Malware Analysis Report

2025-03-14 21:54

Sample ID 250114-f5kbmazpbk
Target svtrnTsSnw
SHA256 856a3fa141a74a7040438ec8a7b270bc9f71f7babb93b7c41510d4f347ec21c9
Tags
google defense_evasion discovery execution persistence phishing privilege_escalation
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

856a3fa141a74a7040438ec8a7b270bc9f71f7babb93b7c41510d4f347ec21c9

Threat Level: Known bad

The file svtrnTsSnw was found to be: Known bad.

Malicious Activity Summary

google defense_evasion discovery execution persistence phishing privilege_escalation

Detected google phishing page

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

Checks computer location settings

Obfuscated Files or Information: Command Obfuscation

Checks installed software on the system

Adds Run key to start application

Enumerates connected drives

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

Command and Scripting Interpreter: PowerShell

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy WMI provider

Uses Volume Shadow Copy service COM API

Suspicious behavior: GetForegroundWindowSpam

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies registry class

Checks processor information in registry

Modifies system certificate store

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-14 05:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-14 05:27

Reported

2025-01-14 05:42

Platform

win10ltsc2021-20250113-en

Max time kernel

897s

Max time network

886s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\svtrnTsSnw.html

Signatures

Detected google phishing page

phishing google

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\eanimatesetup.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Let's Compress\lets_compress.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Let's Compress\lets_compress.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Let's Compress\lets_compress.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Let's Compress\lets_compress.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Let's Compress\lets_compress.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Let's Compress\lets_compress.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ExpressAnimateInstall = "C:\\Users\\Admin\\Downloads\\eanimatesetup.exe" C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\Let's Compress.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A

Obfuscated Files or Information: Command Obfuscation

defense_evasion

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\NCH Software\ExpressAnimate\expressanimate.exe C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
File created C:\Program Files (x86)\NCH Software\ExpressAnimate\shellmenu.dll C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
File created C:\Program Files (x86)\NCH Software\ExpressAnimate\shellmenua.msix C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
File created C:\Program Files (x86)\NCH Software\ExpressAnimate\shellmenub.msix C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
File created C:\Program Files (x86)\NCH Software\ExpressAnimate\expressanimatesetup_v9.48.exe C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
File created C:\Program Files (x86)\NCH Software\ExpressAnimate\expressanimatesetup_v9.48.exe\:SmartScreen:$DATA C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\f7c2ed65-0b25-472d-a057-0bcdc627c449.tmp C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250114052737.pma C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSIE819.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEA21.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEC27.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI64A.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{2F9F9042-1246-4D55-8DF9-F7E578E6A718} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEE1C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e58e6f2.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1AAD.tmp-\Microsoft.Deployment.WindowsInstaller.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\e58e6f0.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE897.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE945.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1AAD.tmp-\CustomAction.config C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI1AAD.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1AAD.tmp-\RequestSender.dll C:\Windows\SysWOW64\rundll32.exe N/A
File created C:\Windows\Installer\e58e6f0.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEBC8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE8D6.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEA9F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI435.tmp C:\Windows\system32\msiexec.exe N/A

Browser Information Discovery

discovery

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\eanimatesetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\NCH Software\ExpressAnimate\expressanimate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Let's Compress.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Let's Compress.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\NCH Software\ExpressAnimate\expressanimate.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\MusNotification.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\MusNotification.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dng\Shell\NCHconvertimage\ = "Convert image file format with Pixillion" C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.nrw\Shell\NCHconvertimage\command C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\.tar.gz C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\mpdpfile\DefaultIcon C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.avi\Shell\NCHconvertvideo\command C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.cr2 C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.sr2\Shell\NCHslideshow\command C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\wpdfile\DefaultIcon\ = "%SystemRoot%\\SysWow64\\shell32.dll,19" C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.tgz\Shell\NCHextract C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\heicfile C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\heiffile\DefaultIcon C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.oga\Shell\NCHeditsound\ = "Edit sound file with WavePad" C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.mp4\Shell\NCHeditvideo C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.rw2\Shell\NCHslideshow\command\ = "\"C:\\Program Files (x86)\\NCH Software\\ExpressAnimate\\expressanimate.exe\" -extfind PhotoStage \"%L\"" C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.webm C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.webm\Shell\NCHeditvideo\command C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.3g2\Shell\NCHconvertvideo C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.rw2\Shell\NCHslideshow\command C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\srffile\DefaultIcon\ = "%SystemRoot%\\SysWow64\\shell32.dll,19" C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\dfxfile\shell\open\command\ = "\"C:\\Program Files (x86)\\NCH Software\\ExpressAnimate\\expressanimate.exe\" -extfind DeskFX \"%L\"" C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\.shn\ = "shnfile" C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.avi\Shell\NCHeditvideo\ = "Edit video file with VideoPad" C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.tiff\Shell\NCHeditphoto C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.asf\Shell\NCHconvertvideo C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\nrwfile C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.png\Shell\NCHconvertimage C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.gif\Shell\NCHslideshow\command\ = "\"C:\\Program Files (x86)\\NCH Software\\ExpressAnimate\\expressanimate.exe\" -extfind PhotoStage \"%L\"" C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jpg\Shell\NCHslideshow\ = "Create slideshow with PhotoStage" C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.mp3\Shell\NCHconvertsound\command C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\shnfile C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.m4v\Shell\NCHeditvideo\ = "Edit video file with VideoPad" C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.nrw\Shell\NCHslideshow C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dv\Shell\NCHconvertvideo\ = "Convert video file format with Prism" C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.pgf\Shell\NCHconvertimage C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.aiff\Shell\NCHeditsound\command C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.mp3\Shell\NCHeditsound C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mpeg\Shell\NCHeditvideo\ = "Edit video file with VideoPad" C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.webm\Shell\NCHconvertvideo C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.nrw\Shell\NCHslideshow\command C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.gz\Shell\NCHextract\command C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.arw\Shell\NCHslideshow C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.bmp\Shell\NCHeditphoto C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.m2ts\Shell\NCHeditvideo\command C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.mp4\Shell\NCHeditvideo\command C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\.mrw\ = "mrwfile" C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files (x86)\NCH Software\ExpressAnimate\expressanimate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.mkv\Shell\NCHeditvideo\command C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\dngfile C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\7-Zip\.tar C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.3gp\Shell\NCHeditvideo C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\wpsfile\DefaultIcon C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.raw\Shell\NCHeditphoto\command\ = "\"C:\\Program Files (x86)\\NCH Software\\ExpressAnimate\\expressanimate.exe\" -extfind PhotoPad \"%L\"" C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\wdpfile\shell\open\command\ = "\"C:\\Program Files (x86)\\NCH Software\\ExpressAnimate\\expressanimate.exe\" -extfind WavePad \"%L\"" C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.wav\Shell\NCHeditsound C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dss\Shell\NCHconvertsound\command C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.mrw\Shell\NCHconvertimage C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\pgffile\DefaultIcon C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.webp\Shell\NCHconvertimage\command C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.avi\Shell\NCHeditvideo C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.webm\Shell\NCHeditvideo\command C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mpg\Shell\NCHconvertvideo\ = "Convert video file format with Prism" C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dng\Shell\NCHconvertimage C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000_Classes\dngfile\DefaultIcon\ = "%SystemRoot%\\SysWow64\\shell32.dll,19" C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tga C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\Downloads\Let's Compress.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\Downloads\Let's Compress.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\Downloads\Let's Compress.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Program Files (x86)\NCH Software\ExpressAnimate\expressanimatesetup_v9.48.exe\:SmartScreen:$DATA C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 275663.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 858268.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Let's Compress\lets_compress.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Let's Compress\upd.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Let's Compress\upd.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Let's Compress\upd.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Let's Compress\upd.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Let's Compress\upd.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Let's Compress\upd.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Let's Compress\lets_compress.exe N/A
N/A N/A C:\Program Files (x86)\NCH Software\ExpressAnimate\expressanimate.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\MusNotification.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\MusNotification.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
N/A N/A C:\Users\Admin\Downloads\Let's Compress.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\NCH Software\ExpressAnimate\expressanimate.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4004 wrote to memory of 4704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 4704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 1696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 1696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4004 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\svtrnTsSnw.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffe813e46f8,0x7ffe813e4708,0x7ffe813e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff63d415460,0x7ff63d415470,0x7ff63d415480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6820 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8172 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1

C:\Windows\system32\MusNotification.exe

"C:\Windows\system32\MusNotification.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1

C:\Users\Admin\Downloads\Let's Compress.exe

"C:\Users\Admin\Downloads\Let's Compress.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A2680B03355128A569F875F25B35C12C C

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSIC749.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240699203 350 RequestSender!RequestSender.CustomActions.Start

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSID6D0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240703203 739 RequestSender!RequestSender.CustomActions.NextWelcome

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSIDC8E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240704656 840 RequestSender!RequestSender.CustomActions.NextEula

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSIE142.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240705875 943 RequestSender!RequestSender.CustomActions.NextInstalFolder

C:\Users\Admin\Downloads\Let's Compress.exe

"C:\Users\Admin\Downloads\Let's Compress.exe" /i "C:\Users\Admin\AppData\Roaming\Let's Compress\Let's Compress 1.4.0.0\install\8E6A718\Let's Compress.msi" AI_EUIMSI=1 APPDIR="C:\Users\Admin\AppData\Roaming\Let's Compress" SECONDSEQUENCE="1" CLIENTPROCESSID="3160" CHAINERUIPROCESSID="3160Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="MainFeature" ACTIVE_WINDOW_NAME="ready_installation" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_SETUPEXEPATH="C:\Users\Admin\Downloads\Let's Compress.exe" SETUPEXEDIR="C:\Users\Admin\Downloads\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1736591845 " AI_INSTALL="1" TARGETDIR="C:\" AI_SETUPEXEPATH_ORIGINAL="C:\Users\Admin\Downloads\Let's Compress.exe"

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSIE4AE.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240706843 1038 RequestSender!RequestSender.CustomActions.NextReadyInstallation

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding DC115A58BB9760CDC5CF618D6E4046CF

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss73E.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi73A.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr73B.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr73C.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI1AAD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240720562 2045 RequestSender!RequestSender.CustomActions.Finish

C:\Users\Admin\AppData\Roaming\Let's Compress\lets_compress.exe

"C:\Users\Admin\AppData\Roaming\Let's Compress\lets_compress.exe"

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSI3DBD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240729531 1853 RequestSender!RequestSender.CustomActions.FinishInstall

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7684 /prefetch:2

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss3E1D.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi3E19.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr3E1A.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr3E1B.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."

C:\Users\Admin\AppData\Roaming\Let's Compress\upd.exe

"C:\Users\Admin\AppData\Roaming\Let's Compress\upd.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -encodedCommand "JABtAGEAYwBoAGkAbgBlAEcAdQBpAGQAIAA9ACAAJAAoAEcAZQB0AC0AQwBpAG0ASQBuAHMAdABhAG4AYwBlACAALQBDAGwAYQBzAHMAIABXAGkAbgAzADIAXwBDAG8AbQBwAHUAdABlAHIAUwB5AHMAdABlAG0AUAByAG8AZAB1AGMAdAApAC4AVQBVAEkARAAKACQAaABhAHMAaABBAGwAZwBvAHIAaQB0AGgAbQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAaABhAHMAaABCAHkAdABlAHMAIAA9ACAAJABoAGEAcwBoAEEAbABnAG8AcgBpAHQAaABtAC4AQwBvAG0AcAB1AHQAZQBIAGEAcwBoACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AEIAeQB0AGUAcwAoACQAbQBhAGMAaABpAG4AZQBHAHUAaQBkACkAKQAKACQAdAByAHUAbgBjAGEAdABlAGQASABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABoAGEAcwBoAEIAeQB0AGUAcwApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAKACQAcwBoAG8AcgB0AFYAYQBsAHUAZQAgAD0AIAAkAHQAcgB1AG4AYwBhAHQAZQBkAEgAYQBzAGgALgBUAG8ATABvAHcAZQByACgAKQAKACQAYwBsAGkAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7AAoAJAB1AHMAcgBBAGcAZQBuAHQAIAA9ACAAIgBsAGUAdABzAGMAbwBtAHAAcgBlAHMAcwAvADEALgA0AC4AMAAuADAALwAiACsAIAAkAHMAaABvAHIAdABWAGEAbAB1AGUACgAkAGMAbABpAC4ASABlAGEAZABlAHIAcwBbACcAVQBzAGUAcgAtAEEAZwBlAG4AdAAnAF0AIAA9ACAAJAB1AHMAcgBBAGcAZQBuAHQAOwAKACQAYwBsAGkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcABzADoALwAvAGUALgBsAGUAdABzAGMAbwBtAHAAcgBlAHMAcwAuAG8AbgBsAGkAbgBlAC8AdQBwAGQAYQB0AGUALgB0AHgAdAAnACwAJwBDADoAXABVAHMAZQByAHMAXABBAGQAbQBpAG4AXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAFwAdQBwAGQAYQB0AGUAcgBJAG4AZgBvAC4AdAB4AHQAJwApAAoA

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7708 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x304 0x4d0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6592 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Users\Admin\Downloads\eanimatesetup.exe

"C:\Users\Admin\Downloads\eanimatesetup.exe"

C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe

"C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe" -installer "C:\Users\Admin\Downloads\eanimatesetup.exe" -instdata "C:\Users\Admin\AppData\Local\Temp\n1s\nchdata.dat"

C:\Program Files (x86)\NCH Software\ExpressAnimate\expressanimate.exe

"C:\Program Files (x86)\NCH Software\ExpressAnimate\expressanimate.exe"

C:\Program Files (x86)\NCH Software\ExpressAnimate\expressanimate.exe

"C:\Program Files (x86)\NCH Software\ExpressAnimate\expressanimate.exe" -installsched

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6160500557330762718,2822043171601768638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8904 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 2.16.153.206:443 www.bing.com tcp
US 8.8.8.8:53 206.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 2.16.153.224:443 r.bing.com tcp
GB 2.16.153.224:443 r.bing.com tcp
GB 2.16.153.224:443 r.bing.com tcp
GB 2.16.153.224:443 r.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.23:443 login.microsoftonline.com tcp
US 8.8.8.8:53 224.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
GB 216.58.212.206:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 142.251.173.84:443 accounts.google.com tcp
BE 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 x.urs.microsoft.com udp
GB 51.140.242.104:443 x.urs.microsoft.com tcp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 22.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 rr3---sn-hgn7rnls.googlevideo.com udp
FR 173.194.18.8:443 rr3---sn-hgn7rnls.googlevideo.com tcp
FR 173.194.18.8:443 rr3---sn-hgn7rnls.googlevideo.com tcp
FR 173.194.18.8:443 rr3---sn-hgn7rnls.googlevideo.com tcp
FR 173.194.18.8:443 rr3---sn-hgn7rnls.googlevideo.com tcp
FR 173.194.18.8:443 rr3---sn-hgn7rnls.googlevideo.com tcp
FR 173.194.18.8:443 rr3---sn-hgn7rnls.googlevideo.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.18.194.173.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 download.cnet.com udp
US 151.101.193.91:443 download.cnet.com tcp
US 151.101.193.91:443 download.cnet.com tcp
US 8.8.8.8:53 www.cnet.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 151.101.193.91:443 www.cnet.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 assets.dwncdn.net udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 151.101.1.91:443 assets.dwncdn.net tcp
FR 18.245.202.34:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 images.dwncdn.net udp
US 151.101.65.91:443 images.dwncdn.net tcp
US 151.101.65.91:443 images.dwncdn.net tcp
FR 18.245.202.34:443 c.amazon-adsystem.com tcp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 151.101.65.91:443 images.dwncdn.net tcp
US 151.101.65.91:443 images.dwncdn.net tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 142.250.200.46:443 syndicatedsearch.goog tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.127:80 crt.rootg2.amazontrust.com tcp
US 151.101.65.91:443 images.dwncdn.net udp
US 151.101.65.91:443 images.dwncdn.net udp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 91.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 34.202.245.18.in-addr.arpa udp
US 8.8.8.8:53 91.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 72.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 42.87.18.104.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 127.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 51.201.222.52.in-addr.arpa udp
US 151.101.65.91:443 images.dwncdn.net udp
US 8.8.8.8:53 btloader.com udp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
DE 157.90.33.68:443 push-sdk.com tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 bt.dns-finder.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.21.96.1:443 bt.dns-finder.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 youtube.com udp
GB 216.58.213.14:443 youtube.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 172.67.74.232:443 cdn.btmessage.com tcp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 68.33.90.157.in-addr.arpa udp
US 8.8.8.8:53 1.96.21.104.in-addr.arpa udp
US 8.8.8.8:53 198.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 api.btmessage.com udp
US 8.8.8.8:53 uidsync.net udp
DE 157.90.33.68:443 uidsync.net tcp
DE 157.90.33.68:443 uidsync.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 172.67.74.232:443 api.btmessage.com tcp
US 8.8.8.8:53 232.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 8338f57d97efff9029805707bdaf4222.safeframe.googlesyndication.com udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 172.217.169.1:443 8338f57d97efff9029805707bdaf4222.safeframe.googlesyndication.com tcp
GB 142.250.200.2:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 216.58.201.97:443 ep2.adtrafficquality.google tcp
GB 216.58.201.97:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 1.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
GB 142.250.200.2:443 ep1.adtrafficquality.google udp
US 104.21.96.1:443 bt.dns-finder.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 2fe2be0bf8323396581ad97ba9039c08.safeframe.googlesyndication.com udp
GB 142.250.200.2:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
DE 157.90.33.68:443 uidsync.net tcp
US 8.8.8.8:53 b1d82f9bd832921fc62580d3d3752335.safeframe.googlesyndication.com udp
US 8.8.8.8:53 di-images.sftcdn.net udp
US 151.101.65.91:443 di-images.sftcdn.net tcp
US 151.101.65.91:443 di-images.sftcdn.net tcp
DE 157.90.33.68:443 uidsync.net tcp
DE 157.90.33.68:443 uidsync.net tcp
GB 142.250.180.1:443 tpc.googlesyndication.com udp
US 151.101.65.91:443 di-images.sftcdn.net udp
US 8.8.8.8:53 download.letscompress.online udp
GB 143.244.38.136:443 download.letscompress.online tcp
GB 143.244.38.136:443 download.letscompress.online tcp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 133.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 20.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 8f4ccaec9e633d26c2565846aba8f970.safeframe.googlesyndication.com udp
US 8.8.8.8:53 www.adobe.com udp
GB 104.91.71.70:80 www.adobe.com tcp
GB 104.91.71.70:443 www.adobe.com tcp
GB 104.91.71.70:443 www.adobe.com tcp
US 8.8.8.8:53 70.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 adobeid-na1.services.adobe.com udp
US 104.18.32.195:443 adobeid-na1.services.adobe.com tcp
US 8.8.8.8:53 geo2.adobe.com udp
NZ 23.222.88.205:443 geo2.adobe.com tcp
US 104.18.32.195:443 adobeid-na1.services.adobe.com tcp
US 8.8.8.8:53 195.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 205.88.222.23.in-addr.arpa udp
US 8.8.8.8:53 prod.adobeccstatic.com udp
FR 3.165.113.58:443 prod.adobeccstatic.com tcp
FR 3.165.113.58:443 prod.adobeccstatic.com tcp
FR 3.165.113.58:443 prod.adobeccstatic.com tcp
US 8.8.8.8:53 use.typekit.net udp
GB 104.91.71.78:443 use.typekit.net tcp
US 8.8.8.8:53 p.typekit.net udp
GB 104.91.71.95:443 p.typekit.net tcp
US 8.8.8.8:53 58.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 78.71.91.104.in-addr.arpa udp
GB 104.91.71.78:443 use.typekit.net tcp
US 8.8.8.8:53 95.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 gettintopc.org udp
US 157.173.209.220:443 gettintopc.org tcp
US 157.173.209.220:443 gettintopc.org tcp
US 8.8.8.8:53 stats.wp.com udp
US 157.173.209.220:443 gettintopc.org udp
US 192.0.76.3:443 stats.wp.com tcp
US 8.8.8.8:53 220.209.173.157.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 pixel.wp.com udp
NZ 23.222.88.205:443 geo2.adobe.com tcp
US 8.8.8.8:53 sstats.adobe.com udp
IE 66.235.152.156:443 sstats.adobe.com tcp
IE 66.235.152.156:443 sstats.adobe.com tcp
US 8.8.8.8:53 156.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 e.letscompress.online udp
GB 143.244.38.136:443 e.letscompress.online tcp
GB 143.244.38.136:443 e.letscompress.online tcp
GB 143.244.38.136:443 e.letscompress.online tcp
GB 143.244.38.136:443 e.letscompress.online tcp
GB 143.244.38.136:443 e.letscompress.online tcp
US 8.8.8.8:53 compressing-lets-1.com udp
GB 79.127.237.132:443 compressing-lets-1.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 104.91.71.90:80 r11.o.lencr.org tcp
US 8.8.8.8:53 132.237.127.79.in-addr.arpa udp
US 8.8.8.8:53 40.13.222.173.in-addr.arpa udp
US 8.8.8.8:53 90.71.91.104.in-addr.arpa udp
GB 143.244.38.136:443 e.letscompress.online tcp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 13.87.96.169:443 checkappexec.microsoft.com tcp
GB 143.244.38.136:443 e.letscompress.online tcp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
GB 143.244.38.136:443 e.letscompress.online tcp
US 157.173.209.220:443 gettintopc.org udp
US 8.8.8.8:53 www.recaptcha.net udp
GB 142.250.178.3:443 www.recaptcha.net tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
GB 142.250.178.3:443 www.recaptcha.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 192.0.76.3:443 pixel.wp.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
GB 2.16.153.206:443 r.bing.com tcp
US 8.8.8.8:53 tse2.mm.bing.net udp
US 8.8.8.8:53 tse4.mm.bing.net udp
US 8.8.8.8:53 tse3.mm.bing.net udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com udp
GB 142.250.180.22:443 i.ytimg.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
IE 20.190.159.23:443 login.microsoftonline.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
GB 142.250.187.230:443 static.doubleclick.net tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 172.217.16.225:443 yt3.ggpht.com tcp
US 8.8.8.8:53 230.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com udp
US 8.8.8.8:53 rr4---sn-4g5edndy.googlevideo.com udp
DE 173.194.1.9:443 rr4---sn-4g5edndy.googlevideo.com tcp
DE 173.194.1.9:443 rr4---sn-4g5edndy.googlevideo.com tcp
BE 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 x.urs.microsoft.com udp
GB 172.165.61.93:443 x.urs.microsoft.com tcp
US 8.8.8.8:53 9.1.194.173.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-q4fl6n6s.googlevideo.com udp
US 74.125.3.106:443 rr5---sn-q4fl6n6s.googlevideo.com udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 106.3.125.74.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com udp
GB 172.217.16.225:443 yt3.ggpht.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.200.46:443 consent.youtube.com tcp
US 8.8.8.8:53 rr5---sn-4g5lznls.googlevideo.com udp
DE 74.125.11.10:443 rr5---sn-4g5lznls.googlevideo.com udp
GB 142.250.187.230:443 static.doubleclick.net udp
US 8.8.8.8:53 10.11.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr2---sn-5hnednsz.googlevideo.com udp
NL 74.125.8.231:443 rr2---sn-5hnednsz.googlevideo.com udp
US 8.8.8.8:53 231.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 i9.ytimg.com udp
GB 172.217.169.14:443 i9.ytimg.com tcp
GB 216.58.213.14:443 www.youtube.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 172.64.155.119:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 2.16.153.224:443 th.bing.com tcp
US 8.8.8.8:53 fpt.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 x.urs.microsoft.com udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 x.urs.microsoft.com tcp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 157.173.209.220:443 gettintopc.org udp
US 192.0.76.3:443 pixel.wp.com tcp
US 8.8.8.8:53 www.nchsoftware.com udp
US 198.84.119.122:443 www.nchsoftware.com tcp
US 198.84.119.122:443 www.nchsoftware.com tcp
US 198.84.119.122:443 www.nchsoftware.com tcp
US 8.8.8.8:53 122.119.84.198.in-addr.arpa udp
US 8.8.8.8:53 www.nch.com.au udp
US 23.235.214.26:443 www.nch.com.au tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
GB 172.217.169.3:443 www.google.co.uk tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 26.214.235.23.in-addr.arpa udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 13.107.21.237:443 c.bing.com tcp
US 8.8.8.8:53 secure.nch.com.au udp
US 173.247.253.164:443 secure.nch.com.au tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 164.253.247.173.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 197.249.227.4.in-addr.arpa udp
US 23.235.214.26:443 www.nch.com.au tcp
US 23.235.214.26:443 www.nch.com.au tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav.smartscreen.microsoft.com tcp
US 173.247.253.164:443 secure.nch.com.au tcp
US 173.247.253.164:443 secure.nch.com.au tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 198.84.119.122:443 www.nchsoftware.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 198.84.119.122:443 www.nchsoftware.com tcp
US 198.84.119.122:443 www.nchsoftware.com tcp
US 198.84.119.122:443 www.nchsoftware.com tcp
US 8.8.8.8:53 apis.google.com udp
DE 157.240.210.35:443 www.facebook.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.178.14:443 apis.google.com udp
GB 142.250.180.14:443 www.youtube.com udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 13.87.96.169:443 nav.smartscreen.microsoft.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
BE 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 35.210.240.157.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 4.227.249.197:443 u.clarity.ms tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 63af7b2048710d6f167f35d94632a257
SHA1 812c8f140a72114add2f38cab52fd149ad8bdcfb
SHA256 15aafcc88226b6178e02a93858555ca48fb205ae317815ce31aa547555329046
SHA512 0519b7dcbce66aecefbd2aaea6120c0da213d8bb3e00a7599bf2e390bee3f643baf952cc553766f8c2779fe9fa303570a56a8c846c11e2fcf9c2075c1e41ccc4

\??\pipe\LOCAL\crashpad_4004_XEYCFRCXQEVJXVXD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 17ce65d3b0632bb31c4021f255a373da
SHA1 a3e2a27a37e5c7aeeeb5d0d9d16ac8fa042d75da
SHA256 e7b5e89ba9616d4bac0ac851d64a5b8ea5952c9809f186fab5ce6a6606bce10a
SHA512 1915d9d337fef7073916a9a4853dc2cb239427386ce596afff8ab75d7e4c8b80f5132c05ebd3143176974dbeb0ded17313797274bc5868310c2d782aac5e965f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 88406c8274e996d9051e1339e32d83d7
SHA1 937b2a993ca81e8b2d67ab222e211356f3665767
SHA256 d9d1536a9febc957278b06c928c94d62fd2561e72e255e8c38de54d1c1f11b3c
SHA512 6d2c2d6e1bfa3577c6a5f6394845019f7b182da9c4e1f264aafc8580aab55764f1901356d2aa738a0014a7985153418e590eeba63e0203260652258a39be1871

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 b8d5a6329bbc5edf31844f6bfa4ae972
SHA1 1014d91ea7a8867459e7014a725794728d75793d
SHA256 2d90e12869f60c869911a3030ea58211b6b0da7c53d396769f4b3dea0c406309
SHA512 d6b4a08d7188e48b3ec2dbaa78f1ccc23334f43266602c677ba5c52d54554ad02e5ffc32e852de47291e3f1291dfc34db62d4a1eb5f631aad0a0340d30e5f7ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 f295b5bd9fc7c7657031066ee25c8256
SHA1 63af2f10ca95f1651928f7d6c23ffcfd021e00bd
SHA256 12104568b24084b4a328a8607eff0425abc6f342b7ad236372925a00af6c47bd
SHA512 13dab1bd6cfe9753383db94d9a368849b569b3cc30e500bbadf53b2cb6f24df5536661b26ddea421ee53b6b8c7f1f9c942243cbbf2511cd2d8feff9ea9175bfb

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 4b6f169cd48e684a13f4062f7497d245
SHA1 278629aea29c3ab06dfb94334a2f8522ecbc21cf
SHA256 1f3d7e67802881a3f0191cfb37ff55629c7b3b56b3e42b3d352c53d052be32a7
SHA512 bc0d1bc067ff9c198cda19f5feb0806c222123d038d25dbc4940ac2985ff9c4c15ee7d9a183a36a979a93d54a676ab84ee383c30e6eec53b1817650d12c28810

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8ff1055e43a5f5945ad2971ebb934a22
SHA1 a1cc18479a2894d26a36d07be9b89e032318b31b
SHA256 f6320ee97c5eb301cf072594751dff10d694bdd7e48c8b032a752835ff87a870
SHA512 dad84df9b2744a79e6ae8d3f08fda06e341cdf5394389ea7a7d553fb8f3ec3f808af86c265bce6457b06b2471d73a718ad4fe6345de0cbd27c9791c2c09ebba6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 da8cddccb99a5eee8e189969e5edf8ce
SHA1 6afe2aa531273be3cd01ddb7171a358de5ab4b9d
SHA256 70ca929ebdbea1ed9931923edccf787f02c49d485ff66edf6d38aeff2c9fdf33
SHA512 40c584460ddfd55d73e0ef1529afa25de5c1f2693d3327ed64639fdc55f69a177322d3ecb666a0da675dbf96e80f03886dc20c75846ad9cf3a24986accff827d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 8ade2f3a82060e6d5b1e97b275213d86
SHA1 a13c13d850addf7c1c1d58c583255f77b40b7834
SHA256 fc73beb5ec396531d7267cd4980e720590ae4c7c34b6bc63bcceef59730d324d
SHA512 51d989a44462ffea680e4bd9b20c46705793236712d11f0400e12caaac3512d662a41b4b49e7e309c8e752dc7738eda080451b74736c6428541196dd7bb8ca98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 35f759b0d5f048a4a3769136bb201925
SHA1 acdc0d020897c174708828f20a06fb4b0c6b2914
SHA256 a7d5c0ab9faaae2912f7e665191887d8aa2ae451ca5821d16cb8601ef253af42
SHA512 57581a43f452e53d04563b6f91771fdc066a74cf0c7b794ac87290843481bf5671d29873a73efcdc0c3021edf8bbea7c6173ccb52c0563a0c1e6c461a0eafdda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9a3aeb294d8ff07fba9c3332d8a66483
SHA1 ee4ad040c70dd11dc1c5ba066aeca4eba608330b
SHA256 7350fd04d85a3a2d0c1d8a698eca6219250dd9f69883a8f394cfb3ae06199e90
SHA512 f6e0f6f0e3f4181f5e11a8079489601ce4b0ad1254c0ea26d1cc9130beb64ad01c1b6c111a004df184a7f6b2b1f83e1725352acae041807eea02701861a2fc3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2bd903f3d4a888e2af2097bc4af4ead2
SHA1 0e41ae409acf60512185b14856719a7813ff83cb
SHA256 47d5fe0fba314264e3ac32e7e8319cec29910e30e79732a14d835b9fd354f4c9
SHA512 e7b760b2af32eede18a8a79be4c21d5cd35e989173752ef059e88e6192edf2fde0bdb6a64d6dd6db67d9355acf8f81da5ef35a429d89cfd2a7aaf9406f70f64c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 c813a1b87f1651d642cdcad5fca7a7d8
SHA1 0e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256 df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512 af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA1 6dd8803e59949c985d6a9df2f26c833041a5178c
SHA256 af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512 b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 69df804d05f8b29a88278b7d582dd279
SHA1 d9560905612cf656d5dd0e741172fb4cd9c60688
SHA256 b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608
SHA512 0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 226541550a51911c375216f718493f65
SHA1 f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256 caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA512 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d6950afbe94d154e47a0a7759a5e5846
SHA1 50424d9ce5ebb439a9f17f77ec33b207f85f9474
SHA256 5cba2b1fbf969e93ecc6bd41c11b24109e28617fbe17a2371beb72e6653e9943
SHA512 ac5ce13f4979d0dd114d7d7c7a405c42d9e2b9d2197cd143b1e35590d68dcc29225bdae172c7417ebc8959cd3aa7179705632fee80d917499364036683ba7c7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_download.cnet.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c53fd27e2564e30efb23a8df9b20de1b
SHA1 c42671f24a5414ce9ce1cf42122240fd5d44b5a2
SHA256 b9a76ce092f5c0e863d755fed8a52e887294943547564e54e63c800cf9081fca
SHA512 e2291652416c65c8d41f2f501fa8be2df39b1b7ac3f7d61fe0c99208f8bd164e89269c0ff436a8925fd605df188a7706ce19c6c1ed56bcae62e1eb1267b4d48e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e04e.TMP

MD5 b1b9a0cf83345ee1bc27d8ef15b99acd
SHA1 805faa3ff9e46a17db617a4b309af8f596564799
SHA256 116effe5570246a70950c56d23f78b74ded40c34006262fa8fd7896ed2233751
SHA512 adb834ffbadb94481497fcdd3206ae752313ef3ea61cf4d7850aeaf13f21cf901e0b511381c4ccd8ed77b809e71c0600e628e7887026f2a7d2af669aa971760c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b99de0995db9c151d631ec9d55645ce0
SHA1 ccb3e98e22bf87a24a7d28b2cd1b68ae24657756
SHA256 2a1c78fe7e9063a50c6095cd61d26b91cfeffdc083a379055e89ab7701653641
SHA512 2aed9297d7fba6c01b47a7af6a2031a0e5e6599cc2742aa8e063ad2e0c3a52720847255eaa83b05e60f7eff47fa39e9c1a2d3b49a96e4a50d3d17960fa2f4bd1

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f443.TMP

MD5 c4b6415ea004cf85a7c9d10d45f3d015
SHA1 8602c2cb55cb32a4309eed5bb6db4e16e1b887dc
SHA256 afe5444c2575728c619a55c5163dc809b37116c2aa2228af65c8a40b8fef439c
SHA512 6bb7a27d23d4b842ae396ff7308e12cf65e59512009bae974f8839026fd765c9f0864ba9c66ab351c087a04deae40a33a83fabd3fc5f630b77d9b4ee2aa70656

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 8a440a477e08d4467a44fc24853de1e8
SHA1 1b15b5df1b31af688a36286f0b164a4858bd17c5
SHA256 d2d60ef76e8d313fcaf327836460cc163a3fa484128e5dfa5bf898400c19a248
SHA512 c349593224e208b1b7dd9de02189e4a9eb572e82a4da286b079d55daa21623744f02ca7c22ea687c8930ba47a82e0ab37984ec1655ada6c06f2d6ef012f14955

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6fa98ea6-a9a9-4c34-9f2f-6dd76ef7393c\index-dir\the-real-index

MD5 a02115c8bad7a19161da00185dc9e9c4
SHA1 de398f636baab4a34e5f2f07541477a719aefdcc
SHA256 69100131c2683672b05d1725cb4b965ef0492fd9ead4c07814a4a2e45ed8adcf
SHA512 f40bb14cc4c612637877c181055a5a02428ad20b125f7623459f8a20be7ae7285fb11d7636e4652a3514e8faa36d92ff6244efb246492a8bfd1b9e6e3f6f7c4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6fa98ea6-a9a9-4c34-9f2f-6dd76ef7393c\index-dir\the-real-index~RFe57fc42.TMP

MD5 c7834c73ea2e8359a59a9ed63c7742c5
SHA1 4acca53aa4accf60ec2c6ee6161dd7e02e1c959c
SHA256 67b2e37dfe3784118076fa88df2125d24b71ee57fe8c6c93638decac5df87cfd
SHA512 09c20c17949cccf07a9d760bb04af63c751a1f9179e9630295dedb626e1db61f440b5afa65756d6288f89d4668f216df9fc162a46d0c59d995c4ebe38cfa16ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9470a6179abd96f78eeb95d1452f5d29
SHA1 624b5beafa1e569550c24c721eabd3e159e03fba
SHA256 5a475d31351ec718be59b42dea4f467b02bd44439d7274731580bda9915a95f8
SHA512 dfc72c4e0394454984445b31e451150b38130c0bc3287e2c2d41deb0551c136324d123e6978fa1e2cb3366254de33e60da3dc947c0011e27dd86db2747c26312

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8f4818d6715c78a34d7d775a9a6cea9a
SHA1 9a7afc8415c73185aa54056fff17470bd313df76
SHA256 7c555ede5c7c9e843f6c9cfc82d84373c449075b74a37c05a7e82c72b81ab68a
SHA512 0b9d27cc7c118fd867f5bc40cd204d85bbd092de0e17bd94a10871599169d746d4286fde7ef1930235bde1d22485ce429a5620be69771b68002ec10f05f25352

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0ef54ba21223cbcfb9f10cde813007f8
SHA1 4241ad403cefcc82e9ff6324961f81074d6049f2
SHA256 001b2be49e581d943404ed04907abb7a91b49033be3a647766c700e83f4e6d08
SHA512 bd2b3fa6877dde0047dbcc28e755290920844606093eee1ab5cc8ba4123b013ee133c1f4ef9de9c07dca1e3ed3ce7d0675a7c16ad4d3414a1210ecbbb8ea78b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 f22fc5850a05b8c3f3ea1d2e07ee52d4
SHA1 1ab1d80e508cdf5214763eaefdad3adf073ab807
SHA256 d032e15310379a5158a61aff62c4fc612b9ff1f58138b53c9a9f7ae458ca4ce5
SHA512 2716ec34bc9c42908b69db863f7e81321d7edcb839adb4f46635bef75166c6bdf639df8c241b34508e822020b520e6ee100fc7c4acf6e031d200b06b97a5cb03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 82a9a8892ca7f865fab20c713efa4f81
SHA1 0fa6f12ad3bfc1eb203d064eec2f945576ac78da
SHA256 87bc09728215ebfac50618c1f999236f335d1f21ba7bcdc71a37002706041c4e
SHA512 9ec769ce20b0edee767d96998a4cc33feb34258e295a7d363ada24c34dfcbde372849a74f6dba77b0dce7a28a65ceb3e60e83cd42254278a04b276fa140ddfe1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 ce6e42de934047985492749eea637cea
SHA1 890186919e400742a355749b3c24d5c44985afa0
SHA256 d2483a6071a0d31238c93dafa6e506f6cb96003121d019593cab4697e197cdf6
SHA512 ba15f55c7921e64a960f3bb0e840872bcac2d12b3f884f6494c232b42f96f1e4c80fdb88f26245a34a35b322bc0213db9106cb1c597273922077bfab29bcd435

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 9db6b78b48ee9dc8b83edc709cc333d9
SHA1 b81ffa0c29d42fe81eaebe42f7f720df4e37840e
SHA256 dff8ab15e64f1401d86d4a8df6296a3b2311851a6c60a9ca4f9ce9be31c4b543
SHA512 77b20b01aac72a5fea6a47e8e4d49210fcc67eae36470ed325f85ec4b759255b0344d9e3806e67c62c440422c931920780f6b0cad51f220d2f070876d21e65bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 59653510a5d262338db1a4726667e7ee
SHA1 2c4dee972b9b422c19d69ef29714212ca02ab28a
SHA256 8517dd91e7cd2c30a32ffdb8fd679480dcf2d1d503c7f666c81134e347498226
SHA512 9d6f366895db760e12867322816a6d832150edfddf488e955d190dc1001d1db70a6b5d6093809d5add4e7ed08dac441427b2758d5b03c4133b8b790225754dd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 4740cb5b659840fbf87affd2a9df5eb7
SHA1 2e436a50af9c65259d7b86fd57d1d52405d155e1
SHA256 3e0ad051cddba2e73aaa2ee16fad6df507f23bca77c7875475a8093384ece391
SHA512 4157d5cd90102ce4771abe4c66d89e571a0e65d970e42d7b17fe39a02622d2adaf84dc32cd7ccf39000a040c9d4f495fee71ee039ce40a60e67375f2d55a9f37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 6c5ab03dadee8c1ba1335b5b12d0e79d
SHA1 125f31a6d8800e62e307f7a21fce850bdbf7cdd2
SHA256 050c1e160cd81f5eb139511dc5de1ee79a6ea2d76254c22750b82f85bac901c1
SHA512 98713c3320cc04caaaf77366cb58215021dc66ca6dc3137cb2f3bf50457854a5ab82dc61e804fbb307152a15d4879ae65cebfacc9672aafbf377f163689cf243

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 f1f1776d0040b6c4d5e12726d53abeac
SHA1 c8f339d7b2b7ea8a9002db487e10af98476d13fc
SHA256 e6626ddbdddbb7f232d38425883aab257fc6f9892965e915b2dc725d24d42a11
SHA512 0b432aeb90637425c67895dbb3c98e40ba48440059a6c90bf0eb7e0407b2fef42d50cb68d1022cfcb1228eb464bfb19d56a7cfd7ea970d918b8a9c45aed6f548

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 9c00d76c5517ca4639c8bd32ea44069d
SHA1 9885b58ca0fd6a143901673cca6239baaad03ebf
SHA256 363f3854758febf2884c15240a60765adf7bf715efda7cd0a3185b0508b67b7d
SHA512 75b477b63fb07f4f443c84311937122a035df4e67e56211e51e9b7db07dbfc64f25e3496b5fb12dd9f22fcf5e71d78691cd2cadb1a7b211cf82ea1ddc230ab64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 f52e4a118c318f5025e5c073aba242b0
SHA1 0b4fb1fbc5f0f62fd5ae56145069daee274d3c21
SHA256 46f5f73343579025c44b7d5a5b014164934f858c4a5bd1a5eb9e6c3e2092cdbf
SHA512 251c7888ae24a920b6c11421856258fc7651af8593dce4cb9a4cad0a80dda3a19e197572b3b89b0f2de7b2e9ea313dd9d95fb36010f04014f7288b36193a9b3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 c9211c6446ce9ad563a0e832bfc6588c
SHA1 289ff5de5db423fc0f36c9c505ef3d39ad3b35ae
SHA256 2799495e918d70d91b1bc983a247a0434635abb3880bf46fd215ab14665ed523
SHA512 c09814273c0931c09c2a20bdf653ccb50a2a9e09c3ff9044030cc123297c662c3ca4474a7674401892d185f9e83f89845914e4913e6878f7c9ef2a939d7afad6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 b46d16cd0883047fbce1f552e41823da
SHA1 33819b1da09607ea43fe739dbe81be5b56c041c5
SHA256 b99992c2952effcdfbfd330ede13f0361440f528ee21e93d3b9788fbe641e614
SHA512 a4f016ce44dd14fb0af214a052b95d8e67570acd816b7e730cf2acb834cccad5502276a447ba02629b9be10748383b5594c61f73e039291fcdae5241a40b6ce3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 f8d2f086316029882e3fa56b7a47f4a1
SHA1 3ccc2f9902e70137029ba85c10838b002b9661b3
SHA256 ddefcc64c47ddfb7eab728d717b62fca3a6498d74357c4298d4976477fc7f4a8
SHA512 1d6b74b56af059724a81f6e1226a109b73facf8b8107d4d42d1ad46db14f277ce7cb47cc907702a6fbe85eff92df693cc1f01332992fccac8d5a114d6e8bd22f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 6bbcc2dda89865b11be73371361ab954
SHA1 65d4093813230f3f8113a6bbb6eb0571bcbe1adc
SHA256 77bd239cd0a784f96cbc0fd8ac8a469c66e2b4d97c92538d37b32dd2f71ae8ec
SHA512 e8705cd1939f881431a35ad7138c0ed74b7a1563d497ceba5990c76e6bdc585fdd7696c197d95ad5934721defc10d34ace8fefd8ed820da36bb5640291b9e3b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 c71cf92103783b21f78dc899c08c1910
SHA1 47a48bf7452eecd9f22f1c4ba79fe8def6a446a5
SHA256 8ecbd49ee92bf16ca7d6578efe69b6f166e4fd7c5050306298d61348e7e5d3ed
SHA512 1eab36037895ebebd56f734b769a8da160b432d5d824b50da788240f6240aac203d71793e11936e5ecdfdbc094dc141201df498f219171a3482d9435c5a477e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 aaba52b707a392f8f6772cdb32637f5e
SHA1 4a7ee36e467b2a8afb2c15a56f0a1890e9c81d5e
SHA256 d9e2a530fab681b6cfc0e7642d7be341e10f7b457c71a174501846d8d9674837
SHA512 d511e83ff363e19c4a54a1ad643d03ca4ec60ff91fcc309bc02cc4f60d14940997378206ec5635c23e9969b221231a6fb2253473d845cf259881feb720a36519

C:\Users\Admin\Downloads\Unconfirmed 275663.crdownload

MD5 d629d8c47d85ac364508e10d8d8cd61b
SHA1 18c10e70191203a2eb64c32dd07fe58c7a85706f
SHA256 9b8393d44372463610cd0ca50ce77e50198caca8e4580f06cb5a7ae84d9b3a33
SHA512 89573f5f957e8de7b623861ff6e3a04f75821cfc2535fca6c32e64900fa4b539c6caaf21fa637f834ffa3ec7650918062de3fcd82849b642d07c822c6a0a3da9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7518c7a5825fa75bd8cd61fddc02ce61
SHA1 a0f6aaddcf3b68994611b041414610bedab41525
SHA256 a79e03c892df502150d8143a17bf51ebe88dda96832847e1743d8e817c92d33e
SHA512 3ee2e7ef03201d0e21806b8289f6a45b9cd905046aa20b8f2cbb3d81c48bc63accd1703a34580af154912cd0a50919399ee25d11993a05d23fec962659ec7636

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 56f13e3a04a6f6a5a04edc76403d6259
SHA1 fade434cc6e4d66b5a43afb1a5534c1a360b077d
SHA256 7b5514cd444055f970c0d1ae4fbd2a2607efc5d0a671db1917f199178d41dc92
SHA512 e25d6c7dcb1913a2455dca4d275f7a728488ea349cb439cd8dfb2606c38dfae2b69fbd9b777f4f3c636e757e3b2e8ad1cc55cf46274b750549cb061519e8f6a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 808f8739df1f08c6e1d264e6624549c7
SHA1 c1d02d4d9e82efe5ca1fd37a695cb084c26e23ee
SHA256 1418a8d67829cc43151e668ecf4f1a341b89c5d32a0c21a25d2f711be5c54c1b
SHA512 4603c8256cb03056a59fc6f49244bdd85d806ce0871cd3f322a4c811d17a1e3c91d1f661d30b17fb84bbe38b31f4ee0dcd918d243abf3f1801e6b59888f2d192

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c90cfbf21fcd726ae245190b67a6e831
SHA1 87dccc2628ddfcc51ab8bac5ce4dc8914183c61d
SHA256 631bd86a00261e8b39b703527c64c0bd9d435386f35be06a39e25f56d36bd9ef
SHA512 1b44f692bdf7544e5c2ea5f8e15f509d786a6f2a21a0dd4dbedddc4a1911542130c89bc661548d92133cea4a4ed824d6e887177caede23aafbb4c72ef6247347

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 437cbe544bc2270813e78330fad11d28
SHA1 eaa3cedf698c6684802d715b8756e06749495a2f
SHA256 741f0d3d1ea4a70cf58f84918fecc90d0c16eada985d5011df3f2de52e16c2dc
SHA512 f4fb087eb924a07d3ce9780de0a8384a0a1f84de83cbc90308c925ac77eae9cda641844ac2b0ba73d422f669d796265d5bc1d16bc642e2e86cfe5d79b5a648a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5898b1.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fa5b12c5ce5a004ee3b5699e93960e55
SHA1 4f87d5e5db2537dbeef1a1917a43ae7b7227a255
SHA256 70ce265e6e34a2cfdb8361bdd11a3f71115a2965f0a7d7dce7c798c07138f34a
SHA512 c6ee09c47bff7e25c59258143a7f4606a62c28710ad78202d65519e75dc3fa17369e7192d31db1ac8085deb66e37edd975411980ff3da5bd29914d8ddc375921

C:\Users\Admin\AppData\Roaming\Let's Compress\Let's Compress 1.4.0.0\install\8E6A718\Let's Compress.msi

MD5 5407854b8f76baefc631b4e860b3cbd8
SHA1 2487f38f0a6ba10e4c21bd98177768c4e1084f82
SHA256 782c99579679a88ffc42e5633292d630669643c9e8dabd7603935a23d6ff8526
SHA512 3cf717c62e5bc5917a3dde2947a6962a20a14c14084ad08745f44a29e7d7f8f603163101f540edbaa55ad87ea60f30c15f79f8536203180b9af433f4a4bc01ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_D343022F8C5E519322B5D9E07C403E21

MD5 b8f7eb8cdbe9bf44bbbf688c95d75116
SHA1 8339b9c51d9b82a7b14c2846975d62a8506fec56
SHA256 646a491f1ba6a190a4e04706fbe82c3584cd5e5747a6f60bae933750fe1790f5
SHA512 8d3ca779464e8a3d4411d9c7fa1e44a91ec7b1247ac10729c5dc0f1106790f752659d8bda7afd82d8c2ccb6068d3fa40aa3b2e689162f03ff8ba3d175a09c85f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_D343022F8C5E519322B5D9E07C403E21

MD5 c6fad4b9bf43495f51fbdec18f32f09b
SHA1 a79e9b3a661688dc9160dfe27470171f3fa6f9e3
SHA256 31a901b3554b2d12e444cb14fcbc8ecb4e17eb02fb30537ccfce07c469e244e0
SHA512 be15093c7df1801a8ac615637889f31b003d939a21556f7f204b088bc1bfebbe9b8af8d8f40d70e8d558308306088a1d236a45daed9d2c8a0221a6c33e911d65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

MD5 eba28cda0f6f121f02f6d6c119b0be21
SHA1 d89a9c9c148cf5971050e8e7586b7cd4a99a5da6
SHA256 bcb3f69b416235fd9219b020449b7b7cbf33c7994011ce9f982a17a79f774a3b
SHA512 3d1741c4d5acfb4e8ca3134dd7023d76b73525b81430901cbffaca27593bed0c941b3fdf3644761f059fc5b62b00333da1741930e432e03e9f911b747cea9ae3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

MD5 eaffbdfee18c5136b5294745095a9937
SHA1 e4bb57376c5da38c4167443b92d4a826605c4aa0
SHA256 3bdf34dfe9edca03a80e22ef0298e5c25eb7ee7e796d13bfe277105441aacaa5
SHA512 6231d6a6d274229f177124a0e32e2d3b8bb7e8c8527363e7e2d7fdd1d16d90152f668eecf82360608685c6999f6c1a27572b0e94eee944e474e7c093f1075a92

C:\Users\Admin\AppData\Local\Temp\MSIC5EC.tmp

MD5 b7a6a99cbe6e762c0a61a8621ad41706
SHA1 92f45dd3ed3aaeaac8b488a84e160292ff86281e
SHA256 39fd8d36f8e5d915ad571ea429db3c3de6e9c160dbea7c3e137c9ba4b7fd301d
SHA512 a17e4512d906599b7f004ebb2f19ee2566ee93c2c18114ac05b0a0115a8c481592788f6b97da008795d5c31fb8d819ac82a5097b1792248319139c3face45642

C:\Users\Admin\AppData\Local\Temp\MSIC749.tmp

MD5 e9e77a444817e445f12c5e4d7ae563a1
SHA1 ac44d1512ccbcab3d621ee8996c899e816d4263a
SHA256 983f2c051221b7d9cc5b0c53a8952502f2769148d87a7a89340fca8a081c4a50
SHA512 fadf784080a6c7a8ec1d192d7cddc82cee3f8cfcadcd6117aaae3a501c87bc3b25b2154b719e5caa867654298ef9e05bfb23cfe26f8a64ef3dd5b53a1a952eb4

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3160\dialog.jpg

MD5 40e9c790fc05030071eb615d195c28ca
SHA1 3a90c8770c15e7ed07b95d49f33299e1142c054d
SHA256 1d7d8d52adce21c1317bd7ed5717292e7bf3cf50332495de73ff6b8c0c9cd31d
SHA512 ba94e19388fe82f06e1f89f37cffbba608aeb3bf5229fb99110d740ad510dd2a47aa16c1ca4d3b501e6112005cc4caf4661437ace2dab71bd223b5f9ea21e5bb

memory/2728-1354-0x00000000031B0000-0x00000000031DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d1ce1a6f93ce74d06772787b6691d676
SHA1 6abf74d47217b279d0692421decfa03b43bca58f
SHA256 e6fdec7510455ab9efc8be1d2fa12a62892b63939c01a66d8b9cdcc178c1de0a
SHA512 7d2981ddd1347a3695b2735240b66c06786c4c64a43dab7e77914c4277106881bb6c98b20acc7201a9f2a37097b3a124aa657e32f745083ecb54081c234a154c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 adee1c53e0db507b86db59b9ff8feb7d
SHA1 779975acc74f6a903e5cd364fbc5ebd14f29180d
SHA256 1c5314394543cb027fe2ca5ba7ed10cc30feef02be0de90dc0c87d35d519fa0f
SHA512 e311f7cae3666d0d1b3648c2fe97e80b3d1d9d0f979cb94a05eb70cdca0026574c40621df12c1737d8e05ed59e85e22c1285b237522efd0fac0ff90ddcdef682

memory/2728-1376-0x00000000031F0000-0x00000000031FA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3160\banner.jpg

MD5 de1459af81f7d448e39553c663dc2426
SHA1 29b786b17b8ae102eb613970f305ecefd9ce61d6
SHA256 4f23824737a445244cb3ddc615eb26db9463142b170bf8ed9df1605bf23c26ec
SHA512 a3b26f33be15eab0ddff9790e179e3138580345335f05cd3094ab2889d381bebf1f170d38865822c91c9254880556af1bfd40018654dab52a0cd1f6021c8cee2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 990bf2ec7fd786557f085c796997c2e7
SHA1 9c387b103bfabfc6c432a1d49b89038bf4f26d1d
SHA256 792487e33a558c7a62587b42742a21039a7d090c2301b740e9346019dc128ac0
SHA512 de95e789c608e345855bf772f9146d63f1faeeae47afbb77b070550406ebc341b620954cc9192142d13e2999f1123fe9ba5d55341934391e20d3963ea0674964

C:\Users\Admin\AppData\Local\Temp\MSID6D0.tmp-\CustomAction.config

MD5 8c22d283225f3bdb8e36522c359796f9
SHA1 cec5168b62bc7d39930e0843a0a285c3d89ed23e
SHA256 5d6fd5049f33ac6b16ec0431787fa61c66630ba1916bb4c70f3f6b5844b74ecb
SHA512 826550987a6140b870894c02c20f1c890e187c5919fc60f5fe3fe962fc87bfcc3879ee1de6141d679aa85f6cf52f8be88a9b23a8d43b8561b6b70baf138ada3e

C:\Users\Admin\AppData\Local\Temp\MSID6D0.tmp-\Microsoft.Deployment.WindowsInstaller.dll

MD5 1a5caea6734fdd07caa514c3f3fb75da
SHA1 f070ac0d91bd337d7952abd1ddf19a737b94510c
SHA256 cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca
SHA512 a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6bdbed78ee2194d7_0

MD5 2aaf0839f6473caee181c4231a6d97c8
SHA1 de180eee20111dbe2fcf4558f35ccb2f1080595b
SHA256 c37ebe4575d2d80d56af548b317a3b5feab68394ff1f9ee14cc5a727d0a39c9c
SHA512 82fb267295cd779b2321b276c2c534f7843a12dd15d9a1fd015f6ffaf598f11898eb4348156fe6f3a3f273d98a7477ff49434db38b0d903f2550eee6d1baa05a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c6c496a640027ca8_0

MD5 5d08197fb75a954fc0f3c7e1ab6bfbb7
SHA1 9110ab7d7bed950fc3b6433c20c4f7246f0a5581
SHA256 924d2f77497dc8423d1f86ef850ad259c410187c6bae07e86756925ef55e33d5
SHA512 aa878fed541317a90f14c05d9d268af7396a75cbfe2af7b768c11b04ecb8b89f93d832e507bb356e219b7ab40c1b4f1d284de2bdb6d68f44dc9da139b002721b

memory/2728-1432-0x00000000055E0000-0x0000000005646000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MSIE142.tmp-\RequestSender.dll

MD5 b580a63e82c50119aca3d2864897700c
SHA1 4f9329c98260d20ec398f0a9b39aee424eca37c2
SHA256 3766a96231d79108a8dd6867927a0b081c1ad2b3265f9117839050bc7a3e2600
SHA512 22d2e273a86fb8418d3eae398f88836e95bd425135b88b4fddcaa673dfb11abf630e1f31c2be433742efc1bf6d8478847e230ffccc95ad7d899b9fdcb10803a1

C:\Users\Admin\AppData\Roaming\Let's Compress\updater.ini

MD5 1537975f30004da58105aa1f3c17ab2a
SHA1 af60b4e285b3938494a6b22187f730bfa28be757
SHA256 8a47c6478c5c53bfb33683cf3c6d50e5f0bd2436388366b13ae61a03da60cfe7
SHA512 3458a43386a2594a2530d58f64a4d2f20a4629a150dc47bcd5b8db22de01006ae5e4501328edb31d97a9db0bb578b9bbe329610bb936d66a35a542f8a55614ec

C:\Windows\Installer\MSIEE1C.tmp

MD5 ce54edd73936babc1063484db5473e94
SHA1 39e37ccc28b7a56c51a91029b1207049f0d3ca81
SHA256 16c72945a548b51f9cd4f1c9ac9e8c0209a1220dafe0a5760944db883b892313
SHA512 4e1fc9057edfe3126d0c095afbfd31f909f1474cf5bc09834664872ee0a402bb0ecadf6f15046529c92b342eaf9081a7c605df6e64d67c93ccdae8bd2a88f1c0

C:\Config.Msi\e58e6f1.rbs

MD5 a0e6375cdc2fa72dfc21a4ed895335d8
SHA1 c624c977cbd7555ff08112a3b948d53ae09078bf
SHA256 a224f0ca48281e235509c0bb94f3c0a9c45765831ffa34574f5ad4e5268906fb
SHA512 0feeb71e0bba679c761e3c82cccb325852ad077638f6e120611f2cf1aeef71b5a208fcde5607f34b1d543409d910486b47471a3a537984f69893263a48454394

memory/3288-1632-0x00000000051B0000-0x00000000051E6000-memory.dmp

memory/3288-1633-0x0000000005A00000-0x00000000060CA000-memory.dmp

memory/3288-1635-0x0000000006140000-0x00000000061A6000-memory.dmp

memory/3288-1634-0x0000000005980000-0x00000000059A2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bdlcstwz.v34.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3288-1645-0x00000000063A0000-0x00000000066F7000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d1d9c8d97982f5bc31707dc0ad30527d
SHA1 d5e77a467e57a432c7f2afa36757d89c360a61dd
SHA256 41f13a4c660902d50cf428a82352aeca9ed795391354c9204460b427dc754b65
SHA512 2da0be9090b7b8957351e44862a76dfcd7057f4d9dba76a5d041d1afaf01eb7c6fb0bac50b8cb41cd4eb892b0b4be45b37153e0ada9bcdcf264bc4a3374de39c

memory/3288-1656-0x00000000067D0000-0x00000000067EE000-memory.dmp

memory/3288-1657-0x0000000006880000-0x00000000068CC000-memory.dmp

memory/3288-1660-0x0000000008180000-0x00000000087FA000-memory.dmp

memory/3288-1661-0x0000000006D60000-0x0000000006D7A000-memory.dmp

memory/3288-1662-0x0000000007B00000-0x0000000007B96000-memory.dmp

memory/3288-1663-0x00000000079D0000-0x00000000079F2000-memory.dmp

memory/3288-1664-0x0000000008800000-0x0000000008DA6000-memory.dmp

memory/3288-1665-0x0000000007C60000-0x0000000007C92000-memory.dmp

memory/3288-1666-0x000000006DFF0000-0x000000006E03C000-memory.dmp

memory/3288-1667-0x000000006E150000-0x000000006E4A7000-memory.dmp

memory/3288-1677-0x0000000007CA0000-0x0000000007CBE000-memory.dmp

memory/3288-1678-0x0000000007CC0000-0x0000000007D63000-memory.dmp

memory/3288-1679-0x0000000007DB0000-0x0000000007DBA000-memory.dmp

memory/3288-1680-0x0000000007F00000-0x0000000007F11000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0c26a4d92238183eb7149489b095cb0e
SHA1 5338a0cf67af36bf35b43bb1e1cdbb2af233aa22
SHA256 c4bfbb61b1b8f21e44ee02eec20000625cadfcb9acffcdf0fadc9515eb56785f
SHA512 778c0b07cda38ff03c3f2df229f6ade5963aada34aa0dfaaee13e82ad64da040fd4b2b056aa06ecae4581e3abe16a2bb11c2ef28e3fa2d397fb3cb39f3cb3c5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 68dad1e4ed7df87314f3d92c545e49f3
SHA1 acc4b004a3ea1758244ac177692150dbdecefbd6
SHA256 a4627f2b243107399dcc36f8b1a126513d567828797bd9a47058c769177e0a20
SHA512 e9cd39c0db60bdccd7b5bc795bbb1b9a2532c97bdb5af698766ce665d44a5ae59d03b846e02a2ce5cc05cdbb3a6637e0904be6181b25fb4cf194e26fb44ea414

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 167f4bcc85cba011441f1883c2dab436
SHA1 ac79fbb2ee2b74e5b37bfc2d343c1050d5a02f44
SHA256 fb3ae3c0b2f3b85a53e76637048f5eb0f44d0ec56e50a2d4462fb6d753861c23
SHA512 a8eacebe7f8d8009784565563e3e6e15a63ec3c25aacb64bac23bf60555f8d797e24e92b0c68474c0b159c9d4c0866bc27351a3349193055655d5bb99bcfad4b

memory/4448-1730-0x00007FFE6DF10000-0x00007FFE6E559000-memory.dmp

memory/5124-1755-0x0000000005A40000-0x0000000005D97000-memory.dmp

memory/5124-1756-0x0000000006520000-0x000000000656C000-memory.dmp

memory/5124-1766-0x000000006EEE0000-0x000000006EF2C000-memory.dmp

memory/5124-1776-0x0000000007400000-0x00000000074A3000-memory.dmp

memory/5124-1786-0x0000000007650000-0x0000000007661000-memory.dmp

memory/5932-1797-0x0000023575850000-0x0000023575872000-memory.dmp

memory/5932-1798-0x0000023575C30000-0x0000023575C5A000-memory.dmp

memory/5932-1799-0x0000023575C30000-0x0000023575C54000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 44b13518449442b9fbbf76eb4b4eb85a
SHA1 736dfb74f1f3aad1fe87a809b41a1b911de718b7
SHA256 5d387db793eb825e120c3a51349882510c26360f06544b57d488075feae8e2a7
SHA512 7a7c06f63ade6c557755e62585e91db4346a02d1568892ae9f009cd629e3341a576e6b70e60260bec85326ed4309d944fc143791c6dcafd4e20330cc129d9d83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

MD5 d79b35ccf8e6af6714eb612714349097
SHA1 eb3ccc9ed29830df42f3fd129951cb8b791aaf98
SHA256 c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365
SHA512 f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b8e445c183f81c5a4c31637e9db0de95
SHA1 b54da03dca4fd44f7651ed5ecb8af400aca85b42
SHA256 0d3efdc2ad4ce2c709248bf81a7eb8434560d9685ca2bbdaf1651e0b0f962cee
SHA512 034d3efbd7c0a0570e2d40b1a1e89f6eda90fc1e8a6b242c862c58f49d7097b9bee3efab8a95a1c0211345f3fcf08ca8a4c603b09c10d19fa5e1ed82e4cacab3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 686da35386a81bf7d72f591d830e3d90
SHA1 e5036892284cfc69f9bb84c39b2484f74a39d322
SHA256 46e797ea9db6f19efe5475d03403dd803e3f401a2a6d2713b9445213797caca0
SHA512 1182eb2c2997870c839d30fbc662c65f51b800a01f6f60ca11515b38dde97cf0504124af79373f33d4cf6dca255f241677f651d23cab8afab8f9cc5d54b36382

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9fd22620170b63fa53b051bc936ff94b
SHA1 c926889fe9a75037313801c3d619d6d59cf6f95d
SHA256 060f0027f5b147d40054795b624d054254fd8ca748c20b1e391f3142c8fd9d62
SHA512 add8cfe4deaa54a375b36e9e55213738f9e9b46e1234c2de5f88fc8be3f035cd417cfd404924044fec44eccf7a704b5e1ae63d7fa0c39acaea23d09b9a7bfd0f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 bcc84b0280f5ec3e3cc4f60d838d22c7
SHA1 a2b4f609fb516569ffce0a8735c5bef1557d02b9
SHA256 dd23a41794dda2b1c6d9fe22e100a49625c7fb9487c41a6f07d8846b9994728d
SHA512 76ac524f66ec71025e659f14a8fa43861671fe6184dd4160eaf3226019d82ae0b3ebfcef678f106c1752bc39a677bbe9064b7770c76f2345aafe65b0b916ee1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 0d89f546ebdd5c3eaa275ff1f898174a
SHA1 339ab928a1a5699b3b0c74087baa3ea08ecd59f5
SHA256 939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e
SHA512 26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2370242bccd4d05b44906ca57490e644
SHA1 3063058eb323fac600255d61d2aa12521ec6eb40
SHA256 b78cffb394f7fdd30a2eb13f43fe358b8e4ff1c5163e7aff3fd585f9adfe2b84
SHA512 62bdcbde15cb53fc2e8cf15f79c03ee2056bf4c0777665b4b5b5243e67f74faeb496ff10ae71b4bc830a3d8305f472bdda852d372d7c8abcc7e433b22f52936d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 95bc04217d5e00ac994ad557c4826c30
SHA1 91265b1d4f1acd92ee6e17cae71f539cbfea3511
SHA256 b3a23839909774902c24d7f7a9f9af6758effa1a7acf1a4f51d7562c8bd9de18
SHA512 a40d103ff3f646898a171f3110b0e0fee7cb8fda812890ba4b04cb7affc7cf64e6dec8bd1700940cc1e15ad0cb1394dc30e401b1b2d42b57ad86ff62dd167b0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

MD5 65da8d6932ad74d3b51694b5a28dd0bb
SHA1 aa6e37cdacda153f499c299299a4dacf50c93765
SHA256 309ec80a404d5ba8c9816e0932bff343c8e205fe36819908682289ed7c7ae482
SHA512 bfce7ba0e18dde7d6f833709e565f704701d7a51b14d7c11b06cdce0b057290a334219c9aa4f7ea098c097eb779a2ceca397a9ad1ede0784348f78c81fd55015

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

MD5 bda83e115d4a1d2610fe3966ad90b291
SHA1 e6061b6cd959a5a9ccc781790cf509228237eeab
SHA256 189bbdff5bf4ba979ea3dadec4bae9c228927ca776494a1cbef5cf9f29459019
SHA512 56313f3f5c8c955e0c835d0b726f2672c27ab803206617c43a106a750d7b767a57699aa3e5aeba391eb473e7e4aef1a5812a6a8a581137e3c1604a3ee4cac173

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1a914eb5fc51fb84_0

MD5 fe3f8e1a8b8c757e740d101e6157d2c1
SHA1 923140fc8fb56145bbc1a11d21a1d3b1226c40c6
SHA256 d63efb2c8b15270f9956f563e6478200eb947c75024449016e2a6e101ed85d5b
SHA512 0e143644e4e9025491a69bdbafae2d8227c85b724934638db6139dcd09e3866ad4afbb9964adc00b10e42b2ec2ea2e05959c0d32d177db8e87b859081ed54646

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 0a8bada670350e0f338e378a494e58b7
SHA1 15f4fd25197e2b492cababe12b0eb142f6b9f2f9
SHA256 9e4d6f6e470008bb34be4bbf35db6aa06779cef26ef26acef13a49fd1ab6fd11
SHA512 4288922844fdd428c738d292f31eb42141ce6b3c8984e4fd2e5bda212d48524ca6209c0edd8d41f664972f0404099a063f70e69969130b1cda023c9b6d417421

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2892eee3e20e19a9ba77be6913508a54
SHA1 7c4ef82faa28393c739c517d706ac6919a8ffc49
SHA256 4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512 b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5257f9c08bc5d0dd4aa1c3d75eb409ae
SHA1 7beb1eae91cf12c64ecd48ab5a422c212b809b68
SHA256 f9eb487540ab56a32e88e004b8393198dfdae7407a8135698b3bd19777be234e
SHA512 e31fcaaece6e64b4450180ecf714b42441fe951574686193570f984cd37bdbf8896ccfd57a0ce17c7991fb63c61788a48f38d44d5cb423a6a4a1cc4f5a360fcc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6bb80fdef56d1fc5f0648015d81221c7
SHA1 9f0e1d11c384cda1ad32fb6efdc28ba0a2f96a41
SHA256 e2b44778776bf86c37fad2f33e70e50eff841af1af6f434e416b101b1cda9e49
SHA512 a841590717f54c718432ca506f9f82f6384d4fe26cf9b6e0db509f9a4e5607177ad5a260d53705e14409339d4f52ff804e29f9c38469eb38ba2dba081073fb8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d66ac09f-1271-486a-864b-e8f1d56a8515\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b3555e531bc575cc127c77b0033fcc74
SHA1 245ee79d8e2208d9a44c894056570985c60c3315
SHA256 de23d0d9cbec9e6fee5b14206a4cfb8feed63b06beed045e31b809eeb6ced277
SHA512 4031dc57c3fde48d10a2b8f2722c75536ad5222468cfdaca5d7a9ad7ec05e854c21cba9e28d7f7e7ee0ae2ab6589a31eaef1d394d1e48420a65a258adc51c332

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8ab3d1ee37f6acb513bf7a4775f7ee94
SHA1 8d3e1efbfdbc28777110f4e61d4ffc76be87b632
SHA256 95d7d7ffd6f22013d653adfdb57964b9a0d5514d2209f0236f51cebf0060ac6f
SHA512 a915b7301b671f8b3a46cd38b7fce3e5186899dbf4da080749e4bef5196c143310f00a7193253c88e1a4533d02670116ee289f6c809a0479fd1ceea99ff797a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0659d118f633a14d8695e3873dc1ff7b
SHA1 69f7f1704f7f74c8740b03276037c586bfa45206
SHA256 f45d9c4821811c49e03973120e1bb943e9126d1e352d5400e6a89ec06acc8bd4
SHA512 5464730f351f7a9bddc8134f588e4e5d7c9090444604160354e1c2e89715c309a5798bd89270484fcddf6f0b80fe684cd9d8137b1e3499b43852193a1fc324b3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 2add1ec68cff7847edeba68f2fa03701
SHA1 fa026a819249ca3eb189f16a9fe83137ea4e5a45
SHA256 2974a75f592e6edfb16ef3e27da26d08919ba3e4ae65f1e4e18d5d61b3a347ec
SHA512 3c7fc86493fb6e4708f2e07697d2ecb1561c931cc1985fe07e46f04a97a54ca8a02174cea628c54458d2f5896dc9b3943279dfc88a211f63036ac279384f69bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 778ca3ed38e51e5d4967cd21efbdd007
SHA1 06e62821512a5b73931e237e35501f7722f0dbf4
SHA256 b7e1bfadb8d9c061f17a7234df012df7842ab1aa8fb6f9579fa3f0a3b4a75bc0
SHA512 5f6f02099ca8079305fb7e7f43ae4344d522271fe30379c0854d6a81b7d8adf408a50a4b799b5f52e6ed162ba6ce7fe97e24a2b9719df780e75683d3aa103d09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 afdfdba750d77a65fedd390d20a727bd
SHA1 b7948f70661731c45fd41e8be62be134865fd299
SHA256 5d23ab16d09cc8960ceab365597dbb3ae198b10ff61adb3ef2131a63fd8a0075
SHA512 6a7469772bd4815f5836864cb21bbf3d4a3185a7c88ab927107252e4403a90c90ba113dfae87734ff3e3edf8e2320b684fdbf463da2be1cfe816c73d4272ed92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 8eff0b8045fd1959e117f85654ae7770
SHA1 227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA256 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA512 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 4ef030bc816262e8c61774e41de416dd
SHA1 bc0ed6a1a56092a01c2c811024bd9cbd5fb1fd11
SHA256 ccf18efca1c5f65c7511fe08ed9ac93322fc34ef9dadf2800e32c683e4c09c63
SHA512 382cce635d0eee2bf6278ff11a42307bd3c5d2c409e63b91c997a6c4478167d46eed8849a52b2121ed7bb789619f87ea53cd6c6041e1e05ccdc412e040775193

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 06e7f7a97846eb194dfda746226d0960
SHA1 6f07d517553c4205ed29a650116737743a1f3ac9
SHA256 848fb61fc851cf2056bfc1989074bf887568b70b67c9e777023135deb8eea913
SHA512 f9fbdbf6b0e9f9e2f448ec4eb0a452919487ccc545f06d928488cea018faefb771e769bf7d496b312fb3fbaedbc41082b64f94d44177a9df9af639be5fcba1c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 88ef7faf6a3759177b9c6b3ef197d570
SHA1 8f43cecd553578dcfce380429d35b070670e2b5e
SHA256 0a35e70989fbcf28e34d3ac32d55c16e7ee05e34cb7e9054bb56dfee04494ed2
SHA512 1bd5de800c5add3b5b388e1fb6e74a51bb1dcff3dacdd33bf381fee814ebb0f55f5920c750d1914190939ebb3e883af6c273e212961cf09e0d6803ce330957c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c24c16b8eadabae3bb7b6aacef6e8a6d
SHA1 876160588ac4daca9386d0ceb10b06fffcd40afa
SHA256 de7300780280ae8ebd2e6b99802b6ff58532760f2a958787df95d15071938af7
SHA512 ad9b0e4fc381d2813a0166acbd698db83928a74e5d5e3a1b8607e2ef42f2437cbab62b9657cae3e3249b6411c8d8b8076bcbf54ecec35bf3f01b45e0fda84fd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 326a8a6f3e30d415e5cf1f23a15f7387
SHA1 31b5a4728dbd515342ae539cdd2477f3064dcd46
SHA256 18bea49070a8f8e340f7efe5fb2130320e134c57b6a3c9a0b3b2a1e322f946ee
SHA512 6d298fb37aa5b90915e128dc485bf13e65793c6ce9a56bd9d0ac011b7316fa402fa8f4294fab519cf052bdf44e03ad7a26342e274d0fbe0d1d8d904da3778bc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 115c2d84727b41da5e9b4394887a8c40
SHA1 44f495a7f32620e51acca2e78f7e0615cb305781
SHA256 ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
SHA512 00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 2d0cbcd956062756b83ea9217d94f686
SHA1 aedc241a33897a78f90830ee9293a7c0fd274e0e
SHA256 4670bfac0aeaec7193ce6e3f3de25773077a438da5f7098844bf91f8184c65b2
SHA512 92edce017aaf90e51811d8d3522cc278110e35fed457ea982a3d3e560a42970d6692a1a8963d11f3ba90253a1a0e222d8818b984e3ff31f46d0cdd6e0d013124

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 c83e4437a53d7f849f9d32df3d6b68f3
SHA1 fabea5ad92ed3e2431659b02e7624df30d0c6bbc
SHA256 d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
SHA512 c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b11d470eb31f7b9be80b0b244aceabfd
SHA1 a01bea49df6a786077033eb6f5540329817f57a6
SHA256 e4c4ca6449da44efbdcaebcc7ce34503f5b7a040fe7e718b47fa4b643ab12037
SHA512 e7773c528877d4a0fff6cc1a6b03f0d595580b88a28615624057d2b7fa8ecd75bed2bb4dd2fd9570d651c936cb88ec102fe7e80a5067897dd2b08e8156717b10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8a0bc6f3abade2acbbff11a9619164a1
SHA1 96dce7fb922aa5562b13d2c1dd855d0d5fd15f72
SHA256 c219c83e6fd4206d413a7d9072f60aa1d58813526eda33453dcef2b3defacb10
SHA512 4bda7799464ea3611548df93f30fd323e920af7a4b0586a6ccecaaf0efe27a9446a66c244c36b1b3773fe84bf0ceb2fdb766f9792b3fb00f37b9ad5f239ec194

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f0242a3f489ae123886f28788f4c4ee8
SHA1 f15c4824307f79570ebf057de517633f62c9fa48
SHA256 67ec5e1180c8e260c9a82e654ca28925b31f20a85f99381c7d680028338a3a95
SHA512 96a3337ffeed12b7194b01597bdc1531cdc9b78e88207521c7dbae191fb3ceea13a19fd9aa98c246d467ff3a7ba207f5a8f1b02e51c2ba7ca438b3589a5c3a41

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 66b42dd429828de0cad86ef5a9e407c0
SHA1 ef653698f82a72bf8c1c58d581b32cfcb4bfbff4
SHA256 481b1b499585cb4f780f97cb0bb296726dfdc154920e4d50c0ddf00693474d1e
SHA512 4c444363aa4a6e506d9002d331bfd451704c79c59294107c1b74ce97a2cb2ba56d9985acf2d2e7cd3a24717f78bec8578595f218acae70dbedc278d73e072f55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2d55ea8e70021a8db7f87da0cfc927cc
SHA1 f31d10a825971ae828f984b7603de2c4687128df
SHA256 75e8bc94e87805806ca355b15cc4cae5271351595123a71509ca474c8f5c1ee2
SHA512 ecabef0ea2c6d3e08be95e7571c7d0ae5c334eec9b8f71d179b2f3e47734b307a0dd117d5afde926e81bd5617c9a6a151cdfe94a792850f1ee842a13ae2e0f87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 40ead33ddd0c7a88cde45e56d6320759
SHA1 a66503d5183a55bbd1be9c377882336cb230c10b
SHA256 aef97f6f2620c170270bade40495b5b4aa100bc7b806abe0eea0e60af06c2dd0
SHA512 92e1eb9eaf12102bd78acfe1cfba6cdcf7d361cfb161103b455a5dfc11247cd4b02c178c936f38e2fd7d95fd15c311de1a4648ee99a21ede1f619ca645d8358c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\318215e8-2308-48e4-bd3d-95003043307d\index-dir\the-real-index~RFe5ae83e.TMP

MD5 1d27105e5311dcd6297b9d25f79b0794
SHA1 7f4b634044526712cdac0b32913d1f43014bb10f
SHA256 aa6ea60c54a43f3ab09a70019c92dd4546075e09963aff70dfd41369eb335107
SHA512 4e0a432c25e4d023ff645446849919a5f91ac63bacf4530088b21e43c9dc493e34e986edf9a209f483984f516a669c390f97b8c9260e7b884226e7565dddc4c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\318215e8-2308-48e4-bd3d-95003043307d\index-dir\the-real-index

MD5 8e3a1a7678949042c8fda5ff654027dc
SHA1 39f9387bc826e841bfa290359cb4df7046c90629
SHA256 22e0b3e535802a1c6b544f0bc36c488105e5e0fac59698947df9583b7824e87a
SHA512 5ee775749d0526e071e2cdd7749f08e28d86311dfbe3894d5f22ce1c1db2c8734e1ff831e28eb94aa15f7fdc15ffe0f7ed743a196571084a13e6a043c0efde11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b473a2ec-33dc-4d9a-b085-d4d15efe4b2b\index-dir\the-real-index~RFe5aece2.TMP

MD5 1c1f8a96def56d97db1a8f2fc06846a1
SHA1 29f39a4434a2b58888c65c749ba682b4102f0a22
SHA256 9ae298f8014bd702cb53bae0fd2a610e8a70df1a3e4d48203c702a6d37839496
SHA512 111da54519b5a603410c63ceffc33d19b64302a8b07015761f41a3c16da4add27412fc7ed5ddbb64a71671bf467b36c3f349c88ac1b74690066a1089ee058cff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b473a2ec-33dc-4d9a-b085-d4d15efe4b2b\index-dir\the-real-index

MD5 87c20a60da4402094167764f6ad5eb12
SHA1 41f39e722df25c45bcd6b1928bbcc1bc22b813b9
SHA256 99e3eda356f77e31c434e6e0f903b304479aca72da4bf087e5f90d3c8f584f64
SHA512 88ae5d113441a134d6ce9301880a13611487435cd016d68f334eb74151f254cf9ccd45fc1a7673f28e6a63aa86f94479c88c03f76c0b63d3a45039fa7c67187d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b61b0ebc88890db91b9f1fcff2f225c0
SHA1 4833c8523346ed338a732bfdfbfcd2975bdddba6
SHA256 ee7b7ec083d8ead4ef8240409e9c8b8c0184625dfaf6e9ef42dd8900b5a2610b
SHA512 47928007fe984cebe29bf20be63ed07035cbb236b4c027fedb24110d2f3579a08b40521ed7609215948c596671377768b4025b7e97604560b191ae9af5e64646

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 dd62cf7ff03da4403247e7a379174509
SHA1 ee2acbccbd1ec4d3848bfe3386b30d26ddb3bb2a
SHA256 4af863f8ba79ad4353566882b1a34007b5c658f24583870b862e3bbf66296fd4
SHA512 82ce861f1819ba59333cd0cb1c9a4d8cbe1f1a53ef02de6fece7f239fd3c627ed6413719a0eb84826f1950fd504d8ec9e22e9667507a549d16e02d79d0f57c4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9050a073d13dc9bfd0b91c06a44ba47d
SHA1 628c7bdb47ffb71a328b897186238aeced6c7acb
SHA256 bcd976bf8ef37bd14ef376267be6c5c0353b7147e7cb8855232fb9148f389630
SHA512 b7edf51fb2c5ce16914cc07a6868dcb848e9e9acfb1cbbdaa25017247f7cf80f86e8fc99a5cdd8c97cd06d3bb7351d1b4f4d113a31adb5ff7e8ddb62c36ca312

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\31b9025fcadc6fe4_0

MD5 960db649d3cbd3ed40a8b59bbd51dd60
SHA1 3933ac2b701a22eb1d8215e9cc37a7e40413375c
SHA256 57fbf154f05322cc7466ff9ae8b654b359e29756448da5002b4c28947ba6a2b8
SHA512 5e79f7536f51ff9635ebdfbe3e4e7e0084650473841384f8d5070df1fd42524a247b507ee177a05703cd4570151dcb7868edd7cf7b9efe6ca28302bbcc1ad96e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\75962dec606931cc_0

MD5 0c0a84340197b15500810cd45cc62396
SHA1 4bd8881eef07feff19a730d1105de96d7b5a65de
SHA256 3d04e6e86ffeca26cc49f02d4c61cab91d0305dd5467f95bf87f475fffcc686d
SHA512 b6247adf6d0c28c111b5f1c97ee87f30402b500ac1ce4e5d380869b1bca17a46e471d13303761fb47a01d5cc688fceca358f01f22db7458a34b37ddda8e88582

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bda03fc6154eedd6_0

MD5 bb2bee856e8c6ecac7249bec955808ac
SHA1 041a4f4a88d42f071526ee09ef2472b5917282c5
SHA256 647bb71cd38cf3be8b5da83db0e314c483749457af35c58ab824bc1917cd8127
SHA512 7006db905b02479cac83f36502cba49563f3eabb7139c4efa2884df8524b48d1229e620202b1fa849923f7a5206d8497c495000e8df008aabf0ca8f7967f836c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

MD5 fa2a7798b4bf6663b6deb45ac6c8a955
SHA1 7310ce5925ce108205e5cde68d6bcbb21a24a18c
SHA256 2dc39f6a676cdadfb964399127aa4a0449a14abac3ad4f4f3d3994fabaf7bcb9
SHA512 3b92510e7adecad4a9f65bb427fefc47bcf076787228ca1783cd1418e3d5c21055d7a8bc1af18fde7ef3860fbfbc37dcad8cb43b43a53c8ac40b19f09e4bdc2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

MD5 d00770e3b29de6a0045d903c3a65f68e
SHA1 88f4612ce8548be811525f7451ed5791086748ab
SHA256 ec4b841327d3f478528498c56275d48426837e4173405384545fad3e9350db01
SHA512 ea5a6fe7999011f1a8bd869a14ae0ad3b0468c2023c2e01954c66ab974ed9e7ea421b053b06dc9fec6e58055b59f5bb77c390c0b0baa5101583f60fe157c611f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

MD5 5f38a49edaec303854f17ba376c27a0b
SHA1 4ff39afa50fda8eb0b6b4b5e9bb3e9694087dfd9
SHA256 2993b47fa5b071cc79687bec695ab01d28ead60ca72ab2f8b9b39ccbbb57bc6d
SHA512 56fc09b6d0632b899882ea681331cb4e694ef214965cb4c4a692e68e34546118e4f7e9e82bccdabd5383e64b73134818353209d8a6852091d082a207d807713c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99f63ea01d6ef034_0

MD5 5b67945155c91e608e0a587ef61816b9
SHA1 3079e091d534be7d522b7652f184b6c243441592
SHA256 6249da22d3cae5965780da942fc85747e10e62f5e015af609ee1791ebb1450a2
SHA512 7e03e1185bdbb98a44aef1e0df6159eb5ea3be7078ac88e8d1bdb12a14d784108f2e9c81ea3bf3a696a80a110c9ae1fcbd67a9fcd56b8e85a578d7dd426a5ba7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

MD5 af58a84f0ec3f697a418ab7d2cc25cc8
SHA1 9d1990e738658460d7e8ad985392dfac0ad4f3c1
SHA256 3cbd8b3f1afb6616c0f1cd733877d15c5e87f16b1578600b165e48634390ad23
SHA512 e4f4bf39d5180403bd1e98b6d7bb9f9013814e1b8e33da3201bd4a9bacceb942bc97e5d8fb999d566a2721e5399553ad18fdd2582ca08dc7b5445af9d0615269

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

MD5 1c837523b64b4e1ae89535ca621c0c48
SHA1 6bff5d5f9b425ee25d3ab96defd9a716d1080373
SHA256 fe61983a23e920201b80f83419b77c6c9e1a1e10b3e5b772cceee4ede54329ed
SHA512 0e34749fdc9631a191e897f91d0da17bc0b24ec951920f1ab34cc93a93639a9325f1c6ecff100356e8b9087bc694e5839d34e7c22a1a729f89a866ad872a934e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37afe38eb817b647_0

MD5 594d5223e26c1583399e03649fce90ee
SHA1 9769ce54a476061a0f13a632223a0dd48fa8feba
SHA256 349267a391936ca960d843d67b9dc6175b151af47b76d6155613626acc25e257
SHA512 79b69361554c6406086601c5ecaa2c18c60fe04b35675e45b2cad9450b194d3cf32784e81ae64bbae4f98fcac0ffe1d01f98a93cb3a6d28dee39c853613f39a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 ac86a2afe6084dcf55f73f84858b503c
SHA1 016b770c44b226495899f312475c3233fde1c9b2
SHA256 7062e66ac902eecb403fa21377c52fc07b2781b333ef7253fa7e3a86b817d32f
SHA512 d803c1f73547dea7e0f700583506ddb97e65b976b0684f3eb75ef549af054ada9744f40796dc933c1918a49ba7d230c8e40a13a995f0e15dfe8ec1fc231f83bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 a29782261e79ff1c1ea687ce040c7771
SHA1 70afcb644acce6bee0241285009ef16ba4a9381b
SHA256 fd8870f90f85878de33339cf371962379ba6039c027738e57fef671d3f795086
SHA512 9957efc79617f19690f930fe6b3f5784bbf7db4127eff5b76c3a2fe895492fcc9fdb5e6ad3ce31b6f836ce6dab5ac958e668d3c79467406f06e758d4cc55421e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

MD5 cbf1439111aa91c59089dac5ce46d504
SHA1 0d1903d282f3d8ffacda7b57a5d79e3b1e4d50e4
SHA256 34fa11eb8e91cbe9e0c0cb359efdd60f63db96cfca7f70ac08cd73a069f6cb2e
SHA512 e4cb2f8cbdbae77df8b1e726fe6a16a4e23c8c1bbf9a60d39105a5a24e0a6ffae04a7304c7c96005de89ad00e8d531286fa21ba050fab0eb3051bc6c407beb2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 b018ed499ecf602b3175dd56d4c010a9
SHA1 ecea9dfe4142f490c012e6084cfdda12be9b4d48
SHA256 1660ce30699abbe82bc1bc43fffdea3e59e56b0cf3296113a3a666483444e01c
SHA512 ff1edfc47b808c3e51e50e9f4757f904ce7d0fe1c239d75c4c37a6b5495340d879acfb6b60b810b1235b6da91e4e1d6067e15c2f62b7cdf45b3b13a35768348e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

MD5 b4d1ce2f4f10f74021eb2ee3e5c83dde
SHA1 4b7cf48d882bcb07950126bc5e50e68c736ed154
SHA256 766be90d6b5c31143b964cbba6bc42204fb42e27789fe0637bfc0e77d788532f
SHA512 6ef8c9821d9f9231efc190e428ecc8baf5d648c60d9dd86fb3fd3f84b91f160ed2faa759e8473ec34ac9902769b653de01af02954a917ad407c41127f7a5c9fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2692617678c042d9_0

MD5 320216fbcb5fab76f88236184bd27680
SHA1 6c5296f413351a4de26f1ea99c40512799d9f341
SHA256 6ceded7acae72c137668a52af5f4ea0cec0917f58dfb26bb813f284fff4ba63e
SHA512 a730f8dab76ee16179a8437130d9d134b9999d76d0b11064b1331964bdb2d3a398958ef52e71c9ec950a08490143ef65508e34ff712932be211c83cc7736a7c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

MD5 6c18c545fc286f09f912bcc97aa0a4a7
SHA1 15fada291369782e1834dcc670fac1e761023245
SHA256 9b9b545c70d16ceee108dc901f903b344aa875ca2e896e2728e26c52a420addb
SHA512 eede91bc805fcbf66bf34fc5550acf839db67994a16205b35e140cc6147c04b1bbaaccc99282d03b6bc06b61be14fc6617135c084ac5de9b17e9a8cdf5c91512

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

MD5 5536b0f33e8d90f2bd5b2903c5c532b4
SHA1 ebc51529fb494c3ccfbc1555c9fae985732fff15
SHA256 bf01d3c238053e2ebd34d8a1ce8aebdc1aa584522d0183758178660e1f781677
SHA512 941217339895ddc6d040cd902b5fd072076c7e76188de2ae5fcbaf64ec46729ddf64028a24cef96a2e46b45c9289f5118a5823986ab857d569d7d4b79140dba6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\82af833e9b5cc26e_0

MD5 0491409b30a776b1478ad1c362f9bc8a
SHA1 5721d98d27628748e36827a21f793ec247223d6e
SHA256 2e7ba74489683408a1a2aa04ff87cddb9d09f72c7d06cb82b7eb10751039d7f0
SHA512 04234282880af60eae1de0023d26173010afd0aa0713cacd3d1a13230c1e6de02c5ae2b8cb102ce4e96c69b5156555df5f7f7964d0b48dac5ed3a8773d552214

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d45aae6d8d9c9ff2_0

MD5 8ac84633574fe75fb36253fbf21e0d0a
SHA1 bb5892bc7f452187e46366a59702958cd9271f0e
SHA256 d907e2c8d9ec2f38cc3db94989ee5f8cb19569611951503ee7b6a13c25e41b04
SHA512 e88b912df4ae777831548ef963da08136b0eb32d923c51cc35334ce317980e7eba987befbed039be3054745bf48e25f6a7b5893a8fa4118d82d866ac2b239fef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78bc646c0524ce58_0

MD5 a314ceda09f5e5da14f314ae04ab22b1
SHA1 4d1485d8337a45232633f12aaad798e7377a008d
SHA256 b10434e9a78d945022d34cad4073c00f2e2bf9e29c7e107b4dff2dff8657fc3f
SHA512 2e1833627f059cfdbef2f4751c63d60e3047bbf0946b3e0ad9ad36f913719cf2a48cfc866e7bbcd514248f6697cbd7b04bc36446849363d43585f2a748b72535

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6db290dce274a012_0

MD5 7f5cc5d00dc09d87e1068ad583d8f7ac
SHA1 dde7e981ace746e0b5722421686cefa53fd8ecb8
SHA256 a8efde2ce8f3665675dc006e115dca106a321b4d763efd041b664b8451fffb57
SHA512 983928d9aa3b5bdf94cf4ddef5d6377b693148454a23174e86ce9fe8b996517a8c51b0b0f21db2683d423238f4e2a9dad024b762b8f19409a7aa7615c41cd522

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9f608f61e011c420_0

MD5 278a537318284ec7e7e162ab20f767da
SHA1 b6ceb2293ac8960e57d979f737c0e79f082ae124
SHA256 7c66d71bbaa428f1d44ec0aec273fc5f9e31f404c943bd626e4bbe945d115e0a
SHA512 2b2ff1b3abf8e4ad389e49fcad06a6bfcb31c7e411c9e34b9b76cbf9eee3b0df7dbdce25991e2c0437ef1a24cf39b9159db2eabc58b5f595d4177e9a1225493e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 5dea626a3a08cc0f2676427e427eb467
SHA1 ad21ac31d0bbdee76eb909484277421630ea2dbd
SHA256 b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6
SHA512 118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

MD5 112d28dd7d1773fd3b08e03478fe9fbe
SHA1 42af5412274eeb82179e55b3dd13bf603a66873b
SHA256 4639591ce08e165dfacb4c817873b6a4a8f6135fb51af47b6c5419787d35257f
SHA512 81c01731249ca3422207bfd72ae3b9c577e241873d9358ed2d810f00c63273e72a9d7fb3f225871cbe2865ea49c649a7b02b1fa520fbd0ddfc5653c791c3394f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

MD5 f74c05877e5870e8804c67a5024f7f27
SHA1 2b6a8d96a1e057eb52d5fab02928d962daf3225f
SHA256 f212de74bb0b05c93f6e414bfe23c340635baf6f08fd9784cfd90a9a87a2f72c
SHA512 ebb491a244d164a973cb2e5ca0eccdf37178fd7c8412517a9f11f4c66e5b82196b85bdd6789ac27552c851d4baff22df087cba80ca41df3bc9c0f20482acdc43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

MD5 fcf351c67e1148e1cce9988fbd3d794b
SHA1 fed42ba6d9fa0b67338b712ee60e83ede1a757f3
SHA256 908a5f9081c42bb514bdc21ed1b37609322f86992ead753090b28cd04ed595af
SHA512 0ba5e5a4bb570045c101d4d9bac0a6c63055132a87d0e8d5b603a6092248ece8bdefd53da04c437bc062440b7d74cf0c1cde5277b2433f41d317f6201c299ee0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

MD5 dde3302f841d31db6dda2cfc51e0b5f1
SHA1 c22a3edb24ca4ca9325ed9ed6e06cf0fd4880454
SHA256 f00ebfa4a09f618268c6c5e9b60ab9fbbd5a45e1f584638485bb74c82c77a326
SHA512 e2b659f5f17948c059dabe618e5c97a155696b941d504507d9b4ff275499415ba62428ec68d87845aedc58ef315ab39c0a27717da6fe54837c8fc16a81ce71d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

MD5 70265afab2a0846e7045a2aaadb1962e
SHA1 33f2c9fef0eefb52d5f15fd5e406bc81f130a2cd
SHA256 fda3c6bf555467c120fe124c87439cf3348ea1814693cb2394e52ee1153beff7
SHA512 4b69215a55c4990a557c2d8970236497ee93f2b6421eb0b9bf433ce93e12a877fcbffb789365c1ff9c9d6157dab03c2be5141d02f32bf42eccedcb02619a94ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

MD5 566f4f5230dfe8e59f25acba97c25d1f
SHA1 dcfe0b6b743167b2a7026c85f96cccd325963316
SHA256 d93a8dd99724a05fe5e7d21e2a9a65c7c1b778fc8c7c379151109861ab88c607
SHA512 7f0107bc027d395ac4aedae55d7763039ce8f7c480a8bc34663658fe8cc32fc811dce5a85f6dbf5deb47df880a67a699f224e3bd6d090e38a53f95f21389a2b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

MD5 b0663d817af20fe9abe56b13d72e71fc
SHA1 27ee835ba88619b9bdcc5026b8e2c9c7ccf5d0db
SHA256 7d37e93dca8f3f3491730ec0063a947a63675c6fec273bfc37947047b29dbe86
SHA512 fa49e920332c203e360f8cf42c012aadc2e93ec4d1dd307d3ab959ab0236911afec97c1dfa422bcda8e2e59557eed6134a52f21e05ad648bf3d880d77355f99e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

MD5 d7491ea474d74fd6d105e27dfad83d71
SHA1 9c097bc7107976fcc5c0622ab05cc9a35c772342
SHA256 8775402ae4b321bb9c596ad77c9d7df49e7671578ed4c22fb992e549703447c2
SHA512 061a3f1153c37fa8fd182cf6b19ba000f0a18177b084411f3e910437654db3a824a7aa68158d5e2ec76434acfd45f8059b9e3d59b085304bc237ce5e47424bb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

MD5 b0e7e3288eff10333975732fc0024d8f
SHA1 8bd16b252d0c436b8e812fbc8809145c2190d8b9
SHA256 7390f67e9ecabd8619d3b0e501b8e89337b054c0912dd05f25225ae4e51b2b8e
SHA512 62f1d6626384012e66c88e29f8038a761fa183149f92a4637f114f0f8728add2d950839986a0b33454272823727a07bd29a3f382064dd8e23550fa4ba2b79e71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

MD5 f443a61cc190f35fbf7f81297095e6fe
SHA1 3d5ca980649b4128b30e917c920012e8bcdc4d8b
SHA256 4606145834693b7c7695a546ff4267f84c119efe516a9ffc9d88a8f9e5fbe403
SHA512 c250090b27fd513c2e4787a14f556a97668d6e33e2661d246f59eb1d267fda874c5cb160f66fc3596d804bcd85355205dd665dd953365836b712e73dc91f7fa3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

MD5 6c4eee562650e53cee32496bdfbe534b
SHA1 1aae708e3b94ee981b452a918d28ed037fbb5e18
SHA256 9fc85f3a4544ab0d570c7f8f9bbb88db8d92c359b2707580ea8b07c75673eae2
SHA512 ebcb5a2e2a908228f77ecd03b45491778cad73ddc39fa3a6334b129aaf9fa36c16c0307aeaad74d77f616b5b34aac52d91e9f4816945253dc9a826ddd71f4d12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

MD5 023a4a925fa3fce0f66b769ef6bbb264
SHA1 2ed706340547d19c10a409ee02fb08f3d52ff670
SHA256 2bccecf0bc7e96cd5ce4003abeb3ae9ee4a3d19158c4e6edfd2df32d2f0d5721
SHA512 40f3ef2bfde073d33a2d3cbc280fb40ea50dc2b0c3619c8d9717d665351ae219caa5f17ae67cc87e777ff73c1275c1f3778b26e95f19459594d2f42ab95aecc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

MD5 83a7fe667ba5c3ab0d316baeb66bda46
SHA1 f4f1b893c452414018b4d9a9f03eac285eb7156a
SHA256 e7164ba121877a43c5346ed4a1ff1d79db1e47c742839653db30635bae86d171
SHA512 5b2218aa6f76cca66e4a898734efda0815b98bcac9791fb7b5762b26568c97d304c5b8db89878c82dfec069d411d60a95d486fe09edf3e7af92c195e3a92670d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

MD5 a47c9b377021a20af3c6e14d789d58ce
SHA1 26424dc83e8ef6241107f4bac6f07059fdfd9bde
SHA256 81422e7b0b20334fb7aaece03998a2a53c8430104ee3f3255ff038317192df8e
SHA512 7901f48c1b772aad025b7725535f2948a6f51a1364649f5c513e1b0f4ffc9dc5c1583922e7dd5597d594fe13b6cf04f9f674c5ec21c9991a42fc85d029cb535a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

MD5 5c138044f30b8c78119264cd744e686a
SHA1 7605e014180d49087785350bd1906c16c389690d
SHA256 47374cb7d373f9a8450e1237c80bc5fe68c61fbf0cdf958df7a298143b7dd445
SHA512 a7a257429f4d2ce7275d7ce5667cda9f3df02bce7e7d64713fa6d02605b388b7b0f79de915a1201be0baf2383c55bb2a102bca19dafef3a5943d78a2952bd09e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d1f8a9c9949dd0a6db2ecaf4e7014159
SHA1 fbc5909ce126402c1f743b93e7da61ad1d7d62f6
SHA256 6d817a733027caa5c66d1f1e04984f643d3fce8b832d1af7b7167969c87c6c95
SHA512 67234805a43d7a638e62a645619fc8d5d9ac4e5258497837f3bb34b4b1dc2bf01ac609c6583d3e69117bfa8794802094cd5a1b04dffb660996772a640508a60d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cab464183b6c55239f49d2898f5f1270
SHA1 b9a07a249ef24933f797dd14c0ce1102c0308d30
SHA256 9f82206a1ffde3f3f13b8bc2d211970b6a3275c1bab932b229ab83129193be69
SHA512 c31f98220e1f1057672d8766f1075ab5a610e3c82f94abeb837e370b7e3d2be7d55cc2e0c236618c85f728e5ad8ef4dec3a38e217e4c8ca4da10fa4503a619d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5b590d3d4d12fa82d20e4c958bc188de
SHA1 5605cdc26654cca7f3e8debb316120b72070ad70
SHA256 fcdf894a73c5341cdde63a21995cd91ff0ef6753978ef9e261ec9fec1b6831a8
SHA512 f7e6c22b91b9c821f576bfd5681cc80d55bfb953162c9f92464f027f1b52533acedf41a1fd14381bcab2cc082d843ace7efe626ca64d7e65b512010a5f7c1a3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5ffd9bc30558eb4864f4f42510934891
SHA1 fb5ff5f1d29984d6b39cebec0703407297b578e4
SHA256 3b85b69b8743b4b352dde3b55d6a66f1a926f2633b02a4786bff612f44b1c2f6
SHA512 bd0836a71a880004e1c72edb94b890b24aced31188435dc07416b6866773ef7cf38745909367320bfbb545296d6e284b6535368b48df3f018a2abc5b2dfaad9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c211c9dc68f4bf01_0

MD5 1aaa2331e20be98ee517dd59320ddeb4
SHA1 cadbd78a967cd3dec9e76b2bf303d9e298848010
SHA256 d4b33786d0e8d2f929cf0b4f82e0e0f8fcd5aca4e16ab6e804b0423a6115caaf
SHA512 0617accc74d531b05c0008938353a0dc1dc300d377f9042656e005145eceb6dc1f25da0dd978ec5178dc52daae31dfc572a438e84b7eb02eeb5f6b8802b67b1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a2867f20b5c0a400d1b7df30a1b66be2
SHA1 d4d0dd90af750632c97416cbccefb8ecac3aaaf7
SHA256 c84f47193bb79820f203cf9bda883f66dcf0a5c54d420b46c9fdea6e856ad6cb
SHA512 7d45d5aabe12ee3e918b4ab9e8830a65f25e671cc0cd43d8a35357b75451000e758b79edfafef1980a8b7035f575d1b66e4aaccaf59742b95073afc4f7fd27ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2ba543f71dd3c4b4223f853d6eca3a43
SHA1 34328c4dbf6ca1d0edd74e4a826859f0925fea16
SHA256 8ee4cc308a5203eaef04864a298afdad818ddd10300540830595188c036b9f57
SHA512 c2a672d92bb05a45c3ff209b3e12046f144c32e040d0acf94fdc14e59af932b3bc833a02aa2644c6cf3dd612ea44dd757f71f3a5cbbe84271ec201c04763e648

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d2f9a2fc02c20de3_0

MD5 07d7e0a76e47ff559012fc333776364d
SHA1 636c5cb5e0349fb1c7616959e29d0e6d63178ae3
SHA256 43740e4d314cc8f91b63e2523f571820e174e27e501762ce26e59f413aa3cb2a
SHA512 b6ce5cbbab741a09092966e42859479daae43dd474c07480c0167b45ca540381ebf815914d18402cdda501c743f837b8e2f08b87a36e0da015bf6e1f4a4fde65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d68e68ea4089fe_0

MD5 afd572b9888a542c860578c23b4808af
SHA1 cae2b3c75ecfa9189ea6ef97e11dec7700da866e
SHA256 20406c8bf7af1281b0fcdec70ad9179d537cdd940cb54a415e44c321d9279d4d
SHA512 690f25260519dc6d344281918f80fe3821d7a9b060fe70d9f9ac062a326d553e5db1e62783fe07dd2e496e8adbec5452645f97f82bec7fb549c96523c380a404

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

MD5 0548623a7ecbe2fdf41c2373d112227d
SHA1 1c1121995df74325f854984285b2f29e487d4674
SHA256 53a3d47c4d773518ea0edfb34e1b971a0ed9f2f304cce57de7f8c9d336acb3b4
SHA512 d8e35c05b4b27f83a004ffe8bcaaa0130512b36d6e49b25a8f4a789b7c4e79cd53d0b15095d186f1501e02a68f511c6bf54467de9563576aeb8813f8b3377605

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

MD5 a53027aa89114670c82ab4ff0ab08ea9
SHA1 11360cea475e732348b874c247024ee5704cf73b
SHA256 8cd05c03ab899737c69229b8ce7ff33e0ff1a8ce2f96b6dc919835ecb5647bbb
SHA512 0bcb62f6e6895fc42d82a7caa72baf88efd475c69adeb49c8ed0d7bb95d7cd1bccb9db7353ef7255494f5b6d2f63702dde860ffc41250d37d55183f5314a4261

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d4d825576498379c_0

MD5 f2ba62cb02a9ee320bcb3148d7158750
SHA1 2edbd4a03f5f1dd7d5011834db1cb3bb31358c7a
SHA256 63cae660f0c24784bd476e9a929e223fe92a4441493c1c435b9fe0a061eeb5d0
SHA512 c3d38455d04ba4177d7d6e8ec938678fbbffbc8f7aca66b92151aa4694bf6b8ecf7bfc3a7dcea96ab5f205f68e3ce1e01128426286a752be1d1470ceca0e0c73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0

MD5 1584217ee3bd6b64bd47054a4f868088
SHA1 ec97dedea22e8e1c1f57843ff468b1d717900578
SHA256 8029d51037083868a427a8d35efe91a26036c1cb93430cd04e5456c483230141
SHA512 074bca715e782d8e5da1408814a419232b29807efb3f9f2a1cdd84459cce5dbe5aa076746c9c63c2e0bad679556bd90799a3b22c7c70ac47ae75b678d3e38310

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0

MD5 6e642c40a55ac5e0366df9d227317474
SHA1 7088b56f61c73521af81ec5079e69ffbc827f540
SHA256 1f1a8f43f917fbfda77c8cbe5c7080946c64716db3dd2aa1f85bd2ec4740cbc5
SHA512 2e2ec72cf5c4795afcad62a3db1683708a0162fc795bddae959818ea4d5eaebf60d9c365a27131795f6720c41127df8794720e2a82530f55963615c9b1c89dfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

MD5 ce18738724c5f09cae57394153b5296a
SHA1 bb09bbd0f69f58aaf3a3b836f2968560a5df4597
SHA256 ae015aee5b81d2a584a31cad33bb3c55ac24757d7f93a83ce9c63ca05d5a94e1
SHA512 91aea670df4e6260a40ce9b604585959676760dafdef552831096a7c1346cf05b8af1f27b6c1b91a454d13ca0164b2bc8ac6cb343f763318a12de8ecdcebacac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

MD5 9ecb2544aa90d9b578083b4c8233e1f7
SHA1 881a8256101092b50e0d4531d62fbc4d167f8ca8
SHA256 d2dc718182c86302e66f5cd0d66488649d18fd16b51fd69076af5f75a58e0ecb
SHA512 96c1133b284ef65ae2bb49741ae5c32c7525423068b15bf83bd6aa9c0d606170a644cd9aec8c5452fa510e62910458a4ed421f150a3a65386009c1d3f4deffef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

MD5 8f360b996e147b7643f64b61fbf5dbdd
SHA1 b710d34bb87db4375ddc51af2e4eb6123a5cad7c
SHA256 af1cd13193cb2ac2a417ea959cb6c7dba245d84dee7a8502882606a1785254a1
SHA512 d267c81873b8de5d2bfc07997e9d6059e5c67d3fd4a0b7b267679520cfc1c075a042f68b12c372397e9f81a14ed1e20651cbdebffd686e43aa9546fa2d28fb5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2076e2a98754e97_0

MD5 0cc2359b22d5775b210979171b6cd01e
SHA1 15133030964fb8d7040eacf02f72f79dcf8003c8
SHA256 cf295db886f5ee454578939062dda9451f415878b7999f4e3b510fb20f775fc7
SHA512 ed278a2fba36c574d243d368fcf6a4be83b7e887279b120394b44bcf702cf4d259e2c966966bee6e0a45d96a534bdfe99fe3625c37ec42cfc55d024ed1fedd2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\624c9bd517fc9c91_0

MD5 876d5bfbcbecd3f86db685677a582b7c
SHA1 686b97c812bb8ac4ae524ff7a3cb16ecb0937c50
SHA256 672303f0e9bb03eecfa405dae9793dec87139e09896848ac6e386f743ff6e979
SHA512 d00d74cd886b405db0e0055f3adb6e6a0a9fd1d047a0496a35317bb549def40811c99f9cbd1967cb72caa652cf4a382fe5d3f518ab66f65cb8634a7006f4f51f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd9a47d844308cbb_0

MD5 42ba464469d36de5ffbefe9d7c0f96df
SHA1 bb29e9651651f7c17a050d583a615b650b8d68e8
SHA256 8ddb20feaec1a05c49827afc3b034f30c0d7b474010000e4eef6508e7f054949
SHA512 3a35cc8d61868cb5cb77b93070231a2f6fde14a639d70bf1ae7aeacb91e0a058e3b47deda8665f69679f54b78440c80c733245a39a04526a4f906e35a1d775ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\163cfbbbd670a71e_0

MD5 32e8bc41ef8129ad401ce408089acfda
SHA1 673bd62fbaca5c5008cc4280b2bbaa31a722b7cc
SHA256 507b618f3788a23b0dca90976e96cbc65ec0393d6d17f292c0fc3e7e780c9224
SHA512 b0b3440e9be6631c94bdeaa097d3e5cc0f8c6cd2bcba815bd599903c4e8841f4b196ddea7d4f98ad5d9d39fe95b187d3295a9623261653bae24990cbe2aa6cb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0

MD5 6ac707966834c0698dc91807fec1235c
SHA1 6c8964d212266c63bcd6cba226724686debbe846
SHA256 2e8a77e29282a44758ffa0c4c55bb2a5c557863542dda165c316a9641480f4e8
SHA512 90799b4edbb4f58a0e5a8b1b51be63018a14da984f3f3db74b33a91b4d67be21dd567f4575176ad6bf0e2bb7dac50e60e1a25f8e5c14507e38206eab4a48b5c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a5e8bb53a565b9f_0

MD5 c3faf01a4707c0f7a14ef225280be7a2
SHA1 d9a3f2ef3e1417d4f0b915b4dc1e6724ed9e77e2
SHA256 564a1ebf595ffe36abde6a121f44d5b9a16fbf1838aab0f8ba9f836822e0927f
SHA512 50dd1e35dcecd42cec9f715c4c99a9d2f550780542972f06b55d74ba7e91a2ab08d1e9ac823ead238272f410277a3883d0226096e7d7b10a098b780e12742a29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\15d2ba66b474cf52_0

MD5 6493f2863df2c4e7ebe0970fdf4be461
SHA1 0e0fc0b940186ff648e99fd56db76b6b555a0bd6
SHA256 81f4d9ab2b4cb90a8f72b071a1defac02992cbd57306b1cf25ce75fe2890d514
SHA512 e8c8179692f81d3a20df2702f52a6aaf933742a04637c92c3f67fe5cdfb080a0b4f6b30b641af6ff346eea9c06273747b2b22afb1e15987ededa028d35ad1e63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\44a80d5442ccaffb_0

MD5 a4a5c65388feee8196c05e2969dc42b4
SHA1 b0c2f65578a263728b370b6eb9a59e70f181a178
SHA256 cf365254185bfea96bc5a008b8ffffb010b0053efff84ecf33a2e273e17952c4
SHA512 2e5e5bcf8e16cd57ac4d0d497c40d401c02e999525c5101b8bc6f63ce16c19e7a8856f0d1248d7c5fe43d7b59383ac68c384f3ffbe1567e2fd2c317946ae0f70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06cdbb7047afc473_0

MD5 07f80f481af60a01bc08622d4e0121ba
SHA1 b38202cbaa4c07161b3841872d9cfa5762929420
SHA256 0ee66c1b5af64eae1b91731a2b736e8cf9d2816e043777de0cd496a2c203da66
SHA512 5a3f306ab99a38d560062a9d4ab205f7687101bd0430282ed7c4f519a6947da0eed31718127301767a99eb0be7abd0e488a6f8b9e902849871cc2336bf5ef9c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7e0cd756c7280eaab1fb739243fd1a5c
SHA1 a8c9f93663bf6b28795f137f89c18ca04193071a
SHA256 5cc882ad5289e380b3604353d908e2a1c6eaa762188542d011b438c58aa3fb84
SHA512 72a80b15085a2050b78d0f6c950dc958edb55147decb5d2997cc8d3a6bb5df3a69d945cdcf326d68fe5fa371d3956b26feee2b46e2ad753dedaa1293122866ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9da0d70b1bc4e5507cc30d7286268346
SHA1 78694e6244ccdaccae693f1891849351f100ac0c
SHA256 3ddb91ccce581cf83efbdf47ee567f7f74e13316f10bc0d417aa1269dbf8b8c7
SHA512 fb6a6db75494bd0511b3f0e1d5d98576ae57141e1d1749f0803faf42ccfeba7140bc5871e7d5b063128b4d994c43fef3376e8cfa1f1e5baf778c21c3eadc333e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 dcf12f1d046450cfc0601715cce1b53e
SHA1 689218d14ff00bfca20868d8c5b3e34e43df7ded
SHA256 9df4562c4d3514a3b18332f24583b684574f2571c68f2696743a8e8477c71520
SHA512 072aa4fcaf1a61bf525a1d00292f3569f8f6cb10aa57f3658fdda0c6b05b18494398bfa3b0377dc90708d42763e2376e2e1184f1e4916423e63b7a220bf08e74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 755722b85a43a5bb78d50aac29dd2d5b
SHA1 39cf5c9acaf1947ad1953af88caa12d3f41bb61f
SHA256 e6aeb4500191c61be8c7aa27f0eeca60d2dbd653f2dff6319df66e4de2e771f1
SHA512 77b412462f3f14bec5f3da09628d531c93f7f85a0da10b6b0e8c288cd7c852f2339870e90f779005b4a6c9dfb138d0b081884419755a3b0348779894c4c8f598

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1e3d8a2b5a675515664c9637ebcd4c0d
SHA1 9a0b3c07e68acf3a1b7a42a68fa43a89431f1cf7
SHA256 858239a423f06bb3f448f5b032bab89e11c4f7ca0adae19f5c04abab2bc5d145
SHA512 bd9936d7e64d62e894789454c3b84a82ade46f267f5f552e41425f16744d1a23f5bb92243fb8c108bd71d0f63335decb431d204f7ceb4dc6402935f500c98b68

C:\Users\Admin\Downloads\eanimatesetup.exe

MD5 654e0ae21344cfdf8e4d96a598c04658
SHA1 05c664fdbe989ab5a4d73b144e19e9fd1fdc70dd
SHA256 bd775ce615ae5fbab798df6bceec3951d44c3925eeea4ca600853549584c62f3
SHA512 ad8ecc70c1a65574aa156ad3d4f0f0ee5ad9e3363c050d64e5ec0a45f7dcbe2361b0a0deb008145ce98ff1c716201ab0170dd4689fe55c1bd2122495edfce999

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 742a91b0afe1bcecbe33c1db7b1de8ce
SHA1 8a795f99850d62c8041815abf1bb70ec73db8a29
SHA256 c6b996e4f8e528807c1824975d6caac572d451b352ccde29571a04d77063cb9a
SHA512 d658b61d656f36ec0d2284b81964c5177912025b97b0579bcc754e61f84fd77193a7c9ca933137b93e4f2eae457c5faf8288659c1787e1d1e625997b8a3c43d1

C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe

MD5 88cbd27fe084cea38a479e8f7861141e
SHA1 ec711bae7e7e58ab542174df6f07c403a460dccb
SHA256 a996b315bdc1f850c1e331160740741467a56bec13cc285758b802af28ff0d88
SHA512 384545638638c470ef68778ec0af0d87dce0dd5841c228f8357e73dea3af4c3f9fb266bb8fa989fc73fc756a8a6d139ad3fc81c68b05495864f603eddd397936

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 c3e7da42b4a4ec689fe187e157a0641b
SHA1 a36342e96c6269c39de96d6a3df929d1599c57e6
SHA256 e344594bab2c59c88fefeeabb043ccbac0bc9a6369937d69f4d58043b4878f92
SHA512 6373554f215616b0429ea4c802e5de411a6ad205f317af2d69bb27c30ba00aad9e88afed4ac7032e7a7386b5656278d7f0953a84c13ef711bed60655f5c0e13f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a2f322c6f9c00a93c154d6c4d37e7fec
SHA1 3f1e422fdc3a60169f3058c505a44055bba04fe9
SHA256 b024ccd631d43d9d125031abac7a7f8f330bc200e8aa43dae3b10ffb40994ae6
SHA512 c0448ee0f98fe1ca2e78b2df8072f240979830df688d21c77ca5ac99a76ae504c3ccd3ba4ae8ecf5b6fcf1873789cd1a01ed4ead892b460b9e04bc4f845c2c89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b728e1758f58ededcd6362c9d3eabd4d
SHA1 f0f63982254b51fa8205e5d1353169a93a5c215f
SHA256 3a8fbfab301a11f0a5b3b0cfafef7e9dce8e9ef1d9f2ecb8939f57f75ca9ffbc
SHA512 24da6f03a4da110d61dea269f82bf4041c241c8d3bca4fd78d0267e8a96cde2a7d59423f669b164aacf9fbde41cbea1399243304badc12d994c0efa67aff1e55

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\BlurayDataDiscPresets\Default.dat

MD5 d8a1d13b6a709284f4b6f03944c5a777
SHA1 92b682c0feb24ff7eff26b37179e84714dc48d7d
SHA256 3ebab07816a054e2a63d47088bc396cb35ab56f9c514e9246fded7aab2e061fa
SHA512 00a23f21cc7bca0de880dc3c8d8fe43cb668765587d7348c381816c64400da15b63a65114aa7b07ca1ad1a576937469c8987cb0c0282077688497921e36fbb43

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\ComputerPresets\YouTube%202160p%20%284K%29.dat

MD5 ee49e3f82d40b9186643e4fcd39582b8
SHA1 c2b2cb6d3144483b5b7e9a26dd37c9b1be74e315
SHA256 97d09214d6d22f649d7c27a9ef49fc40a4d7b6aab698282062e9cf07ab468444
SHA512 bc2b0adc37f5850f6c43ace19d65820fcd43d803f67b95bb0454ed5280e3bd4e8821d6675f50474c5f547d2fecb63481672dbadec8091825341875c610c9ed71

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\ComputerPresets\YouTube%201440p%20%282K%29.dat

MD5 4885ffe9da2d96661bf27a0e5898cac8
SHA1 6df1b3e7e8776ada563a0c3b14032239b8d46390
SHA256 d9083c33c460165687bf9402dfb3068fd096fd956e33cd9303b2d29f06684709
SHA512 dd9958fffdfdaf8ee00ddcb35495b45e03e93664f5437099d882ca315724ec9574d63d881c280e1600b0aa08542048fb32e99e931c8c3d2bedbd73e3ff1bcd0f

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\ComputerPresets\YouTube%20720p.dat

MD5 b53a1851ee6a504a5b3450d1f1e18db4
SHA1 35ec235ccb19ec4080243c6bbc26442d67d5b0a5
SHA256 2d94adbaf849e40d46ec02632c7025bd53a158bd0732d7e302be2e56da8557d0
SHA512 725f5bb8f7237a0b10f86ada0ff987ac0506fb4f49517af8a40d298c8caea4ae21b6f4c7621a43fa14a4792388a91c1ab34b735e8301be724927598b48079866

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\ComputerPresets\PS3%20HD%201080.dat

MD5 5eecf5c5045b9f6df7920d8002dbe901
SHA1 393138a461474bccbcafc3745a752b5f183ad8c9
SHA256 de0cbf678226d04528cdfe667217eb5e24833e169a818c4d633771acfc274a1b
SHA512 3e4eb313813268a75556a7a76c845f1c77c2b643455fdfaba7b7f856d4ceb62fe390e024b3051a28226fb2847b91e9788a479042c621b273f97aced24c91fb44

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\YouTube%20480p.dat

MD5 b6e85c8dbe74a5b7d83c616e3d8b3514
SHA1 dfe6769ceb3ddce434b692b09f47822a2c97f47d
SHA256 fc32b8315987ca3ed5589e2f2f6532a8f296e8364281b0bc10f65344d0680e9c
SHA512 945c3c0689bbdecf7d93c0eb6250f19ed2de5e4e25ec1f052ed8b91c36b6e723d5d16c14c9fb5e0e49f712f92baf975929328e5a808676e3060950405f5fa1f6

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\Internet%20Video.dat

MD5 94ce49ca59596a8c37b670f8e9aea146
SHA1 bd4c003c4d7d99d6758be8374b69c6ba051f1660
SHA256 bf8c927f01ea3dbab2004ad9bcbf1ac11863e0b75015c7c002f092c546dce916
SHA512 a57e31f26c99261b9789ea2dc64c55e14a7974554eb6a7139e397f820f82f0a552ea08ef69290b5ddad82b6bb481e0452f307a49456b531dafa2d295848d30a6

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\Animated%20GIF.dat

MD5 b87cc2e85d1b38ce6721841aeb944959
SHA1 c6dbefbbe4dff194f8011a98222bb9ddd6cc03bf
SHA256 95a0216e4b898535e9fde3e2f3dc451188fa0c7ab474cf5364ea0ed23cf1ba9b
SHA512 0bb88c58a80b8b0fb9247c191433cbb71f93336b557779ea1a4c5b65ddacff654040ef5470e980b30ff32adbcdee60173188217157f4b9818dac777280fd1cb9

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\TV%20NTSC.dat

MD5 0156fbc4bfd6e88b9a69d0a50cef0123
SHA1 9c18e7f4c66a966078bc697a3288551d3501365d
SHA256 e8a9783152f0c00f2406660bcd53d477a4079a4399ef92a69dae5110e75f4767
SHA512 4c87db505e39c1d94384269477bfd5c8ff1498df97c5ca780509bf8038a2cd6f3eda79d26bb397b3df6aec09bfdafcb0547f4d58b9d8d5aca254b90233fad68e

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\TV%20PAL.dat

MD5 1d0d31b5da6de39ef04b1b1e9ffd5523
SHA1 d47d1afd0b0406311c24684c1be1743ee15e1917
SHA256 371b1290b7d047a3f8542fd1a9bc21c489c70cfb0392ed9534dfa96db97733e8
SHA512 e8f79675d70640ef7dbd1e327f0b5cd8a95ad3df2227bcf0e496b8fe8c70abf1cdcb86b1fd8308b0a6be8eefdb040c648543336d324b0ea9630da3e18d4b4ef0

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\Widescreen%20TV.dat

MD5 52efff8aa9febbacbdd819aeb3f4d9df
SHA1 a13e9b88c5619297a1f0e1959357252d6bf5be14
SHA256 c03878f47765535655a187bed85f3c8a29a2d34cb85bb12871376f939e17e454
SHA512 1edff88102d57b23de2e13678514539b84c80f6f7de06e7be11c0f4d5ea7225c26990cef9ce4072dadbe57a3168415ba04af7c7e7ca7b15cc64aabca22bd0f28

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\PS3%20720.dat

MD5 a9e4349bd0962dab1cbeedf15231fc61
SHA1 be44b53af8766c7c4d319baa71e8b1102407ad6e
SHA256 5906d9f29338e141a6aecece90a3729ef4bdc0437428d3b3351101de81941b0e
SHA512 1324394ecf08e9f9aa9cd896f9df0acc5cb93547272d129c7752af22442d74973c8d5c4e9679bd227367e451e54b09073a3b1aed3b8f1c7ee9523b5ce106dcd1

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\PS4%20Pro.dat

MD5 6085a62ed0909dde1baa21880f53a9db
SHA1 160787a65973cff18ce85c828454bb7bd0addb24
SHA256 17cbe4143db916c4e79e1f491112f21359db46379f7985678c34fc3ae6b5c24c
SHA512 c0e6391cfbf000e1973b58bde16162e8154a0fb8cc8f4b7fd6bce1ec3744213da2d8e50399b904feb9bf42a0fd7d9f99a264d2d095799c76a28a9696a3abf594

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\Facebook%20720p.dat

MD5 66f7701ff524c397dd386ba51cf5424c
SHA1 08d58ef9c27e2a5c4690a627220408fb848b3511
SHA256 cca275b89dabaea3d71078a883f8b2d5aa66c4c13cdcb0f4f16e4d242616e033
SHA512 c48ef0d805949c441b64583a1b09b231a9c9a1cae5f2fc0984ea63e91a0272573854827f9ff0e7b925be5b278cfd8d7a29e42e208d9863ad9f35f718549c6d5f

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\Facebook%20480p.dat

MD5 9d464516256be22f266a00510ee2af7e
SHA1 5b7e7346f518fcd29701cde078161e7d4a0fc203
SHA256 9032142620bcffafb741911906500159c24aa74e41e4d399a556efeaadd1cf7e
SHA512 88d52ef07cf60f2994f5c22739f5b8e7ffc4f6708c14a8d598fc53710a9892e30df44d34a789d60c741e7868c638766e7a41b2880b09116129722bb4ecde4137

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\PS5.dat

MD5 fa64fb416dcf191fc93c3caebedc311f
SHA1 247d211e91c61ada2780d5ba0d792dd7f595dc6d
SHA256 ad926282a522b563f2547935054ee3bb0022dbdcd8c0964b56b9286fe4eb1a1b
SHA512 ff01873689d9df78297471e7a9ccc16102c83b438ca921c29efa37924e120e412670ee56e2a168877a9681190768e5e9c23860883d48cb2dcc3076a79416b4d0

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\Facebook%20-%20Vertical%20Video%20%289%3A16%20-%20720%20x%201280%29.dat

MD5 1f00842c3b8fc67011a68216886775a8
SHA1 b62e0c3ef2f37bbf8788519cbf2799ab25575a26
SHA256 d4869aab58135fb48a6c54653bbac494c30ec9f2bf447ee916b190831d4b36de
SHA512 fbb0d6c7a51576d4b931f9cc26f11f4c0fd0f468b07775e30bbac743cc3d4dde6b6e702f18437e4befe71abbf0ad4490b5277e612ed42e9a4672693ba79c57e4

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\Facebook%201080p.dat

MD5 095cdcf5f0b3b9833ffceba3e9e2cb91
SHA1 01ed1292d6f9fb414ac72f72595e9c22ba00190a
SHA256 edccce9d96efb8e964ea9d67ae9d75e8a69896f2f4d2bf49b46332f98d5732e8
SHA512 8b9577fc6625959fce694eef57ee4d793ddbd04e2788d665f0cd9447917978ad7505568f70f9a305cde9a44639d748dd3a3b0f4c4bdc153d5e87f01ab93ede6b

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\Facebook%20-%20Vertical%20Video%20%289%3A16%20-%201080%20x%201920%29.dat

MD5 1cda61236694c03e5854b89657bdc201
SHA1 555439bd9dd3499737fffb039f84869850042458
SHA256 e5377ef13c5783acfd8fceb1d4926f3c23d9c9f67aad68de6908ad99974c6698
SHA512 9147a2bdd63eea10035ffb4788734c4ef89b582a72237fada9590e5d45d45f4a9f27bde3da46e39009b641ae42d484318be74f707544c93c26c77ae16e395965

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\360%20Degree%20640p.dat

MD5 41e5a77270cfd293ce853d78d67ae920
SHA1 dbb8fa0f7ac06da9c40bc852b7c0f0edaddd11b6
SHA256 eacd72d169d6630054613f0891a0321c3053ed401cb2e9e0c9fe3442f42e465c
SHA512 ebdcb730d2483bd563cd8fe873c0479d4abd2b730d079b95ff324f1f397e19dbf9fe3d6d3394ab4dfb6f6dd0a32234fd355e39720ff76044e469e92e27f5bcc5

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\360%20Degree%20720p.dat

MD5 03ca735c7b72f2547e11581a3de6784e
SHA1 466bf2d282ca6b3f215b949098f831c9c862d4e4
SHA256 e8c9247f73aa74687daaffd7cd3f9150cee8d13878b53ce42eb33c7102c2695a
SHA512 1d6982c85e11e8dedf30e2eeeacb7367ef5451cb6cb2beba4a337fb1865ea5f5e303bf9637ad2eb9226f48f2281902a59f3a8e722df50bf38782e213de960f91

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\360%20Degree%20960p.dat

MD5 49d48113e4b23dc8405b097d58e34555
SHA1 ebd3c807dc52fb6b8cd8be99b969459767712e04
SHA256 161f198f65d0036d1a5b6549e9a7a04453c65b3d115d09b8182611718eea7545
SHA512 518098b483c2cb6622e9b74820dd8328ac054a8bb12f33fe2a46ab828aaddb7927cba5cf9b487dc67717937209d27e5eb63b0aa4d1cba40f7b4d75f38abaecca

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\360%20Degree%201280p.dat

MD5 df3564ade53c0159603e7b11f34bae46
SHA1 8a8f0dfc8727a5c5ed805ab6d713c1acc1f041ef
SHA256 4fc4a88a73176fd19057491b29c1b4e315366125703ed79740d0ee0c34c68905
SHA512 b5c3b56ea22c1c99fc2c5905f76e880975206ee230760e25c6774aa62bcce4398356ccd16469cf661021944df36cac28171e66ba9ac85e0427b93e02705593c7

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\360%20Degree%201920p.dat

MD5 40e5a2d7305715d2809cbcb72255a865
SHA1 12043073d170c00e8d810035fb4001ddbbe2e130
SHA256 152703990738f6f700f4151e07f01ccacaf1dbef51f9ec7b3712abb96e45a474
SHA512 fab167f32118ea90fc3f914cfd80dea8578bbf0fcd67af432c636e5f877f8b0d367bf74430e975e6721347ca91f7dbfdf35c0e070f5ca3b79c3c2323317eda9a

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\Twitter%20MP4.dat

MD5 f26e6a1f86f44e3e0fbb8f0703cd49c2
SHA1 fa1345c08155dbeac4058475cb3ed59d7e69c2c8
SHA256 9cb4f1ab44fae1ff467d88be05069afbd605e5a2dce42f40d0cf03b9d761693d
SHA512 02e716e56f72e1461a3d4d6c1cba9086581009b5f658c74cb51a0a2bda49e58d436b13beb6cec4c6652ac33fd09accbdf0a7b4523303c1028e9336a0fff02664

C:\Users\Admin\AppData\Roaming\NCH Software\ExpressAnimate\GoogleDrivePresets\Vimeo%20MP4.dat

MD5 c8aa019395c5da3d66aad9b42010dfa4
SHA1 710f8a238807960b7e9b144333129260db52b545
SHA256 b2852e173472c68d093341dbc0757505d54a6ee0ec6cc4ec7c89f7f1e1b32d23
SHA512 27b0bdd33b57507bf30076385c806f1ab1c489daf1883d748674a5cd39a73e91a431f30c908047f48d97c85a5461135e7cbdf499078ca0fd14e1bbea42b72127

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092

MD5 2ebfdbd309ee762211b4a2ac39708c4d
SHA1 b002922c672dbe1dd4caa02af24d0b1e7da616af
SHA256 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797
SHA512 d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e6cfe9823b3eea21b4d8232293d88f5f
SHA1 d365be81c62a240ff3cc3202893b74e5451a50e8
SHA256 0c7751bc6c4e708794773b228f0402104d45b40e765a5f861e90b881629e762d
SHA512 0df5b6e9a08932b6942369278fff6e24896f0b181f36189f4d8e71a10b2352fb57db3e4cf2c3dcf77dd19c527c2484630d8e8a0cb0c395bdd0e2aefdc1a99b24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a281f1469566b78e4002fa936a0c8fe1
SHA1 657208c0295d91ff00a967738859f6a49aeedf2a
SHA256 5effac554de161401f9542ad1ec0c14f0d81522a4c9d1ab03daa79a9d65429e9
SHA512 6ab05a3d5eb929f2c8f466d73519a247079bc5cee940a1e16f15915fb91780562cd29363226593456ce7f3f3afcff72781ca2296df929b785b5d6959d3d7c324

C:\Users\Admin\AppData\Local\Temp\2044-2920-17.tmp

MD5 4de70fc245a8cfbd819cbe9f9425020e
SHA1 fa2c5f1c59c70b4dd7b2811130488548b4a9ffc7
SHA256 2c431a7a1df025f0f9b6925df38a66c7490750ed218c206c88711b1bdd11a179
SHA512 80b8fed9450e9df00da009f3e4cacb8664422e5fdffd78a7b6b249cc3fa9a530ace5b56aac6dcc36c68c8c0b793281860bc4367065e8866bd94f4ced408eaa8c