fd4e53cfd0da4d9fb61f6a8f8531fd8
SHA256 6ef52f190af10d45bbc092bef257daeeb074cdd985258d03f851b797a59d40d4
SHA512 b5422a356308fb73256cb96fbec156cede7f8da27d3ca3d9ef1bcc879d11948fd664211f2ba5c2c6cf392c4c74c3a3d58c6b5aa8889d47c3feca5f202a534180

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1b05daf4f0dc736667fdae13a582e2d7
SHA1 c2494db5c686ce97a397f51b6dc49c99ee20ff91
SHA256 0883b408edf2859d2b8a1a8b8a840704fb12d8f7ea444f0cc17aae9b91e6cea8
SHA512 d73739e2272dc390011d8a331b795566c4fba645cd3c4e26c7902523f51c7ef73e283afb292af0d559325d4d45fe5f8c12c0352ad04bf6c3b85a6fed58d64704

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 74dc233fae087b839bdc513c0d4ffa0d
SHA1 00cb2d403bd6092a1e507276fb43c229996dff21
SHA256 bc084d0a1c051f959799ed1215ae6f66702aa159e8783a22fc081fecac507cc8
SHA512 a544a526ce7958927ebaa6224b067f7c60d630bc396fab4552bb9c6b53ef709d8f7b6485885181888db3baec7b7c00d2af0b902e06413e20f24378bc3f4b0900

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8d9cbe9bc94702df360fbb7c5b4399e1
SHA1 1c0b420e1adb0f5148eb206ae52c114e447bcd8b
SHA256 aaccfde65705eced11cd0314ef222570ed0d600dfa42ab33669c5e291c54ab1e
SHA512 df25ff2cbf4b59203d0bda112be182eda192ca7a5ecc49d04763494a67c933ffb92a60bac2d95e9798ff7da80c38fd42143969014056091a6115d000be2cfd94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a379159a1f91ecf8430900924ce3e9ba
SHA1 027abbc9f8c04090b4775e5a84124d16bc4f37fb
SHA256 ed1a93530324b8f8f3660dfddd48f60f2a1d0e0b5d40aaa946a396da3bc77874
SHA512 64dcf4e5a271617d4544869d4b24ab73fddee026078d0764301cfec2426bf7868969003ed2ef64c31ba9208b0cff3a505bb646f60840fea2da1b4600937b3606

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5e11be71d447939f_0

MD5 640950a9aceb0a0ed35b216b0b601899
SHA1 ca8f7cbdae01cb9a3640022844cba198cd3b273b
SHA256 3efa219c64d4ad3aef50fd99548a92f29f965ee7968f986a028136e029401d08
SHA512 c30c5b9aa90d9e29f46fec7c8c472c280aa4c1639f16f8d715874c6bb77d1a175034d85d4bb8ab76acaf04901db79a116659a51e83cd81585f7396c1562b0227

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\78ab860c2c61b8d8_0

MD5 dd15e25e1bdf13ebe40eb58c80fff0f8
SHA1 cc4907b9c582c0a021d18839a35f9498c9aed7aa
SHA256 64766bcfca4e9f6b714c00169a055f1322d47b64811b44a8221a8703b9f7049e
SHA512 4d232b6a4ef3c626e944123c779c7b61d63c27a3e4945cf500a38b3c130a5a2937f3b308abe67bcabfb0987972da097fcf664d450fae5fed99b5af23b82de9d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 c663a9156d7623c7364fd1bdce63859f
SHA1 a43c355a55f35ac32c2777a2bc4f3f0ae70560e7
SHA256 81b9ee9890c60bad05b935431b2989d171677fd616e851ccbd3980e447d5de77
SHA512 8b91b788be8004ac83a3f3700ee444d8b04aafefa4f8336fdd4b8175dfcce9ac040f0d3250b2562385446c9ba40bf28e138634cc869794ad2e59454256d7c041

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3924b638ae0c3a91834de3803aadcbbb
SHA1 4eab0c63f5a5601cfc01472550133439ab0d60e1
SHA256 00f0fc7f16f49ccf2f00016252431aa31d79fba33d3eb326a9893edf44441e6b
SHA512 b7eafd1723d638fc496574dfa047d7f45a29e2ea1a6b73b87184574432fa6bb28c7e93aad98f1722a4967df72bfb1c6ab9ebdaece96f486ee5ece1f829077844

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 886ef9629fae4012f7b1fc0046b67727
SHA1 1a5963489098ad1abf34e024f7f058083e3c8b3b
SHA256 c11a8e81ebf9403609b0033cb297bfb6d117fa9467771b71a3a8eacaae4f33ee
SHA512 13ee6342a08cb5fd6bc1056fefe1b9d8d48050dccc5c06dad6fdb2c431d002deac1dac6eedd96693e1d7cb366b70f672bf9e5a035670835db7dbcdac9e804c1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6b40d2372fe50565156b529fc57fdea9
SHA1 3de906ab526f740c2fe2d55941756ff47dbe709b
SHA256 febe15f134712381ee88a44c074216c99018e635bf57be79415dcec8019e197a
SHA512 cf05dd14f2eccb0b1a450a07afaae066a17fc91ed7a4dde04f3f5df9a0401cdb7bda8854ad3c235788e0a2473e27c3c6d2743946457d2a892a4eabac264d88e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9aad51d3efc69e2ac666e6ed1387cfcc
SHA1 9824f6b120fb1613cbcea3261a604eaca5d8e728
SHA256 0a64af1cec2d0bee08316a9c3af862e48080894728100bcf613c6063477657fe
SHA512 e15ad1c316a2afdb7025a3253f9fc0c848db33a2b08e73ffb8fe19226b37e12cb4eb8a65b1ae1e622381591ce09b92e9dda3a4627698c068f1ccc2919abc465a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 cc8eaa823dd9f1d8276200785b682957
SHA1 2d73802c61e13d60ac40a3b10a5445ba1b813f2c
SHA256 cf27c831de30b1e744e1a51393e69ec9860d41d1a5f4e5baa4de721a87714921
SHA512 874acc8a08be3c381e1a645879396e01dc1de781f830a89bda5bad171dbc3b9c6238113305337a224c7cf6de255df3005aa1407e108243c96cd363b4b2f9bb2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d20c456b-3d36-4805-bff2-1952c42d4634.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 50d83bf93caf74a1452d361799f87843
SHA1 7c43a9ba3a3255bf13f724041e89d20223233502
SHA256 c6c2cc2a0f4fa6bc07f36c82b75f1b14020d14cb5a6a2039148abf48e07ca270
SHA512 17c53b2f0e559bc4c10ee22f9fe16a52b52df6790267c69708be0ba47b8b5ad8b5d1a03d174955329b46b2ac1bd24d8bbd7cb39356a8efca4311ea7aa9ae3353

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 62cba895a07ed3b521cdfd7d540b4e3a
SHA1 75449e95f08819553d7e9a42e68fb62a49cdace5
SHA256 33cdfc96919bbade5e4343c9712ba1144f96814110d51040f3a8cddd7e80494d
SHA512 ac432a84405e4f49aedf837fbabeec17e40723787da85132cbddb1f09b49539d5e344a4d2242ad63474f965dc897798aa0312c22178f1ce26c671cdfed2b6841

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a1d991db342fc499efc6fe2d3d14d361
SHA1 5d401fe602d46bac973bd2cec8bb1803c2d03af9
SHA256 020659b7e9068e7d2453bcc35acd3c8ce05a6f4e2fb12ae252b8666d5ce31cbe
SHA512 bd91630d52d7d573671c48371c7f4ed591a9e164a00cc0f7216e525865783a00259e1376dc111e6c3d1b492e4e43b656c24339e7986a1ddf363e024d9e6f0178

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e78595b31f65806b37e2c8cdd626d662
SHA1 9364741a80c425d89f9abf84fe2d9226a144eb13
SHA256 2422b7b5dfddcef140b53d22d127dc82b4b7c0f1e49bcc33a7336785c823ee2d
SHA512 0e4a280e1c91b89a5b38f57dedc1a1c7d14828b1ffff832ce51a033f337b09e80c4e59b757e7dac530976858d771d9b2581a6e17bb88a86c07541cfa5a9d21e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5ae9f2ce6b7fe2fe9cf5d065a1fa86d7
SHA1 767689defec2f5952809190063d2788fe04e53a9
SHA256 3817de8fff4c24afbb2aeedc45a2c17b2ee3be8d088bcde78ebe49a5c976f9f5
SHA512 3539e3f3088385a22ec90abab0e3c2831de472ea4aaf3e023ede41145c22bdc8713585cd5256d6673dd7de8fb44e3c461146674f1dc406294971a62662d63bd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 001b68c7ab4fe706f817019a20c0c02c
SHA1 bb3d87acd122a69b68e88c790697f5ee1545c47d
SHA256 faf27340981b6e7306fbc011edf9411089a6755eb9b86a779a247e3745794a4e
SHA512 72370634533f2cea7d3ffb381c38b9bb33c971e3ed9caa78198b3305708843bb606a8523e65704b197263a8f8623631cfd26cda0770ff66c82aece91ba278e27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9f4c3335cf0df8a5fa20397008a1464f
SHA1 12f1afe73d4eb4f65e6328967fe2cfddf49634fb
SHA256 b73fb835a3f3542d65c8a3368b6ea9a336f24b05b3fe08b52d6eae7ba356d347
SHA512 65ee6efc80a225ec42de730b10dad8dcaf4bf7d74704e133e35656397df8c7af2d741eb779f9c2304ef57225c81c2a5abad461fcb81710cc93ef2a4d9ae9a854

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3aa11deccf8260bbd373a6ce8138f708
SHA1 251340bc296d531f0a844ef5abe6098eb2601dce
SHA256 e6bf74de2c3da5bb3022ad0553eac4e309f53a6758dc080a3ed9e9cd477b0996
SHA512 03a41370f7a0a245310d59300f4689196b2ca60b3d68c90e8f7dd17423a2ff04268d4b40f54976e5f76b683dd1451282b9c61a78b634313e1e0827189401959d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 25dfc805cff9a0a6db49484ff4f33375
SHA1 4d4e2961a3cbf8e0e64185880967773df34e3546
SHA256 502179a8e73f2075ec8323de6aea68d9e002d7f827dcfecfd79d7c74235200c8
SHA512 fcb7d6440d565d8cf43360e76573bc48e3bd35e3459e4d3b9ba5a2f42cf16763482283ac0abb82e54f37eb1b68c99537ba7552d1ade4ee3dec10e92539760ae2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 460bfe186b74ec8df2629ff791de4a62
SHA1 4084578169b119f5258b175375d5ca0d22e917c5
SHA256 bbb42493538acd6713f3f41869eb7cf1d1cedc82fe95dcd63da4c2c213de1e30
SHA512 4c72f5aed1ab2d4a482ee931d98d8bce1f8cc1911f3e5639ab383098d59f57c01a78547e78c6b747c2583ba264014dedce9f804599ca997ecb5666205e1e9c84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 32623aded3fd26f5081b802ab3e5d893
SHA1 c0bb6a041dbfb31393d3746bc56dfee6c484a3eb
SHA256 e7510c566940549926f2e4a064c1b6d68234c09332bbc53e7e496eabe3fb74e1
SHA512 4982756e2f586c36b485954ce71ce08844df99da74d4521db03c5f50bfc6b05a3ff471b06d4a6642eaf6c169817a0674c586be4ef4d4892bdafa27cdcd264876

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 de888111835ce93ef63fab9d81354039
SHA1 2795a7538a8ce3ec22a4bdb8002573f8de982112
SHA256 791f51efc3e21575a43709dad1718060b4275b718eaa75e37be836233c9c4ee6
SHA512 3988a684f493f2a2270e2f36eae45ae62acd1c71b4f5107892cca31384bba497ba7a86fc573b40f7caa2206a8adce40cb6ab81c8e4a04880a7f30c582b012e77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3a456a525ad233158c328cfb8ada7bac
SHA1 07494a7d75805eee28bd16826b62180263291dc4
SHA256 187eddc3b844beaef5bc158000b29143363e33425b8ffdf757c84fc6e1f5c523
SHA512 c8d89d5d7b695cba892cd554efc4c4c1884ce76515964fc2520574b637a1f1198cc8723185f4c0070576ddca0857bf46f137822c66acf60ccbdb62a33f5d0e0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e882315c8f5aa231b3a0761cfb0a9051
SHA1 5f07aa43530dfae6edfb0ae951bfecdc9ea0bc11
SHA256 9cec9de5d66a8bd1443ef108482260593197a34c5d989ed2b5f4b7f5a55fed68
SHA512 3bbefd490d681504dc850dcabcb1892648317d86e88c49bc09701457e6e1bc276a309daf1995f167a7efa39da4b052c38dc697222495cef504d3c38cd2935bd3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bf99e7831c0755eca4ad493a9133dac9
SHA1 3fbe7b8261c4d6f1a5f50b6f099b30e6b849a271
SHA256 dc1cbcba3307524d461f414fdd212f900bb388aa835d1b1440c10675f9d272c7
SHA512 13b8a29db764b6870c0f7b159f53b85dbc5030ef724a69bcf3d66cec2c62ee9b8f5c077526819df079efc2210346a162c49b7829282cb58a76c501b34111950d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9371f244b6ad327f21d22b65a3f356c9
SHA1 9ecc8e45fd635fd4de3afd5dab80e7bd910e89da
SHA256 9bbbc53e825acd852f2919b25831d1f643c37021a8868223e58e4baff6dad899
SHA512 32bf60dcc891397dfd4a44d8e25bd0c86ad2a9d32056d0f7cdea1d19c36925c55de5c77d246e43e74cb20e050fc790da1ff6028a791b29ee032df86ac767cca7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d4e171de70db07d03879c537cc1ca9a2
SHA1 f71cb6e72b2ea2d31d37e12b587a811f7f87ea4c
SHA256 c48beecd6496fa243b60280b1230d770712e4a6887b03cc3744898930ee02c6b
SHA512 f31bf5bb978b7cab14b997c658c0751cc9e9fffa4b88e303e84c5a0cfdba122ac256ad9cfa5da35f65d5a9b4eb281e5d569e1d360379f9bc5d74ff1c00842474

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e153e53e542a9cda56b6793bb876503c
SHA1 29dac0e024da38fe30c708686a2475d20b4e542d
SHA256 d3273e68820e1dbb884ebb4a96c657713b6f0c886ec6e26a3f737e37918b1aa6
SHA512 29fcfe04edea7d4910de67592b80926e7fbda7e72886ab2864cef92f44314850b35152201b33ce03a8bfc0858e721cbc26a0b23a644b52d04410299dd26d0451

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9db2669e2b68740313503237879ab054
SHA1 2f8891bacf7db514623d77705aa5ae7698c84340
SHA256 1ee389e9afed5cb1c9f42076ab0df7a45f66db1c06e296ef0d159d21a3cc1cda
SHA512 f1dd2bfa89aa3b12ba063126cb285c68b0dd6681f9f7f23e6f5f966fd5f8f013a6337b1c3f8389b98464065112c912912aa92a0d80f267a2bb6725a24b81cfac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ce462caaa26776afc9369a3e8ec6f684
SHA1 40ba5297b288039a1f957bc5643f476fb6dbe932
SHA256 3eeadc2f93f73a91b8ad3f72593be35f1c9d7fb32b350f51985bb9787ff28363
SHA512 a2a6158d5c9d6b8f33be68f862dde08c277d7c08597f7e104efb5da14daa806a875e691e8346b59a6f09fc0843ff57bfbdc3a8d5085d46e58cdcc5a68ca534c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b32e6517a5a7a1bdd8cefbf473c1246
SHA1 2b2705105ea8e25f911dda7a5fd6416b3109e467
SHA256 7efa67bd0b327a35c96178af04126f1a2dda1f34b8f50a5dc15690b5d3623ba1
SHA512 f5bd197e36fcedbe8f3da6f114040185b8f587bc394445f98c14bc97c9afa024a698eb091354a2699a3d4250ad1b035be95d98d6693cc5e8f4fc7d9135293306

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b1fa6ceaa40e819f2762f802c1981f25
SHA1 c0c589f92049abc6629d2bfe646b8c1a067dbdbc
SHA256 0dcef8524fdebd69b023d79695034ecc59bd38f2bf1a01edca59e831da8fef2c
SHA512 0c8658eaf50feb5c6fa94da2dd9399ac9cf34196197724c208d22e4fdc195925b45a4e2e4dab5c91a16d16deae3b6004d3cb7ac1b1f4801c1b834b932af58ff1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 73a0ec9fbf2381d7b39a766b91539559
SHA1 a202f767e87272629fb9f85b18f92bf33de1d2c9
SHA256 653a17be47063f763dd78ab85775cb79b2d3aa2d4a49c3b2a83f574f92136bb1
SHA512 5eb102bbb4e691eb4f2b403927f502d7cf2fba8e36d2c5dccff66e2685923b96cc56dc5590c0c08aa643368b1fedb5def469f9602ebe08ecdbde7992fe460eea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 acfa15ccef5e4f5951b8f80b2cfb64e4
SHA1 77518e2e8c964ead1a9fd0e2669ad33aa5ba8f9f
SHA256 b4724984261804fefb5586251d653c2ca8129143bdb09c42ca53c30f753b10cc
SHA512 fc49adfb439c7b0099dc959fe77854dc0ea0fb5aeb52da5e7648329a5879de48a343e214dce792dec95fff5db114f59f51d9ee71df9d68f57e604de0603e19a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c73fb07a7667106bb0fe2dc1a672a2d5
SHA1 1dc579c7386190c82f96efbb0da3528db5f622c0
SHA256 564ed6d48291fb9980c5573cd56064d437567db9b4bf76f818248520c42bef5e
SHA512 d80bfaf1651b484051765c4427595fc1f81763ba17374b3730186588f7c847a761f2d6aa8428a31d80e62b014026ea69a18d689e7f0e1ac2e14a75b87af8b019

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 93ba1db9da789b00d052798fef933d5b
SHA1 770dbedaa8ee27b3230688de2178bc29be8df86d
SHA256 9cfdbd3db219a723355f86f45c9456bf46114318021a1cb04c6babe1eee0f35a
SHA512 545cc6f4131119b843eb68fcecd41435c9ca14a0e5631bdda03168e715ba668b8092958dab14c5fa1c5f045947deed55681be40bb9fa9c058f12a8f8c726bf34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fccc31cf-3c37-497e-9ec8-399df703f5c7.tmp

MD5 a90b6b0914a23c513ba6d096be71eddd
SHA1 f86ff362c23b26b524af598e4095f036d9980df2
SHA256 116a005cb2cf637d8af903f12e1133fac1af11916a536cea807e423dc0899c73
SHA512 720105f42a597548aa91713ad4a25967830015832112b301c031143101b6e118e3fa6a058457cc829a167c83dc1d5bfc244d0f49ae51335996c949d0bdb143a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 839cb18c96605085cbd2e2cec80f201b
SHA1 0afb29fc70fc7010236f43d0e0e49c0a6d5ae8f1
SHA256 9ec318efc0695f0e35e3b621b6e9d8e3cfd4956adafc587ccd7475b8f8d5d37a
SHA512 5e51840d4c9f1ee3ece715c3ed30cc76c2d061a9f56274a31581585cc63b34fadabccc4fae42df33339dcf158a1e9f25197114cd8c47d5e04aa77badbf4cca56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d1bc5586fa6f15eb6267cf794f69a8cc
SHA1 f6a4f098f2ce4405443c4be359d714dc4247909a
SHA256 6809795f0645180cd51db42f259eeb7dd977f157f79f6d03b37192185f6149b5
SHA512 28d0178d547dcd97dd4ddaad4f721ae4118ea7c3cc856c0ab34f6aae266d6d362ee3c3b9f9d33050a6d862bf1a621218ad0d77bb482f1e9b5d4131c752efc60d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ce607a4d1fc0b0ee0fd5434b2c4c3edf
SHA1 007c8af03437cf74e8fcb714086636ed5497905d
SHA256 6a66ca6e21252eab56c271fae1836e86768104ba24fefb13a39f34d46633c34e
SHA512 68e28cfb5ccf75c4b8a31af2a9ff9ccbb14bb650d9063c8ffe5f1bc5bd188b0f5d3914437df97c0afd4ac7f58309c6b3a82bb8e56a593f97b14c09898a877890

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 049f68197eec040e1702dc04600b5595
SHA1 87419f512cbae6a9d81c1cddfa85c736f576536a
SHA256 2c20d4048521de0ee2a39935720be74188a5d22064b6b048d14e1b009080c7cb
SHA512 b3cace5ba94d5afaf0771528de2cae4f7bb884f01ef07a0060c8d56ec00700eaaa349e2735324d15f976572ae06c2b4c31fd11bfc05db4957db4bee45215992d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 246811c78ad2b16150d2dd4371b70a1c
SHA1 f62858685daf840041f48f66d349bbfe76dbb63c
SHA256 76b81cad53985a540161c1761c2d7da179ca791c9a260a4580eb4ab078f242eb
SHA512 db7e8a98dbd4743f11544de0e98ad29ce28635da4a0a41ef0508530adfdb5908cb0d9284494e9c343559d8322f19e7fb6c51657a5fca595e1564ca382ceeef47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2ed4b7f746369fbaa661ee97c08bc3d5
SHA1 12c5752aab07c7b4f8a2a7abc4ad56881133e476
SHA256 a8ec3e48539088496027b71d10eb56a03a526d4ed8861403a92d935d32a15933
SHA512 81eb0834554aad6cb62f5c73858403e02baff80706c0831f8734d43fbc7fd990320c6743c18f0c5abdde5e079af3561c92a763e9613dfff1b432057cb2a62454

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f2072facf7cdf5ce31977bef888be36e
SHA1 e991078959153b37bd823d5acc9e549d18980545
SHA256 8cb5937f23cdcd50fe6d245e2060fb23be56206b9ba4f17994c074e24b234eb9
SHA512 70326ebd6f9afd55ae3bc88280d613a69bab53ef8553597d84c08c44887c9ecbae324433de20720e2717c1ddab97282b4ea469765309480d8d88c1e75fdd16fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 480ea01133020dd1840bc4a0b5adcb21
SHA1 32b5df6c18df2333d580cc6c085eb22d9d32bfc3
SHA256 8c08ea7b0ebfdca0bcd40fe57b0601a75a0faac3287aa11fccacce304bdc3e2d
SHA512 d8f3734a98a2e90223f80ea251904cba0cbddba02d00c62c455ec1e4c5440c6328ae47a5f96b6010ce19c4dc69fa2b474dd90084dad7a7789589c3e25ecef415

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bfaaeab33d27ce09dfeb6aad256c24a4
SHA1 2aeba4a63d014fe90be2b2850f5214ccf32f2104
SHA256 a982131d9767f74359263f423a7cb313a579b45dc150d358f9bb4e0c46bf3b78
SHA512 94f380ecf36562850a5cc3164985de24c9ea50e3cd67ff4249ae0b96b6b122b150088bb540e9a41ffc1a76f75a5134b0b990920cb63f02b18610f4bb95b775ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 025a05ba9e44559ae88063825a6ba852
SHA1 d0f4ff009e3f6ae5751a1cd7c6957b8452c98bc1
SHA256 c3e0a956914e6f1259fddccf5a7f37b5187bfa29cd573afbb09832ea05fc1b0c
SHA512 00f1e238a8b616b8834ce0aa821f0febda3ae40af90880879f87e3256954189d9720c41278fce6800958736a3f4c4177b82c644d393c90a8955fd96c85a52cd0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a48963cd4fa81374b8a5750b617d76e6
SHA1 5769ef503103660500be0e98433f54f6790bce46
SHA256 274eebce9efcc0fa1db8c3ee463de0a95e5585bd55394ad12d9d4a629a747a3e
SHA512 e5a632b60fd0a4d646be8412c2b5fe8841d501ada42927d8820170ee263dcb29b86dc2a3ad5d083d82f777a043b60ec2a4e1ddc38802aa80d43b226746f56d9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 64e9f9d480c578f524c42313056ae063
SHA1 c1c97a273cad8db646c529ad74ce8b2cbf6b34de
SHA256 93c61e22ef484da34ed5d3bd821608cdda388ced14788c6b44b2a4c5a3032eeb
SHA512 a71133b0c82e4a43774ba175350a8f9c3c502e9c3cca3f2c937f72c6762750375b55aaa1651cecdeb4c385935dba2ca1e405f7fa18895561cef3de67101d6c12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3c43009c9bdd990aa2e468e9eec41011
SHA1 2faa9e180bd0653dab17fee0f0de9ed26e99b8a4
SHA256 2a0ef05f759b40e8a7cd81edf6edd28775532379376c67fc6c9984cb296823f7
SHA512 ffacbb1c2089905123e288d4024272e88e83f9145c431dc10dca7892b55d2d597caf1f94647245155ee533a4cfb008d107f4ca2649cd4daf5c52ed2cc346e530

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 79c92d9fa7512497c34647483e53c8cf
SHA1 77efbbbff94c6b843290bf2dd6b4bf5a5e5d2ce5
SHA256 9f9498ad3ec805a825a6a775a687cedab8cfd4722e2d4838a3ce87635de52080
SHA512 bed51531e4e88b9fe8f73d6b4d2bc3963b581470afbd09de1af253259c618079ab5b7b0e7a32ad40329cd351a068ef31dcdde62ea98d5250fc225a4a8e8156bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9e83246d7edf2066af245580065954e7
SHA1 cf715b231ed12dc4e42cc0e01bb2e241d7504f02
SHA256 7d90d7c29d43ab205d5bb100d92af53af4282fc2cf4f0b8c8efacd305a12c9aa
SHA512 896f1e6663faab0acc4cf7ad340e5bd51f9976b85cd2feac3f9528af945051b83699c7e9086d55365f11d8200c48a785ee216bf348d0331bdbb9ca727f0a9e17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0a276ed30c442a9093e7415cde69a23e
SHA1 6c159cd3b1ff35809c2e0f87ee7e6917aa6004cb
SHA256 f1de2597882ce73bf3475724176e632bf616b86c9aa7ff13eeb4ec13fb92e649
SHA512 05cb6b8ee10a7bb899ac2d06b1a862fffcdc4de9e9bcab3d0afab0de9d7c95c092d4490447040328ba4db7f225ba54b907f4a4978456c3db55ac78a3eaa4d6fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4c6df277451a75c955ce71e4accf1ff2
SHA1 a09b70374813be87a82d356a06cf4229ec1631f1
SHA256 bf99179c8ac479f7d7406c1ee381b60d72e54ccaca3e75186b8a27fc4722cb49
SHA512 410e73d81bfe42d4c0430681fb98223d4438811cc25366288cec3694a9e6ae4a90118526a13150a7ddc6789a4fbb2946f06f8e5d83c17760ff8c18a8735d91bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\96e8fa72-0c9d-4991-a1dc-7081c4b21f89.tmp

MD5 203e58c4dd59e26b445dd5e860fe3f57
SHA1 52b457b8dfcbbb03dd1a0e3e254634929a377567
SHA256 c217b2c3a6d829608557f0e1938ec531dfa737a90e218986b8c8560dfbbb1a8a
SHA512 333ab5e1b3e61c502330264b2466f4ecc804364dac6a506075769a4a17d14a85c80620678b473aaab406e87fe071a8365cb20220cb6cbfb05af6b9e765e295cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c311f42d64b0da75dd0c9db6b483fbff
SHA1 894f9f4b5792b10fee01445d6b9f726514753375
SHA256 28de2f89bd02292cdb87a12c38744b79211c6102acb56ff50ace85cdc319ea7b
SHA512 17c0e13b6ad7f24fc2074cc7fcb48f629a71ec194bd95242f242484edf133957be1a5cdd13904c3120396156a55709e4b16102de9153595df507d31fb54ed24c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d1950c3cdea4db35ca048ca1094ba473
SHA1 dfe6e62695e43bf481a28be7fa1ce91359c8816f
SHA256 7c0cb5bc02dd2d87f20db15fd3219b5c7c33a38d904c6f57149532966daaaabd
SHA512 ceba19b3fc56a3d2f25ad9a29d07e413dc22e96ac4838d832d04b30b6630f05193d7eeedc3a0e99e3fc681987dabb6ca1f8699a0a059867b919df10690b1d6f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a3f5f42c27abb34ac31f6e435883251
SHA1 fe3a6389e6dd913284b6f4bcb33c046e0d43d375
SHA256 5c77c3988fda2880ddcfc5f4b7c70dd117f7cddbe482eab1964462ed9883bcee
SHA512 7079c3d275b8f1e6286f98b2afdd94c0814163b5c08970489e3adefd9e088ae4a9e1f7d4cf284771f9a2e46a1421ef05bbe95af9ed3c1658d22945e32ce9274b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9cb1e184455cc82a5800708bd5b1f92d
SHA1 3f01c86e3ad478e59b3bdf7a08813b040a7a1441
SHA256 5a0206b409033edd093559a0783a35cff4cc503d28987804430d11a701cdde61
SHA512 b8fda047932e1175a69f8d32e6eb3c82b522ffc1824d78dd20b251a4e5534e603164fd9825299c629eec71c89c7ed9aee859f44a80f959309424e23d971c8f33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cc3a375a1b6fe08a13ce8786b9b9d0ae
SHA1 596bde90fa5e3bf4ea4fa4ebd0658772fb6ba4b1
SHA256 d3dfdecd67e2d7cc91b7adad15ece490b2ce1cea9fe07e753b0090b39ea5c38f
SHA512 be657e560ae03eccb4cd221e06079564d88b52814824ee2dc07fcaa862275fecd636e52ddd9301f0d40f8d73ae993e4942eeff37da84aac130a61caf353db40b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 00098ac1e3ac6ff07af41a198af66f6a
SHA1 1cd79756b3620e064e27a9283f766e0704d624c0
SHA256 51537d21890fac3abefb1bad6c07b8256076edb189def94653f05b3e7213a52e
SHA512 3997e164dc08dee21ae6b45773fffa1f9f7650efc8d382a4c3362d92680f5c52716bc903a59be7b536e411e43400501d0af67e469ef4a5c86083144180f2685c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 186cf531702b4c192c48892bb23f33b0
SHA1 a2d3e85d8691f765dafca12dafc5c6e9a4c6aa45
SHA256 0499b6686d9860bef900ce382cab73d97a0d63b3639007f7c74cfc8f0a7f037c
SHA512 ad730202eda713c60952c4248d3981617bad05dcb1cddd4b3599dc74cecd3b2ce5fd02e47eed38f2057118006c2c151d2ac7f8fb16ed872c2e6b4cb6c91d641d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4c556f66ecb1c38441c10b5d55113e77
SHA1 9746b8623c934cfc16aad96d6e6f15f9963b3de2
SHA256 3bf7e3cb922a0a4d262a5cd79cbda3fbc15527e704f6b1245240caef66329daa
SHA512 4f9d9889a3480db4a67f1bd75ca2e4f89e3cbaf881c8e3bb34bd8f6521f459b102b1d9def1e830bb03ba35133e0ccedef24d8c855c4c856e3e7a98d5e28b06aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b2d55851b8cecd6053094f9c5be3624
SHA1 1b3b5916308591fe9c4aa280cc59d39af087c4f9
SHA256 19c1b307cd76238cbb44e374cfcd8436be4ed4f15240307fd59f27582136d0a2
SHA512 1e6194de5e8f6e66ffc981f0fb507ed3aad30268cac1a22b1dd1146e2a1b0b3ee2c4e30b62dd910f8741dab91e5165f448bfa01f344b972b21c89968ece51656

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d42f38710610e7cc41c237b9a50864e8
SHA1 8db86c84fd4d64af65ec467648d30d950f4942b8
SHA256 30475a9cd88ba16105f63cc3b9e1326faca2f8e4a9a3992f1470617ca69f276d
SHA512 d7cf643cbc07f0bfc2753802285667d6408a09e1f3221bac3459988373702b39d40a797d32365cd274854f7b6a9fd34afa566d3c16a2633f4170851bc09ca981

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6e43acf2d841bd7ae0c4d36f0da09e2d
SHA1 3b023fec721d67726881d550514caa87b6f800e3
SHA256 751db43382b2a684fc478cb945a99dfc4036cee0bc89777a134d908e07654bbc
SHA512 877c8c99ea187d8cfdf40647c9d7c7210fd5f1875a0c09aaebc30d0cc30a2005a15ee2f1e15b135c152fe64f255c508a8a7f0160cdce6d24f569c160dfbc64a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 88e27020e402ac34f48a8f4b136c043c
SHA1 2af5df3fdb17d59028d096cf3aa25784aa7fd2aa
SHA256 b7a31347c8f6eff65461286916055b087da9957bce6318a1624f37fde214cb5f
SHA512 090edbb2ce8e53aa4ab38e3e59fdce036517e70b6b82020aec73475ffd1cb130e27fcaa21198c22c0cc27191d151156c3df75ca587c9a22daf7c63062339e7bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9aa9a34170cf51c3f1e81e1b85805c11
SHA1 553c724d65d6b76e4d910eecb0f4e6025c1f061f
SHA256 1f5ccb99f5eb95b23fccbf9b1db60de7ba0ce01519fd9fc88307f16138d833d5
SHA512 fb80987bd7d771996eb9e4557e037bb7139aa0d8cb1f02df0b3e01c3ea56bc750c94978efac6ca10b67c75ec6ebd61204fcd5b3847fc500a3e7086eae973e456

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 46a4549a5d4dd512ccbdad2961cbbd33
SHA1 dbb7c3035419659a1fdd31161ba700509845cdd1
SHA256 cdf2b11aa7fd584ac23a9645280aae8b4c7bc7012f244e26baf3dc4d6ece8e1f
SHA512 7de3dd39d3d95782adfec3e22b3ded3988833410d30d3788638cfc839edfe852a8b675a24aa6e10e5e2ec733dbbd6fd783f1885059420d1a8a5daea352833e34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6f304f1f2ecb4d4e50ca4cfad27d33dc
SHA1 d15c8df52924f1e6ba594a02e5fedf5f099cd75e
SHA256 4887e6c01b35a08dc266def05e5d01874a738efe47521c07b1215362f651cd95
SHA512 81d8d9a549d8a349b003d49cabcb4cabab350a3c3408f64746ab094fb5f13e822458da3f6907fd71f1c97f82634a9686fc20448a184a3b8e0db194b6c26e50eb

Analysis: behavioral23

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:53

Platform

debian9-mipsel-20240418-en

Max time kernel

1s

Max time network

1684s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

Signatures

N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp
US 1.1.1.1:53 debian9-mipsel-20240418-en-10 udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:53

Platform

win7-20240708-en

Max time kernel

1559s

Max time network

1566s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:55

Platform

win10v2004-20240709-en

Max time kernel

1740s

Max time network

1158s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
IE 52.111.236.21:443 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 11.179.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:41

Platform

win7-20240704-en

Max time kernel

1798s

Max time network

1821s

Command Line

"C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe

"C:\Users\Admin\AppData\Local\Temp\FlyByWire Installer.exe"

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:50

Platform

debian9-mipsbe-20240611-en

Max time kernel

0s

Max time network

1678s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

Signatures

N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian9-mipsbe-20240611-en-0 udp
US 1.1.1.1:53 debian9-mipsbe-20240611-en-0 udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:49

Platform

debian9-armhf-20240418-en

Max time kernel

1s

Max time network

1679s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/node N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/node N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian9-armhf-20240418-en-6 udp
US 1.1.1.1:53 debian9-armhf-20240418-en-6 udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:57

Platform

win7-20240708-en

Max time kernel

1563s

Max time network

1574s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 21:06

Platform

win10v2004-20240709-en

Max time kernel

1357s

Max time network

1155s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:38

Platform

win7-20240705-en

Max time kernel

1563s

Max time network

1568s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 220

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:48

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

1679s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

Signatures

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/local/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/sbin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/usr/bin/node

[node /tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli]

/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli

[/tmp/resources/app.asar.unpacked/node_modules/@sentry/cli/sentry-cli]

Network

Country Destination Domain Proto
US 151.101.193.91:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.193.91:443 tcp
GB 89.187.167.2:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.17:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.49:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 91.189.91.98:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.17:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.49:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 91.189.91.98:80 connectivity-check.ubuntu.com tcp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:53

Platform

win10v2004-20240709-en

Max time kernel

1343s

Max time network

1137s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\helper.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 21:08

Platform

win10v2004-20240709-en

Max time kernel

1783s

Max time network

1137s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 21:09

Platform

win7-20240704-en

Max time kernel

1556s

Max time network

1566s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\releases\options\deploys.js

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:48

Platform

win10v2004-20240709-en

Max time kernel

1353s

Max time network

1150s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 30.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:48

Platform

win7-20240708-en

Max time kernel

1563s

Max time network

1573s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:54

Platform

win7-20240704-en

Max time kernel

1800s

Max time network

1820s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\@sentry\cli\js\index.js

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:38

Platform

win10v2004-20240709-en

Max time kernel

1374s

Max time network

1165s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2032 wrote to memory of 544 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2032 wrote to memory of 544 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2032 wrote to memory of 544 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 544 -ip 544

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-07-17 20:06

Reported

2024-07-17 20:39

Platform

win7-20240708-en

Max time kernel

1563s

Max time network

1566s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 220

Network

N/A

Files

N/A