Malware Analysis Report

2025-01-02 04:58

Sample ID 231111-mcrcssdd5t
Target NEAS.71334cb3df06b322134688d24e5b8620d691a38ac42d72c5c0071b3de563fcb4.exe
SHA256 71334cb3df06b322134688d24e5b8620d691a38ac42d72c5c0071b3de563fcb4
Tags
glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor dropper evasion infostealer loader persistence rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

71334cb3df06b322134688d24e5b8620d691a38ac42d72c5c0071b3de563fcb4

Threat Level: Known bad

The file NEAS.71334cb3df06b322134688d24e5b8620d691a38ac42d72c5c0071b3de563fcb4.exe was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor dropper evasion infostealer loader persistence rat stealer trojan

SectopRAT

SmokeLoader

ZGRat

Glupteba payload

Glupteba

Detect ZGRat V1

RedLine payload

SectopRAT payload

RedLine

Detect Mystic stealer payload

Mystic

Modifies Windows Firewall

Stops running service(s)

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Launches sc.exe

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of UnmapMainImage

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Checks SCSI registry key(s)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:19

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:19

Reported

2023-11-11 10:22

Platform

win10v2004-20231020-en

Max time kernel

130s

Max time network

173s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.71334cb3df06b322134688d24e5b8620d691a38ac42d72c5c0071b3de563fcb4.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Stops running service(s)

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3F82.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\13CC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13CC.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\il6TO71.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\NEAS.71334cb3df06b322134688d24e5b8620d691a38ac42d72c5c0071b3de563fcb4.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX7aM97.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3SM20sS.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3SM20sS.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3SM20sS.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3SM20sS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3SM20sS.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3SM20sS.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\19D8.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\5389.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4D00.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4684 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.71334cb3df06b322134688d24e5b8620d691a38ac42d72c5c0071b3de563fcb4.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX7aM97.exe
PID 4684 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.71334cb3df06b322134688d24e5b8620d691a38ac42d72c5c0071b3de563fcb4.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX7aM97.exe
PID 4684 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.71334cb3df06b322134688d24e5b8620d691a38ac42d72c5c0071b3de563fcb4.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX7aM97.exe
PID 1644 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX7aM97.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\il6TO71.exe
PID 1644 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX7aM97.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\il6TO71.exe
PID 1644 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX7aM97.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\il6TO71.exe
PID 1020 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\il6TO71.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe
PID 1020 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\il6TO71.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe
PID 1020 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\il6TO71.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe
PID 3988 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1776 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1776 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 1340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 1340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3404 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3404 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 696 wrote to memory of 4964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 696 wrote to memory of 4964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 1116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 1116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3652 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3652 wrote to memory of 2964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 552 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1756 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1756 wrote to memory of 4148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 568 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 568 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 5484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 5484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 5484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 5484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 5484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 5484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 5484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 5484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 5484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 5484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 5484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 5484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 5484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 5484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2848 wrote to memory of 5484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.71334cb3df06b322134688d24e5b8620d691a38ac42d72c5c0071b3de563fcb4.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.71334cb3df06b322134688d24e5b8620d691a38ac42d72c5c0071b3de563fcb4.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX7aM97.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX7aM97.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\il6TO71.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\il6TO71.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x170,0x174,0x178,0x14c,0x17c,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x168,0x16c,0x104,0x170,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,17192415223056869127,9281595580747476707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17192415223056869127,9281595580747476707,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,10699591254079011576,16700980322441209338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,10699591254079011576,16700980322441209338,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1940 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,2291392232880931591,4848171483171463507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2291392232880931591,4848171483171463507,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,1688564792391440565,8822630275609111135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,1688564792391440565,8822630275609111135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,1300520911432831144,247340722816498949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1300520911432831144,247340722816498949,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,8516493097350361068,3073051086013021819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8516493097350361068,3073051086013021819,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,11384404966947697983,16056548132724519174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1472,7762468403827029752,514735179999092379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2xX9632.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2xX9632.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3SM20sS.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3SM20sS.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8652 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 540

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1244 -ip 1244

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7iW1Jx87.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7iW1Jx87.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4c0 0x1cc

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8784 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\13CC.exe

C:\Users\Admin\AppData\Local\Temp\13CC.exe

C:\Users\Admin\AppData\Local\Temp\19D8.exe

C:\Users\Admin\AppData\Local\Temp\19D8.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6468 -ip 6468

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 784

C:\Users\Admin\AppData\Local\Temp\3F82.exe

C:\Users\Admin\AppData\Local\Temp\3F82.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\4D00.exe

C:\Users\Admin\AppData\Local\Temp\4D00.exe

C:\Users\Admin\AppData\Local\Temp\5389.exe

C:\Users\Admin\AppData\Local\Temp\5389.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\4D00.exe

C:\Users\Admin\AppData\Local\Temp\4D00.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcACoALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlAA==

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6824 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

C:\Windows\system32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Users\Admin\AppData\Local\Temp\FB05.exe

C:\Users\Admin\AppData\Local\Temp\FB05.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 126.177.238.8.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 steamcommunity.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 157.240.5.35:443 www.facebook.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 18.213.74.63:443 www.epicgames.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 63.74.213.18.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 93.184.220.70:443 pbs.twimg.com tcp
US 192.229.220.133:443 video.twimg.com tcp
US 104.244.42.197:443 t.co tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.162:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.163:80 apps.identrust.com tcp
NL 23.72.252.163:80 apps.identrust.com tcp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-q4flrnss.googlevideo.com udp
US 173.194.57.106:443 rr5---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.106:443 rr5---sn-q4flrnss.googlevideo.com tcp
US 8.8.8.8:53 106.57.194.173.in-addr.arpa udp
US 173.194.57.106:443 rr5---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.106:443 rr5---sn-q4flrnss.googlevideo.com tcp
NL 142.250.179.182:443 i.ytimg.com udp
RU 5.42.92.190:80 5.42.92.190 tcp
US 194.49.94.72:80 tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 173.194.57.106:443 rr5---sn-q4flrnss.googlevideo.com tcp
US 173.194.57.106:443 rr5---sn-q4flrnss.googlevideo.com tcp
US 8.8.8.8:53 i4.ytimg.com udp
DE 172.217.23.206:443 i4.ytimg.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
DE 172.217.23.202:443 jnn-pa.googleapis.com tcp
NL 142.251.36.6:443 static.doubleclick.net tcp
DE 172.217.23.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 151.101.2.133:443 www.paypalobjects.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 192.55.233.1:443 tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 52.2.199.143:443 www.epicgames.com tcp
US 8.8.8.8:53 143.199.2.52.in-addr.arpa udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 rr5---sn-5hne6ns6.googlevideo.com udp
NL 209.85.226.106:443 rr5---sn-5hne6ns6.googlevideo.com tcp
NL 209.85.226.106:443 rr5---sn-5hne6ns6.googlevideo.com tcp
NL 209.85.226.106:443 rr5---sn-5hne6ns6.googlevideo.com udp
US 8.8.8.8:53 106.226.85.209.in-addr.arpa udp
US 104.244.42.194:443 api.twitter.com tcp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 194.169.175.118:80 194.169.175.118 tcp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 152.199.21.141:443 abs.twimg.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
NL 23.72.252.171:443 store.akamai.steamstatic.com tcp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
US 194.49.94.11:80 tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 226.168.217.172.in-addr.arpa udp
RU 185.174.136.219:443 tcp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 194.49.94.11:80 tcp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
NL 142.250.179.162:443 googleads.g.doubleclick.net udp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 194.49.94.11:80 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX7aM97.exe

MD5 c2e3d0d2acdfc790d6c323ba0af80f97
SHA1 5b0ea386ac2bcdfecd19c459ed976a50e84e16e4
SHA256 3bab105a40d772459dbf2ba6c66e3849728507cc9a35649f34868b215a69b66e
SHA512 f07fca63d94c10863a33cf183a4432f937b15af62032912577701e51f6c59d4cbe8eb0b0344f974113a1830ad103abb01c0e6ec7273eb03456a403e5018db848

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX7aM97.exe

MD5 c2e3d0d2acdfc790d6c323ba0af80f97
SHA1 5b0ea386ac2bcdfecd19c459ed976a50e84e16e4
SHA256 3bab105a40d772459dbf2ba6c66e3849728507cc9a35649f34868b215a69b66e
SHA512 f07fca63d94c10863a33cf183a4432f937b15af62032912577701e51f6c59d4cbe8eb0b0344f974113a1830ad103abb01c0e6ec7273eb03456a403e5018db848

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\il6TO71.exe

MD5 632bbe6db761faece1b82bf42f088939
SHA1 026065750d1808344373fd7ea7821058f810ef45
SHA256 785f022f77f5d66b74f1e7c737ee891b796ec606b2dc2c12ee971f94ca2f2da2
SHA512 030d920581367af0398ebbfa06b6a5afaecf343c289cb11d5eac6717c5afe8a4affd8306e2878d25322bc9479e4b030155f037182cfc671aa4e4afda9e9d8d7f

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\il6TO71.exe

MD5 632bbe6db761faece1b82bf42f088939
SHA1 026065750d1808344373fd7ea7821058f810ef45
SHA256 785f022f77f5d66b74f1e7c737ee891b796ec606b2dc2c12ee971f94ca2f2da2
SHA512 030d920581367af0398ebbfa06b6a5afaecf343c289cb11d5eac6717c5afe8a4affd8306e2878d25322bc9479e4b030155f037182cfc671aa4e4afda9e9d8d7f

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe

MD5 7271948f09d1f3b488a60b31d61612d5
SHA1 5b6f82e87beed7312d80ae602a1c4812889dffdc
SHA256 ea2cdc7d8f6b9d00f2a7fa51fa890de7b15f2ed2cd72a66f8999c3cb3d107ee9
SHA512 b55ddf1c7d9def34dbcbb56e493d857d737c4786c20e892606ebb9ebb4f3b7463fdcaa3cffaf954352f64d6ab5e0feabf2ad9e6b210ab239906e7771569a5285

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe

MD5 7271948f09d1f3b488a60b31d61612d5
SHA1 5b6f82e87beed7312d80ae602a1c4812889dffdc
SHA256 ea2cdc7d8f6b9d00f2a7fa51fa890de7b15f2ed2cd72a66f8999c3cb3d107ee9
SHA512 b55ddf1c7d9def34dbcbb56e493d857d737c4786c20e892606ebb9ebb4f3b7463fdcaa3cffaf954352f64d6ab5e0feabf2ad9e6b210ab239906e7771569a5285

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 16e56f576d6ace85337e8c07ec00c0bf
SHA1 5c9579bb4975c93a69d1336eed5f05013dc35b9c
SHA256 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5
SHA512 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_1776_WAMELYFTFIWBXJEI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3404_XGEUDCGZACAKLLHC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

\??\pipe\LOCAL\crashpad_696_UFZBWWMOYNTBMLDX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_5020_HZZSAZWBHBLAVCQE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1936_CGYOMTHOHVFXDHZK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2848_WGCXMEGBMUDZBLBG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e73c5a001faa152d5017e634d91cf808
SHA1 b0251cebc09a21f4873d15069db59b6ded816759
SHA256 02d5bc55e8f60ab33dadd2c7004a7118fd2c1cfed1de75d31642ee923ec61fd6
SHA512 8572aaf3575ab308d8ba588ac10138e80277c6bf9efea31cbfcecbbf6e72fb3102318da68075a4942da09134f24125c8bcab6589809e617198e692ec83749516

\??\pipe\LOCAL\crashpad_3652_TFFQNFRHAIJYSCYT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c7e937105128f87649d266fce4e0929f
SHA1 ae71af1b56454b62cb94552fab1631f40645ab85
SHA256 a3b930002233338834fdbaee4b833b4a9e5fb724e6d01d5c748cc842b6299355
SHA512 e8dbcbaf0d26c8f149a41d5c0d5e66cc368db12feeb7263255ceaaeb2eee60030ae2b1804c2f4c4cf5e9d2bfa06faa32f504c9f323d1bf9d24c31c1e468b75e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1c790172-f973-4526-bff7-24429e63ef99.tmp

MD5 ba6904d3e4a8c4cb468e1dbc7810e1b5
SHA1 a7924fd90410478682ad978e0c12b3fe68dc71c4
SHA256 88632a565a8cac92c1fc22a421edeff8790b77c439ddb5186abc70a4ccf4853c
SHA512 cbb1311640a6c403178d4c9ad8da83b90cfaf4e8e614dbac2ed6d79a51b12a77c647430e5937a1002b91cec3ce6f37cb3b44434431171c53f9a9e8851fa341c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 edb0f0a710d60662f049871e4f9ec011
SHA1 bf0ee0a4e090a4687e2c127a6fc5c2839d44647f
SHA256 fed6d5b89a24ce4275a0b2f2edd5b73084165a54f9393bc962c00b0ef718290d
SHA512 52f31e85fadb7a2ff145746b4a3148db02dd97a1ec12c31a9d3fbfad71767525c111b43cb606a177e19c4c91de1e7100c2f8e755e98b34561a46b598e0cdddce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 22ac765c2c74f1c59fa64452264a9e74
SHA1 ca019603beb73e3e630ea09d515a436a6d96d588
SHA256 4b71e5d2f21f775449d19799ac59a3e41b0d7a7e154b6ecbe5126aea4c57cea4
SHA512 59f9b33bc96d9c58eaf64244d69d0f92c6e159979251b8abaf1cb187d3cb036a6ea512a8842786df09eedf980ff08bc674a1dfa0a5f0b5236431a5813841e940

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8925003f-d1da-4ea8-99ac-d7c20c487129.tmp

MD5 edb0f0a710d60662f049871e4f9ec011
SHA1 bf0ee0a4e090a4687e2c127a6fc5c2839d44647f
SHA256 fed6d5b89a24ce4275a0b2f2edd5b73084165a54f9393bc962c00b0ef718290d
SHA512 52f31e85fadb7a2ff145746b4a3148db02dd97a1ec12c31a9d3fbfad71767525c111b43cb606a177e19c4c91de1e7100c2f8e755e98b34561a46b598e0cdddce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ba6904d3e4a8c4cb468e1dbc7810e1b5
SHA1 a7924fd90410478682ad978e0c12b3fe68dc71c4
SHA256 88632a565a8cac92c1fc22a421edeff8790b77c439ddb5186abc70a4ccf4853c
SHA512 cbb1311640a6c403178d4c9ad8da83b90cfaf4e8e614dbac2ed6d79a51b12a77c647430e5937a1002b91cec3ce6f37cb3b44434431171c53f9a9e8851fa341c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7e20e493-0f41-4090-b173-9129ee4a0d4c.tmp

MD5 22ac765c2c74f1c59fa64452264a9e74
SHA1 ca019603beb73e3e630ea09d515a436a6d96d588
SHA256 4b71e5d2f21f775449d19799ac59a3e41b0d7a7e154b6ecbe5126aea4c57cea4
SHA512 59f9b33bc96d9c58eaf64244d69d0f92c6e159979251b8abaf1cb187d3cb036a6ea512a8842786df09eedf980ff08bc674a1dfa0a5f0b5236431a5813841e940

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c9c98977eaac78b92439416e4f49bda7
SHA1 4d81416a6a2f0aa632e74517a95ddd086dabdfae
SHA256 fdce0cfd65aeeffca1101cbeb32b9dd5fb5578bff01a0318522ead1da0bb8646
SHA512 49ecd8de85fbc527664bee9d4c67dabb11856456155c3bee8e06b6b2f4b2f3e716cfca61ad732bb23f1435cd087d080273bc7a3d573453d2d4eb0871583c22f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c9c98977eaac78b92439416e4f49bda7
SHA1 4d81416a6a2f0aa632e74517a95ddd086dabdfae
SHA256 fdce0cfd65aeeffca1101cbeb32b9dd5fb5578bff01a0318522ead1da0bb8646
SHA512 49ecd8de85fbc527664bee9d4c67dabb11856456155c3bee8e06b6b2f4b2f3e716cfca61ad732bb23f1435cd087d080273bc7a3d573453d2d4eb0871583c22f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c7e937105128f87649d266fce4e0929f
SHA1 ae71af1b56454b62cb94552fab1631f40645ab85
SHA256 a3b930002233338834fdbaee4b833b4a9e5fb724e6d01d5c748cc842b6299355
SHA512 e8dbcbaf0d26c8f149a41d5c0d5e66cc368db12feeb7263255ceaaeb2eee60030ae2b1804c2f4c4cf5e9d2bfa06faa32f504c9f323d1bf9d24c31c1e468b75e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e73c5a001faa152d5017e634d91cf808
SHA1 b0251cebc09a21f4873d15069db59b6ded816759
SHA256 02d5bc55e8f60ab33dadd2c7004a7118fd2c1cfed1de75d31642ee923ec61fd6
SHA512 8572aaf3575ab308d8ba588ac10138e80277c6bf9efea31cbfcecbbf6e72fb3102318da68075a4942da09134f24125c8bcab6589809e617198e692ec83749516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5211185f5fd20c3257fc25b006267fa9
SHA1 9f87eb2534d822a66a970bba41efd635e39bcb10
SHA256 7d692ce9ccee457549a5d1cfdeab2010f2b00e654363e291693307ef39c988b9
SHA512 cc14cb9b7f42b3357aaf4a54b8a116beac1ddec4e213005f3d859d73c35c9a1cb93ef2203282afe77ad0e31c2792c3887630d51d8c8c9238bec97614d6c77a3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0629525c94f6548880f5f3a67846755e
SHA1 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423
SHA256 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee
SHA512 f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5211185f5fd20c3257fc25b006267fa9
SHA1 9f87eb2534d822a66a970bba41efd635e39bcb10
SHA256 7d692ce9ccee457549a5d1cfdeab2010f2b00e654363e291693307ef39c988b9
SHA512 cc14cb9b7f42b3357aaf4a54b8a116beac1ddec4e213005f3d859d73c35c9a1cb93ef2203282afe77ad0e31c2792c3887630d51d8c8c9238bec97614d6c77a3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7960fdf65f027f1bd16b43400ced69af
SHA1 d7b15d2ff7b58238893998b567a7081826de4df9
SHA256 a6bfaf1e9f4b2bebeb636bf43a124adf926e3ab25a9e9808a035fe2769037280
SHA512 720d50e79f8a61ac32470f7567f1a77e9b102ead8e0068f724d7456d656671196327dfcb9664e293465c119057e222ce8e84ade44a1ac15744cddf56c2461c8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7960fdf65f027f1bd16b43400ced69af
SHA1 d7b15d2ff7b58238893998b567a7081826de4df9
SHA256 a6bfaf1e9f4b2bebeb636bf43a124adf926e3ab25a9e9808a035fe2769037280
SHA512 720d50e79f8a61ac32470f7567f1a77e9b102ead8e0068f724d7456d656671196327dfcb9664e293465c119057e222ce8e84ade44a1ac15744cddf56c2461c8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c9c98977eaac78b92439416e4f49bda7
SHA1 4d81416a6a2f0aa632e74517a95ddd086dabdfae
SHA256 fdce0cfd65aeeffca1101cbeb32b9dd5fb5578bff01a0318522ead1da0bb8646
SHA512 49ecd8de85fbc527664bee9d4c67dabb11856456155c3bee8e06b6b2f4b2f3e716cfca61ad732bb23f1435cd087d080273bc7a3d573453d2d4eb0871583c22f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 22ac765c2c74f1c59fa64452264a9e74
SHA1 ca019603beb73e3e630ea09d515a436a6d96d588
SHA256 4b71e5d2f21f775449d19799ac59a3e41b0d7a7e154b6ecbe5126aea4c57cea4
SHA512 59f9b33bc96d9c58eaf64244d69d0f92c6e159979251b8abaf1cb187d3cb036a6ea512a8842786df09eedf980ff08bc674a1dfa0a5f0b5236431a5813841e940

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e73c5a001faa152d5017e634d91cf808
SHA1 b0251cebc09a21f4873d15069db59b6ded816759
SHA256 02d5bc55e8f60ab33dadd2c7004a7118fd2c1cfed1de75d31642ee923ec61fd6
SHA512 8572aaf3575ab308d8ba588ac10138e80277c6bf9efea31cbfcecbbf6e72fb3102318da68075a4942da09134f24125c8bcab6589809e617198e692ec83749516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 edb0f0a710d60662f049871e4f9ec011
SHA1 bf0ee0a4e090a4687e2c127a6fc5c2839d44647f
SHA256 fed6d5b89a24ce4275a0b2f2edd5b73084165a54f9393bc962c00b0ef718290d
SHA512 52f31e85fadb7a2ff145746b4a3148db02dd97a1ec12c31a9d3fbfad71767525c111b43cb606a177e19c4c91de1e7100c2f8e755e98b34561a46b598e0cdddce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c7e937105128f87649d266fce4e0929f
SHA1 ae71af1b56454b62cb94552fab1631f40645ab85
SHA256 a3b930002233338834fdbaee4b833b4a9e5fb724e6d01d5c748cc842b6299355
SHA512 e8dbcbaf0d26c8f149a41d5c0d5e66cc368db12feeb7263255ceaaeb2eee60030ae2b1804c2f4c4cf5e9d2bfa06faa32f504c9f323d1bf9d24c31c1e468b75e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e1732a3bde8067ae0e14b25530118adc
SHA1 14289cb9a29497c1cc035744923ef81b68b71fe5
SHA256 0b6b44360f784b9efc743ddf2a5f5ea808642eb87e0c44bd58583c042e864964
SHA512 a9a822eacd4b79d91bff8242e5b5ff06c92b76e3bd4d98c9dd55ced48331a221ab799555e11f08be292303718bbcbaf3b19a3c2b03a718de8f5f87962333daae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ba6904d3e4a8c4cb468e1dbc7810e1b5
SHA1 a7924fd90410478682ad978e0c12b3fe68dc71c4
SHA256 88632a565a8cac92c1fc22a421edeff8790b77c439ddb5186abc70a4ccf4853c
SHA512 cbb1311640a6c403178d4c9ad8da83b90cfaf4e8e614dbac2ed6d79a51b12a77c647430e5937a1002b91cec3ce6f37cb3b44434431171c53f9a9e8851fa341c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d65fe831213a7294932b9989f031aff3
SHA1 4dc5daae05abb06c5ee4a62bc3bd000cd413820f
SHA256 7adcb136fe5f3883c8841e36e1acc87a9a3af2bce439159945cfe993b910bfd9
SHA512 9f947d84b8ea79aa95be3584a2a311076199372f26055b84eb9d642abb0701522bd611c7adb5cb1827bfa31973067df750575bb1dabb5f9983af5868e448d54d

memory/1244-388-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1244-395-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1244-398-0x0000000000400000-0x0000000000433000-memory.dmp

memory/1244-396-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5468-400-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a3fb0463843f1262ed353edd4ff68abb
SHA1 568477ddedca5c8c7e5d7281d1f65c72387be6b3
SHA256 fd02b0e78c05b674cc851acc28e8a8c35edfb89a5e00ca1355632c58a961bf7b
SHA512 806bc54b431f30040dd62d44615afa8057bc075eb48a4c7a022f32687a11f45ca52f41397e804d1afb4c06d2fce72733d863539b79d54b9a315bcf5923188008

memory/3320-422-0x0000000002870000-0x0000000002886000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a07cf7869b11236bf5b81ff3dc947ec5
SHA1 b60acdc1aa3b420f65d4841bd60d2751956f68c7
SHA256 a860dbd24ce0419f3159217c1cd24741071f9acf5d583246d0e993b8faa6e5a1
SHA512 53aa634459f2fd63622bd29f3e164599216675662a3f709e13401c8b44e8da23b3d73c17f05ef55af532032dca2425e2c58c1948aa9cbb44b7cd9abd1d793cb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5858aa.TMP

MD5 9b965a381f166e8aafb7f1b863a12ea7
SHA1 31bd65a3791b2edc93aae2790d446dfbe07931f8
SHA256 211ecd8886623d9ba21ae55ad5e347c8efdd3cbd4112e3dff54a10ee9b073c54
SHA512 ae4ce7a309e91881f31c4cea27ced4a68a0a3c486fb1fa763a1023e027a451dbcfa7e66a838977da47d6cab2f529307814edb75513f0d1d1ca2c8f567e7a31f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 bfe118faabff464424de3c582c21370c
SHA1 c1e0410f6a3f56e6671b776fde13a00b657a61b8
SHA256 a98980833542b5250d017ab2a84b4998e21deb8f91a73f35a0af1592f8a6802f
SHA512 daeca686f7291c18b1944b0c5860a7829af24ee4c4b8a256fe58cede1c5e3248bc989386eeedc64605c20fc5873750493d296c00e529628773475f7a4181e52e

memory/5468-491-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Roaming\htvijjd

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5b74d324fdb44ed34271805a387e6b13
SHA1 8b3ad27b09c23e0bf5eadf8ab1b1915a4b8d5c42
SHA256 4a9b1a1401368cdbc1b0a1d1d396f2e0ff508158ff00197a7abfd501f2399570
SHA512 057f1ac2fb3eb18ac7e4bdbe690b7f3afb23299cf04584bef5a1bbff7be679fb76cdccf6af15c532c7db4fd3ff2a0fa6e37a38df28e3bdeee9651a6978bd3c02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589d93.TMP

MD5 44252ef66458c3342bc1791ac1068b2e
SHA1 08e945f188e93f35e5706df824124d38703a097a
SHA256 8b77093e14b90ab9b7d753e0a1ad8653c1bd6cff4cb18549708e92aac4347388
SHA512 996082197147962f435e1ad767b278debf68ad506d0cd9b1a8bc2a0cfa90ce33558faadd1e9d2b6f98764c95c869e221145911b9be9071b8f558876feca79e58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 fd20981c7184673929dfcab50885629b
SHA1 14c2437aad662b119689008273844bac535f946c
SHA256 28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22
SHA512 b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e503a3d72c8df807e7c12e84994c246d
SHA1 c49880ffb2698227b39bc8db510df2357b41a9ca
SHA256 2899e5b624e61fe20b3c87e1fc50ba9a9fb90c6caaa072c174bcfa6f4e299877
SHA512 204e497e32f34e4fdd9ac62431e85f9d9c3861a9dc012cab6a1c0e39cd0506c64f1a40c847721233449fe40276dbbde60ce88a9d1929541969790f9b9f22bd8f

memory/7028-621-0x0000000000400000-0x000000000043C000-memory.dmp

memory/7028-636-0x0000000074150000-0x0000000074900000-memory.dmp

memory/7028-709-0x0000000008120000-0x00000000086C4000-memory.dmp

memory/7028-731-0x0000000007C10000-0x0000000007CA2000-memory.dmp

memory/7028-764-0x0000000007BD0000-0x0000000007BE0000-memory.dmp

memory/7028-765-0x0000000007C00000-0x0000000007C0A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

memory/7028-786-0x0000000008CF0000-0x0000000009308000-memory.dmp

memory/7028-792-0x0000000007F40000-0x000000000804A000-memory.dmp

memory/7028-793-0x0000000007E70000-0x0000000007E82000-memory.dmp

memory/7028-794-0x0000000007ED0000-0x0000000007F0C000-memory.dmp

memory/7028-795-0x0000000008050000-0x000000000809C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 530f5c8b12e437171ffbc95652c49f62
SHA1 566a97d806cce3aa08c66554abdf1ad4ecadedb0
SHA256 f742b4772bd98207b1db06f8a16f3f3df87fd39ddd56e6ea9afcc363ac66a00c
SHA512 e6525ba6dd5476e801e1d6ef2697b6629ef5d88d18f26a598999134dcb963bb5f5de293eb6cdd2eaec37618f47290b226de4325d87c0460fd2e5e30c9647c6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a41b2468b6d05a21ae86c71726a3d6fb
SHA1 6b0f4b18a5ba01216a0e3bb5b42eefc911f6a5b2
SHA256 f8fef3895b41363b91231b091aef3cd39aae99be21ebd4e98f633e56121ab09e
SHA512 d0cfb6db19012f69093a9c7a0b840bd0f5cebd9756d380c515b5d461bedd64d2aeb737a11100eb44292a7ca46d3a9c765135d48dd6ffff7bfb9aa0976e197fd0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e2f505efb805e3da18bb73d7cfb6414f
SHA1 bea986451cf7f2238c29f6e4081fbb0e32a5dab2
SHA256 e479b38ed008f331c4f7caca89820e65bf7b8afe5cd5083af328a17519c5c3ea
SHA512 6e8e7594d3279986d4ef98eacf884aff6733de7b5052f1b0bb0d6f6ddb4cf1502c3a234c4feff0e845c78a399ac349487ed3bde3892ea697277895a8e4b293fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe590efa.TMP

MD5 edc6952ebd0fd5862ffb711012019c8e
SHA1 9116f95a22a60ad5fd535c6c6b07e3783aff293e
SHA256 41ca37ab5af99197fedede8957e526d882084443c11e8b1e1caf66502daff405
SHA512 d4260ba0afdf6d480e6ca70ac3a8abdd4948ce3762a3a93e00fb9782cabb6a9cb1dd760feb183a157e4a9bc40a788a08f0fde6a9c73c2db5d9b1869c3653a6f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f6fe336d10ad35039bc1583790fb86b4
SHA1 823e1e30e406ee9d1c3b82ddc6d097e03f5fc0a3
SHA256 063824b4feaabf2959b09b529d27ccc3cff0efe030471a24a0531d46ba86136a
SHA512 73c779ce2f91960b0e5942f6894f3b9088d8219ab254d4375778c4a68e0c1a20529f94cad2d02d99f1867f28247eb5139590c6a29ba4dd2a87fca369bfbae8c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ecd81401e2e92a8017b457ef7b18cc98
SHA1 d6968b70ee7e4931419f53fd805e11af40c6a14c
SHA256 31c4be9e81b9235f76cae6b2e4058027578d926259b3b3193dc8ec8ceedb5999
SHA512 a97909280e505ae853f8fcc517ad471814f5a4dd4a98ae1c551fd3914dd2552e892eadd2da5f658ed64f904fb78f00f965bef7fc16c42db08facad0db66b32cd

memory/6468-1070-0x0000000000400000-0x000000000046F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 378c33f4d191369ea8e1e4d9a2db4887
SHA1 788e64fd2d638baf91f70b14120dfad0882843b0
SHA256 f0deee095f5530ba83b3bae267d2c3b8a37974a37ea0b6fc3909f17883c63048
SHA512 d38a77c78daee2b342b925debd920ceb5fe0c3cefeb47bc22b040826bac982f267a670cbc016c05b40ace7b7fa3e2158ed7e5732c58a5e1233a5b72fd1e92c01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7a42ca5073d42923ca344e5a0f7e3a7b
SHA1 3f0d37c54d8d79c2859ae8f309d53bcd7fcbabf1
SHA256 025e73be297e1c8886c74b954ac2d734d101a1c5ccb32ef374396ddd749587e0
SHA512 43bf9a3b215c4464b7573247fc2d2bc4c0297a46b85fbb7f22256853b057b9fd00a4ba3d0ffe2bbaf1dab80b2871cfc3d995fe8f0fe0d672184e98b33c10da4b

memory/6468-1072-0x0000000000560000-0x00000000005BA000-memory.dmp

memory/6468-1090-0x0000000074150000-0x0000000074900000-memory.dmp

memory/6760-1109-0x0000000000610000-0x000000000062E000-memory.dmp

memory/7028-1108-0x0000000074150000-0x0000000074900000-memory.dmp

memory/6760-1110-0x0000000074150000-0x0000000074900000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4e5d7080-327c-4ef8-9c5c-ec088e5819f6\index-dir\the-real-index

MD5 69289fb45c5e6ed78f78932a49b67970
SHA1 06f3a19b7587dd557153bd86f6858852b08dd026
SHA256 f982f80a1f511e25256d50f761561115a1580d79c7c39f407e495953c630aa2f
SHA512 ca8e315ff4ea0a483dd134bc3368c2a0b80b77e4f2cc764423ff94274967f4c30b16e70bfcca1d0c6f41314080b928e8f26b8e854776d6f1a1655c9884f36550

memory/7028-1120-0x0000000007BD0000-0x0000000007BE0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4e5d7080-327c-4ef8-9c5c-ec088e5819f6\index-dir\the-real-index~RFe59214a.TMP

MD5 005a32233f7bced87b035177879d8e69
SHA1 8bb0c6954c37cd18dde511f643d21ee822a23cdf
SHA256 cdaa39f39a242c8b02be3bde1ae07e4c14f531c1a45e48cd16a7fb7ae6342a5e
SHA512 18acd46928637b85774b50da55eec03c125e0ef649b763333e2db252d44ff4368b6aaca635ce83af7e57a92b9dcbd203856095e7037e7fc1037241e431300fc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 de2a136556de72a854f1bd7b0153ac3e
SHA1 434ccdf693b705df4690969bb36b246c0aafebb0
SHA256 eabb6e97b697300ec16e3595f1c63a362a6d819fe02418c87b0d9a1b408535fc
SHA512 ed078f3b2348b619af14aebba22ed8814bca473e6df8e05f782e6a037b7a3f806a207088c41f5ccc3d934c66e217c9fde430ef4d7245d8e1c6b60ea4a8147686

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\56ac6e0e-eb46-4aa3-9ad4-c3084e48d016\index-dir\the-real-index

MD5 8cab096c0194e7d3968abc82470ce376
SHA1 48744a2fc01eb890df0dab03e7aefed263585bc4
SHA256 452b9c16ee5bd6966b007e1d4337e9e200952962bc08c4a7375f208a0e02e21f
SHA512 429305bfa2737584914ebd2704f9bcedc0efe2347209c32834f7550b72bc41de99bdca892b2439e530bd5c1a5cbf33879907f8853191bda57d2cc799b12189f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\56ac6e0e-eb46-4aa3-9ad4-c3084e48d016\index-dir\the-real-index~RFe592f63.TMP

MD5 99d5f7b118d9220f0b6f6c0ef18112e3
SHA1 982b4f4af67998595b9c4a8363a7efe2c4ff6e66
SHA256 4b98783de729a6bdb2f301667de4d725383ce4723f4a943114cd9c5511c5e292
SHA512 21f2bf24875805c01e967628c589c6b85492e8a648e59e377bfdb1249f622aeafebd54b76fafbf674b5d22035de109d0ed005f1cedaf49c3d5c87008ef8e947f

memory/6468-1187-0x0000000074150000-0x0000000074900000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\c98e85b4-eab5-438c-a2c3-f4d02a0c2c5b\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 e398aa9afacd9016f50a84e552ceeaf6
SHA1 8b88e7467b12ad869dc9b8c7c5de3cd5897d8732
SHA256 0492c9419c5cff21b7d3e16fecfab7d5aab5e91a80cec90d178a3a4baf9bd8d8
SHA512 f40ba67345978a777e41d4b3a5b8ec7c55976c503c1df5ff8eb25df87939e3a6b2149966f90a580794a16bdaeb85450bb7648349909fc967d2589d044e076687

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 fb192b8d232c557a250e150b23cf53a2
SHA1 bc3fa5b6f50a76fbdcc5c54e57552dc9a6050d6c
SHA256 05512c341d93aa2c4fa17d8d1c4193ba048f5fe7e3f398b5e5b88fad65933d8d
SHA512 7f55871c5229e2a32883c61d4b7cc3863a69af68313909005470104653e263fd9fa7c34ed00804f3c2feaf46a636b86fa602ea9a3b76de84b20471bbde2be43f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ba28059485fdd19938e2fb1dcebd225b
SHA1 c728afbfad8d8832f1037c9cedcc78234aac541b
SHA256 8faf90e58834e5ecc052899e990b1db74a1407bab23d2475001fa33ee6ae6dbf
SHA512 c0ca12aa35102a88d81342d7f6527ef208c624fcf058466b9f6c8b5ad8e9967458b8b3b3437772fc16a962d5721fd767d4674fd32f33cc55a1384ff528da2ddd

memory/1992-1284-0x0000000074150000-0x0000000074900000-memory.dmp

memory/1992-1285-0x0000000000EF0000-0x0000000001B8A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 147c873b2d44426b920dae2ab6bb621f
SHA1 83f55cee75689e533f4fd0fce27bda177f8c9dd0
SHA256 af8e2c585f3a0a123f36e1c4c45057cc4e7d419051c2970353128cb4609ab34a
SHA512 c887cba809f3c6594490942e5a10de40f63edf733ecb9b2a90aaea9d46daaa1fc35830395e2e8d7884a14514e59177287140bc71e7017f10fcf0365a18c8e9b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 71e492caabc6bbdbf901089f9ab759c8
SHA1 19336c808a1ad0fe0be72932fdd8e6ce4133dea9
SHA256 32e48b04b3751eadd4ae703a0a1ba65b9ead3327aa1433605db511425385c4e1
SHA512 8026206c5c8aadcee84183412fcdfab2e2169c0d91372dd63bba39b7ab52f486a8a601da9e74a776c9791565a65451e381af2b863d99df95f0dbd220a1f76ead

memory/1148-1310-0x0000027C7D230000-0x0000027C7D31E000-memory.dmp

memory/6340-1332-0x000002E2CDA10000-0x000002E2CDAB2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 bc3354a4cd405a2f2f98e8b343a7d08d
SHA1 4880d2a987354a3163461fddd2422e905976c5b2
SHA256 fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b
SHA512 fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b

memory/1148-1342-0x0000027C7F760000-0x0000027C7F840000-memory.dmp

memory/1148-1345-0x0000027C7F930000-0x0000027C7FA10000-memory.dmp

memory/6340-1346-0x000002E2E7F50000-0x000002E2E8050000-memory.dmp

memory/1148-1360-0x00007FFAFC890000-0x00007FFAFD351000-memory.dmp

memory/6340-1362-0x00007FFAFC890000-0x00007FFAFD351000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 dcbd05276d11111f2dd2a7edf52e3386
SHA1 f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec
SHA256 cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4
SHA512 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846

memory/1148-1371-0x0000027C7F920000-0x0000027C7F930000-memory.dmp

memory/1148-1373-0x0000027C7FA10000-0x0000027C7FAD8000-memory.dmp

memory/6340-1370-0x000002E2CDE70000-0x000002E2CDE80000-memory.dmp

memory/1148-1381-0x0000027C7FBE0000-0x0000027C7FCA8000-memory.dmp

memory/1148-1391-0x0000027C7F8B0000-0x0000027C7F8FC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 c067b4583e122ce237ff22e9c2462f87
SHA1 8a4545391b205291f0c0ee90c504dc458732f4ed
SHA256 a16dbcd03a7549fbaf7cad1bedd01dcb961a5d43c873f1d1a50892618a06662e
SHA512 0767cba9f10154b4e28cf6a55b6fc827a96c4fbc88e2d67acd645a0a7a604a3beb63ea58d7febcf8b17de1ea3d2097e76ceac1b36b9fecf9a0945a31a9e211c3

memory/6340-1397-0x000002E2E8050000-0x000002E2E80A6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

memory/776-1423-0x0000000000AC0000-0x0000000000BC0000-memory.dmp

memory/776-1424-0x0000000000960000-0x0000000000969000-memory.dmp

memory/6208-1427-0x0000000000400000-0x0000000000409000-memory.dmp

memory/6720-1426-0x0000000002A10000-0x0000000002E0E000-memory.dmp

memory/6760-1431-0x0000000074150000-0x0000000074900000-memory.dmp

memory/1992-1442-0x0000000074150000-0x0000000074900000-memory.dmp

memory/6720-1443-0x0000000002F10000-0x00000000037FB000-memory.dmp

memory/6720-1444-0x0000000000400000-0x0000000000D1C000-memory.dmp

memory/6208-1445-0x0000000000400000-0x0000000000409000-memory.dmp

memory/6760-1446-0x00000000027C0000-0x00000000027D0000-memory.dmp

memory/4120-1450-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/3572-1451-0x0000000000D80000-0x0000000000D81000-memory.dmp

memory/4120-1454-0x000001E57DCB0000-0x000001E57DCC0000-memory.dmp

memory/4120-1453-0x000001E565280000-0x000001E565364000-memory.dmp

memory/1148-1455-0x00007FFAFC890000-0x00007FFAFD351000-memory.dmp

memory/6340-1447-0x000002E2E80B0000-0x000002E2E8104000-memory.dmp

memory/4120-1456-0x00007FFAFC890000-0x00007FFAFD351000-memory.dmp

memory/4120-1457-0x000001E565280000-0x000001E565361000-memory.dmp

memory/4120-1458-0x000001E565280000-0x000001E565361000-memory.dmp

memory/4120-1460-0x000001E565280000-0x000001E565361000-memory.dmp

memory/4120-1462-0x000001E565280000-0x000001E565361000-memory.dmp

memory/4120-1464-0x000001E565280000-0x000001E565361000-memory.dmp

memory/4120-1466-0x000001E565280000-0x000001E565361000-memory.dmp

memory/4120-1468-0x000001E565280000-0x000001E565361000-memory.dmp

memory/4120-1470-0x000001E565280000-0x000001E565361000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ec609d862afcaf841982a0d4864bd475
SHA1 63695557a2676504db8142bd220cc4f9a6879b59
SHA256 cc93008acdb49ffc61348edf071a5940b634636e13792f719da9a6527e0fb7d7
SHA512 d5cae001e6f9875e3446009281c002c1c6780c24b8377d7fc2c02c72d381c9ada849dc6ebd50c9305a220363297557ade55527403e5ba596781a204cfef62ffa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 38618218ee55bcfaa0491ba5f7d3adb1
SHA1 6274bd9cfa32907b97f30f375f6e08eae82f9c76
SHA256 65a803304224c1e24d4bab2be200d52a972029e74d17b32bad11371cc05da151
SHA512 2c237ad841e62ca782bf1a902f7b1d795c3da28dc3b819ea14e75853632be6e29e509b3c442bb6aa3cedb167f49b891f417d21cdb1a2ae4b8d223ccd98c959ae

memory/4120-1507-0x000001E565280000-0x000001E565361000-memory.dmp

memory/4120-1509-0x000001E565280000-0x000001E565361000-memory.dmp

memory/4120-1511-0x000001E565280000-0x000001E565361000-memory.dmp

memory/4120-1515-0x000001E565280000-0x000001E565361000-memory.dmp

memory/4120-1520-0x000001E565280000-0x000001E565361000-memory.dmp

memory/3320-1522-0x0000000002D50000-0x0000000002D66000-memory.dmp

memory/4120-1523-0x000001E565280000-0x000001E565361000-memory.dmp

memory/4120-1528-0x000001E565280000-0x000001E565361000-memory.dmp

memory/6208-1524-0x0000000000400000-0x0000000000409000-memory.dmp

memory/4120-1531-0x000001E565280000-0x000001E565361000-memory.dmp

memory/4120-1533-0x000001E565280000-0x000001E565361000-memory.dmp

memory/4120-1535-0x000001E565280000-0x000001E565361000-memory.dmp

memory/4120-1537-0x000001E565280000-0x000001E565361000-memory.dmp

memory/4120-1539-0x000001E565280000-0x000001E565361000-memory.dmp

memory/4120-1541-0x000001E565280000-0x000001E565361000-memory.dmp

memory/4120-1543-0x000001E565280000-0x000001E565361000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\c09128ba-94c6-4c7e-aa69-31a37fe4129a\index-dir\the-real-index

MD5 ea8807fc1f1c40687132edb68eda942f
SHA1 a6cc0fea62eb3001622e0c7f22e60fb477ec57b6
SHA256 36851768ee33ca159a2fe19d6be364155613ff96ec32b227d980baf986ca2814
SHA512 bb17b55df99044ff18696006b9200f7577f4eb55d26834d6fc48faa51692d49e77b576c8d9323fb64ca4ac2b09d67cb763b58c0bc85223f8025c5e00f6cb067d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\c09128ba-94c6-4c7e-aa69-31a37fe4129a\index-dir\the-real-index~RFe59a3b8.TMP

MD5 452803d3494723357d0eafbf15d231e1
SHA1 903ec47846b784721f8062986baf0e4a40c08805
SHA256 9fd1683e309c12f4b605d2f9cb3d5ef6511a0062b41ded8697931ede816fb6a7
SHA512 e71c62e30b7c32d56a7bbd1236fc6945d026390a8a51a5479576183672c81b68ab85326edba07513f3d4c1ab0f463072061344d947880415655b408295f350c9

memory/7300-1792-0x00000000052D0000-0x0000000005306000-memory.dmp

memory/7300-1793-0x00000000052C0000-0x00000000052D0000-memory.dmp

memory/7300-1791-0x0000000074150000-0x0000000074900000-memory.dmp

memory/7300-1800-0x0000000005940000-0x0000000005F68000-memory.dmp

memory/6340-1803-0x00007FFAFC890000-0x00007FFAFD351000-memory.dmp

memory/6340-1805-0x000002E2CDE70000-0x000002E2CDE80000-memory.dmp

memory/7300-1816-0x0000000005FB0000-0x0000000005FD2000-memory.dmp

memory/7300-1819-0x0000000006070000-0x00000000060D6000-memory.dmp

memory/7300-1821-0x0000000006210000-0x0000000006276000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_21x4mbkd.qii.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/7300-1834-0x0000000006280000-0x00000000065D4000-memory.dmp

memory/7300-1836-0x0000000006880000-0x000000000689E000-memory.dmp

memory/7300-1867-0x00000000077F0000-0x0000000007834000-memory.dmp

memory/7300-1887-0x00000000052C0000-0x00000000052D0000-memory.dmp

memory/7300-1894-0x0000000007BA0000-0x0000000007C16000-memory.dmp

memory/7300-1903-0x00000000082A0000-0x000000000891A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 495e2ef8b9177b4c9f5a1e3734713764
SHA1 bddbe7003355d293656653a4698223542277481e
SHA256 f78cdba63a2b11f594c49cb39753c964a18997d57ad9f2e03fc39f5023731b6a
SHA512 db9d1d2695e122c990ab8c99a3d0d04f5c67d1676891070db91e5c94d7b0f8241d010115864c8c4d33a97ee702e9008af2bb7a56bca4a52c1df8da567ccd47af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d02bc39a7b16cc6de613d3652b453d4b
SHA1 0df6d9d045821df13a84b7d3270b7502fd4deb86
SHA256 4755c412820381720df49843545c3c7cc8cec9a784db21241762afaec58ffa28
SHA512 90f1113bd654202c7ae7e5eb79616fbdae46b2afe6d9993b7b9c2ce574df5ed5db0901f6ec136fead7befb690d3e0fd724e9b70a7281bfd9d437b4807d484e04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 57f467fe6a9d83b85b9bf095111da79d
SHA1 dc135b3bea9e7c027288b1d4acc3ded41678bef5
SHA256 0bfcccd1dc7852e549d7466785a29073f3c4cb4d8bdc1ed8986649fbf75ca9ed
SHA512 c6131c1ffdcacaa79cc18b11d70585323ae180317c5a7d6ac689578fdcbc9eec6b0c5545b3ecc80ae454716e0adb6de197263a09a90e76ed9b9b52869da0725e