Malware Analysis Report

2024-11-30 03:50

Sample ID 240915-xttvcsyfrk
Target WindowsBootManager.exe
SHA256 3a3e3f8bb3ea348375c6afad7f6f28a90040c178ac29b378b60e6798cbf8c3ac
Tags
epsilon credential_access discovery spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3a3e3f8bb3ea348375c6afad7f6f28a90040c178ac29b378b60e6798cbf8c3ac

Threat Level: Known bad

The file WindowsBootManager.exe was found to be: Known bad.

Malicious Activity Summary

epsilon credential_access discovery spyware stealer

Epsilon Stealer

Detects EpsilonStealer ASAR

Credentials from Password Stores: Credentials from Web Browsers

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Reads user/profile data of web browsers

Enumerates connected drives

Looks up external IP address via web service

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Modifies registry class

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Volume Shadow Copy service COM API

Modifies system certificate store

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-15 19:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-15 19:09

Reported

2024-09-15 19:17

Platform

win10v2004-20240802-en

Max time kernel

304s

Max time network

281s

Command Line

"C:\Users\Admin\AppData\Local\Temp\WindowsBootManager.exe"

Signatures

Detects EpsilonStealer ASAR

Description Indicator Process Target
N/A N/A N/A N/A

Epsilon Stealer

stealer epsilon

Credentials from Password Stores: Credentials from Web Browsers

credential_access stealer

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\WindowsBootManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WindowsBootManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WindowsBootManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A

Reads user/profile data of web browsers

spyware stealer

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\nodejs\node_modules\npm\node_modules\npm-package-arg\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\shebang-command\license C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\util-deprecate\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\which\node_modules\isexe\dist\mjs\win32.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\redact\lib\server.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\jackspeak\dist\esm\parse-args.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\semver\internal\constants.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\strip-trailing-slashes.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\lib\utils\open-url.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\vendor\QRCode\QRMaskPattern.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\semver\preload.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\lib\commands\prefix.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\man\man1\npm-deprecate.1 C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\.travis.yml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\.release-please-manifest.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\docs\output\using-npm\registry.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\tuf\dist\error.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\ip-address\dist\v6\helpers.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\minimatch\dist\esm\escape.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\man\man1\npm-prune.1 C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\archy\examples\beep.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\retry\example\dns.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\lib\commands\login.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\sprintf-js\dist\.gitattributes C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\util-deprecate\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\bin\npx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\packaging\_structures.py C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\parse-conflict-json\LICENSE.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\lib\utils\installed-shallow.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\man\man1\npm-exec.1 C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\man\man1\npm-install-ci-test.1 C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\text-table\example\center.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-ci.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\protobuf-specs\dist\__generated__\sigstore_common.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\normalize-package-data\lib\normalize.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\string-width\license C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\supports-color\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\man\man1\npm-pkg.1 C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\cidr-regex\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\glob\dist\commonjs\processor.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\cssesc\README.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\dbcs-codec.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\is-fullwidth-code-point\license C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmversion\lib\write-json.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\README.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\promise-call-limit\dist\esm\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\sprintf-js\dist\sprintf.min.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\__init__.py C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\proggy\lib\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\core\dist\rfc3161\tstinfo.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\diff\lib\index.mjs C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\jackspeak\dist\esm\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmfund\lib\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\bundle\dist\build.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\isexe\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\npm-packlist\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\bin\shrinkwrap.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\git\lib\spawn.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\example\basic.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\nodejs\node_modules\npm\node_modules\ssri\LICENSE.md C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\e59ad1e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e59ad1e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAE18.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB36A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID83B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAE58.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID51D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e59ad20.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{58F1F522-8764-4F2F-838F-525592ADC278}\NodeIcon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{58F1F522-8764-4F2F-838F-525592ADC278} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB57E.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{58F1F522-8764-4F2F-838F-525592ADC278}\NodeIcon C:\Windows\system32\msiexec.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\WindowsBootManager.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000a54fc9f1d525247c0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000a54fc9f10000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900a54fc9f1000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1da54fc9f1000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a54fc9f100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782\225F1F854678F2F438F8255529DA2C87 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\225F1F854678F2F438F8255529DA2C87\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{C387B873-DFE1-47AE-9DE2-53E6E2270028} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\225F1F854678F2F438F8255529DA2C87\corepack C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\225F1F854678F2F438F8255529DA2C87\npm C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\225F1F854678F2F438F8255529DA2C87\ProductName = "Node.js" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\225F1F854678F2F438F8255529DA2C87\PackageCode = "5229DDCD3A438F043AE4C426ECEF4463" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\225F1F854678F2F438F8255529DA2C87\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\225F1F854678F2F438F8255529DA2C87\DocumentationShortcuts C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\225F1F854678F2F438F8255529DA2C87\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\225F1F854678F2F438F8255529DA2C87\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\225F1F854678F2F438F8255529DA2C87\SourceList\PackageName = "node-v20.17.0-x64.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\225F1F854678F2F438F8255529DA2C87\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\225F1F854678F2F438F8255529DA2C87\EnvironmentPath C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\225F1F854678F2F438F8255529DA2C87 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\225F1F854678F2F438F8255529DA2C87\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\225F1F854678F2F438F8255529DA2C87\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\225F1F854678F2F438F8255529DA2C87\EnvironmentPathNode = "EnvironmentPath" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\225F1F854678F2F438F8255529DA2C87\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A3A70C74FE2431248AD5F8A59570C782 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\225F1F854678F2F438F8255529DA2C87\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\225F1F854678F2F438F8255529DA2C87\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\225F1F854678F2F438F8255529DA2C87\NodeRuntime C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\225F1F854678F2F438F8255529DA2C87\EnvironmentPathNpmModules = "EnvironmentPath" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\225F1F854678F2F438F8255529DA2C87\Version = "336658432" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\225F1F854678F2F438F8255529DA2C87\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\225F1F854678F2F438F8255529DA2C87\ProductIcon = "C:\\Windows\\Installer\\{58F1F522-8764-4F2F-838F-525592ADC278}\\NodeIcon" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\225F1F854678F2F438F8255529DA2C87\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\225F1F854678F2F438F8255529DA2C87 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\225F1F854678F2F438F8255529DA2C87\SourceList C:\Windows\system32\msiexec.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 574404.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3368 wrote to memory of 4536 N/A C:\Users\Admin\AppData\Local\Temp\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 3368 wrote to memory of 4536 N/A C:\Users\Admin\AppData\Local\Temp\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 2040 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2040 wrote to memory of 4160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 816 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe
PID 4536 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\WindowsBootManager.exe

"C:\Users\Admin\AppData\Local\Temp\WindowsBootManager.exe"

C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe

C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe052346f8,0x7ffe05234708,0x7ffe05234718

C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe

"C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\WindowsBootManager" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1876,i,14125083346127794570,4815965956817505209,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe

"C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\WindowsBootManager" --mojo-platform-channel-handle=2124 --field-trial-handle=1876,i,14125083346127794570,4815965956817505209,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe

"C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WindowsBootManager" --app-path="C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2376 --field-trial-handle=1876,i,14125083346127794570,4815965956817505209,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2192 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 /prefetch:8

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\node-v20.17.0-x64.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding A681C3D7CB1AF3E144EA2DA1DA17DDA5 C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe

"C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\WindowsBootManager.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\WindowsBootManager" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1028 --field-trial-handle=1876,i,14125083346127794570,4815965956817505209,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,3625221800534221834,7170817716294817920,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6228 /prefetch:2

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 336B30DB1850A03922016216ED1CEBC1

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 0C7561ABE9903CAC33DA63762EFA2D67 E Global\MSI0000

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 0B2F5B6578A92F184C7837E7F2AB2EF3

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 43.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 rentry.co udp
US 104.26.2.16:443 rentry.co tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 16.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 172.217.169.74:443 ajax.googleapis.com tcp
GB 172.217.169.74:443 ajax.googleapis.com tcp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
GB 2.17.209.65:443 www.bing.com tcp
US 8.8.8.8:53 65.209.17.2.in-addr.arpa udp
US 8.8.8.8:53 36.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.142.24:443 r.bing.com tcp
GB 92.123.143.144:443 th.bing.com tcp
GB 92.123.142.24:443 r.bing.com tcp
GB 92.123.143.144:443 th.bing.com tcp
US 8.8.8.8:53 144.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 24.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.72:443 login.microsoftonline.com tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 173.222.211.32:443 aefd.nelreports.net tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 32.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 nodejs.org udp
US 104.20.22.46:443 nodejs.org tcp
US 104.20.22.46:443 nodejs.org tcp
US 8.8.8.8:53 46.22.20.104.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 cloud.orama.run udp
US 104.21.75.8:443 cloud.orama.run tcp
US 8.8.8.8:53 8.75.21.104.in-addr.arpa udp
GB 173.222.211.32:443 aefd.nelreports.net udp
US 8.8.8.8:53 7.6.57.23.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 173.222.211.32:443 aefd.nelreports.net udp

Files

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\2HPWf7V2dTN3ckCF9QW3Kn20T9O\chrome_100_percent.pak

MD5 237ca1be894f5e09fd1ccb934229c33b
SHA1 f0dfcf6db1481315054efb690df282ffe53e9fa1
SHA256 f14362449e2a7c940c095eda9c41aad5f1e0b1a1b21d1dc911558291c0c36dd2
SHA512 1e52782db4a397e27ce92412192e4de6d7398effaf8c7acabc9c06a317c2f69ee5c35da1070eb94020ed89779344b957edb6b40f871b8a15f969ef787fbb2bca

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\chrome_200_percent.pak

MD5 7059af03603f93898f66981feb737064
SHA1 668e41a728d2295a455e5e0f0a8d2fee1781c538
SHA256 04d699cfc36565fa9c06206ba1c0c51474612c8fe481c6fd1807197dc70661e6
SHA512 435329d58b56607a2097d82644be932c60727be4ae95bc2bcf10b747b7658918073319dfa1386b514d84090304a95fcf19d56827c4b196e4d348745565441544

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\d3dcompiler_47.dll

MD5 7641e39b7da4077084d2afe7c31032e0
SHA1 2256644f69435ff2fee76deb04d918083960d1eb
SHA256 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
SHA512 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\icudtl.dat

MD5 d866d68e4a3eae8cdbfd5fc7a9967d20
SHA1 42a5033597e4be36ccfa16d19890049ba0e25a56
SHA256 c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d
SHA512 4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\libGLESv2.dll

MD5 16deb84c2dd1d55ed938a112b6ce92d4
SHA1 15ed353f418030e2a3d94c2c77d45605ea9cb3c2
SHA256 b49922f98946952e96c03c468a4812e0b1e7a090f4e1f96489f48acc07eba1f8
SHA512 bb9ea90e01ac7e633d3e27054206c6070b352cce196b7b70b989af2b718dec3506d3aaf62e3074fdc93e7e23839ed15ccb8a508305170e7ba38920ca21f4047b

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\libEGL.dll

MD5 91f11a9181583f75e2b29fcd9050c7f5
SHA1 fd90abc3048f3347435dfbd1075b8051ac6ffabc
SHA256 43a549ff51ce4ee20074999527b19fbf280a8caa7db0bde957704033b6f5b330
SHA512 925ac2a87e436219e22a924f615669cb166e8183d6e4dd0f00ed68c16faa3ffa10ab410106a7f81320f10205415bff9d10976f1dc0bb695b9293b80101e4ce8a

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\ffmpeg.dll

MD5 21647425561f9dfa567139d2c505f585
SHA1 efd5b3d6a21886c6467d28c73d20be0acb4591e9
SHA256 b827172262cea032be8303aae69a947a8d867006269bb8b2bc7e77619333c1b6
SHA512 c5316a6b2d77cf2c2949698f9cba92fe1ec57b2ac82d55fbbeffe71b4834ec06e83728a176f5089c91cc9544deda0667f39338f1e9d1a37db69bd8bad4af915a

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources.pak

MD5 a1e5aafe5a1509ef461d584c98484ff7
SHA1 455a36fff7a12989d0d1fc944a3c8840141d865a
SHA256 dd0cdd9201c5966dcc8b3ac3f587fdb05cad09547e267e0d16b8b1a3cff14772
SHA512 f98e33fe7e89a7798c6c274b4220c7c5262a2cedd0c0a04c7821634679f71145eca78c7a36a9f576712a00ffbabfabf58c958483d2d69fa9960178a7c3581946

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\LICENSES.chromium.html

MD5 dfa12f4edccb902d7d3b07fae219f176
SHA1 c2073440a5add265b4143de05e6864fed2c3b840
SHA256 501f0b7ebf0be7ed8702d317332a0f8820af837c0a2a1d7645ba04352270e2b8
SHA512 eee3a8e0eeae139ddd9369d0869c29c91007bf6c5b0d7982918d5a013214a9e80b9233e7c1ccb43124152f684f0b782831b0a6b3d126558261dd161230004e50

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\snapshot_blob.bin

MD5 f14a9115edbcc4697515db49cdaf5b08
SHA1 9c43d69ba11a03278885dc7f285584278de9ca11
SHA256 f25ddf52f68de295bf1cdbd4f7fc6aa9d8f882a16a2f97b4e08e322b6b90546e
SHA512 3c646b258a2ba7cd3e1d878d3009d181302d790f324c4c2b10a9eeebbeab9c49ab43b15b3154ae99749410debb2f3ad8d121979ec11e44ad074e1f675cf05dc0

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\vulkan-1.dll

MD5 4783d34314ef4feb241f4fdf36499521
SHA1 89296d6ac36cd005045db7307bf31005d0cf29a7
SHA256 6e8beb4e9da77313f40e75c4ffaeeaa522b6f054fd792631ec1efcf8248ca63b
SHA512 7ef1b0e89590b4af20f182bed9d82d5175d1c8c675fc3d05dc0eb2f834052124c877135fc68b2988683cf35e8b25870e45f7c126349d28125c021c8eeb4998ac

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\vk_swiftshader.dll

MD5 6b40ce4af617399536d0ea6edc84baad
SHA1 55c91309fe49af121dd3de9c24f60b8cfea680f1
SHA256 c64b87d7cebdaee8b779859059a6c63fb47c8102a4f7311d678895f87b825c59
SHA512 9c4caddb2f6ba7d17683d662a1d9ecd2efcdf1fc081e0127260f0266eda78b42c684bcad5bccbdc03a06619b9ae4960ccea67472d7650c53e67a5a70be6e36c6

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\v8_context_snapshot.bin

MD5 dd0d4997dfab65b96aad66d035f6029c
SHA1 65faa1dbb7ccd902f1f1af544f6941234ff679d3
SHA256 f033fb86fa92df1be464de590aa312cc016bc5d6bea26672c896bf4d3f1261cd
SHA512 86b06bd0f91f50bd13b3af179f3f498f10a225d25ba5ca32258f75567e601c3f48f7a3fb436c3b0d2ba53cc9eaaa8f74c95b44458628b0ea716563694a3c7002

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\am.pak

MD5 c0490d3c4ff1ee8614225043654aaf0c
SHA1 b044484ced372b5817285b67eba59f0af40cb639
SHA256 e98f3437f6d451fb9fec33473abc9f07abf0794cd45d02ae1de48ccb9fc5c8b6
SHA512 3d66b9a2aa4b08b19c635d350342a162879042e926fa41e059e3c62fc68bdd73a91d6a9a41e409eeee7338daf0a931f178e9d151b4b9ee9ef6545f8957ccefb4

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\ar.pak

MD5 9b610c0107724603b19893c4ccc551a0
SHA1 37d987196c640861b336628d67e22ef283115e7d
SHA256 f9d96af7d5ef9e0b4f4ef133a98a64b4398c7aef04e20688b523e6ea27c61f15
SHA512 e99c07e474278990027e560d0f0464ed0d59c485226b56c8318470c41b5976602b1d52659996ebeececc3d59927577202ab6312e07f40f71eb39972ae5296bc6

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\bg.pak

MD5 7f3fe009d84dddf6a509ae33d95a7e7b
SHA1 667d804c714feab9d104db211a981357b2b8124f
SHA256 58bec94801d09157c852cfbc3ccd9916fafd1947fdc61c1453456bce5b054c4e
SHA512 92151d7589682c7078d9f9915eb6d14d350a13a126a000e4da29228649926282caf03cd996e68704f9e5dd0faf11750f7c4ee105e1655f9becbe0e267f7fc614

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\bn.pak

MD5 ecff6f8dc301b6b435df5e44c2ae8a2a
SHA1 6fdfa4136f3bb5ccd9e4e7b4706db98f17f85c1b
SHA256 3250adece302934b9a78569d72ca70e596d91865455d5274ccf8d651ccac5350
SHA512 c9e22ff9fef3c2eef6b25886e32a27fd19d56c1085c993aea1d5a1528d65735b0628b825a2834a1b8b2512d8abf59cabb3b35044484f566057826eaa3cfa682d

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\ca.pak

MD5 65c1f1faee2edbe7d7b6709d7e6b6ef7
SHA1 a81848018bc9978edb9e764474cf9c9b297bb91c
SHA256 d8a83a19f8c66742226538af9489b70c1439f6133591e29a353addd9089f67c6
SHA512 590587a66bf03c2cc61c49cb9452220b3697ad4a00abc0056017fd0203ebc2980ec8f59337fcd1ff90eedfa8f8171acef5818b1da856ec78c352498002679fbd

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\cs.pak

MD5 c64366988f8d46b6912f2d6be0120b1a
SHA1 3a33fe58ca30f41ea341cc9b9413a6cbdd6a1e4b
SHA256 30fd14794ee1088d37387f42e5d366f962fa9273eba8ccdd9b950646d2dd6172
SHA512 8990d212aff170a547733b0cd54055ecf6d30319189a7d88cda149b8994986c9ccc899d203fa4cedcdacb3217b2b72e2a9e69aa195b285aa388bf2af125158fe

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\da.pak

MD5 9fb8a421caf18588b494c3f34d8764c6
SHA1 201ac33074c76830893197ab9382ec84553f1794
SHA256 0997be868557f97f013242c066b192e574b4fa553d13f37f97a1de714b95a858
SHA512 59b2fd820f9bd45015444c85fcb55e04027836e62c6a9187e8ce0c2a9aea6e5e626b76627c9601f69e769d4ddd09f6a8ccc2dfdda6835e261b94a5af91d8bbf9

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\de.pak

MD5 a4d8eecec2747ffb12551ab8e93fafdf
SHA1 59aa4c3a7179c46c7699d0d918dd92722a614def
SHA256 d67f95e2982e7debf67741b88ce054f5bb8356021a280e092227b77ec82e298f
SHA512 1de20fa8798d050966c99aa0590c7460a40b6ff41afc36645c1f4655a09f6070530adbd1d6fb5937d1fc9965c7aac932dbb06a0ff47f31bcb6d4717eaa81613e

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\el.pak

MD5 dc334c39fa35f04d554fd6bf4d6301be
SHA1 8f83f39b41447e479e1de761721fc35b22a1f227
SHA256 168fdc777570fa85c16ee7a701bef28fe6d7eb943a674ad8681a2f9fcedd2635
SHA512 e4f0fe4ac83df9f106d60de2d4563519512d1b088abb0fd52d4d459ccf093397c5f56e41958111ad67ab9a19dc2a9dd6870356be2e344559deaf757d3b96b7a1

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\en-GB.pak

MD5 998947b55a25776181cc11110902f6d7
SHA1 a93272eb26eb9977833fb809df593759f2533570
SHA256 fcbcdfb71363750a9e404a365a00f196c9ed4fe149532580f149811475b45636
SHA512 a58b9b8bf6c2c2b14f870fdd3557b18aa002f5cc8c270eb0d35a1aab3cb864cf472328f0515039515879c9b355569b7d049ca1a1569304cf347b40b5815b726f

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\en-US.pak

MD5 5cc884bf0ec1c702240173b35a421d1b
SHA1 19bdfb0b31dc4a75e7c135d1a8ef76f5f6cc3a31
SHA256 9f0c75c84381360677055d6197812c7a6c42dbfc6134eb8212d8a60ed1ca1601
SHA512 48772f50f6b0d846084a0cfb0d6433f2fbf73677b557b022d0d73d04790636c0c40ed873c32fd037013e943fb7c24816efdcde38429520895c00c2d85a17ea5c

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\es.pak

MD5 460ed6807d7a0e5dde909d706b4f267c
SHA1 d4948b217b8a2e620e7aac7a04c2e8483aa84b3c
SHA256 665e93ca25de6050a4fbc1f343d67496d6e1e296dbbcc9edf3dab7bbcf1035db
SHA512 fa6c57dcfdb6e53fa13fbb353c3c581c3dfbd4d34ae7612b1f780f4da944da253767fe86ab3c5a3eae918a339649828643fd50b9f66bb943f29924e713891d98

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\fi.pak

MD5 dd7e21b02bdced910a171d592fae0b18
SHA1 cc28f1b8f0b06e71dac3802ee26f644837982fa5
SHA256 9e1c20ecdbe9d15386ed493d0ac839612cc91a2284d5a97d9dc38ea2c90a3dc1
SHA512 12b3fd4ba110087074d5bef6237eeba96edefbcc31bb701142da058034af591a627b7b07550670689733a32c747991ae4555884796d29631b7865d06b13e90f7

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\es-419.pak

MD5 10b1d1097987ea050a5791eceb5eabda
SHA1 c0812fbc16592a39cd1600196e62d0000b22bd73
SHA256 04b24396cc017e1dbb0bca7371d7cae10cad2350da661a8a035b572aa76cbd49
SHA512 f2a6767eae2d5eebff35f6b7d3a932ffd797fdfb48023c75b3c98b1ced5b3695ec12e642d68582da1aacac1c59b0d3a2f029c702d0df02d7b08430384d40e178

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\fa.pak

MD5 993ffa47d0354c2a9b9b4d378026e653
SHA1 416ef059058fae7e91d79e94c0ae4cc56d604f3b
SHA256 309cec5292ee0361d45796c2234cf40a064249da09108b1da75bf570963941a2
SHA512 d1ed53f52858090641058ad924e42bad29610e8e7546279325335c4d8eb9f5830ffe32fa35dacb18040090078a4466199a586d3ea4e82247b73bab02eceb17c7

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\hr.pak

MD5 b8a77fdfdf62a844c90fe62de0b6858a
SHA1 b601ab105fcb328af4b17b3e1dbebf94ecddab33
SHA256 ad13bab195d7619c58494d592cb11c22dddcf3b2735804be60f951f87ddd734b
SHA512 164122955b11eaf5e88bc61366c473b7a67c12b858bdab407c189dc74aca75c406075bfc0bd5877fa0b3857ba5dad81c9795eb55d3dbe7eada67b03d1bfaa442

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\hi.pak

MD5 0ce87d6655517dcb4d74e5130f235c89
SHA1 0a61c0e385523bc55b3ab2435e7d1231548d3bd2
SHA256 79fc8a24c93e19ed052ddc0f158e516198a10df7280265ccb769ee196a438cd7
SHA512 18ed9d0d354cd8de96a54a6f793e6c59ff476f02106f7c3ca309175dfbdb00271aa3290ba9805f1b9484e7faf2cc44e3ac93aa69b7d30c8e99ee31e29d7e4808

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\he.pak

MD5 3716c23fa0d68b698f5fd41153757622
SHA1 800cc99237fd8c2151c90e01d6c78978617c0f27
SHA256 45e428fe527bcc746039a9822db7f5df12fd651452209a8746182383c2c004ec
SHA512 d738da7fbb6bda597f2c381c533ba70b8e0a8417e943a17fc91af455492b04e7607cdd89eb3cb6d2d70f0b87bf89bfbd6fd96df18603f0fae485fee9c7fffd70

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\gu.pak

MD5 45943ae45049d9b7d76068d3721d6c8f
SHA1 0bc3f9b24f0c8ca0078ac7780a21f623b8d7f9e6
SHA256 aa885cbbf8a13fb95405cc3dca6677545fd51e303a65897d14ed019955c040da
SHA512 7cd2bec685ce103dcb0900be832c472bcd1619f549ffc2864a2ae61b60b06565acc95dc25222521e192362f8d3c4f8816bd1c3438af7bad826561247326cba99

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\fr.pak

MD5 b7ad524464a61cfe4a5be1d41c069d4b
SHA1 9eb5c98999d5ea3b0be56ddec39baf58ba5eb078
SHA256 5b9951426b8783b203b8ed44ebab916ca8af020b9e0a32f7249ed9021cce1c3c
SHA512 9b6b3274a98097e79da946b90da8b0a50575d202a8d76a07868ce03bcac69c1b848a9a28a55814683e44c8760e5d7a0f25cff18c974349fb393b9bdaaaada8e4

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\fil.pak

MD5 9f3a970c8fed49ac50bddbf09dd9a950
SHA1 e8b986d42d4a79c513bf2da3d3314fbf55a2a960
SHA256 7a4c4822516f47cdbabc4b9ef45b710b057a056bc29d3a4a270a22e963e257d3
SHA512 4533a05b38e45f8cedffdecefb77ed9af44aba799f030a770b616ec7867fd0d7893de67528a611d1002d18e3ee7f8799944804e008ec8217cbf59e03a19139b5

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\et.pak

MD5 9eb930ed036c2828877bbeaed94071b2
SHA1 b410f1cbd1774fd2036c5e8424022554b1fc61f9
SHA256 502ab41d852c69ea961df20b79480fd9d38f99bbad07a4d1b5e7143ba1f7bdc3
SHA512 86a0c8c6ed19c801705d0cd07a5634c6d234329d4a3afc10f2e221abe6a21dea0f3cb808e2daf94bdf113b64b7acde6ac836ba238d9f8b5f7bb355da1346e402

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\hu.pak

MD5 873ca729bbfeab336795e1696289b191
SHA1 bef9cc201bca2d433e2dc183c96425a542bc3f01
SHA256 d7c29c66d265129ede1019c708bd0a358d6b820366509845834752ec2ef705da
SHA512 2973c94779893c1f4d8725677355d71edea2599077eefe7dad6d4e4392ab036c0633440d2578a2d51947007adf9dfe859f9b50e39ce7d7482992d5a3790cfdc4

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\id.pak

MD5 e61a4d062cd61972a534a5e86e49c34d
SHA1 c19be8f744b956753ce40d91a34f0da02f699ffa
SHA256 d00c7ee5edeb1bd1493c49cf2d124ffdf47405d21d8d43c1a41c8749ce5c86a3
SHA512 7de4453b0793dde96503e762d4e9a77835ddbb1d75d35f012d24e8453a90ac85f87b0a62d95ad68393901a8ac3fcb147cf2b7bd468dffa62d959133528af15f9

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\it.pak

MD5 a2e2d2b990cffd395772d2f146084775
SHA1 30eb2b67223104e72fd4cbd3448b01442928fc56
SHA256 27c74ece0aa92e15d2f26628c4e132af03a6db5384e24504932c45912aba7268
SHA512 8d874a43dc7fd2933ce4b81c8cb8d17c709e1947cca8867614f726a34600f8b59689fb7df50c7502fc21cc99785074723e4502622c677e5239d598cac8962e00

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\ja.pak

MD5 0553c4d65c38a5afb98a0ee8f420a207
SHA1 c6011ab07bc0b1e036bf564be6f4d65c24e7d3e4
SHA256 c2bad3c397cc41210e1d5d1d04a7185f9287c670e285d30c66235f5807b39fcf
SHA512 f3b9636a93ba77c1bd00d491710adb221f570a30d1b5adc50b8e263165b81a17c062aca1cb656314140a512cd7e69f583da781ee4c8929a1305e743361a3b030

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\kn.pak

MD5 33bc5ac34a95379d58f9c42cb21a92e4
SHA1 0f4ef0a9a40e9042f3b744b5b87fcf00c08fd7e1
SHA256 99c8c57a808c63088d3e7b83dcf7cf80fb2a648d678a7c9473f2b5cc0bef8152
SHA512 62db9b5781b6c218e39bf7d4e47614faf2edb496a51e0b4e802047d57639890f13a4b4f84b6326fbdf6218b8991a0456dc5bb1473436cc74af4e54283bb3bf13

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\lv.pak

MD5 61ee8d708739fb4bb33f37bffba745ae
SHA1 7173073dddd29e4688b922297eec471ae8b0fdf9
SHA256 f944e3dbbe9694ef7c111e1a0bf91f5b0229b7c3ca221f54c253276242c281f8
SHA512 25fdfc2ebbf7d408d9570da3d55d9722c912b2995de9e73449b8cde8c0ebb3c25b38e70f66681cbf39d791f151194c85146d95ef59a7b43e7e64b0169b49e2a7

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\lt.pak

MD5 90847dc4f0387c80dd00bad7b001a879
SHA1 b7543fa3a3185201eacb2cbeb1f6ef667cca10b1
SHA256 fb5bb8aa591d3d8d7557fb296317c30db3c4d5c9f438fe0a43a94b974b9286a1
SHA512 19ed2f2b9d71f00a81ee93c776ee9b2d4d6283cb5adb280a30eb8adb9be53a2d007d267dd8143fe7eb98ab909dbc88b16bc7e4167717d3f4eec3b1c7dceb8b1b

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\ko.pak

MD5 7ff011ae4e5ffd05736f99888ae9a8cb
SHA1 544bf65ab5fe462faadcda88e2e5db0009169123
SHA256 5ba83651d941cb9f87b961f735d5bfb0e249878255129be1d8e8d6ba5d903d76
SHA512 baa72f1a5561fd67a047309255ca799a55365d6d755324313e86e26ae9f3a8209af7af24c1a9ba83faa441cf49fb843d9ad1fab4b76354b0800edfd9a2ae21f7

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\ml.pak

MD5 6183544a4f554d40a211c8e0376c95aa
SHA1 a9e855bbd03cfeb96dae4c52e6a577b9f0374184
SHA256 2b5c12d6628b1835d5658085c04f9dcf0d792db603a034264e70d86f8d43e044
SHA512 7c517702f24c92b708dd4ee1d6d5a911213062cfa5ae05c12da9b2cd4dec06ed9b218ce88a75ae9a7c9177af100169f61056b1eccb9ab3f10811b6e6c99cc86e

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\mr.pak

MD5 80b49d820f83133b9efb9ac2ca102c83
SHA1 6e2d370c74891bef70768f051e4ba0483d6b5c1e
SHA256 df72eacf4938f4912f5bae563dbe7e81a758a7e8ffd49f14502f6d0b5dab6f27
SHA512 afd58a2ada72e96423ca1f9e1869c8e1621c22e72a13b90fec5fd2dbe662d2d9280e3277018d426196ad63cd74ce7406975bd134f577b6b3e5864da7f0831936

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\ms.pak

MD5 0cda98188ccc97e932408bed970e2ce1
SHA1 91595881665cc51fbc013ec0a1d212dea9f70cb5
SHA256 18c1cd2f95f5c029f308c53774f49e4b718bc94b78fc3029f95457bcc58281d7
SHA512 4cf8a939adf3b79537051016d52a0e2c3c10135dc2a652b68d5ea7bb338dac422d3ad814dda1902c393083db55168e12822dd51151302d5770fe599c0b395ab4

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\nb.pak

MD5 00f1a382f8f5e0950cb9ba4a4f3fd478
SHA1 bba2de6051bdd9b596f66312f2e2296c370e2d93
SHA256 e42e748f28e944f9a3a7fad19e686b856bc60b3e0128de94e6cd7619a7d24071
SHA512 2d8f502f51fcf066bf8c420ca2c86fe4ec6274ab0da5a5266293225910c9a0dfb6d5c529a9fd0da6ff4952bac385fce2885757de81a4db2d7f5c10cddd539c0e

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\nl.pak

MD5 2d4bbbf2e9459992252d62ab1a152d30
SHA1 78e696c8b30f2b4a113b72a92c0a011aa7d777be
SHA256 4d450b5659ea7bb907728e2b8f48d77a43dc18024e2a15e749f5a760d4144571
SHA512 3325dbcf891a55e06d2d106046d0e0589dae5e437b4437b929672150735b38dcf39afccf0fadb2c43dd1484f3726ecf9b0ee1641bde7bb31a84b88790e9cad55

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\pl.pak

MD5 999ed3f4123a1479d43ab2dc9028ede9
SHA1 346a3c515d01929a4fe3b33c42a3aad5fe731843
SHA256 4174b220824334d04bad161309d342a647433fae7c353432e34eaf49ec8787cb
SHA512 abfb66f0826e88ad2e1c5850c14ad03a9daf96239e1b675c7442659b9851f202f73b4ba98ff494719683e5c4eea5ce8756533af609218e83a47d61730f28e9a6

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\pt-PT.pak

MD5 b7456478ab25da7a037689ecf9fc39b1
SHA1 6cacb9e84af6adb490b92caa6a24def7114266ad
SHA256 f07d58c568707c6de882a19e260c9f97751bf750237fc0bf3556ba95995f5442
SHA512 9f71ac8f21c64e4b8c93ecda70c47cc697395e0e67d8b4a8ab4d2c1f95f4d5644aec87df2e058526534bd4d65130d600443d3baaf6ad32bcce5bb994c506159b

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\pt-BR.pak

MD5 31556d02ba0ee812ebda678e3b70b1f7
SHA1 a2468245936dce8b2944a66c7562ef4745f64ff7
SHA256 9d93fdb7f9d0d7833ebef8ea7016f952301075e714a4918c6a3d5338fec08ffe
SHA512 3b6ef3ad2d0115e9694a879e127ecf067d8df03f0875ebed4427bc674c0c9cc0deb591feda9df120062c3a59d65fe952727b2a59f352a096887449a0745c8fe5

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\ro.pak

MD5 b665411d1b5570903f8e4c2501f977d5
SHA1 cb8d98cf3e053c278f8b93d734fd2b1a42b6f322
SHA256 8da674abe460d1e2824a13338d29344bae2f092fd94082d71ee91389f8822d69
SHA512 bdcb8e626db816c1db5c60489064d4ba4720381889a36e3d80d00e9988332ec6529107d9b3ef062b9bcc2afdfe75ec55c8f08ba06d908b07d772d2547c7b4cf1

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\ru.pak

MD5 848ed63d29215f8b7d002f8d731db13c
SHA1 1a33d0abfc5f4237e63440ab04a698ac4f230ec6
SHA256 cf4d6fa2c4a8f828fb11d464f504ddbbff5abab9cc78cba326bb8eafcfcdf812
SHA512 2a1f75d2aac4075dd43f816fa0b5d7949b1591e53bc711a69dd5540a3a6ad502648f7c6681db7632b869553ff24ea43ab7cb4ce4b646c022fb88f0ace97a3c7f

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\sk.pak

MD5 0b9599388dec973ffec68a5738a848f4
SHA1 0a0aaf4f9618cf867a1bf1e5bc6b8b21b46c4870
SHA256 e7038a23be62e4a476960b935a6c528aaefb781b28fdb7e24b3d830b5c02f10e
SHA512 5ee7aeaaf1be25ddc86694a16ca595872f2a9dcf1e48d0189d3a1eef425629abdc814ff32a8b288b468ab4f263953618c4363d033ef7aec2bae0072129dd1f9a

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\sl.pak

MD5 3bf6c4aa2129b4b535637aa6727fb1e9
SHA1 569bcfab7176bb9833a02b5853bbbeb3165538cc
SHA256 cbff2dbb38d4d95fe7c811e0abdb0b92aad621e5c2c1eeda3c394dce5cf1d34f
SHA512 779ced23adc89af08f43531056b7195d253b7ea021439f73f0c9f9b49969153a2044e90acc0bda3c14d3b3e68f772f5cf8611f954b5b9cb0370d252a484ca36e

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\sr.pak

MD5 9f9570670d844a1b14b256a7584665e8
SHA1 5b5cf46415662cc1ce4d93b876f4c45389aedfc2
SHA256 abcee52deb7382d84de334c3228711a62a7d21d9a2ce506385805eea0ed716f4
SHA512 d38fca2d639e32f5ef90dfaac04aef0ccfbcc409619acec6535b5401502b7141f6eb24f574db97a7abc550b8e35e93cbc62a4a0f7494c56537fb670f19e02f8e

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\sv.pak

MD5 c0eb9dc359ead97302591d09a4d80c81
SHA1 5569c326861e80dd05aa49a74d77815364915af1
SHA256 b34e855f518a2041e4bbd7b5c269e35e7dfaa431fdd876fc0aac38b887e65aff
SHA512 b488831aa6219a246d0cdc370dc7b95fc07754702447964737eb53b9d5f64092e8873032bc40e8af9270388bb1b655b4f06d6de304b85b32fdd297959534d06d

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\sw.pak

MD5 9cd6230b42f2f99d9580f7ef84508f9c
SHA1 4f9d82e3c39f2b0d3b0cc32733254aaf38e811b2
SHA256 fe18b3e9e275d7330706dd19f4af603a8ad899138374bfcba8e2c6764f94c190
SHA512 46a07a61ee7a70b4d261c16d2fef6f0e8a35caf371e33e05ca1dc3bdc7f3d304c1dbdb34ddba7b6bc573a6a58e170d9250cb1b6a4ad8ae6e255704416c022607

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\ta.pak

MD5 afbb6f8a11ecb993e73a530e2682848c
SHA1 950d0fa6cd4338084b5ffa72eb49f79b07830466
SHA256 3d16a99568173ad5760bf195b047c8850e39ec8d308a94f6c81cf7ba733f6f5f
SHA512 74ee545cdce2e263bc33279325e0c72336575b36de7dfe145897964cde7eb57429cdff082ec5a06e7f46f75e9bc6d5c4cc3dca395745e990092cdac27e56f129

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\te.pak

MD5 5f441de15ced6697594e8bc066297348
SHA1 33c64379ec7297404e8aa4a4ba5a7155cd69dc90
SHA256 4ab6fbf03177bd7ad0908318d5affd0cad142ec5e9ed560043e6b76e590ba995
SHA512 dac2982dd5e9337fc3443a87d5dcbbff46f0fefdf9e163624bba1acd1528f543c84e2a088a83a749543e7b764607c16f1ab1c6c4f9504eff48180a30681570f3

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\tr.pak

MD5 fe23b2095b245ae359c449cf3ae2d4c4
SHA1 56af0705886551389dedb9ba1d9becc682321977
SHA256 48b76d081b4398c7af10be207751ef3bf67720700c35b17196a4aa0c94526208
SHA512 94b81f5469620bb7545f3ccda35845861e92ff7d29351a7f562ac861f718454d3d8dff324cfc904e484f5551d952bc338f24e284f585a714fffff5f3a5445f64

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\th.pak

MD5 f0a3ce8609d1cea58d4d0dfc47d433f9
SHA1 9f0497e31ac881960c2b9ce3f75fac98d6ee300b
SHA256 31f31b2985c2ab430d373dd3d79821db0674edee163b4ae74dc362051ccc1491
SHA512 0a722fe6373f0f64a844a8bd79cff66707e158a908292db8f5ee883e4732fc55864b06554988836a07039befc4020cb837883851da0455f070bcb63df390d919

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\uk.pak

MD5 6027526062e6f51a7c99feebc9ae1947
SHA1 10d7346a8d6a4dadb48bf7720303ef39f76a564a
SHA256 5ddf9212cbc6696941547b2e57b02092517bff6e70529f2ee14d0f593610e14f
SHA512 52178a648747f3247e32183cdb36ecc9a6314b2befa91cae28d5110c479f5d1ff59ad2c802a75288c17650de5a2ebcf369e04e760259015ff855ff8299dd9f3d

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\vi.pak

MD5 8d1de53ff78406c42fe554acc82b5983
SHA1 1b80f071914c9a2f071355973da7ff3d9508298b
SHA256 314ff8e069d132d43566143ffe0f5cebc990a015ac32ed550ac687a4ff78d56f
SHA512 d027a534f8ddac3c953d81ba635a8a3fe452e7295fb2aa7d8b9d5a718fff7cd619323e3914dd6a17eacecb0c6d6f5129c9e793b2925f65dabec83b9389db295d

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\zh-CN.pak

MD5 b2e2087f9c688dc3ec45a55742bedb6a
SHA1 8efd0726b46fc67cda9fdc9989c707c23c7b031c
SHA256 2b255293f6c85abb09162c825aea120c3e695156eb952d26d1e5f505ba324b37
SHA512 2382b2b4d56831bd25d5a3535936d8a1039e00a287bd5af05628c1a6fc54715fc8ad68ad3f207d6e073a588a66d5fa181e124125e7d1f00a5de54ed658e5c33e

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\locales\zh-TW.pak

MD5 32f600c44c8a26fdf518faffbce56b71
SHA1 7481922abb60ee20f6faff9ae4dc4a55f6e6224e
SHA256 1710cea2eb84e4feed749e9e497d01e16b1b244d1a621d380226b8ae7cce07c6
SHA512 da145697ac8d7ce6e8cdf3f6e190c23f9791f4fdc2c1eed2dbc10e8c6377298c4d02df464752277cd7ec429297860ffe50e7b9de79632699dd2202b7324f55fe

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar

MD5 4b2f3c2a979721edaa7e8141cd9ed59b
SHA1 5a8441a0e7292cfacf776185c5bb0ff64c763005
SHA256 b46ffd5eaa28f8b42970d4b9ac5b5dfab5306e8393676fe6a29ed1e23ab36e80
SHA512 2cfd1000147c005ae0b8412682b78ee6b7220635bc491bab757e1db565060a27eff42c7a12b67585439d34424e41c274f494ae0dfa24a1ff5819ee3eb2bb98db

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\browser.js

MD5 a63d5f869a1791828dd0c9d02e06a12b
SHA1 3c04f6e935f935c83fb301b7184b8d2b11844540
SHA256 52d2d37ec6200d3d44e6eece937d19d09ec60b3525ae90155390171621597dbf
SHA512 5cd182aab1f5c7eee82c1e7476ad1cad574f570a31e6a274ad4f20fa245236c67987c33c4f69cac71cc224d7ca4b72e922a31b74efb955a2761140a7f2aff332

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\index.js

MD5 76ddee29be6d109fb8bfd6c0f387ada6
SHA1 99d6f7e30c631c246e63f0bd48cf7faaf078a02b
SHA256 66880b0d3ec39ba64b224a34a5ef0352032ee95862e1f4e6b2951df85cbc9399
SHA512 555b1d9dbae2b39a0d06b1f8f2ca73ee5faee759deb6e76064047b82aa63e7ea16f69b18856660e9811110a2590696fb8f967182878dfce1e342c391e0d0541a

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\package.json

MD5 6dcf210526904a7678858cf77afe862b
SHA1 9f8724cad326edcf256106581e41831e5dbc186f
SHA256 10bac01de1f6cd92affed90c16888c0e81e557a6426f266862723196712c1779
SHA512 5114adbd62189df69dbbefd095ef3041719d4bcd6ea985dcd61477f4aed3a8ff43bc1b41eec9f5add4562610cf6d9b51b3b3ac773a59b2a36e70ab49796fe366

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\license

MD5 915042b5df33c31a6db2b37eadaa00e3
SHA1 5aaf48196ddd4d007a3067aa7f30303ca8e4b29c
SHA256 48da2f39e100d4085767e94966b43f4fa95ff6a0698fba57ed460914e35f94a0
SHA512 9c8b2def76ae5ffe4d636166bf9635d7abd69cdac4bf819a2145f7969646d39ae95c96364bc117f9fa544b98518c294233455d4f665af430c75d70798dd4ab13

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\fallbacks\linux\xsel

MD5 5275ac35c8b2ff59b14f3616f397532f
SHA1 33d13cb10f0aa9504442493354d2916ae2d4821f
SHA256 6ee2c0e4736d4e7c21fa7082e1edc1591b00c1ce947df3be49e63c76418668bd
SHA512 515a9aa3e926c8685d605128ac226dd8934a99502369f38ab191aab4f60bfd0f514063f608fd86951a19cdec8f26b5fe3dfb771b18f522d304cf6b865b80e562

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\fallbacks\windows\clipboard_x86_64.exe

MD5 77710f6649e7c01c1123622d7d74e51e
SHA1 abb3c22d6e2946aa6962493c087aa329e479d6b3
SHA256 2f6ba528842c0bbaac9844eee746013dc11fd51fdde0d5632482ccf5d3cc8d98
SHA512 d4f44a8313243f44694c43d6fb18f5e4a6476fe11710d09adc74ac411ee9f8146b5f7d259699ff454ea9f96e47065a76e105071c707fde28d8474d98615cef04

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\fallbacks\windows\clipboard_i686.exe

MD5 bdf7d4ccd2ce8cc7ab6ae80914496799
SHA1 b6ca8f7a5191ba431fe118a37863a32edfba9578
SHA256 fdaf49d7802993ee6c95e32fc488a4c78a0e69be3d1060749208e84428ab1a79
SHA512 2ea6c05eebeca5ff1561f32287de090a6f8f9dd8fe8eab5d320a310d646f76cb6a1885240069d2b1202f194e1f324682aa91eb2b24fc896ac3c14eb99309eb60

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\lib\termux.js

MD5 42964227cd4d18db36d54abb31751ad3
SHA1 3194be24a98f6a8493eb1cf96081c592c5986320
SHA256 20177609ef84109cbd8e76f554d622ec14587297c1d2a98100a42cfb0f181535
SHA512 e523b1a1edad998294f7a3c4feb10bb8946bd8284f09457ac56dd721970c792d3dc8d58bdbf3dca8e24d8a109b13aac461019d6c47a5acbe0b2db013af2deaa7

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\lib\macos.js

MD5 4814022b2ae67df02bc84afd6e218ef3
SHA1 a4a6a3280110acd5f8c15f51fb98030a7d9e1f03
SHA256 e50f203ab3894301fd7e3ec2d2581739d5f39f395df34b754964927cfca6aeda
SHA512 415d98b8825d8b95c3c6931a0e42bacc3a7ab4b67fe2dd4f09b2319cf52fb516696229dc7c5ccdf5218ac4effe76b361dc455e1f58eea5a87b2a52704ea3a597

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\lib\linux.js

MD5 56d77986c00c7c8bc6000f4068578295
SHA1 657e0769181d7d0f1c36036117763b41c342566d
SHA256 0b364961d2374291c79cf8556f065b7bc272f117fcef6b9b67aefa2b9d762109
SHA512 16f2b7c4fe77d38df07c0b05a72329d5c820b5d727390dc9780b2f9962a766d3cc65decea01a6d7caad32f6127bd280c55e38a07bccd5dba6307e6b8f8728777

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\lib\windows.js

MD5 f912cda66cb6fc434824a5aa3ffcb717
SHA1 95a9e0e407db544a16745af494aaefe3e8693231
SHA256 a56136479ba0522e8138839c4453571bb28fa9e1ac009f103e251cc75e8066d6
SHA512 5466dfca3b5ce776cb34fec8ff48e82ac22ef759f2d62ac2462c184b5e629487e10a07d7fc1b7babee2abbda97f0250103b65c307acdd516ad5c713b70c19e5d

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\index.js

MD5 394a6022c9e7aa401b3c992c4b92ea94
SHA1 cae58c8959c078b24484148a0d09da816d350699
SHA256 125c1a517628169f4e66e0e237d201be226afb5c704a684aee5155de69281685
SHA512 cbd75168e3054a8412eec7fc1415ad1906d8a3228a16a486674909bec0f3a8b177f02e4c9c3419598e13fb0676d87132e82ee1182549c69c6bcf59fb59aaf0ce

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\package.json

MD5 e5df4e3b7058c914e5048223a6c79f1d
SHA1 ab75ebfcf8d669da6c0b54ad2e5f5d73a466cb1e
SHA256 101c15c05c78832bc02635e6e2252f1ed23367d22411b51518a1775ff6e972fc
SHA512 a316798409c568e5cdd07a34a838d0b9842f65c03ded19853678a30ea3024e9f649afa8b5d4093f5c0c811a33bf513ff1fe4aa33f60bad7553fbfa6584327b29

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\renovate.json

MD5 63823bf8be61361cbd13bf183e201bf1
SHA1 4658400152c61edee1555bb86cb6da13e2fe4401
SHA256 cba2cbd76811a1b8e808000d073d04f657aaf0551c73a805ca3a4b492f21bd47
SHA512 8703cca6f04da47e5376730cf993665f7db1fb854f8509c0b831f189bf4a4c396808eca7949123e334e42a407a6aa84cdad34e5bd1b00d0a4c30f07a80cc9a68

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\workflows\ci.yml

MD5 d1f842c537b6b450fcdded865831bca9
SHA1 6a95e32f6a599be8d03b33cac14f9dc776dbd44f
SHA256 72c6bf0a7a66c94d54e5792bdc808a6ba2107e692230cbcebf6decd46bbe11ca
SHA512 89caf43140242ffbad2d808eac44095a3f072a0441def37adf32e55209df27498b800d57028e51be4319de1a0ce3bb26dafc0ce0b218175605c91a107d1e6cff

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\ISSUE_TEMPLATE\feature_request.md

MD5 174545e1d9daff8020525fdd1e020411
SHA1 f6867a2f0417fe89a0f2008730ee19dd38422021
SHA256 1f48c52f209a971b8e7eae4120144d28fcf8ee38a7778a7b4d8cf1ab356617d2
SHA512 b18005cfe7409fde541b934131c32c2eecdc4a8fd62cd558f274a25262c0e6b0b8fd27674ee55d6d4e4c435d49d580a077181fe8b15b095c39736b01ff4ee537

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\ISSUE_TEMPLATE\bug_report.md

MD5 d1d38ecc8b3a869312b3eedc6a376201
SHA1 4aa1d47ab0558e86f5a86629d0a1d99ba1af336d
SHA256 a25704529f0d5d89309743f5ca52189fdb16a770885c0dbe8edb3ea9d54a6a90
SHA512 cb77aea773f82e95fc593ae67b31caab164e101205eb68f6bce0103df9eaadc7c1d9dc6d0083ae6420e82027b21925c55593a7033ae9b4203e9970fff732c84f

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\workflows\lint.yml

MD5 2659061b249572af5e432f2c070fac7f
SHA1 437c3a1f784bd2e4b403d8cb71e177e9f4d07015
SHA256 7cd6d0c254b0b431d1842ad1b12a9b633ab41d378073b935996de5c1aee79a6e
SHA512 f054b3e7e97d6cd07a533878ff9e0fe1a8ac08295ed0962c0d41bbafe30703a18be1a3723094c4cd22625857704b479a7232c3007656c297081e7a014e28bf7d

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\workflows\release.yml

MD5 f6d0e9b28417057e6685b1789d91e225
SHA1 27f0d718d3557a12b925e23cb0b14b93b8a6ae6f
SHA256 c893be9e533bc188f9039a9e24623c620dab2bd863b419a44f93cd397a10af1f
SHA512 d298dffb5b5539e20ec4540bf96184f5e8f90a68b2b17127844cd5f02dcba48bb62a8ee68711416a2730c155dcce00b1fcea9211f73e0ac61d0cd562e547f2bd

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\utils.js

MD5 a2f2486efffaa9be30b2ef58e24d49a1
SHA1 8ac5c529c227adaafbf43abd917a44b87c92ce46
SHA256 f1065090ce89b14c76d533d11040556759c58679c0eb89a1e59337d318e16a6c
SHA512 d1283a5663aa62b2262283b1a611e002602f869dcf006dd336d742272f14d98791c35a5c32af92884692a62fef0942e6c99d0646aadbd6582e418eb4497a4c66

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\darwin\index.js

MD5 78c9024198b8933ba47fd22220ccd12c
SHA1 ae8e968a89e954dd31b5c1827d8bc1ea632cbe83
SHA256 e364425fec6fb780c1fb00615014a0d5e39f65517848a12371b8934c5bb35e8d
SHA512 0e06a3b4684b7275491691329150fede20b253aeafeb3307fb19f88d1477533ac20b028a73f61d32deb41592414d95ac73c703ac016c8ceaea4739f2a008cc36

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\linux\index.js

MD5 3b9999e65606270a0fe405aa1bb32fd1
SHA1 b090ad8054a7384c01203962e94776b9134f42e2
SHA256 f0cf780d0dea403121f30fcf11096c48a4a0dc2b0393d41ebbb664ff7c89ec3a
SHA512 0a09384372a32c723ac8e8324dd2f93d57467d2e8b53dbe3231ee37ccae9aaa5c91363be4366e8c2a5495f607ea96782c11363dab7097fcf27fe3645c403f141

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest

MD5 8951565428aa6644f1505edb592ab38f
SHA1 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2
SHA256 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83
SHA512 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

MD5 ab2229f48309619a42e98f617f5d26ee
SHA1 81671593ff9c5c85a09f23e5a7cce3a4c80c3a2f
SHA256 ed1a0f3e590bd553451ed06fd24a4d34407dd5fc63eb93787a53ea51d20827cc
SHA512 520f5f82100f2cf70d5f2c8406d83be30b8104197aa0a4dd1b45a9b6c1c15f2f3eab4e578db1c2fb41d2e2bbbe70a0f937cd6e8e3b6cd177f2444140df35db89

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat

MD5 da0f40d84d72ae3e9324ad9a040a2e58
SHA1 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f
SHA256 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
SHA512 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

MD5 1f7ac522163b40420c5ef90e9754e7cc
SHA1 ed44e8fbe73bb7365053903c5a9fad8901fc4dc9
SHA256 d6b552a1349b098b8b0e0f301b2575d0dfbcf28c550840a502f65dafdb20394c
SHA512 e36ed4a5322b06c1c8cedda3daefd5d61bfeea460a971315ddd9b6bf8adf1bf081493e987a63128eddfe56d05e8cc80cd34ad4e6c06ac1c69b6d9f9eae012b12

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\swiftshader\libEGL.dll

MD5 29ae8bef0cf8b6a26f4bebc5a20900da
SHA1 515abe76943288d531b35c1b4c764d1dbdb281db
SHA256 711cf342b3a008c9116f6138358a67007a29d281d09cf23d20a5e17aa503ee9b
SHA512 99981e7074b580ace154c36d0aa1542dcdb979f36476b680ef19c3fd8a9126b5a808e6e1cf2224d20ba22c328b9a621c280c4ffa74638e358297809001d737ad

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\7z-out\swiftshader\libGLESv2.dll

MD5 dc060f0be506dc5b48402c2ffd62c3a1
SHA1 3988bb810d92b2e317767f8e25d3d1e43f0a6f68
SHA256 a97834a44a1e28b574c967f1cb93b97cd19e26616439133c11c9dda4b26d605b
SHA512 04cf84033462a521c45b71f31ab007f712c6b2f5cfbfc97ce7dbf60074d525933af6388d9ede366a00a0983ba4e34a1b318a759cfbbb520ed621df9979bb315b

C:\Users\Admin\AppData\Local\Temp\nsd8E66.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\5c949155-df13-4246-b4c6-05c0610f2c17.tmp.node

MD5 5ecb9303024b5e5a960bc37e4be31773
SHA1 235705541c5d347a4e236af604d44e332c3976b4
SHA256 a90f84a584806ac02a3a405aa605eb6e98f9b7cee5f526ca47300e73eb1c0b0e
SHA512 094a8ab08d5112575543e3b44f7bfe4ac6a77e5ab7dc5de8b2ecb7d2f833100f3f00297c13591ab77e934457f7ae325048d21b001ba8717e621d1155e77dfa49

memory/3240-762-0x00007FFE24050000-0x00007FFE24051000-memory.dmp

memory/3240-761-0x00000233B74E0000-0x00000233B74E1000-memory.dmp

memory/928-734-0x00007FFE24040000-0x00007FFE24041000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e765f3d75e6b0e4a7119c8b14d47d8da
SHA1 cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512 a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

C:\Users\Admin\AppData\Local\Temp\87f64446-790e-4a92-aeaa-36eedfa16eb9.tmp.node

MD5 083fd9f2e3e93e1f2c599a2b609c9e5e
SHA1 6db2b6ce3e60d828ca32a6000c270c09224f3139
SHA256 5800c926c34c7ef38a45840c30e8855c1b3a6ec1ec8f37ffc6ce2d402728eabd
SHA512 08206b13d7e91f36d65de545b483d5fa446c2a1d8baab4c2fb19aa711af10cbfd98da3811d34a16033b5c09eb297fdcfaf09a186b4dcf69e84bb4dfcc11d96b2

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Temp\Web Data

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

\??\pipe\LOCAL\crashpad_2040_AJVIVILSLBCJMNBL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 53bc70ecb115bdbabe67620c416fe9b3
SHA1 af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256 b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512 cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d69ba68221e3b530e5b14e22eed0b9eb
SHA1 39e256b4e4d930903c947f3a14f82a1c0dc71677
SHA256 495d2a674e6c49ab19b309fd69d7557dd9d90f0e9df586644f371d36a0b6865f
SHA512 7ae1320a336ba3cdea11232630865180b3548a545128c303a0f3587add3916dbe7e86e083eb7b43787bad299c772cfbfd0236013f53cfac7d86b809619f3a76e

C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Passwords.txt

MD5 cf77d252cb51adbebbe15fa3c632dddc
SHA1 66bd11e57d5617cb9691daf0ea16d65b79666895
SHA256 e9de116bb7d2a7986d299425e6fb8c400e1c663fed6576deab0751bca7b95f05
SHA512 f81b88c5084c3373a8c932c59ec098868cda04c873edcf31777c432900abacbd273629b45e73bb7aef9baa202c3e5a1dc9141a3644604080934444aa32893ef7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/928-902-0x00000272F64D0000-0x00000272F64FB000-memory.dmp

memory/3240-903-0x00000233B73B0000-0x00000233B73DB000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 87e233753006f085deda6b38fb5a9484
SHA1 02c8b157d27896afed0616dc0c122ac81d6b954d
SHA256 a93e164593fe9f868f182ef2ca9d1cae46c50a4ad372e8cedfe3fe65d3ddf411
SHA512 198c5106a40833f527561c5bf761be7d3cd9f59ce52342c77150273ae263c2d3911974f62a7750da031d491fb6ecd88e8d99f31ef70f0895c62ad57f01bf8e74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6260e30889c0bf5dbe7f2901b5477512
SHA1 1c61e074de4a4ccaa7ff1b3c60e455db8624ea7f
SHA256 7735079382697bf5f4a5ef53eb955e35967264fc482a88409ecbbee9701d30ea
SHA512 87aafcdbc34818484d69c659d43fafe36a6abc41f84276175d2cb8a37c172ace3459056a7b520c821989a907f6d5d5690bc4dfcd8ecf352862da33ccfc0c1368

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 39487624cfa3bc77ece2a813363fc281
SHA1 1c231dcee0e3e9938959a03fc5b88973a5017514
SHA256 364ae42b842604ff68a0f3044f0370385a8f2ed1bd390f1f710667c4cbdd8242
SHA512 bdc48b1e78dbe922c13815e3bce65ee9a3e516569620798f2f60342f52564299bca79f0c7587c4c0b36dad96365077ad7deb493901d4bafeccef71240929a59f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 644057be3af6d92dfe79580318e4ca23
SHA1 902743105cc6f0af312ca6308658d365104befb6
SHA256 5dc667afa277cbf78362680bff93fdfa643edf94379fad500f8fb361f325dc74
SHA512 0d620eff3c030690859f55b47a948242693dd7d1b0bddd41d00d86495d9ab672df0b13172512969531c1c9c24f9f1a1c02f3c6897a9aa87f492f0f7d1e139def

C:\Users\Admin\AppData\Roaming\WindowsBootManager\Network\Network Persistent State~RFe58d116.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\WindowsBootManager\Network\Network Persistent State

MD5 4d6f3286b69030698ebf62ce82c9a9b9
SHA1 7444a02e43f4a9746862d5079baa744e4f3c86b3
SHA256 1951d13203f922860f4dcbec1a52b9c753c2f4cc242bf7459b1e93dedb11a26e
SHA512 6f551d43b85a0ab7d7ce93314b8a0e8d2a175db2c672cd229cdcb4927ba30c85943db88b208a4114dee360c0749ba938059328d4682b194fbd923f10a9997ac6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d8d4c9e99cf8b7eed00ee0fae4f93929
SHA1 ab877819ba26bc2de51108b088b45314ac150c78
SHA256 70c36348ec46a760e6eeab20a05337ad6460778e44d3b843392b73c6e031fd1d
SHA512 895c98a0071454c97c758802b4893dd1e1e5260b4fbc8c255ea65be831a2c165f168e7520a098cfafd21c76e579adf71e65e1396b5f6bfd017e62eb5007d35b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591a83.TMP

MD5 18b72f9f6f433f3e60b08ab4bd19248a
SHA1 7f1771f89a83099756707c6d458c85f5ec424af4
SHA256 a940125083ea74d02b6cf6d5584c372c180226d2b5700c618547ae2a22fcc6ab
SHA512 4239588c49170495377596de14d925a6b0a9af7614fac0f793f31f0bb0c83049e4b9e9a7eea4dd52a2f11066c0aee521c00436f56748013897c6cd94dd826b94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 981eaf7505a4e52ae0f2e2ad6cfef88f
SHA1 28c11ccbe8e8087fb5f442504dfe62dfd726b8ee
SHA256 bbff2018eef9702c958285c7397cd852969a836f4ab344d0a72e60a51c0a904e
SHA512 a0edeff13f520e4a8aac725661605e5adb2f36bb6c77a8851e9858ea40042de180375bbc7ecc02eaa7bc4a4ddff0cb91fae15891f53c2f15a9738f6c7223f493

C:\Users\Admin\Downloads\Unconfirmed 574404.crdownload

MD5 e052900bedde38a22518d15217092cf7
SHA1 4178847d928a8c7d90934503abad91a3f0aa3bd0
SHA256 8ba4cf21d15bf47cf36d77a41058d12f8a7b4d333164618f3b2e6a52a1f226d5
SHA512 1b190e1839ee1ae27c25a800daf60c5b61c50d467a0bc09b9eb2f1976049c24935261cf2990d695c9adbac5331299b21d394b85c623766d3a809f16f933ceb73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1d4646e2339ffbb3d79427c7176ae259
SHA1 8a3528e2071dd7752bc53acaf9583944cfbb129e
SHA256 52fbd50f523ea0f8558e7fa629b29b6d57525b6a35103b40fc10ab1c29620bb0
SHA512 014820382344b3b753748ff8b9a2ae0dbcc5f7cf3dd707d6f8e53f79eee1d7b753f254ee58f2a6c9a69ecdbc82422ccaafa34fc1fbfacf57b5d348f1bd223049

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b4e78c533b49d0bfa0bdf8e7b62bb81b
SHA1 b9ca058ccd8d002be9289415107e06682a69b534
SHA256 88e7d527bb2073cfc681c03a3ade097241a5b8a5a8de19782f29219b44dd6ebe
SHA512 0da710e710499b609cabf5471e4b5e22c6e8c1b48d527e3d3421a25d3d27ee66f7adb6a9a92b1b78603d707559798a91c8b4988083165e984eb86238b4c1a295

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f5b0ae776242ffd07beac69af79dcf51
SHA1 927cc13fe0b15f3cf3d25d248a8c8329a88aef5b
SHA256 30e261653fb6e74d8de9993bb581f6a18d4d8808980c6440b037d250ee70930e
SHA512 45231b5fc841d8faed286f8cd5716825b0c66e0fba2f11d7252cea705eecdee60bbd228cca05bb041e36c537feaae521590ad27c26771d4cae35fd33dcea7e70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 599d5baadee542a68f82f240e998e69a
SHA1 d56f23cdffccf1ce245031ea879b5a3dcb40d306
SHA256 39cfbc4bef1434ba645ff2c1499d0385590a4d3f26141724d664d4b9f80bdbb0
SHA512 228e3cd4e7cbe2bbb10136ead01d7dfb3cacb9211869dfcb1c9b63064fa8345bb3f299807e2c08ec4f98dd2a6771ac288be5b172156ceb0fd02a12d5eccfbdda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 f643f725b748ddbec5d22d7ea6a1fe8c
SHA1 73c82e775964ee77b1cd69f79e759e864fbed636
SHA256 dbc552bf03cdbd51e52d7ba6a311724e6bb9184cd29438ec6c4656d9657f09e2
SHA512 d82c42d59b471a0c4e765b0fec2660ad58c516115d915f85b3d84b7e0cdfdc1d11d976d47b299ef435f65a0e87a9042f7cdec53016868facac2996390046e16d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 193902dd86bb63ad70f5a189f6b848ac
SHA1 354c09fe5a7f961b1800212bf6dae9fe917ac677
SHA256 b48de8c080fd8c8cb0ed2109a778ec6309b55b1806035080e4f2eb68c09ae07c
SHA512 26d78a8c011f558824af120978149fb062710043ec72760b779ec51a2e029c27e776374b98e24ae2ff93e477411dc56cea1a428642aeecc353e1e94aabfd6c4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_0D7BFF9D231ADDC3439B70E4C5E809D4

MD5 347b95f816b44861542814541c71bb80
SHA1 b1bff5bfaae0cc70a262b6353f307afad6252ec7
SHA256 0b3d00ec495124a4b7ec19be616d9c8d94f6a7400bba9eaa122d1233acaa69a7
SHA512 a0623576134304098a6e6e9640b9218a9f1f78e3acfebb1c63badbc84b5c4efb2e7e960b77815aa7cc0471e109021d70eae3042792a071ec9002368dff61ba47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 c8c4af1c4aeb585a86e26a089edf27a8
SHA1 ec1975e380a97be65cb514e6c648b47e7dc315ac
SHA256 8d97ee5b8a1f1ff9c853e7b6a1c8590405c2a5fcc48884ebfb9e584492d565c2
SHA512 a63ac7ff688e68a1c8c058fbc0514f0c373851e474da6ca408778334ced41739387575edbe24afa79885148d187fd08703d22d4ec363732bc1fec80ef5b26368

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0f632cbf294295dd5a8c89bbca5ce343
SHA1 81423e3f7fb0e255c56997eb6df8cc2c426cb4ac
SHA256 926a97770fd1825cc024abcbf481f179bb11053936f786302371d0db44384a7b
SHA512 439986fe223495fd0949683d410ba056e9dae7a16db49f54fd2a4b4959b991f0ed7fea4cf1abc3ea48011c9c648293a5bf4616792be1f2f9c5ce7f2d4d0f3102

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b2cc1f35c03f5cf9d9964e98ef229bd0
SHA1 d1d0731ab45fc845822e799bf53171360059a931
SHA256 07028889b9c66df84b3bc9d3e76220110ccc77c9e9355bd9529a14a8b9348891
SHA512 8e22c0f823f1fd655183531902b80a9a68a7361703831ee4bd8a38791f79f91ac8c30900e4b1b15dd26ff552223f885b1d3b07b0634a7de656de84f9bb6b9abd

memory/5976-1294-0x0000022682A00000-0x0000022682A01000-memory.dmp

memory/5976-1296-0x0000022682A00000-0x0000022682A01000-memory.dmp

memory/5976-1295-0x0000022682A00000-0x0000022682A01000-memory.dmp

memory/5976-1306-0x0000022682A00000-0x0000022682A01000-memory.dmp

memory/5976-1305-0x0000022682A00000-0x0000022682A01000-memory.dmp

memory/5976-1304-0x0000022682A00000-0x0000022682A01000-memory.dmp

memory/5976-1303-0x0000022682A00000-0x0000022682A01000-memory.dmp

memory/5976-1302-0x0000022682A00000-0x0000022682A01000-memory.dmp

memory/5976-1301-0x0000022682A00000-0x0000022682A01000-memory.dmp

memory/5976-1300-0x0000022682A00000-0x0000022682A01000-memory.dmp

C:\Windows\Installer\MSIAE58.tmp

MD5 c40c85af0d5259a3fe92b84acb35d578
SHA1 47219e725893cfa54d24a3ee38e1a1046c5ef910
SHA256 d09b02b74a28f98edb808817e6975c0fe5dd3855c9daba289c07b8d2ead87839
SHA512 f01fc216f5160c69ecfaabf840d06486533fe13a4c369549849965bb124e54d1a25f7cc035e960a0aa0f66eff4b807ec454a09c98203ddaa8256d7359960c9f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 98eb1d1f69ca3bc890c05742e21d2c11
SHA1 e84ce7392861def146f13c0768ef454c01e1a015
SHA256 98933facd8a0e905ca8d82c9621d20a4930864f96a9f1c812255987c32a202dd
SHA512 b6642acfac7f904a7504dab536a95038af5fbb060e27df32642c25e2d5aa46ddafdc35fcf01c8afc4144bf78cebddbb25ea847d7c2ee926c3e153ef86b919e66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eb401dfe1d7941d0df6c023b40e2ef57
SHA1 74f89585d67b026086c7fd327b5b8762b4d48de7
SHA256 13f1227ffcc6d3e560d7403a4ba107f64e13bbb74b192c9b34e2271614d6fd31
SHA512 b70edf06440396b2a4f402fd387b72b1bbc3042eba2302522e57447562d530998ff725c43899b115c2d4fe8c5a66c81f625d1d34fbea78ec8a451adf19512d8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 74ecdf7c3186fd056791af2a491e3069
SHA1 ade87d7a4ff8a69b32c8119fe080dbfdf28aaee4
SHA256 d8abab4b149682d9563bc6ac22aec770c2ddba2dd83e78b4553668fc3ff9d2bc
SHA512 9a1364cba8533e86b13c9382b0386638513f8dd1b97d057033b85b8c0a0f0d84fc06d37de8af54fc3c784c21de79c63f1398ae9dd2d0e0399f9916e52a8e174b

C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\tuf\LICENSE

MD5 dfc1b916d4555a69859202f8bd8ad40c
SHA1 fc22b6ee39814d22e77fe6386c883a58ecac6465
SHA256 7b0ce3425a26fdba501cb13508af096ade77e4036dd2bd8849031ddecf64f7c9
SHA512 1fbe6bb1f60c8932e4dcb927fc8c8131b9c73afd824ecbabc2045e7af07b35a4155a0f8ad3103bf25f192b6d59282bfc927aead3cb7aaeb954e1b6dbd68369fa

C:\Program Files\nodejs\node_modules\npm\node_modules\@sigstore\verify\dist\shared.types.js

MD5 24563705cc4bb54fccd88e52bc96c711
SHA1 871fa42907b821246de04785a532297500372fc7
SHA256 ef1f170ad28f2d870a474d2f96ae353d770fff5f20e642cd8f9b6f1d7742df13
SHA512 2ce8d2cf580623358fef5f4f8925d0c9943a657c2503c80048ca789bf16eacdb980bfc8aaaa50101a738e939926fcf2545500484dcad782c700ee206d8c6f9b9

C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

MD5 d2cf52aa43e18fdc87562d4c1303f46a
SHA1 58fb4a65fffb438630351e7cafd322579817e5e1
SHA256 45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0
SHA512 54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

C:\Program Files\nodejs\node_modules\npm\node_modules\chalk\license

MD5 b862aeb7e1d01452e0f07403591e5a55
SHA1 b8765be74fea9525d978661759be8c11bab5e60e
SHA256 fcf1a18be2e25ba82acf2c59821b030d8ee764e4e201db6ef3c51900d385515f
SHA512 885369fe9b8cb0af1107ee92b52c6a353da7cf75bc86abb622e2b637c81e9c5ffe36b0ac74e11cfb66a7a126b606fe7a27e91f3f4338954c847ed2280af76a5f

C:\Program Files\nodejs\node_modules\npm\node_modules\indent-string\license

MD5 5ad87d95c13094fa67f25442ff521efd
SHA1 01f1438a98e1b796e05a74131e6bb9d66c9e8542
SHA256 67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec
SHA512 7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

C:\Program Files\nodejs\node_modules\npm\node_modules\ini\LICENSE

MD5 b020de8f88eacc104c21d6e6cacc636d
SHA1 20b35e641e3a5ea25f012e13d69fab37e3d68d6b
SHA256 3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706
SHA512 4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmsearch\LICENSE

MD5 072ac9ab0c4667f8f876becedfe10ee0
SHA1 0227492dcdc7fb8de1d14f9d3421c333230cf8fe
SHA256 2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013
SHA512 f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

C:\Program Files\nodejs\node_modules\npm\node_modules\minimatch\dist\commonjs\package.json

MD5 56368b3e2b84dac2c9ed38b5c4329ec2
SHA1 f67c4acef5973c256c47998b20b5165ab7629ed4
SHA256 58b55392b5778941e1e96892a70edc12e2d7bb8541289b237fbddc9926ed51bd
SHA512 d662bff3885118e607079fcbeedb27368589bc0ee89f90b9281723fa08bda65e5a08d9640da188773193c0076ec0a5c92624673a6a961490be163e2553d6f482

C:\Program Files\nodejs\node_modules\npm\node_modules\minimatch\dist\esm\package.json

MD5 2324363c71f28a5b7e946a38dc2d9293
SHA1 7eda542849fb3a4a7b4ba8a7745887adcade1673
SHA256 1bf0e53fc74b05f1aade7451fbac72f1944b067d4229d96bae7a225519a250e4
SHA512 7437cf8f337d2562a4046246fbfcc5e9949f475a1435e94efbc4b6a55880050077d72692cbc3413e0ccd8f36adf9956a6cc633a2adc85fbff6c4aa2b8edac677

C:\Program Files\nodejs\node_modules\npm\node_modules\npm-profile\LICENSE.md

MD5 2916d8b51a5cc0a350d64389bc07aef6
SHA1 c9d5ac416c1dd7945651bee712dbed4d158d09e1
SHA256 733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04
SHA512 508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

C:\Program Files\nodejs\node_modules\npm\node_modules\promise-call-limit\LICENSE

MD5 7428aa9f83c500c4a434f8848ee23851
SHA1 166b3e1c1b7d7cb7b070108876492529f546219f
SHA256 1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7
SHA512 c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\LICENSE

MD5 d7c8fab641cd22d2cd30d2999cc77040
SHA1 d293601583b1454ad5415260e4378217d569538e
SHA256 04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be
SHA512 278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.js

MD5 bc0c0eeede037aa152345ab1f9774e92
SHA1 56e0f71900f0ef8294e46757ec14c0c11ed31d4e
SHA256 7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5
SHA512 5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\package.json

MD5 d116a360376e31950428ed26eae9ffd4
SHA1 192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b
SHA256 c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5
SHA512 5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

C:\Program Files\nodejs\node_modules\npm\node_modules\wrap-ansi\node_modules\emoji-regex\index.js

MD5 9841536310d4e186a474dfa2acf558cd
SHA1 33fabbcc5e1adbe0528243eafd36e5d876aaecaa
SHA256 5b3c0ac6483d83e6c079f9ffd1c7a18e883a9aaeaedb2d65dd9d5f78153476b9
SHA512 b67680a81bb4b62f959ba66476723eb681614925f556689e4d7240af8216a49f0d994c31381bf6a9489151d14ed8e0d0d4d28b66f02f31188059c9b24aaa3783

C:\Program Files\nodejs\node_modules\npm\node_modules\wrap-ansi\node_modules\emoji-regex\es2015\index.js

MD5 cf8f16c1aa805000c832f879529c070c
SHA1 54cc4d6c9b462ad2de246e28cd80ed030504353d
SHA256 77f404d608e2a98f2a038a8aa91b83f0a6e3b4937e5de35a8dae0c23aa9ee573
SHA512 a786e51af862470ae46ad085d33281e45795c24897e64b2c4b265302fa9cbfa47b262ec188adbc80d51cfc6ba395b500c0d7f5d343ca4fc2b828eaedba4bd29a

C:\Windows\Installer\MSID51D.tmp

MD5 80bebea11fbe87108b08762a1bbff2cd
SHA1 a7ec111a792fd9a870841be430d130a545613782
SHA256 facf518f88cd67afd959c99c3ba233f78a4fbfe7fd3565489da74a585b55e9d1
SHA512 a760debb2084d801b6381a0e1dcef66080df03a768cc577b20b8472be87ad8477d59c331159555de10182d87340aa68fe1f3f5d0212048fd7692d85f4da656f6

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

MD5 35b86e177ab52108bd9fed7425a9e34a
SHA1 76a1f47a10e3ab829f676838147875d75022c70c
SHA256 afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319
SHA512 3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

MD5 4703a5862f7547fda2dc31d1c0eb69e6
SHA1 fffc48cca9cba54654ddfae1b0b773c9f56e2e40
SHA256 c95de19f2c624eecff19a6eb1f81b99717b2be87a4373cada4e56620463ddc60
SHA512 43eda27705db668fe7102a0a80317ccf25bab380fd63094a7faa54840a7b71acb676c3563cac1942f7279f738c859db244bf0cca9988874df745d68c4482ce9a

C:\Config.Msi\e59ad1f.rbs

MD5 5f5edec9a28b3dcdc662590277d0aad7
SHA1 3ff77c205a0ef8724ec6fb79ef1150ba3c86a147
SHA256 aef92d348362c5f93be9be72378dfce89d984173500cda4559d6c6cd9e49f9cf
SHA512 968a43110fbc6f1bde584549c9bac8d7451943d977b341052ef79ebe515faa7aa745b109e44290b0516677d831fff3051b0b07fe999f152aeb3ef3c0855a2271

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4e70aa4e7f3f9b864ada79ec453749c6
SHA1 1cd86ca066c1bfd66acff95898c6471cf8f72263
SHA256 131018c4cd4add768ecb9546c93f65302bce3fa51a5b77f6838347f872832981
SHA512 7bdc575bc2a3a8d076f8236fb75382418b445d712d31e39b8c77415d2ec5cbaf2af7a0678768467e5e963ff2febbd54a18cdd278a95e969bdf495e5881d5b7f9