Malware Analysis Report

2024-12-07 10:00

Sample ID 241115-akebzsvmgt
Target SynapseBootstrapper.exe
SHA256 ecb47d796f67b6282502c20373465b15b67328b0eda4e0f9da42e14aff83bbed
Tags
defense_evasion discovery evasion ransomware
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ecb47d796f67b6282502c20373465b15b67328b0eda4e0f9da42e14aff83bbed

Threat Level: Likely malicious

The file SynapseBootstrapper.exe was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery evasion ransomware

Downloads MZ/PE file

Disables Task Manager via registry modification

Loads dropped DLL

Executes dropped EXE

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Sets desktop wallpaper using registry

Drops file in Windows directory

Subvert Trust Controls: Mark-of-the-Web Bypass

System Location Discovery: System Language Discovery

Unsigned PE

Browser Information Discovery

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Modifies registry class

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-15 00:15

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-15 00:15

Reported

2024-11-15 00:29

Platform

win11-20241023-en

Max time kernel

775s

Max time network

798s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SynapseBootstrapper.exe"

Signatures

Disables Task Manager via registry modification

evasion

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\$uckyLocker.exe N/A
N/A N/A C:\Users\Admin\Downloads\WinNuke.98.exe N/A
N/A N/A C:\Users\Admin\Downloads\WinNuke.98.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Control Panel\Desktop\Wallpaper = "0" C:\Users\Admin\Downloads\$uckyLocker.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\$uckyLocker.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\$uckyLocker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WinNuke.98.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\SynapseBootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133761033733308786" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\MuiCache C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\BackgroundTransferHost.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 555644.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\BabylonClient12.msi:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\$uckyLocker.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SynapseBootstrapper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4672 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 2028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\SynapseBootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\SynapseBootstrapper.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc777ecc40,0x7ffc777ecc4c,0x7ffc777ecc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,13359936102921107283,363175256443404568,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1808 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,13359936102921107283,363175256443404568,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,13359936102921107283,363175256443404568,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2200 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,13359936102921107283,363175256443404568,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3136 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,13359936102921107283,363175256443404568,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3552,i,13359936102921107283,363175256443404568,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3556 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4568,i,13359936102921107283,363175256443404568,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4736 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4712,i,13359936102921107283,363175256443404568,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4616 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4840,i,13359936102921107283,363175256443404568,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4740 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3424,i,13359936102921107283,363175256443404568,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3440 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3276,i,13359936102921107283,363175256443404568,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc89703cb8,0x7ffc89703cc8,0x7ffc89703cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Program Files\dotnet\dotnet.exe

dotnet add package SharpZipLib --version 1.4.2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5276 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4892 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6268 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004DC

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7004 /prefetch:8

C:\Users\Admin\Downloads\$uckyLocker.exe

"C:\Users\Admin\Downloads\$uckyLocker.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6476 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1

C:\Users\Admin\Downloads\WinNuke.98.exe

"C:\Users\Admin\Downloads\WinNuke.98.exe"

C:\Users\Admin\Downloads\WinNuke.98.exe

"C:\Users\Admin\Downloads\WinNuke.98.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,14105847233707815093,522511837510147661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7512 /prefetch:8

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\BabylonClient12.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1FE5D79B1AC4AD35CEFE3ED178DAB220 C

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
GB 142.250.178.14:443 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com tcp
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 88.221.135.33:443 www.bing.com tcp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
GB 95.101.143.185:443 r.bing.com tcp
GB 95.101.143.185:443 r.bing.com tcp
GB 95.101.143.185:443 r.bing.com tcp
GB 95.101.143.185:443 r.bing.com tcp
US 172.183.192.203:443 www.nuget.org tcp
US 172.183.192.203:443 www.nuget.org tcp
US 172.183.192.203:443 www.nuget.org tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 172.183.192.203:443 www.nuget.org tcp
US 52.159.113.5:443 nuget.org tcp
US 52.159.113.5:443 nuget.org tcp
US 52.159.113.5:443 nuget.org tcp
US 52.159.113.5:443 nuget.org tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 172.183.192.203:443 www.nuget.org tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
GB 95.101.143.226:443 res-1.cdn.office.net tcp
GB 2.18.66.43:443 tcp
GB 95.101.143.177:443 r.bing.com tcp
GB 95.101.143.177:443 r.bing.com tcp
GB 95.101.143.177:443 r.bing.com tcp
GB 95.101.143.177:443 r.bing.com tcp
GB 95.101.143.177:443 r.bing.com tcp
GB 95.101.143.177:443 r.bing.com tcp
US 20.42.73.28:443 browser.pipe.aria.microsoft.com tcp
GB 95.101.143.201:443 www.bing.com tcp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
GB 88.221.135.42:443 www.bing.com tcp
GB 95.101.143.219:443 www.bing.com tcp
US 52.167.30.171:443 fpt2.microsoft.com tcp
US 52.167.30.171:443 fpt2.microsoft.com tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 104.26.13.111:443 www.proprofs.com tcp
US 104.26.13.111:443 www.proprofs.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
GB 142.250.200.14:443 contributor.google.com tcp
GB 142.250.200.14:443 contributor.google.com tcp
GB 142.250.200.14:443 contributor.google.com udp
NL 185.64.189.226:443 ut.pubmatic.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
GB 216.58.201.98:443 www.googletagservices.com tcp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 142.250.179.227:443 www.google.co.uk tcp
GB 64.233.167.157:443 stats.g.doubleclick.net tcp
GB 64.233.167.157:443 stats.g.doubleclick.net tcp
GB 142.250.200.2:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.167.233.64.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 23.206.78.251:443 cxcs.microsoft.net tcp
GB 95.101.143.195:443 r.bing.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
US 174.138.88.129:443 www.babylon-software.com tcp
US 174.138.88.129:443 www.babylon-software.com tcp
GB 95.101.143.202:443 www.bing.com tcp
US 104.26.14.104:443 edge.marker.io tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 172.67.70.243:443 edge.marker.io tcp
US 172.67.143.125:443 youareanidiot.cc tcp
US 172.67.143.125:443 youareanidiot.cc tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 174.138.88.129:443 www.babylon-software.com tcp
GB 2.19.252.134:443 aefd.nelreports.net tcp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
GB 2.19.252.134:443 aefd.nelreports.net udp
GB 2.19.252.134:443 aefd.nelreports.net udp

Files

memory/4596-0-0x000000007441E000-0x000000007441F000-memory.dmp

memory/4596-1-0x0000000000CE0000-0x0000000000CFC000-memory.dmp

memory/4596-2-0x0000000074410000-0x0000000074BC1000-memory.dmp

memory/4596-3-0x0000000074410000-0x0000000074BC1000-memory.dmp

memory/4596-4-0x0000000008B00000-0x0000000008B08000-memory.dmp

memory/4596-6-0x0000000009B30000-0x0000000009B3E000-memory.dmp

memory/4596-5-0x0000000009B60000-0x0000000009B98000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/4596-35-0x000000007441E000-0x000000007441F000-memory.dmp

memory/4596-36-0x0000000074410000-0x0000000074BC1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 4a7bd4e61319dba3128c7b10900e3457
SHA1 b6f0e925d3b73e46d47077c7855c5cdc1aa94290
SHA256 6113d5ff04a5b88fabc660174003c555c2e4b865fba60e703be162c96492fe71
SHA512 275b92818fc9400f869ae91c0fb048c715a9b263c159a198195a7ada14cb8568c70ab836aaffeaa2e3883e177906b47c45c5b7de42e22ef42c22973604ec30c2

memory/4596-42-0x0000000074410000-0x0000000074BC1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d2fba2b6836be6eccce489663109fe42
SHA1 bb51b1db0f6789f04701bf7237347c6d52bf910a
SHA256 c4c632863e1c6d3b20e1e844eed7c2fa563f7458468f4daf0779bdaacac0fa3c
SHA512 b4d188d4a8cafbc0ef4bc47f0f5e2694114ca59af75897bfb9c0974d7d6270679ffff907c4412b5212e11705abfadbbadafcdda0cf5e62bc92ffeb85a49415f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 26574ac8428578bfad96e5b4e13517c6
SHA1 bee884759541f7f44c6ceb21c5520c5a80563734
SHA256 bdf1af4846966c0d6f4b0cb0a83fb05b145e86666c01b07a46efc996b5065093
SHA512 83c0b24337ba8e28497fba734c07414409eea1c22faecf4cb08f0fbf8ff2a2c313071785093687b6b5507c6beab50f1d8c413fa40b529a2ef786369649ba3c35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e5f0d210a9cc613fc8bf8d413b947bb5
SHA1 4e72b73939b42c369ca8476f2d154d8b6a9459f4
SHA256 ec070b9b145102897f58c69bf6e420f7a71f94c4d635fa876587722bc9623d95
SHA512 d61ee27545590780b3977b6d3213f8bc34d61ec967bc8bd4d606e685f87d24d47e20055cb7fb57105bf411ccbd2100d9b344e12fa7d57aa86eddcd00ea3bfc0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 cb16b7ea1a3695e17824a1ac10124277
SHA1 e99a3eb95e17fc89f14723dfb93c78eaa3b101be
SHA256 6a82bc22ea29b799976e87791b20fc1dc498e05b0ef3a1b2330155031b71ac4e
SHA512 d8c4dfeed831fee213e2af5c1bbb265f9be60a4758e440c93b1f4035d13aba1cf5526d6078fe59b17fc1c4c6ed5d6ba3bca6f1b702a437b01833963dc2edb476

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b9556f77a2c9925dc0669a643224964d
SHA1 1766e2f7f073f923e38178f68b13425f05834922
SHA256 d6c8df6faf6d86261f553f2253f102685c45107dc498b11c7d3684753d8f7570
SHA512 8fe34e6a17da6b9b8a92507e6a3ccbc4dea1cee1f2bcf8c3553727a87c52f11d7f8b30e5c0988114e251639274c9a42b73f46fa358e98264ba316016087bcf55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

memory/4596-95-0x0000000074410000-0x0000000074BC1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 84b5f1d74cd6b0893cc4e2f329309b85
SHA1 c9187cfa8d9728b6266be58c750930d11ead3ef2
SHA256 8248b849321fdaa6c48635e52b2137548de8793c725901cbd202730bbc407328
SHA512 37cbb5fc812bbab2e79d2c726435ff679720758e8fd12581d3d4106f4c54cb14b574bfaa36814e7c1da407c086a592761f621d978f080d4585cfbe2fbdfd1b6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c5aed5423c60b8ad5417aaa1381197a1
SHA1 80929f33bf945e19eccf725b7f7700c72cf80d32
SHA256 c56bb6c70603e9078de3e04c1131b73088153f5273589a2f2632212fdb41cfb4
SHA512 4e35a9ad2ce8863139a89bc8889c4a635e94f85174eee720647b3a5ce604365435a84749aa3b6b08fd87efd63d25f8ef299eb695dbae82469b48a4701bad7896

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2cb3738934c614b9d0a5bf5997fc7ac2
SHA1 33e7a34b99cad4a2dbc0f2951b862921b42f26e4
SHA256 82c246006fd111f9927b6f280a39dd4094b31672e089bc9095207c470a1a0b42
SHA512 4b2ab0e027372761bae9487e3ff4b39f68890a380f18d8085b2039770fd0b3373aa0388ce3307813f1bcc7e5abd0cfd3ea524bed49d4f9e92571c4b40282339b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7bed1eca5620a49f52232fd55246d09a
SHA1 e429d9d401099a1917a6fb31ab2cf65fcee22030
SHA256 49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e
SHA512 afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

\??\pipe\LOCAL\crashpad_3216_EFLLOVPZDHUYUJYN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5431d6602455a6db6e087223dd47f600
SHA1 27255756dfecd4e0afe4f1185e7708a3d07dea6e
SHA256 7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763
SHA512 868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eca109e5d34a8ca432b24b4a902d5f84
SHA1 734bffda211000f7295372add64e796c293ab8ba
SHA256 f1ba273eb35bd782474ed83e5baaf6fa9a0f0469640e1dd5d4c0547577729095
SHA512 b1aaa0ae8688ae01afca600a13d1f7a096084a509325c95c0555dcf2d1b4bed5fc674cc2a5aab15871537ee2e2182e0b8df03c2755984a6609cd844cc3bcfe8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ed39f467d8a6b21e58f50f3439cde86b
SHA1 f58808464b62ed435c5b7505829c93e724e329e7
SHA256 9f78787269adaae1c61f32304c8c03b86056ee58166084da2dffc19154809fab
SHA512 b48c55d9b22bf744398070f1957f1de019f97666615e1ee69ae9ca272f9e391daaa33638f21f030c51e051865115af83e0dccff5b56d0d75084ea11b9bfe8e59

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9b2e7bc5962d2f7cc938b199fb28d144
SHA1 c00d3918a8841d1d6f00e5d4b025747ae162d083
SHA256 b5d915c97e9653793f7c7f20f53f0a325f9df3da77839418ccac8899d82f910d
SHA512 dddecb2b630a8a8fb4bf74d9da63fbaeeb18b76f8f40c1208624432175759d8965ec57089e8a3abb6a5ad6736f9b70f37b9343c4f44ae91d9444cbde0faaf56a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 fb2f02c107cee2b4f2286d528d23b94e
SHA1 d76d6b684b7cfbe340e61734a7c197cc672b1af3
SHA256 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a
SHA512 be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 35901af0fd79062932b77015995984c2
SHA1 5d374ef4fac21e9e8a068a637e11d1643b9c330c
SHA256 4ad01215320e138bd946ccbad7da0423eadd7cc23750b73e74aca1ca94f367c4
SHA512 68cec5daa8c7efead2feb707b463101eb9c9f538939f3da1566f72f1e326a14aa86285a8b69b93fe14b2f3f115ee5baaff6f9c22fcc8c3d5e37566fbe98b111d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9511e89a8ff7dfffb998b2f9d843fafe
SHA1 c6475846079f685aaad2807ce1b1f235eb49ffca
SHA256 dbd7779293b55082049e2fec8bfb1db3466a1507ee75da8fcf6a977e5b1630d4
SHA512 ddb1d1d3eb988c66dc1f9d29c7fed0b108f2c7b870d487396961290fcda435a0ea88df3464e550e4f841350c80d52de05eb97875678e29e4cef936e6bbc7a032

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 db4c2f0c6d40efb91e5bcd20fabf5749
SHA1 59d9fcd211acc076722fc1346c40f4564652bb9d
SHA256 8a345a408eec2bbc3bb9629c4388882cca21e8016768d8fe4ee955e6780ce768
SHA512 63b5c57bcde90ecf466cadb7daf63de7bfecbd3ac0da2fabdb54e1a628ff23782b2b1158611690a53d2b892c3de1c2a40dba2492f15b053fdc8b2c136d7a2551

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cb93307ac2a393c6ee357ef45170c08f
SHA1 8fa6d4d35cdd72981059bc172d96076409ef2d81
SHA256 0bac7c704b8be6cbe625e6f45fe6f8044be9a534fd9ce03615d7875d6554756b
SHA512 0f40449dee227341a3351917adb35a69d425f2b92db79a8e7f7bfc7f8e290b53e2739e76d6fbb5e08c5e0c6c2232c5f5c43f1fc5780229e393d22b1b78f15493

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e320dbc79b36e7b653d7e90481433954
SHA1 a5c33d19d240c4406ba3dd2855e9f0b071b3e7b6
SHA256 0531a697f1650452d92fb51516dbeaad586501748eacf9ab7640a4dda5e1d221
SHA512 08d7a85887f9319082cff49c08bb5740393c13627f42543442fdbae7dfca119cb08cb057073f9347e323880ebad813704a1343a86b8efb5c3e7d159db2b10175

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1ebab988df42105c7018ef2fde55d9b3
SHA1 8fb05e3174c254bb99da34cfea70ac24b57a516a
SHA256 a0eefc76afc0b0a7c174e3ba26e4c2775a59c4160227fcfe978661fbe1ad961b
SHA512 1fcee4e08fddb52b917f25d422af8eeccdb27ae5e909bce2acd9826e8687c3032d315700543cef33838a483908089c70be6e04bb9fd7efed4eaa29489ceada44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6b0c661d4f071c14b2ca9606c7578dc5
SHA1 358636107543f4a2a2f091b58b3401c6c88d90eb
SHA256 b331ab4ad9196558fc2e4c5007ee7885955ce7c8cd3459975ab120de087fb96a
SHA512 f8eed2656bf82661167b02e9ba8140a10979eb18d9421671dace751c77d5035710162e875df16127d5ba3fba73bac61c8b389248382c343f7239ce7a63ae73ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7b41a52ffb302886906edb86485870dd
SHA1 df3f7b61289dddbb20d3636c88c185b36d709fdb
SHA256 38b00d6454a95cc831e5219c7ffbbec2bd1441a1b13bdc4309ccfc11294f387b
SHA512 7db3561cc93a69a56a6fa82387887c26e8d7f0d0b1d4ce18d08281f64d66029d08d240d4eb5404571b97e7f5c8e2c09e7d1a43144490f4f5bd1d6cf158f5b1a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b08a8f35801f817e08c626ce9452ed36
SHA1 390c05ad3c0fc75f439a612b34c58b5d39ca9544
SHA256 f4f88e7605ad209ef0fd5a0cfb64555a1db2d06ad35e31f6f765ec499abeda0c
SHA512 a74a69c19cd2ff1b8341c0f8d86f6f90ab91be5e0ae4dfe75e30c27b76c4320c8c0316bc7ddaeddbe51a073749cdd0c0c7b422dd79b9eaf1a0432b02dbe47bc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c4341dba845ebdcc2f11006fbe24ecf6
SHA1 d504c7d3f9bedd777ee81324534faa30a2d61a57
SHA256 071734194dee14af5d7de9414f1fcf9a3dc03eee147a6e8bd18fa29c5085c495
SHA512 7aea6af53bd19d61e24cc3154e638c5ef6d3a6754458253453fe63e7cac124815b77d8bc6f99387b8e1b799a5ef89a10c209c4da18847b09b67f195ed997832e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 8b7bd44e8341d97f974db6c0d07125e2
SHA1 19f315dd6f282552f3e50429739f0fde28db1c55
SHA256 302a8e8264f24c70684589ed19d1c5c2d67c7bed4625a28b6c47004b04a615df
SHA512 bbe7509adc180171eb2d67473ac295bb6bd134d891c9ae5b35c54dbf102995848cb9c8aee1cf93f326a58140ba8fa887fc97cc445b335ce1a54107a1fef9b9ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 036db4170e1ebe27782debea83ff6b42
SHA1 26623112e51d0b6bf57046fe55639133da36284d
SHA256 754aedbeba6b3955d91862bdb564a396f4f447eca635da0c77b45058fa0f7929
SHA512 381dfa27de93ba95c851b72c20c8128d4b3df5fb423909bbfae04f3d416cb169a9bb548784d95d7bc005160e9ea9cda97f7ad70cfa9b79b67b3ffb60159c9e11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f076.TMP

MD5 c8fb7d265d08117bea1995650e4e3b03
SHA1 83f1f9a6613b21baff73e3e059c0ca88a9383af9
SHA256 1cb83ffacf583bcf7238923f93820aa3ef264672f37809e9adc50aa0437a0ac1
SHA512 c4b5b2f824ac3738dc02432ece1ff986d3e222bafc08ce807a5891d7cf5c9306402a8a713e7b812e46bc23c3ca8418ef910aac3d221ff792e49c26ecbe937ebc

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\3d732673-7459-4247-9e96-b6a43a38a56b.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1b21e0592c50aff6c2b8147ab41878f5
SHA1 d1952711acdccae20881c54985165ee36b007212
SHA256 0c33203436630130ef881346137931eb6e7613323a48b2ab2b258ea3a7937626
SHA512 b9de87b377f7f4658e30e36631d9904f91b9d883c69959172a01ae762b307889624bba821c5337430e9805f5ec0f170e580e8101251574b766771ba9651210da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 2227a244ca78dc817e80e78e42e231d7
SHA1 56caeba318e983c74838795fb3c4d9ac0fb4b336
SHA256 e9d7b93bae57eebd7019ac0f5f82bac734b7ac3534d1fa9bdba6b1fc2f093a24
SHA512 624cc23d4a18185ae96941cf8a35d342e048476b0384f0595ec1f273e19163ca49b17b14760628eb9da9a5f5519d4671544669fb08985c4945faf663faf92e12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 0d89f546ebdd5c3eaa275ff1f898174a
SHA1 339ab928a1a5699b3b0c74087baa3ea08ecd59f5
SHA256 939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e
SHA512 26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 cd74fa4f0944963c0908611fed565d9b
SHA1 c18033d8679d742e2aab1d6c88c28bd8f8a9e10d
SHA256 e432edfafbd52fcdbd59ef74892aa2e2ab19df6647ae723b368fca529066a804
SHA512 b526216bdbc73a97db41edbec6fdfd09b7b4ae149d415fb5811dde03ad4b1b0247950abd78fef807ae47674ab1b56ff0b971fa5e305b26bc92dc07871313b750

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 83ca7c03deee804989d8dfcef2581cff
SHA1 cbe4899e6c6c413cabb78645a1dc07ca79061ae8
SHA256 f8cca9b1fb00a96823434d18ce4619a41d76daa1db9946e9cf0fa2bf7445914b
SHA512 22fb36b25c4db643af2c9bfe796ec491ea7687bdd0973dfefdeef5159ca0d11a315edfd22bb5d18afc6f63a4700a0eef8140a612abc5c1baa9d13ad0c5484339

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1d32b3cc88684c8cacb7f9ce881515c3
SHA1 d9094410222f9e88067497eb01ef1095b899679a
SHA256 36707b33d860d06260523fe9c4188899fca6c91482604e16d9a42ccebb7bc66c
SHA512 9c51051f0a62d75b08869610aeb3ab9cf0edf123d0cf76816ea2acfc8a6d3b913ba12ead732a8bd83500d8ac201029a67cb27a91c4c6aef23c8aac10eff24801

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d09483eee8c7e1a0cc9073a25f979c07
SHA1 beea9220d476ad9613c9bcecc30a604467bf2af1
SHA256 e3559b181a0baa689817782d53d59d8f7664e8ce88ed7f7482353ce7c89e677e
SHA512 be7c0dec36893c81f8ae6c2a0dbc7edc0a9f19df10ef038a4d6ec2833b77b14b29df75806151f35c5985996ca780322fe39243b464cce1a8f04028d1275a7aa7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 15dcb83bf651eafb5446172b5cf20d5d
SHA1 d296017b26fad3c97a83940884d5386a0ff694c3
SHA256 ec214a5f61298a8b596ce1112304a2b026fda4108c508930bc2044c0b03ad950
SHA512 1da69078bd4c6e588c1639310f4cdc72bb451cccb920bc6c9f3f0c747a32f4122e55119be07ee22eb0cd7be61ce0a8f6ee2564f892f3e3b26e653ad047f7b8ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7dda4b60dc8a70a3054b895b4a160f98
SHA1 4bf9c74e928e56cd2b1c7fc1790648f2dcd27007
SHA256 39c6d0972bf88b5bd09e8b7daf3a615d80462b180a3c4997aff15a69ecdfd445
SHA512 eb3d5d9cb43a6c63e8c52b3bab92d37eaec83f9f2b22ab7528a13c3b6ddc167fcbe44f2200fd57a5b579cfbd9e27d1da216df06fa2fd202ca7497d8c4a1fcea3

C:\Users\Admin\Desktop\Microsoft Edge.lnk

MD5 d1dacfb4494be3ef0cfa57f79f251e8f
SHA1 16de10600bd3c897017520bb3035caea8bb924ce
SHA256 ab30b82735a7e58533e4ad509412845d21171578aef1f9424ea78126e017db63
SHA512 965a84ad7a9ba2b93f8ee3fbcdfda068484f6b684cd5076e90bf5730c722681d31dfae454cf0e569eeeaee81cc269b998a4f0cfff7ea22c5186bd087d7596837

C:\Users\Public\Desktop\Acrobat Reader DC.lnk

MD5 fa978f738b6baf6fffeb43a591008ed7
SHA1 59491bc6da321f9a28b04775d36e026f974c75a0
SHA256 74beb00d4d9961c2b67f816af8e3c853011ab78dab0e0b0b5a91e1bbf162febd
SHA512 8f6027816ee6d9fd0cbfd85cc85464dd202659b64a0587e2e58e3c0fb8d468a19bcae49bd5278401a14751b35b862f5f21ad803c99ca40d6e9b28dc608814f31

C:\Users\Public\Desktop\VLC media player.lnk

MD5 3c0dff191e32a9854dff9a1de2b65483
SHA1 73c717a0795fb5beaff7f7a9343429bce3100d1d
SHA256 76a39f11af3e116cd98e2d5223f6016ab1d567fb0efb3d2f01192bb62ad2a4a6
SHA512 984f29736e0fcad9efeca2a68096f6dc8d502a7208260024423b7739827e8b5dcf4a194291cfafd33a4b0189a9b6dee73aa4a33c75654d9a42c42ff857ddc0a8

C:\Users\Public\Desktop\Firefox.lnk

MD5 670494c343f679040649aab43570417e
SHA1 63691d283e4f52a33c76d64e79b76b2194efc657
SHA256 90f9f35be90a42914844bd3e9450c54389e36c69caf8176600462c70cfe38388
SHA512 82da1edae070933a2e86b0ddeee47a6f34b4865921142213c2abfc30f3fd2e6a553395ed283bdb4735cdc30e31e36e6ab46073877a1a6864ee7b1c44f74aea79

C:\Users\Public\Desktop\Google Chrome.lnk

MD5 9320743449f16679b24fe5e69abf7474
SHA1 277bee75a94fbe8f92645157df41d8714fc38045
SHA256 76d044abdc9f2a92fba0a0526db6f5a370353be090e365e3e6924a6d13de6cc7
SHA512 16ad2fd814919e295cb42ee22cca2aaa4ce7bf02d25d4894043846950ea9f040d248582a02f744d8865ec1ab81374e030980a97e011f7ed7aab403d9f8a88acf

C:\Users\Admin\Desktop\BackupHide.ttc

MD5 e8f996100df8ebf4943f19439f7d6157
SHA1 ad55ca98fab9456bfd6ad9ca1ee855f8b2fa3792
SHA256 f210734d5dec66f92f00f6fe580cc2f5e332f90eeb42c713fb9582dea87add32
SHA512 dcf465bd577a26e3b2538ecc276685477fe595ba8c5cd61e4fcc8d61b85b057a37c68bd0c43882502083cead8be9a1d8a330227d8163e1401331b3282a2de538

C:\Users\Admin\Desktop\CheckpointComplete.3gp

MD5 e261a07e59c32188effb103dd8c0810a
SHA1 320d6be6cb48e171f2b46f8c731a019c592ad95c
SHA256 93420af792a4a1d01d24dccfdfb8d252e1182a28dc8194cb19903207e4a10a5f
SHA512 9ba333f49c4a917d98a590bfa8a8cf221fc3ef57a40a6582f78ac5c26f1188c9e330002546bcc3b89fe36e419db6b16dddb7a335d8960f0df5030c40378982e7

C:\Users\Admin\Desktop\ConnectConvertTo.tiff

MD5 0572253224f2f77316cd3a2bb08b7481
SHA1 3222ac54370b862fe4ffc01a005a75c7e44722f6
SHA256 021619612997705c4223553b9e207d523d7548824353eb4b6d579bc7edaebf3a
SHA512 22ad1032c3b2493791d58297f034bd7456b064f2c06312836e10af8f8961e197c4cb1a6a247bed35a02f4fd20fef66c776bb42b66ddd2090d9f5818341421d30

C:\Users\Admin\Desktop\CompareRepair.mpp

MD5 8c41fb20d1f928723e1e56d341bc4a9b
SHA1 bd351aa9ff3f63986366d392fc853204219ab91c
SHA256 d25574f2a1db2d8dc64c5a357f5259d98aa98c4627e748a33b06063cc4d6ae0f
SHA512 d981f0c78f38418ee533f264f587cf891a59f072568462adbe9dc5991d83dfac8d7a3009cee52dd5bc1ae8d0e6db5edb3b9b087978aad956c7a3a500e4009742

C:\Users\Admin\Desktop\CloseBlock.dxf

MD5 6fb5b3c50a6f5f3025109606eddfb755
SHA1 aa0ec5b40b9b0d9f0fa8d56170960c7a81f48cd4
SHA256 d6b4f9db86b94979cfda8e24664ce4d62bff5bbb623e0b9c9644b656e0aa92dd
SHA512 f4dce52701a39d3f0325351d7fe249ac0ff0acb6ed630c88ee2659cf910a0c9285afbbc346efa6ec7fca160d0da7da9cbf4d6271fc5950ddde289bd74cf49119

C:\Users\Admin\Desktop\ImportDeny.vdx

MD5 f5b01c9a45fc761636ad3698a03c960f
SHA1 1f5128b8b85f9947cfb3f2e48d05c6ec8367637f
SHA256 a1ac413e2027491a32140c6d0fea1079657a3bb7266969d3341aff8de5f00def
SHA512 b7fcd98456aa1987068227fa68f1a35db667861d4fc6be7726cac0e88f6cbb696569d79f58df8b405d37fc3a9a2c988cf280420cc753653129181ef54517a016

C:\Users\Admin\Desktop\RegisterInstall.mp4

MD5 703e43813115d82b38ec1e9c8060b3f6
SHA1 a35dfdb8486b987d55f4a847e49aa80c6703342a
SHA256 539ebfee117547c52d43abe6356208dac2e96f2d7f39a7f1a78482cedbf9ced3
SHA512 876a6ae9423a27c2211a09e9a70aa7acb30e5bfdbcbe9e91b1be146168f8ca9470d17edc6bca2704b7a865626ec68f4c289eb786baa383e234d4c5a93d91cc21

C:\Users\Admin\Desktop\ResizeShow.ADT

MD5 e941186ff35bd97c1dcf9cec6e373ea9
SHA1 21922dfdaf8b6cd1c34f26968833ca92435845a2
SHA256 8452ba43de7e186b8c3436322cee9abee087dc563876ff96f5866d478c83c38b
SHA512 fe7267268f695a722a6bfb79ec54d0bb7677460ac6f671f064c621db340aaa4cedf3f838202a291d6013ecb4a9f63f8c89603a5e62142814772ce0908e529f57

C:\Users\Admin\Desktop\RemoveGet.cfg

MD5 bd9793cf3c5963923c7bc61c9aa29c82
SHA1 790b2ce920ed69e11919907e833ceeed9a30835f
SHA256 54a3c4c3387794f8e4fb39bca9d508d1a2216a24fc6687f732e0665aa627d371
SHA512 68e1d899f3bc1cc11ae17d832497f0a7f2bb1ed3e6d754164871ede73d7565e3ad43fac37cb8657ce242ff3cc7dc9d25f873a1678f662a362d68ef9e7668bebb

C:\Users\Admin\Desktop\OptimizeRegister.i64

MD5 ee51af4cb2ad31e8de6ee327d0da65ed
SHA1 f54f03c8f898d5d6956489daf65053b3a01dc1c4
SHA256 d783d3b64dcb83518ef79f39c79c377adfd8dfc6a15dc768a4268bc243475af9
SHA512 1dccae2cf8ac62742b61d8971bea1df404c086ae772a2cc7f179d91438a466334a945e0bf43097cec0c38a13632924a8d0287a5b7a142417f1e612626fd2b3f3

C:\Users\Admin\Desktop\FormatWatch.bin

MD5 9416de4b821351125ae4967806d385fc
SHA1 53ed61467c552693471e7a75fb9fcedcbc22f9de
SHA256 dcd3832903752f6d6285aa3f12cffb8bae8a8f3f9e29d6d6d00a1671ead1dbef
SHA512 dd550e04f3c7af37d5f4435853f01ee90ebc22d43422f9bf57044a07beadf0ec11a1873b7a7173d6de3c3e00145c440a6fb01d588002cc09daa0308b3472ec60

C:\Users\Admin\Desktop\DismountPing.vstx

MD5 753b6d16c67732dc464861d042544e9b
SHA1 7ad0aaf2a972422f8af7b74aeeadc0df8eb3cb83
SHA256 5311ceabf849aa1822ca9c9a522278aa8072f77bdb5d8a6ed3d8d383a60a5db4
SHA512 2ed4361267ffde15c5ff39e3a56d1ac9cc87abd4470c952dd2bca7a38fa88d84d64a096fdc56a76cdfdb79777197ef9be2aceab399486f9332908d3eac4c5907

C:\Users\Admin\Desktop\ConvertFromClose.mid

MD5 493d1c30bf02a689f4815ab8c7df5690
SHA1 f101b7a2cecc40ad03b2a5b38703798acc430246
SHA256 e67131dfa2e41b1059b0bf36b2beadbae597c2db9e7ce4eb64c1257a6b0252ae
SHA512 7d87e75766062b542b2b7727f0b1656be2bcc1dd84f0eed75098dc5a3e5708e7bc8545b9a2dbe4b6b9ce73b4684a0542f97a1247652a799b048b39ab38e339ea

C:\Users\Admin\Desktop\ClearRestore.wmf

MD5 1f19a4f7917bc5f1540e852aa6c58e86
SHA1 3e3e782186a73a930529d73df9c513f03e65031c
SHA256 808b693857ab10addd5997d880af58fef5454c8e9e22fdd03bcb609a88a891a7
SHA512 7b33fd72bf48903848f49a935fa2f2feaaa3efe3efa1913d04f33795573770d1141c860199e68ffc80a26bd80f8792ff75f682fa14cea7738b9c2b252f5a0e85

C:\Users\Admin\Desktop\WaitReceive.7z

MD5 a9482230bac9d1110dba0909eb72ef21
SHA1 67ac0f6b897e607d5eaba761f29a2aa4acc39aca
SHA256 b6da411f51c06ed91ece1fd85746cb3ee5084545bebba0b65f0757e139b00bd8
SHA512 6c94aaef6649d732c26d54ba4e47422ed6ff4164144922a5cda514cdbf0dab56ffd76ce5c4b30ae5ec71359b9f684cc1ef48b54a0bce9c141bac23694f177371

C:\Users\Admin\Desktop\UpdateRedo.hta

MD5 c691743e9558f4944d70355a798cf3b2
SHA1 06c642323e25a726e1589c4193d410105f70e25b
SHA256 86005b709793e8616b35f38769dd6442477a2c781cf7b6778ce20e050e2f92ec
SHA512 041f036418ffef177c277ff448084c0f65f3b0b0287b729ee9c0c02fb4424f28dd5ae50f0e41d905ac599e50dfe222c48733dd587cf67c6021d58dfe2ff3cefc

C:\Users\Admin\Desktop\TestLimit.7z

MD5 b06ddfd883008dce56c0eb45f5f78a92
SHA1 4a268a8387737466c877e37316300f5605ccd880
SHA256 c74d8fb4c5b940e2f31e39258d76cf189ba5ab88d4f458edc154e2f31a35922d
SHA512 5c3d28372ac19c10161733e0811e284cb97c692575105e208fd095274bf8e2e00361a47b486af81b0efdc3fba8c8ac4f9cbc36bb9dc76985704ff12c5b2e5b35

C:\Users\Admin\Desktop\PopAdd.rar

MD5 dd6613d501044da59407968e2984b9f6
SHA1 2b33df27696d8fca80e67782519ec2b7fd4e0bff
SHA256 753aa19de58b67df75aab51bf0eac57fa859094cb7127e3f06681bcdc7c8eb4e
SHA512 c42b500c9a422f3963843bb04971d17eb7740fb85a86eaf9cf3b125868ef3a0eeb0abc8725a3cc050bbbac56c1e9cbde9e3422b85c79fc7e9555c299e9a4f8e8

C:\Users\Admin\Desktop\NewTrace.tmp

MD5 4ac70931bc9f0f89adc91d89c1cef26e
SHA1 e6eac1d1d34acb09aa66232a878483bd0dd737f6
SHA256 7ce0fbf44164f9535c47441a3a3ef06c880666ae888a18db0709eaa76cbab424
SHA512 891c6084da28740641e3d4bbd7a7368c7854dc6ef27308e2015140f8f84fab0fa9fca105148cd38d892e06769de095018791d0244cf687423a542b499202da9c

C:\Users\Admin\Desktop\RemoveUse.raw

MD5 a00ba38253039262e1eb3b53153fd196
SHA1 c896de856209d14fd530ec39d1af6988692d9d5f
SHA256 e8db66e0f5aab851aa0662f5c46c0514641c7cbcf220419ea2975a7ad5468189
SHA512 f13d718bfec6c0e596dee91e020f6a79c73a66b029a45c7544730224768273288f10d407bb687c74648aafb891df58ad94e23c28316740f6c9e2c06eb29c1694

C:\Users\Admin\Desktop\CompareConvertTo.xlsx

MD5 0696502ad38be3406aec094832b03c7a
SHA1 b1e72dc3606b43d28de0f14136d2b1181e97f91f
SHA256 b9a50e3c6a23b5d5aec8544d481e7dd97882d17553737635d0f1f048922d1bfa
SHA512 f6fcdff18024094bc255c267c5d4db09fcd2a83dbe66b13f8a1ced61846b5e6a5176a7d73afc49828baec0577e230a4c30c2bb9dfa24cae33fb5e79668866d23

C:\Users\Admin\Desktop\RestoreStep.docx

MD5 9db730a225ec9d3f96d7136cf3e424fa
SHA1 27f0cf5765b104af706932cb31711c4a863c4349
SHA256 52f6da1f3bc30a0d4f9c322dd8d3f2f0cb762f76a33a7f88cb88c4f2d9fe3207
SHA512 fb36f9b0505d55cc88318150ec34ce65cab21dad4598fc7249aafc754d378fd917fa68719049250646bca9cea5cb08a459e64e211ff75cbb70c4b52c493427eb

C:\Users\Admin\Desktop\ApproveConnect.aif

MD5 21faa0053946b56210d4debc557ee8ce
SHA1 999dea0be5e16c616e1a1ed7d7e365dd00398eb0
SHA256 bc2a05f409c05616c83b268bf57c0be0e79dd05f325c2b4fcf0369da0de57daa
SHA512 03caf3652e1f8bfa6d10c5187ed291141a6b7189a9ead573f89c6c77a9c055b01b22b4802b8a5de0fc6d7e5d3afa1e595dfbf9364e7764f6dc81168f404bc8b7

C:\Users\Admin\Desktop\RepairTest.vssm

MD5 138409952385956aed12e5a8b9b7a352
SHA1 2e009a4765af4d230ca17500b9c108c565073a4b
SHA256 ed77d485e88e41e1dd3d094071f1f7c39e5f7ed3bf08440e9e594d4b19a72866
SHA512 79e2e40a132bf865360f9c31c3df24720653b170a6d627ec7c8a4394e78eab44db212b671117ab2fb9eea4ae5df2b9474021d603e926466bc6d4ae9f3cd0df28

C:\Users\Admin\Desktop\DebugUnprotect.rtf

MD5 21ec36d12627d51915482e069d7d506f
SHA1 fe61b9134a2b003b696ddf4cb0bf435c1d1d0618
SHA256 fee388227ba476d8a13e4d8441c477c4085174a159d3c55f59c52602e7f6b96a
SHA512 46050a10ad9475a2a93f045da1ec60153c94a4b4937cd218ae0c220f7ddc2f5c2fa9499f7220133c21914738bb05145ef2752b3c50879b66e190dd83ec703cf2

C:\Users\Admin\Desktop\ConvertToSkip.MOD

MD5 1920bead3e7b88ba98554dc29a62b5aa
SHA1 83925ef99f1c252c78e3aac35457e4cfb5e87a40
SHA256 cb0c5219e7e6c4a0c26294206682bb5dc0ddb28640d7ad8aafe2388cd476f61c
SHA512 8a4258ff68416dcd036807f29ab417b461f79505a0e21023c00f50431c95f57b51598ad6e357fc55bd2a58a025e3321907de3a9af909e901e20fa7296d3f9c30

C:\Users\Admin\Desktop\SyncCheckpoint.wma

MD5 5733508d964db91f13ffebb7d5b219a3
SHA1 4d82c045550b83456b057385103bdba28549ce07
SHA256 c2ed499d873f6485e2ffdf353eeb0f309dd643a25cd64c07f4682a9565d476be
SHA512 b28ac187440e9cfbe31d7e06ef63bcab8961353280eb918233aea595570317362e61437cc3a7d3c12877486ae30f56627bdb0fd0b4c577565ddb656a2d842988

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 4433a83c75b1232bf8d581a9e288ebd5
SHA1 2f9d12b10a848358ea46cda5bccd4e980298d469
SHA256 37748e6865342fa6f6736b5f223cdde5a4195003dd6318aa580f43bd28ba7942
SHA512 1ae8fe28710f891656778e14f57d62b38cfa8c6596216e2bfbe7f21b738a9b2d3c5de1f89a6f6411e73c8cc696b9e3435046f8fa92afd83ea3aa9a453022a0a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83d6d3a772bbc707_0

MD5 fa40b36c72aa7b7b4d653746b0a0e38e
SHA1 52d2d349d80647fa94b307d75b6675b160a3572e
SHA256 e44a8bcd93989cd44bc77d299fad25e26719fcf282b96f7c003149c4eed7fa38
SHA512 ad435d54e31a2a6d621fdff7dfaa99b13b30cb2665b827cd348e909ef52f0a17691b2979e455646e0aa18101cbedc0ca6b42cacc193e1f836e08228d9deb2f96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

MD5 b3705fff176a14cf14d6c9a256766b8c
SHA1 d71c784f3e31ae965de7791e475f292cee1cab85
SHA256 5f7e74f8c3aac67bd11112cf14d07a59ff761aa8d6b373c4a80c4c9a0a3ea701
SHA512 3298b5210869394419441589b811b9b1a237baeb68adab21b5a91c6e150a21bd3edc11cce3589641e097a211358c0afbdab41d979c36c8012c2444f202d71e8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 228455663aea03cddf77b8c23f9d3cc2
SHA1 e09e3e3292e43b41c72e9a38259c0848da4834aa
SHA256 2a34ec3d871db03a03510326dd3d71ada492ed612b35223dd66ee8478226fd67
SHA512 1f0abfd7265ff0d6e851a0cc291d5a7f3408ca9c1ed16bb19a3fbc4bfe0d63f40cf714809011e84c542f3b5761cf0ba3b1566bfb0f415ddfa3fc76ea7f4eb0d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\580fd9376c2d4a3e_0

MD5 6eeaf7acd98dc66f87f261e9eca9d7ec
SHA1 53cc9658a5db2423ac89bec303b8bee3404df2c4
SHA256 1bd73479547cadc5fc677ccc91a4423e3bac3cf5f4ca64760a0db1351a691647
SHA512 0899438fc0ea7841807700a1d5907ca78a9041d575c5f6cdc1c0164158e319468a36ffd8892235d758853b004e3235d768ded7fc575943d4f3f42ab03272f6bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f9f54d7f2e6cf0b1_0

MD5 b279984b130b1ed4e0ece3c9eb04fdf1
SHA1 2091665a367514da52a2a9871dfb053b4b1f811c
SHA256 66d0fec822be100e7d383017a49fa11d7f6ecdd6bf5d117a38a593ba06089918
SHA512 55e0456194b9947f35f7424eacbe793034307915f49d6f20d7754da8031d75a4811052b2ae18c911b4bf8b18836ddddc773bf7ca0b80168cae2630e2901f7107

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a994fe24b451732_0

MD5 354a616793bc93b93181f8ea9048ea8f
SHA1 bcab540911d85d38cc45211e58806c2e9cd6f7e1
SHA256 4a0901d6f14033a6fc8aa3b6cfa5a46d5b93d675ea1035a5a2a76e6cb1cfe948
SHA512 eecbff5aa32392d488f24f5f1dc2c853e81943b3e8068a7cfc08fb910a71fd4f59d35c76c2645013273f060aaab4522b8d68520516015b5d3014eab4fcd24075

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

MD5 4ee50bf1ab426d0b3640562b97cf8d42
SHA1 ca624d9119c3335f1a3cc85de032065707b639c8
SHA256 d3285088bb223b7b68474c9ed6f0145bb2045c8d02b437ff721d8b2aea1905fc
SHA512 5d565ae3dfd1c499b617ca3c6d24f631441ee9a703b374af4a30d87efa2ba47860bb686430442c62710c2e29ed89416ab0fa219d10e1aecf9b008ceb50e1e041

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e1427d19ff38087_0

MD5 33f2ea2e58c5e34b74f28db97af1740f
SHA1 610d87ab4b91c3b36f49c4b282c4e4c518bfdc67
SHA256 67060dee1af8e2d295920a7c38888ab6cde0ac0e95e512a8d4b532f7ef0f8130
SHA512 4538fa7a06681a16bcc235e15a88a9e0ee24cb4b583bd74ecdac5a9c09f6f5cd09d4039f472454612388afc1aa4b3c68065bd4a23db2c48aa517898c1b2eeacf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

MD5 2229ff4b816ca3b6bcbf6a221c342734
SHA1 94a56a79f6d3c5c351ce64ccb98d3cc4e3147685
SHA256 568261b0eb142f71856b58c9fdb5bce86a209b5e6caef343620a2ba23e2152e5
SHA512 9779747505f63dad0e829a92e7765f00a2d2e60c8ef9a3d5fdcb4a53445f5d8005b99c3f6b6e0145290ed9c7e156a342ae849989d6e54f1aa9ec54b30c17bb05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

MD5 71b371144f403df4218ee7421eb6c9b4
SHA1 6006e26e458124da1b283f3d33744f91af0b1bd9
SHA256 76571843fc698fe12db3ebc77888cbccbeaf695afc6e58e85f0baa025faa27e4
SHA512 e0d025bda85ccc555c47cc3fcf510a82c000029752628683a8d4905c36eea54354491227d56892cde564f36078022c6c21f4b501efa31e5380a304633e840b34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\93dad66e0632f830_0

MD5 cf457217a727f95bc0331772a75be821
SHA1 4aa2ed4ddd60ec15be38ad78ca05f80e03fe67a0
SHA256 798513d37d76c2bef98e6d54c2dcaaaa13a7b820e43e4a91ac6458a2ae521a55
SHA512 5160bd04cf15a74cded29c7b6104d0813db6f5fa6e281a904c82c31835c442158cbe0d17e7cb5fc923d38af769027a6aabc55a5e6f4132836bf00c71dc1fcf85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\605167868572c6c4_0

MD5 137a697a0ed61dc54011545b4357fb1c
SHA1 033c77a27c965d5aea7ec44e3a02d319f8a946e4
SHA256 6d95b5b0873e311aff5fa09ac8c8848dab6c593503cb0a2e7fff994505f0017d
SHA512 f294d19edd20c1f4658c5dfdf58c51a6c8751549151b058070691c19dcce64e6569b4c9322c8eca4915d307ba67951db5eed4ec911691074469a138fd63f0c17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 dda76a2535c00468dcc64949bc00ed54
SHA1 94bef83b80429f912f3f93576cb8ab3d6902ffc8
SHA256 757643866ab7f85bb2ed6b0e388646cd619253e8937f383c489999936e79a789
SHA512 ae9e7c08c5c0867edebf049ebb6610d1e385bbb12f267e2dda55561f0bda3a8b523325faa1404d88b5df3d4b0f8ad83b17e9577a1837a162ae6c886ee0955947

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 ecb7c9915178093b9281bd65a23096f3
SHA1 599451e1d57db5fe53285060a4f48cc503d2986a
SHA256 5dd0a5df8d03fc605a664bd3f2a7410aef9a719e0bde238f0f818006150cc633
SHA512 83beef0b70b23e395ef76ccd37cfaee149cfbbbfc8a023dee143dfca1df0dd8e4b84f0a4fc37d47aba659e7138f186151dc2d1125a15408d75dac59fa1bee017

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

MD5 4b3836a43679565771859a5f40a291a7
SHA1 6d26c7420236da711952c242d48dd84534a83910
SHA256 c2f70da67abdd5f2322fcda0a4baea61b87a94dabe50205456e150958813376d
SHA512 5e5cba51a3429e2d453c721b0fef4b96dfb89d73f8e39072b4ea7c4ee0cd88864415c42f99a5903343448512d36be342070311b88512d8112b0117c2dc0935d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d0c04f9998369cd_0

MD5 843da2e01a7dd55ecae492a6bfaf95f7
SHA1 00c1b91cb59131f11c9c4326e6ec94f9973e8483
SHA256 3cf08a5e50b308c2ba6d2cf0dc6ae91ca7dbe6a286abe0aac0d052d1c95c5e94
SHA512 484c80079e3097bcdad889c92c4f043ca7d2ea4c5a2275365ab15885bbc2cc20858a3aef72d553928608c2a36a313ca58a4eb6d600e2c3e35c08b1447d286a77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

MD5 30ace6ad54f1a3fe9ba6d352b3b1afb2
SHA1 2e7dee189b75a8a2c919dcd69c2a0d20ed013475
SHA256 2a5aae6a976ca9f5e3741060a8a900d77655c4b969d270add07eae692fa08c45
SHA512 c95efb7574488059bb8f9335f1130b5fe0952e4c5f8be49668ed94516258f3cb1f473d2d713520adc11f63f0b2992c4afede312f210fa57f808922dc3e6d07f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

MD5 2ba74bfce681f4c147b759ce3345c4b2
SHA1 f77de1f8688d100ddd2cf8e6e41e42cf7d4fe248
SHA256 db6dc7f2b06726bec0cb02ce69bb80af965b75bad38a60f7267075746f530efc
SHA512 2901f0f7f5049eab8ae3b472a48a8e35e5106db9cb8204ddaefed01e4632cf15a5bd5b92063ddf6220d427c5871478fd8605af8b328de897f9f48cbbb80cd26e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

MD5 98b5ee0a353155b90442d353da8eecc6
SHA1 d5d543b311832ec02853677f290d6577fd74970f
SHA256 e5e202ca26b2dc4bd66fea96ccb38e81bb04b0987dc62ec7ff28dd3bcf2aa8ea
SHA512 ef65af0abd7d78dc45f34d2ef7f8d3c85cb8e9b0b20e637cc1453f3cf3a610bd449d14a33cc228b13eb36e86bd996fd5f2e622817a8458bafae96d05df82a335

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

MD5 8a3ce06b204f10ab70ad3e5dd53c18cc
SHA1 917f7230b407198e53bc02041a489fa676c218a4
SHA256 1a256642c60016cc43f140fd6c56c33da203d29392c34a059c68f7dfce6b776c
SHA512 8611a832921eaa416968e4b8fb20dce475eb9a5823823496c50cc2453f1d4772c5c1ac83ae0e5011ac42f03e9dcd802d15c8e6d2d0ef4e2cb3ce72d8e6411899

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a062faa79d987947_0

MD5 26d19d453c59f2cc474f0f1c3da9472d
SHA1 35ddae88c40554d20491971c079bba83dfa378c2
SHA256 c9ea3de5e32d1c55fbf8178969eaf99a54a438c45f8dd478b0d584976fd62872
SHA512 6f3ee75d384ad7f4494cd3643c98276b1f8e3b453fa17a709deae7a5e264a16809d37ae4ca6a141293bc57207bd4a451c3b11520984ff260460e8f29e5b7b1ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

MD5 5cbf9be4d0464bcafcbd8100035a1241
SHA1 712301098e32d924d9af8ccbf01d7b5e87af67bb
SHA256 f851ad57f6b2653f6a3ca9ca7fdac77d426579a744ebe73a85c1a5c46c0ba5b2
SHA512 6d59a9e9301949d093ca8f164b354f0579994e755f19b6fb3b5835ba6181f630b56e0e1aa52fde6b2c9a09bc3bce06f6ab17f40a81d0cbb315306a3f7fbde8c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

MD5 f9de2ac7f9e50d4b7c225d1767fef586
SHA1 255aaeb1bc8f998faec3c3623fda546fbe15fa50
SHA256 2682309166e1d18da90f44011cfc99a7324a22cad66b6637814cbee55c3215f2
SHA512 0033bdeacf1eac64bb2c13fcc8e2421ec79b146027119120177710bf7e07d69e6d7d89188f61d5c8b1396555569b109d0dc514bb8fbb56706da562c164aa82e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

MD5 ac4b1e8afb2498c833405665de0199cd
SHA1 fce54676bc9bfce0142113760178956a8e4b324c
SHA256 c2708747cf1a3a7e3ee4527e6745a63f7b0c070e7a749b22d9db68670a45d525
SHA512 b210b29956162ea2e13db8c13ce8a7debc9b4b8db85a27dca1923af659aa8e97520ee71aedf342301f9a06cbe3ab4bcf3dfffa2184238acb57096df076d2e38b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

MD5 d1326d38b2c027936415d48718ddfc16
SHA1 9d224ce53da94712018fe00faac5077c3a1f6ac9
SHA256 fc408067728213db3bab0ed69b2528906a443b4b1341a49fe355374f0766b691
SHA512 b8a857d8cb9f8882e34ea9247de810fb79216644d34605ab8fa544127a1d27a1acc7c26b969bbb49212982610d0a28fa2e64bbc6e9023939434c31f61cc8b880

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

MD5 9d8abca62e912847da222b59a0c10eeb
SHA1 c1297f04c118228aa5cfd2ed3c78db25c1dedf66
SHA256 e4d5d1326622a4b3425135b5ed8ab5819b0360d2a241f6d88d816b2e66d1188b
SHA512 948c93856a0a14ca3b8a452e0f77e06a3f7d756737f9d94aca23aec48fc47ed78ad50f47cf94e59795bc95a39ec2e8ec6c88da2cb5b101f45063ce5c2ca2e0f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bdd8a4f7267aaf50_0

MD5 07597812016a5386b24428fb65aba998
SHA1 22482bfc3e5645abc99d9dc9c049644e37f2bd03
SHA256 afa013710b5c61f6d7ad56da54832721e4c2ed84e17b26798eabcd6972daee00
SHA512 45dd24e33aa00fd61d025caf6cdd9908bf6847529207bc56a12e476bb426616d1d2db8b42a76217111acf183017e9bd6fee8f8640a2da275a5e5df4718d2eab7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e4f85019800026a2_0

MD5 5fb77b2e65d5b251a30343c0ce35bb7a
SHA1 82c7d612a4fbc6a412e6837844c107b45d6732f4
SHA256 8678d3610afda750e98e74e5bacee67c953b140de2d36603ed5c16feb0ed4185
SHA512 99b901b80e419bf440b3517ed8419e6e2da6a7d9b02d3bd50580bec91cf3e747f2b834dfaba5c832a81e4a5dee14ea4d0c17bbecda54a00dd50dd57c4c678617

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

MD5 63918de59497f1b29b05cef6bd8ee878
SHA1 e57e90ef8e7a6f176e8b89243dadef743670cc2e
SHA256 c7e508f452f3543cab6957d94ce15ce25cba05a7978a8db396471cbda1c1f1ff
SHA512 1a22f71f0b280e953b0335ddba701494997d5c4529ef812b8330723d2ac2797a920e859c387d9274a82d3f1ad3c5f2679208cbd686794c016b5b7ab3ac5812b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81764cdb356c9506_0

MD5 c2c1bb7896b060b027499ad2d9c4ae41
SHA1 2e9bf4885f78cc7eae7d38f44264a720e9e2e538
SHA256 888f11323bfd612c4e7f0ce90ab285f3533acec4762ef0db664189546edbe824
SHA512 0994ba1b4f1fca0bc04d07ba760374ccf4c3d0849773cbf9faa1c13b4a8a394c0d3e1c36cfaf2bf10d6867d2584ced4262cda1afe4b814826749802f93c01aa0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63bab61298dfac24_0

MD5 d51913a70d4244a535c22287f637935f
SHA1 864ea512c24677198484f8db7a2428e9657e9752
SHA256 43aa6f40c470b073aa83fb61500b81a07bc2931f35347d55f2bb93cfbbbd7443
SHA512 14e08020fd0258b095373deb4464d62643416287f6dee7123a320c2b159060b59f66404f1b9c2eaabd5766b4491e3cb7de61ebd32ea05172e2a61076476e008d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

MD5 c4b6b996ab62a730ccbc387078d1a065
SHA1 77782726cd1c4f657bbf4fd6945575cde6080869
SHA256 8b8ce219ac60675dcd41bcc9d8975463808d3f617c10a9e5185a70c26e0b131c
SHA512 45c5de736f0fe8cca0d712474a80c93b5e9c59aba5a10d828cd5d0e271d52dd6b4304f36d8cdae2ac443156bf9d4929db0df31557dd7459e2b107ce214402f23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

MD5 6ff4a84cecde44dc616ada0b17753955
SHA1 a563ef141b21e52962df1f9f34e947e028119abf
SHA256 3c1f09ecb66f6f5492d6acd1d988f31c86bd2c8b151874c213c7ed9d5887a507
SHA512 6051484004b910cbbdbbdbf0875fe3feebc88d07e9263f0b0ecb9572f22605f2c6363e3c341d253b54e40b28facc22920263ee02e83e2b7a70993e44e4bb1bf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 be19fdeba7219468e8f88256b59b7699
SHA1 235b38f789eea4a25a7103d8b2d2164b6159faba
SHA256 8222cd06d56ddd3413a6a0034df1fe7eb2a0f61cff3ca2a1f001d894952c49a8
SHA512 de8a463e83128a78f0af4897932cd36a79c97b200211397b924d70d783c11d367619cc881f35abf603310b4a9dd51d41fe7098f63dede7516259fb9e3939ab15

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 01a2ce927db78e3a9e7ff4437dda8bc8
SHA1 360c47f3851cbf1f05e73b18dd7d18d990bc9fb3
SHA256 19a425d59315d0fe9ba5713e304945261c3cd44223672a68d8f85ddcf329b8d1
SHA512 ff29042e5abb7e48a71b3a129aaa7dda98cdf4c1c760ebf98ad33612a6e4d64ee1d6ea3d82bef3f582d12617268313f1ede539885010bf89c8ba81cd950701c5

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 e2a1b1bf2bace2ca2ec64507714facdc
SHA1 91c0e96fb21337bf962f2ff304bdd8bde4ebdf93
SHA256 9def542aa689ae6ea172b19a73f04111d61078741fa3b099fe4ba85cd2985c5b
SHA512 bb76c57ae407e38ac8c5f9c670e90a6978ea7705a74664891d2f21c9e392bbcf793fd13d65c5eb439c30c1710b3e58c66db63eac75155aeaf92cedbf29b44037

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6e5f5709603d2537d098d9a38603eb31
SHA1 2a3a410cd37479e616dbf237ba15c0ae2ae62c50
SHA256 d3493eb46e8cf3f5dc7cc3ab6b85d21cbbbe83406177f01b98ff46566da4e597
SHA512 c306c7a310686e26257c7e743daa9bb5c70c486f08babf8b7a15252ae45533a22d5bf6b90e7ea32d534602bfc87c4208e27994138518c7cc4f4d1a39608b2b66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9711f27579f3d5d351e99574f01c47c9
SHA1 69d44e498d2b32fb37c1e258d6c9e3fe8bec009b
SHA256 3f099b56ffececbd723750178d4c0ec0eeb06e10472cb8a6ebd3ec39636bdcf8
SHA512 77539c54854d54587a49eaa96616456e3b97e92f1cd2a907ef56b8cab148ec3f85c218ba0056ba5c80cadbf44fa18ef179b1a85a9736abfe0d43660e73d41a6f

C:\Users\Admin\Downloads\Unconfirmed 383295.crdownload

MD5 c850f942ccf6e45230169cc4bd9eb5c8
SHA1 51c647e2b150e781bd1910cac4061a2cee1daf89
SHA256 86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f
SHA512 2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f3f757d59faf8b06e0ac98d613eaf604
SHA1 e55aed8196397e9c8929d04c9be919973c506b71
SHA256 4cbb25c0b374aaea5d2ee40f206e28df360036227a19b1388ed781c4dd182e3e
SHA512 b0384c05b6581d822fb2cbe655ed7f8c9c49a30abb9197448cb9c7ca434674e1a74e63004f7fbc207167088bc415f99fe4d841d5333eafb92ad24731a5a18b1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dfe07f2c15075c28_0

MD5 73b90dd105f8107a1930952bab39430a
SHA1 3f8db87ac1a6d1c3bbea4075ba00df09fcd83991
SHA256 f7e1f10da8881d411e60f8f8c447ebb3adda41c030deb3c50127c48c1e6d0481
SHA512 f3c34959450826b5ae8b7eeddf05e3172d8ab918fb26b4183b0dbd539cf6e341fe6bf09b552f3cf0c6498de6575a52bbb65b4e47c5ae28bb4ad38f5e74bedbb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\42131ee0ab1ec65a_0

MD5 547426ed08a85d285eff2f846e1f26e0
SHA1 76600ba5bc7f46d8e81a38c1d3f038a1a2c0dd31
SHA256 aa2f440cdbb46150987e2ced95502572abe963188a3768d31993e6637b458197
SHA512 570817937e56b9ae3c27e606394eb0031a6abe936ee1cb0f251f82285c7beeca8ea08d38ed6ed3ecab419bdd4c4652bc10c9d7b6a740c94c1f2c4d69db156198

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7991b0af61c2af30_0

MD5 3198e19a5b978d1acf8a290b7171ceb1
SHA1 d254b528d978b2069fb87087300f30feeac68f9d
SHA256 73c1fe2001d2bc9cf89b1e111fd9694ff5cb1689fdcd7ec9067651e350c488a0
SHA512 3a8d7704ee62680aaddb02d10f81a01f2775fe9a90ad1ea94e3181ba562ea69917b64576e96fbe78fb1eb9865a44af8453c6a925548eea02fb551fab46e2b6bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a267665648440b9_0

MD5 8dcdad63c6d32fa38550fe57ec0cae4b
SHA1 1be7c75680f411f0fd9b071edbdeb495986a59d3
SHA256 0d89b45b562994b610cafeb83d1e4fce338934eb8ab668c6daf33b211a1282c8
SHA512 70890791a99aae3a7b354e573a8f83fea5e738e542b846429b348584793ecd6e45ed2730a0875f78c4f501ebb3b8ceb227a78c3b2703647b24ec4d2798c4fe41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3bc6df29f70a658e_0

MD5 665dbfa3974419b875849ed1a1ad3b83
SHA1 26e2b8c0c646fbd29b21d0444a9a9e7cbefcce44
SHA256 69891ddba6ac299a24958e816f89286262f26a29f2b9d8162c4cd25f9f9caa4f
SHA512 3659b9ddebb50b42a951238c6b870a9b3695fc8c973dfa08ea4d80e61cec1b079c305e30e427bae4ddb8a8c141b45395470fbf0e1f3d75bc13f99d19f72281f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a26de030ab5c02f_0

MD5 6e1604c8833757b220936f2d164534b8
SHA1 ac2ad406d65d7b2fae61068fbd186ad6093286cb
SHA256 0555d88c00fd3f68215b05ae4de942969a91c40b023ed8d1dca35010b1fcb78a
SHA512 02c3c9edd0a240e7fbe0f649817cb04f22d1294cde73d2be6e0eb914f6500941986b909e90fb06f6a199d52d5aad1c7a0da57fb0f1c97caa893b1401ae1d2575

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7899d2b49a9daab3_0

MD5 fcf9ab0f9c71877f98b2c9630c7df05f
SHA1 c249df131499faf725262bc78691ed6f6accf660
SHA256 f413bb4b902442ec8532d161296280d241086aa3c95e4cecf876ae05e724f283
SHA512 e559e968853acba66dec11fac5f5fb5b18daa905323832930f2b560e3596ffd8913720703f89a25770579159c70cb66843d813ef7977dcef404141852981c614

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dba117e0c56e312ca2e5252dfdacf4c5
SHA1 5bb21dd26f25d71720b5bafc3a6413bc154c5c73
SHA256 e861351ca3cd8a2c2229102e632d5315540639846bea112a6cc6a122ab142917
SHA512 60d88199888376b28aade244a07b1140938ce4e4ccf17e1db4178e0cbde6007c7d54c30c93a7f1a47312ca4613ff8f3ce2a09ad212cabc14910ab1737cb1ad19

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 80f3e303af393769babc2314607213c1
SHA1 fc70b1570edd819b7ceb163607c92b35caf8f440
SHA256 b9968181ed1a5d1dc08b51a89053fed496afec6f3d9f917561698acea6453455
SHA512 e03431e569ebc87903db943b2b20f23f56ebaf89e280f03c724973998c5c40e6e0e942d203efd9ba6ffdf599ae08bc55f28425d74a8ffa90c12006056e977ad0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f7e51df4-ea59-459f-a86b-c64c036407ce.tmp

MD5 868eb8ace3d22534726c45bee150564c
SHA1 1a3af216380ddd91cfc978d438ad1685067d8b5b
SHA256 99261d629c246c3fad11f6e574f46d66bda44c11610e561162f727cd2e3d245d
SHA512 c46c6630bcbf832f5674541c9f25840635465f9999dd69778c7c99caf0d125458b6c425ded0bc3b22b39fde72ccf9c532e09550181d377eefbdf0a4f15bd221b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cebaeecdb40fdbb60878e576f4312b6f
SHA1 09b5800e8a111101ec5f4fd324604c3b06b3bf03
SHA256 44a29e7aa81398e902f08b2453fbc9371d111579c00ac70ea22441b91686bd4f
SHA512 59f1a400db77883be2ff9d275ba4f9273e45864b8f1a35faeb144a5a873e27870807c74574d1593a8b3f30f934c66d7fe752d5aa5e394c723f610071b67a2ff9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cbd2cb92cfe2615d3db1c15b4e4de380
SHA1 46bdab789e0c6976bd44aabbdc689b3647e50e0d
SHA256 e10b43d53dfd9eb238bb52a49a5ae8f297011382ecac048f3f12791f687a899d
SHA512 604570ecae5e6511c4d0c56958cf07a8d62dc474e25dde70c88b4429f72c9167787b50314267b48939d3005205fc8369d4d0866ce7875672b7175a0d78088339

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6e36d6771fd699afc47e2a13ee6949b9
SHA1 da0eb97b6fb0d86e636ce6bdf820a7d7dbd65a36
SHA256 e8ad3797649d6d0e6d537d5e9741e0a1e422129d60bfab4307e913931d9c3d8f
SHA512 89ab4160c74de08f106b640c4cfafcfbcb6329894e9a059d3501f1b7211138c80312da7aa9a1f5f27b0f4e710d317af762e4c32c9ec6f1c3134524e2e2966e19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e1dc369a31fb83bb5463525d92b11aa2
SHA1 dd32c537e026e62007ec3739b4fac7e44c25764c
SHA256 6f86f45a835bec7c34541a0a7a6135e3980eed878e06e3ece448149b0a79f7ac
SHA512 2da51f1ed749f9f10ab97a84ddd4054416993b12481bcd403e67fc26b2a50bad64c339f0a0f2732fe1b3c3b062d38388e0edeceaeab672c305605b31f93d56e1

memory/5976-1604-0x0000000000770000-0x00000000007DE000-memory.dmp

memory/5976-1605-0x0000000005680000-0x0000000005C26000-memory.dmp

memory/5976-1606-0x0000000005170000-0x0000000005202000-memory.dmp

memory/5976-1607-0x0000000005300000-0x000000000530A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 992c77a3257366182a8f12870e29b505
SHA1 63e28c7e3fa48346283ab6d5c4dac0e9396100fc
SHA256 096b757ed18419d14dfed51feeea5c096bdf7a969a5d163956706d51e7fcd85f
SHA512 c1bacd995d9f9300c7df2f0238e3fba4a10c504f967117ee7a02ad5c620dbec52fc8380c8740a2a56af16d0e656b1ec4852ac667f79dfe3ef53a2da8658689a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d95cfe6e1f2e52b7466a4c5cc27ea15c
SHA1 4d1e8e4f018991283e151634c75408c4f677f047
SHA256 544cfb6992ed8b4c904dd64c46e07c7cf682d56a363d3f46e370e526e454b55f
SHA512 f72859ad89acaf0bce463cf6ce8de43e0f1d0e1b630ce4106137be069363ea4e57c927ba0051d59173689859a76ecded82b9643e62188bd8920520346310c38c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e5100d06a8793a5669281affa4842e2b
SHA1 ff5e3defea9b0bbba2443afeb627b99a39ee516c
SHA256 a3f6445ef84da4c8da77d3afc7e33207d48fdb91681c92a4bffdc0ae32924d4c
SHA512 8ba9f0c2ca0abc8ec20e9520251d5c2028b674959ac1062cae978af364adaee98676b192d9194fd24dfacf5a9fcb2ec412eb9bf24148108657ec65662e538e02

C:\Users\Admin\Downloads\Unconfirmed 405813.crdownload

MD5 eb9324121994e5e41f1738b5af8944b1
SHA1 aa63c521b64602fa9c3a73dadd412fdaf181b690
SHA256 2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a
SHA512 7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a058ba273b6b3c5186c89b65e9bcd944
SHA1 56dcfc9538400c046673c3dbab2a94fb0c2faf3b
SHA256 bf253ce6a1e41f7ea433c300cc9b78ccdf1d640fe64236361b25779a3a3b527f
SHA512 830026ec1414c4ac8e1e90481f6d1404de28cd36c680b0fa3bc2e9b7d6a8bc6c6c8c55ce4b7c6a3f20f4f75c245b5882e22cfd2a234070dbbc491e5eea167490

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c189713f16e75f70bf7b68ffac7a22fc
SHA1 31d12031d0d389f6b542cfaa4831e957223cbfbf
SHA256 e63ae27fd5615be2de8ab7f27a9b4e219894211eae06ba957b4093fdfe7d8f08
SHA512 212397a77ec0ce753bc1e43e694005a28d516663fc74874ccb15d577bb3fb3aa891229d8bfcd162744d2e9fcd7d0a590f9ccbe5bd1411acd4fae272eeaf619bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e10df0dce19a54fa5558e3fd8f4b13b5
SHA1 3e060e571a1f76b80aab0b6bb18a28f86acc07cb
SHA256 4b133611ce34ba1e073b524534daa6411ce790d043bf27cc3958ac41713b464c
SHA512 b78b0998acee852af7822809135c38808e787631a4c72c43a22dce567d5489a3fe2ad962fec4b81cfd6c7df81c2260b48e040b21a6b04def78e09da13170696c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fb0ea47a1e987f06fbf6e0da690b37d2
SHA1 eeb0d1b9a0bb7d2adeb2df666148121d8e7565b9
SHA256 87cc33f553afc4ed77dae53a14073e41ff22fd376cfbc5332b766f3f25563b8b
SHA512 d55650575148469b0edbad5beffc1254bc78224cad2ff032ce30d8449425f0d45525df33504ba3590dff766a3547eb64425069ee609078d8c06df9e7e2821e87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5536c024268c641534cbd3181b3b6398
SHA1 b53d9b57d1a3b0c076299f50019b35941787791f
SHA256 8a38f80715e7589d0320188d48c1355347f6b7440456215bf2cd0ae04cce8916
SHA512 e2c719ffde3b2f4d1477111079f7717a46296684902790e29e0d4997d2fd47e176e94d006bba1222742094ebaee3434c707c98543faaf37a83a28f23ce7d5d9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 deb12d26cec93d71c2312a6492b80f16
SHA1 19c1ec3c5f071bd3fe684214868433b47781a101
SHA256 a59f40c6bf63b1e58937c67e3bb220f0b04fd1d98d71a08f622c4989f2e8db76
SHA512 1bd26a087a9debbb2c874103e3cd60356c045cbb3665dd5a169778540a082fd42e7932c25b162f00e7ed84992dd80071661a235c11a4d49a532421bfc5e8db9a

C:\Users\Admin\Downloads\Unconfirmed 400502.crdownload

MD5 a56d479405b23976f162f3a4a74e48aa
SHA1 f4f433b3f56315e1d469148bdfd835469526262f
SHA256 17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23
SHA512 f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6713afa94ce45bac990d7a1c65f07d5a
SHA1 645d74eaa7c7ffe9343679f7ef433635171476c7
SHA256 96ed9d71cc73d67491e1b10d622292d6e86338285bc3cec154d03af55e1c164f
SHA512 f8b1113913b6bb27cd1aef28f11cd2d05fd1159f620e9ec9db8cf0cd423eab26b9a33496a374408d94b235cc86682e1d92c4c4778431903316ad3ade013bff33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7b2e1eec983e708c7208ecf9035f96a2
SHA1 a312de467cddbe7d410de36716553a4b6207434b
SHA256 f09f4a3bf26bcea3ae5f5d50696bd06d6098032f48d28e91015fdac225009670
SHA512 c4f5b4d35e8a2dc111619616fbf7978672bb90ca79510940f3e7683e3240f1aa51e56090b5fbc82e5755c4b5e33f46b3c8d947338f9e39d536310e3a884bd4a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 39039304cac023cae759c56dbc57357b
SHA1 e51a88500d710da50e264e5626ca2107ef16f83c
SHA256 10275813513c12b20c9d35828d5d5b385f9ad96cee5621cfc931cfe54d4de209
SHA512 074c2007e3e5709dd64ddcdf8dc90c1f96c23f0fa747f9042d76943d68a70bc9fe117ab90648b9b089d8928b003d6d2b572a29a31dc4b9d9e77439a55746e01e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 492b557376d1d374b22507967261d98f
SHA1 d5728dd713bbc28cd521801f552a06e71b6ed102
SHA256 6fae6b54b5ad914bd855ca7ea3f2fa91aff4f02df7157539009426e2bdb9b531
SHA512 0d2f3d1c7920373a040bbd11abce405d015fbb799a008b4ed699e201168e626c6aa481323c8f9c996c843bb992d8aaa4307a5263df81728dbefa856a41812648

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 198b92eac99d354fc0610526c91c066a
SHA1 0649422475f352765966a9b3d82dd7eb379b3d66
SHA256 c8bac59045365972ac47312d33eeb7e6150e20fe464bcb45733050276df75139
SHA512 ac9e7e03cd51d3ec9d446cdb1e16c5d1aafba9a764456fc8e983be2dfbe9acb740f77191c779aa9c7c129db429a1e7a92c4a553b34ed7a7d4f42de003aa289b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aae5551bd612fb331dfbf89e025020eb
SHA1 74d57e53e19e4a7d66bf7f05deef78b1c315f221
SHA256 e8172b4f30fb74f2222c7059ccdd977be586691a2982dcb5076ff265d26a071f
SHA512 3d6988e51308bb3c03cbb695ba459854445d36d5973a4f88228e8ce08e85a679be5a3bf2e0b73ae442ca66d0ab8737bcbe6367b36f18d69ff0b05627b75c6e3b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 f77f6d77a1cb13c73f7d5c893dc83f4c
SHA1 d58759192491e031cda057f50768b3cffca39fb3
SHA256 c8e852c10141d66b0512475990a77b3faa0e052831b433aef96cf30de5f1f25f
SHA512 c4fc5db3e5c18941e2656d96c4a6e804756cd78967088d2d32619a2624a02f60e1f0d3de70f6abf00b71a4f0ba0ead6b5f1347180cd1eaf0937e331d3a955d5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2feb3f458b0af64129bf5e2072dca927
SHA1 f40fb1e4bb2e1c5bb3f6b72a73158f6690a3c7a0
SHA256 93baace7315f64be9f738c4390ac363fe1b2627b8aa2366a4ca4a0b29f13dd53
SHA512 a088080de45b153a073ec9a8268a0b987e7311eb79e9530bf0e55a864a8df4dddd7f54ae496ccc7aba06c9e12963495aa4ee680c37bd89b5e4aa520e4dce2dcc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b4c218c42fedd0ab994f80236b7768c7
SHA1 40b8545fe61bc1ee0a99d2d4cb6eddd81c6535d0
SHA256 f676381a1cb2d1e5ca2f795f53037c862754d696dc935deb821bd065316b762a
SHA512 ab41440e5405b93d6494586849bf0b05b1ed8ab8eecd3932e1780d937694b19131cd89d28ae975bd67bb82dd8874d1a25294744430b737837c0866df5512cce9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 23c2f1d1073fee6ce7427542fc4d8753
SHA1 12d0064e6618694157e6b66ca7337d4076a58024
SHA256 cd7932aef6a847500aefd6c81323785b92d671f135158c5f7d5eb3c7e7db3194
SHA512 f4f1fc3d1f22ebe805ff6f8a0d2d720c2affe458c302ba3fdfb4ca2d7b34d40714688de1537f87fdc292187da658794016cfb28ceaab4d05022db39cf6737e24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4581dc523242fb830007838a52acd954
SHA1 88d1357980802afd0a9b8b3e1d6ad1883976a7db
SHA256 843c2235b476c445e83362ee34c7754e1f183b66091f883424cbb6c321aef4e1
SHA512 38dadec5a97e9694812495c5419145778a4d7a9cdd44893f3f1d0c8cdeb25ac97f9e26fbe41513ed5821715577070e186a26f931728e3d52f48aca5ebcdae860

C:\Users\Admin\AppData\Local\Temp\MSIFF6A.tmp

MD5 6425466b9a37d03dafcba34f9d01685a
SHA1 2489ed444bce85f1cbcedcdd43e877e7217ae119
SHA256 56f8ca5b2079bc97a7af9c015ed4b6163635baef0d9a287d19fc227fc330c53d
SHA512 62f4c79d165282db14b662d4242a065af4c8a642f2023032ab5a059e2d6001f0b80e9a0562989013acf01a80a67491be9b671e6bd99220cf9d4fb44a17719371

memory/1708-2070-0x0000000003290000-0x00000000032B7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{09EAD19A-804B-444F-B17C-15F8C5837E63}\BException.dll

MD5 a2d4928c9836812735b3516c6950a9ec
SHA1 01873285eec57b208fa2d4b71d06f176486538c8
SHA256 79ca108d5c51259d8fb38ed1cfcc5a70e9cf67a5954e52a4339b39ff04fa20c8
SHA512 d03964a2bb597bf0fdefb787de3b462010c4cd02d286b16587a03b5228553a307d1b8f472c312e0d8bb53f21570aa5b112d85193cf42b83ef33fb7905855eba7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e03f34e84dfebaf3209dfad4a593715b
SHA1 a8c173e029dd6c10c781f5518582aa87e93c9961
SHA256 d6f6f7c849c2b943bebffa737c6ee899f951d207518a36ce6da944cebd6dda24
SHA512 e73e08dc2723324eae074a5d3c164a0fa85d24b7e97cf6c47d3d9a7d7c3c2b8242685786d2d532d0a41e7be50b2c4cbe26588bb5bffc4ddc8ea6772a743ea7d3