Malware Analysis Report

2024-11-15 06:06

Sample ID 240407-x9nchscg65
Target Luna Grabber Builder.exe
SHA256 66954378817928c48d4296a2b7bb60e7a899a5a18529b43cf35a64196e3ed754
Tags
pyinstaller upx spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

66954378817928c48d4296a2b7bb60e7a899a5a18529b43cf35a64196e3ed754

Threat Level: Shows suspicious behavior

The file Luna Grabber Builder.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller upx spyware stealer

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Drops startup file

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Unsigned PE

Detects Pyinstaller

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Detects videocard installed

Enumerates system info in registry

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 19:33

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 19:33

Reported

2024-04-07 19:36

Platform

win7-20240221-en

Max time kernel

120s

Max time network

133s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe

"C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe"

C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe

"C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI21442\python311.dll

MD5 53b1a9474ddc3a31adf72011dc8da780
SHA1 36f476d318acca6a12d3625b02cb14ab19534db7
SHA256 357e545f47b605682328566a8df692dc22e4ea2ab37686788c3416b3813addc7
SHA512 290c070eaf324476bfda676fc547ee42479a239b11192b654604862d53de1f1752a2f1b212dc15b3a22787a6469d6ec22ced98b7bb7d5f7c618602bbd12b7881

memory/1720-104-0x000007FEF6090000-0x000007FEF667A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 19:33

Reported

2024-04-07 19:36

Platform

win10v2004-20240226-en

Max time kernel

146s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe"

Signatures

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Luna Grabber Builder.exe C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Luna Grabber Builder.exe C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-513485977-2495024337-1260977654-1000\{7D7A03A4-151B-44A2-9A89-98C5BE04CE91} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2740 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe
PID 2740 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe
PID 1656 wrote to memory of 416 N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe C:\Windows\system32\cmd.exe
PID 1656 wrote to memory of 416 N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe C:\Windows\system32\cmd.exe
PID 1656 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe C:\Windows\system32\cmd.exe
PID 1656 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe C:\Windows\system32\cmd.exe
PID 2492 wrote to memory of 4676 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\netsh.exe
PID 2492 wrote to memory of 4676 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\netsh.exe
PID 1656 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe C:\Windows\system32\cmd.exe
PID 1656 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe C:\Windows\system32\cmd.exe
PID 4080 wrote to memory of 2692 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 4080 wrote to memory of 2692 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1656 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe C:\Windows\System32\Wbem\wmic.exe
PID 1656 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe C:\Windows\System32\Wbem\wmic.exe
PID 1656 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe C:\Windows\system32\cmd.exe
PID 1656 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe C:\Windows\system32\cmd.exe
PID 4604 wrote to memory of 2776 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 4604 wrote to memory of 2776 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1656 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe C:\Windows\system32\cmd.exe
PID 1656 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe C:\Windows\system32\cmd.exe
PID 2572 wrote to memory of 2600 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2572 wrote to memory of 2600 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1656 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe C:\Windows\system32\cmd.exe
PID 1656 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe C:\Windows\system32\cmd.exe
PID 2812 wrote to memory of 1688 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\wbem\WMIC.exe
PID 2812 wrote to memory of 1688 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\wbem\WMIC.exe
PID 3396 wrote to memory of 2732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 2732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3396 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe

"C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe"

C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe

"C:\Users\Admin\AppData\Local\Temp\Luna Grabber Builder.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic os get Caption"

C:\Windows\System32\Wbem\WMIC.exe

wmic os get Caption

C:\Windows\System32\Wbem\wmic.exe

wmic cpu get Name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8276646f8,0x7ff827664708,0x7ff827664718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3436 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5376 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17371649458324618330,16511019042341902263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8276646f8,0x7ff827664708,0x7ff827664718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17436359635554350115,11462402684603131999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.13.205:443 api.ipify.org tcp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 205.13.26.104.in-addr.arpa udp
GB 128.116.119.4:443 www.roblox.com tcp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 121.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 23.62.61.123:443 www.bing.com tcp
NL 23.62.61.123:443 www.bing.com tcp
US 8.8.8.8:53 123.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.153:443 r.bing.com tcp
NL 23.62.61.153:443 r.bing.com tcp
NL 23.62.61.56:443 th.bing.com tcp
NL 23.62.61.56:443 th.bing.com tcp
US 8.8.8.8:53 153.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 56.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 20.190.160.17:443 login.microsoftonline.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.16.155.36:443 whatismyipaddress.com tcp
US 104.16.155.36:443 whatismyipaddress.com tcp
US 8.8.8.8:53 ds6.whatismyipaddress.com udp
US 8.8.8.8:53 app.fusebox.fm udp
US 8.8.8.8:53 36.155.16.104.in-addr.arpa udp
US 8.8.8.8:53 170.185.250.142.in-addr.arpa udp
US 104.26.13.133:443 app.fusebox.fm tcp
US 8.8.8.8:53 a.omappapi.com udp
US 8.8.8.8:53 cmp.inmobi.com udp
US 8.8.8.8:53 a.pub.network udp
GB 143.244.38.136:443 a.omappapi.com tcp
FR 52.222.149.52:443 cmp.inmobi.com tcp
US 104.18.20.206:443 a.pub.network tcp
US 8.8.8.8:53 maps.whatismyipaddress.info udp
US 104.26.5.215:443 maps.whatismyipaddress.info tcp
US 8.8.8.8:53 apps.identrust.com udp
BE 23.14.90.73:80 apps.identrust.com tcp
US 104.26.5.215:443 maps.whatismyipaddress.info tcp
US 104.26.5.215:443 maps.whatismyipaddress.info tcp
US 104.26.5.215:443 maps.whatismyipaddress.info tcp
US 8.8.8.8:53 optimise.net udp
US 8.8.8.8:53 api.floors.dev udp
BE 23.14.90.73:80 apps.identrust.com tcp
US 34.111.152.239:443 optimise.net tcp
US 34.160.128.112:443 api.floors.dev tcp
US 8.8.8.8:53 d.pub.network udp
US 8.8.8.8:53 227.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.184.250.142.in-addr.arpa udp
US 8.8.8.8:53 133.13.26.104.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 223.111.17.104.in-addr.arpa udp
US 8.8.8.8:53 52.149.222.52.in-addr.arpa udp
US 8.8.8.8:53 206.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 215.5.26.104.in-addr.arpa udp
US 8.8.8.8:53 73.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 239.152.111.34.in-addr.arpa udp
US 8.8.8.8:53 112.128.160.34.in-addr.arpa udp
US 34.160.152.31:443 d.pub.network tcp
US 104.26.13.133:443 app.fusebox.fm tcp
US 8.8.8.8:53 api.omappapi.com udp
US 172.66.41.8:443 api.omappapi.com tcp
US 34.111.152.239:443 optimise.net tcp
US 34.111.152.239:443 optimise.net udp
US 8.8.8.8:53 onesignal.com udp
US 8.8.8.8:53 static.libsyn.com udp
FR 99.86.91.41:443 static.libsyn.com tcp
US 34.160.128.112:443 api.floors.dev tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
DE 142.250.185.130:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 31.152.160.34.in-addr.arpa udp
US 8.8.8.8:53 8.41.66.172.in-addr.arpa udp
US 8.8.8.8:53 238.181.250.142.in-addr.arpa udp
US 8.8.8.8:53 41.91.86.99.in-addr.arpa udp
US 216.239.32.181:443 analytics.google.com tcp
BE 64.233.166.156:443 stats.g.doubleclick.net tcp
US 34.160.128.112:443 api.floors.dev udp
US 8.8.8.8:53 cdn.whatismyipaddress.com udp
BE 64.233.166.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 18.197.41.136:443 api.cmp.inmobi.com tcp
DE 142.250.185.130:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
DE 172.217.16.196:443 www.google.com tcp
DE 142.250.186.131:443 www.google.co.uk tcp
US 8.8.8.8:53 130.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 181.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 17.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 156.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 136.41.197.18.in-addr.arpa udp
US 8.8.8.8:53 196.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 131.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
FR 52.222.169.27:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 freestar-io.videoplayerhub.com udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 104.18.43.90:443 cdn.confiant-integrations.net tcp
US 172.67.74.207:443 freestar-io.videoplayerhub.com tcp
FR 13.249.10.203:443 c.amazon-adsystem.com tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
US 8.8.8.8:53 27.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 90.43.18.104.in-addr.arpa udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 fid.agkn.com udp
US 8.8.8.8:53 secure.quantserve.com udp
US 8.8.8.8:53 match.adsrvr.org udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 api.rlcdn.com udp
US 34.160.46.1:443 fid.agkn.com tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 104.22.75.216:443 btloader.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 34.120.133.55:443 api.rlcdn.com tcp
DE 91.228.74.159:443 secure.quantserve.com tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
FR 52.84.174.40:443 config.aps.amazon-adsystem.com tcp
FR 3.162.36.191:443 aax.amazon-adsystem.com tcp
FR 3.162.36.191:443 aax.amazon-adsystem.com tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 8.8.8.8:53 207.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 110.36.67.172.in-addr.arpa udp
US 8.8.8.8:53 203.10.249.13.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 1.46.160.34.in-addr.arpa udp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 159.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 40.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 191.36.162.3.in-addr.arpa udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 156.174.53.23.in-addr.arpa udp
US 8.8.8.8:53 s2s.t13.io udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 a.ad.gt udp
US 8.8.8.8:53 rules.quantcount.com udp
US 34.107.140.113:443 s2s.t13.io tcp
US 34.107.140.113:443 s2s.t13.io tcp
US 34.107.140.113:443 s2s.t13.io tcp
US 34.120.63.153:443 prebid.media.net tcp
US 34.120.63.153:443 prebid.media.net tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
FR 18.244.28.79:443 rules.quantcount.com tcp
US 104.22.4.69:443 a.ad.gt tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 614832f4f07549cdfe4efa4236d0cef2.safeframe.googlesyndication.com udp
DE 172.217.16.129:443 614832f4f07549cdfe4efa4236d0cef2.safeframe.googlesyndication.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 eb2.3lift.com udp
IE 52.95.126.160:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 p.ad.gt udp
US 8.8.8.8:53 pixel.quantserve.com udp
US 8.8.8.8:53 ids.ad.gt udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 u.openx.net udp
DE 142.250.185.66:443 cm.g.doubleclick.net tcp
US 76.223.111.18:443 eb2.3lift.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 34.98.64.218:443 u.openx.net tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
NL 213.19.162.80:443 token.rubiconproject.com tcp
US 104.22.4.69:443 ids.ad.gt tcp
US 104.22.4.69:443 ids.ad.gt tcp
DE 37.252.173.215:443 secure.adnxs.com tcp
US 104.22.5.69:443 ids.ad.gt tcp
US 8.8.8.8:53 ad.360yield.com udp
IE 54.217.116.3:443 ad.360yield.com tcp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 178.32.197.57:443 sync.smartadserver.com tcp
US 8.8.8.8:53 static.criteo.net udp
DE 142.250.185.66:443 cm.g.doubleclick.net udp
US 104.22.4.69:443 ids.ad.gt tcp
DE 142.250.186.65:443 tpc.googlesyndication.com tcp
US 104.22.5.69:443 ids.ad.gt tcp
US 8.8.8.8:53 pixels.ad.gt udp
NL 178.250.1.3:443 static.criteo.net tcp
US 104.22.5.69:443 pixels.ad.gt tcp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 113.140.107.34.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 79.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 134.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 129.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 130.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 160.126.95.52.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 66.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 80.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 215.173.252.37.in-addr.arpa udp
US 8.8.8.8:53 3.116.217.54.in-addr.arpa udp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 57.197.32.178.in-addr.arpa udp
US 34.98.64.218:443 u.openx.net udp
US 8.8.8.8:53 cdn.ampproject.org udp
DE 216.58.206.33:443 cdn.ampproject.org tcp
DE 216.58.206.33:443 cdn.ampproject.org tcp
DE 216.58.206.33:443 cdn.ampproject.org tcp
DE 216.58.206.33:443 cdn.ampproject.org tcp
DE 216.58.206.33:443 cdn.ampproject.org tcp
DE 142.250.186.65:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 cdn.browsiprod.com udp
US 8.8.8.8:53 c.pub.network udp
FR 18.155.129.106:443 cdn.browsiprod.com tcp
US 34.160.152.31:443 c.pub.network tcp
DE 172.217.16.196:443 www.google.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
US 34.160.152.31:443 c.pub.network udp
US 8.8.8.8:53 events.browsiprod.com udp
US 54.69.143.81:443 events.browsiprod.com tcp
DE 142.250.186.65:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 yield-manager.browsiprod.com udp
FR 3.162.38.127:443 yield-manager.browsiprod.com tcp
DE 172.217.16.196:443 www.google.com udp
US 8.8.8.8:53 id5-sync.com udp
DE 162.19.138.117:443 id5-sync.com tcp
DE 142.250.185.130:443 securepubads.g.doubleclick.net udp
FR 18.155.129.106:443 cdn.browsiprod.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
DE 142.250.186.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 65.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 33.206.58.216.in-addr.arpa udp
US 8.8.8.8:53 106.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 65.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 127.38.162.3.in-addr.arpa udp
US 8.8.8.8:53 81.143.69.54.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 130.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 ap.lijit.com udp
IE 99.81.223.226:443 ap.lijit.com tcp
US 8.8.8.8:53 ce.lijit.com udp
IE 54.76.201.167:443 ce.lijit.com tcp
US 8.8.8.8:53 ai.browsiprod.com udp
US 8.8.8.8:53 cdn.springserve.com udp
FR 52.84.174.100:443 cdn.springserve.com tcp
FR 52.222.201.40:443 ai.browsiprod.com tcp
FR 52.222.201.40:443 ai.browsiprod.com tcp
DE 142.250.186.130:443 googleads.g.doubleclick.net udp
US 34.107.140.113:443 s2s.t13.io udp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 226.223.81.99.in-addr.arpa udp
US 8.8.8.8:53 167.201.76.54.in-addr.arpa udp
US 8.8.8.8:53 100.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 40.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 vid-io.springserve.com udp
US 8.8.8.8:53 x.bidswitch.net udp
IE 34.249.161.119:443 vid-io.springserve.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 ads.yieldmo.com udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 104.18.38.76:443 js-sec.indexww.com tcp
IE 34.248.34.72:443 ads.yieldmo.com tcp
NL 72.246.172.22:443 contextual.media.net tcp
NL 72.246.173.47:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 119.161.249.34.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 216.239.32.181:443 analytics.google.com udp
US 54.69.143.81:443 events.browsiprod.com tcp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 72.34.248.34.in-addr.arpa udp
US 8.8.8.8:53 22.172.246.72.in-addr.arpa udp
US 8.8.8.8:53 47.173.246.72.in-addr.arpa udp
US 8.8.8.8:53 78.239.69.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI27402\python311.dll

MD5 53b1a9474ddc3a31adf72011dc8da780
SHA1 36f476d318acca6a12d3625b02cb14ab19534db7
SHA256 357e545f47b605682328566a8df692dc22e4ea2ab37686788c3416b3813addc7
SHA512 290c070eaf324476bfda676fc547ee42479a239b11192b654604862d53de1f1752a2f1b212dc15b3a22787a6469d6ec22ced98b7bb7d5f7c618602bbd12b7881

memory/1656-106-0x00007FF829B40000-0x00007FF82A12A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27402\VCRUNTIME140.dll

MD5 870fea4e961e2fbd00110d3783e529be
SHA1 a948e65c6f73d7da4ffde4e8533c098a00cc7311
SHA256 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644
SHA512 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

C:\Users\Admin\AppData\Local\Temp\_MEI27402\base_library.zip

MD5 948430bbba768d83a37fc725d7d31fbb
SHA1 e00d912fe85156f61fd8cd109d840d2d69b9629b
SHA256 65ebc074b147d65841a467a49f30a5f2f54659a0cc5dc31411467263a37c02df
SHA512 aad73403964228ed690ce3c5383e672b76690f776d4ff38792544c67e6d7b54eb56dd6653f4a89f7954752dae78ca35f738e000ffff07fdfb8ef2af708643186

C:\Users\Admin\AppData\Local\Temp\_MEI27402\python3.DLL

MD5 2ad3039bd03669f99e948f449d9f778b
SHA1 dae8f661990c57adb171667b9206c8d84c50ecad
SHA256 852b901e17022c437f8fc3039a5af2ee80c5d509c9ef5f512041af17c48fcd61
SHA512 8ffeaa6cd491d7068f9176fd628002c84256802bd47a17742909f561ca1da6a2e7c600e17cd983063e8a93c2bbe9b981bd43e55443d28e32dfb504d7f1e120c0

C:\Users\Admin\AppData\Local\Temp\_MEI27402\_ctypes.pyd

MD5 8bc1c4b20231b171ded3cba344b23d11
SHA1 a1610e87b3d37d898115bbe89127715f7fa5f1f5
SHA256 ba96086707c00ac6ad11a678ec87ae139a94d953665486cba79e5da18fccc5f9
SHA512 aa683ad0881b697aade8a5d19ffdc26e8aef1457db532a1c966e2dbe148fabf948d22f22181a16ea9280f682a2a24f438fbd27d2b370ce4208010a84bf4af748

C:\Users\Admin\AppData\Local\Temp\_MEI27402\libffi-8.dll

MD5 85eb80a41bc7dac7795e3194831883d6
SHA1 94d8f9607b8cc0893ab0798aeb02ae740e3f445e
SHA256 19f877901640af18a27d340002744a2a1709e106b3972b9ca5336ece43a91522
SHA512 42205da7e5af87c5e7f9198db5d198173142876b541dc8abe0ea9e0a23041366e7e85b545efe97447aac6774feb1a40069580051928d3541cec0ff5e99cca8a7

C:\Users\Admin\AppData\Local\Temp\_MEI27402\_bz2.pyd

MD5 b227a77a065cbdf53d89072b91ad5d36
SHA1 ca2b8fd5b8f84298fd147b3d8f850cd9d3b7678f
SHA256 fafee9f3f6a8f9dc1859f482a401c1301bc64632c5164db460f6dcfe010cf69d
SHA512 91f44f35360859fcc5f77a33fa9606c67ea353f97bac907078966afe7224d9197444ef3a79845ff3610cba9ba8703f39d83006a6795176f9a7d154a7ff7ae037

C:\Users\Admin\AppData\Local\Temp\_MEI27402\_lzma.pyd

MD5 b44fd0cc6537cf62cd93f26f0225b73f
SHA1 b851300f9436ca003b7738d511bd0d0a99f7bdfc
SHA256 134ead1985e01aa08fc0cf9429a3bdd2e8bd0ccd012a708bdb207452b81ee6ed
SHA512 8f3e79411790303dc0283846548ff33c541489dc6878902756b147d644afb6369e2721bc2ae913c6eb742346fcb0a7545df46ed6da8a13b15339e51e15117ec3

memory/1656-116-0x00007FF83CED0000-0x00007FF83CEF3000-memory.dmp

memory/1656-122-0x00007FF83CDF0000-0x00007FF83CE09000-memory.dmp

memory/1656-121-0x00007FF8392B0000-0x00007FF8392DD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27402\_socket.pyd

MD5 5fadaa05ce39e7bd808049556f6b95a5
SHA1 32b27e7c54bebbe8012126d3c0dd20f98689af88
SHA256 8cfe616dd8710ea5f2742f1306f64922826673c9a60e0b7b6f2552ac31088f9e
SHA512 1784faae9e641937afd73d7a7699ad1313b93353fb20a67965722ccc7a37aee34e3f053e6df35508c9e0a7ba6db48516ac475c3d1fac4dfe043beba3c0e6b59f

C:\Users\Admin\AppData\Local\Temp\_MEI27402\select.pyd

MD5 4fb899c990d705b5d2f96947c1cdbc17
SHA1 0cfbf51732a5e55422d5a70b446e0208c6c852a6
SHA256 3fcd54d75627f5cdbe2398bb6bd7008d5b1041cc84aa9a40424f1caa290638a5
SHA512 718a832577447b93262ea2269a6fbeddea3daf17e0134e56fb72a71c4de42014c9cbcd46a54521b92c8ba161fcbe7a92ab4132b37d7dd804a70f3fb4814065ee

memory/1656-128-0x00007FF83CDE0000-0x00007FF83CDED000-memory.dmp

memory/1656-126-0x00007FF8390A0000-0x00007FF8390B9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27402\pyexpat.pyd

MD5 4038b06803d4243ff3f6d0e276a8aee0
SHA1 ca495b25b0cbeb573e070bb69a0b8403911a05a9
SHA256 9dc23d7670e00840af9356d765cf4ede03ba656da6d9ed93034ebae0d3c7663b
SHA512 36e3b32f6284bcbcf2cd0231a24aaa4e49593610f3133dd018df962f5522e24bdfec2d7cd9cf4e4d780095db604030ce7824780d9d449f2234c5d877d5d34246

memory/1656-131-0x00007FF839060000-0x00007FF839095000-memory.dmp

memory/1656-120-0x00007FF83F3F0000-0x00007FF83F3FF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27402\_queue.pyd

MD5 5a68de9bfe3b02de63dbb20656b16b53
SHA1 7eb26047fdd3307a82b406ea177b22ddbf1a14bc
SHA256 0f6f50993bdff1247a7cadf20934f214265dfb3712340326a2240767fe5e0fb7
SHA512 d6ed9a4208587c3482fe8652420773964ee9a2ae7e8de2aa0efba2b57eefd60a3bf7ddb6ab3de00797e963dc6c1a67ae426387cb14719900ccfb7cb0e8808215

memory/1656-134-0x00007FF839650000-0x00007FF83965D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27402\win32api.pyd

MD5 874f878ff5665fc0a840a7e37ab27961
SHA1 df359473227821779930ce365c0eaf9e65f7bcdb
SHA256 e32e0f712cc0d030591dbda368069f3e9798261108e615d6e60db361b62abbf6
SHA512 db1f3cd2af1bb21064b3c42ca62fb13a722fee2350dbeaf341e5ed726593baffca8bf018bf2f8c186ba8e67a155101fa95922a892fceb6dd0ee652bc0520cd9a

C:\Users\Admin\AppData\Local\Temp\_MEI27402\pywin32_system32\pywintypes311.dll

MD5 ba9a2334567d7cfa62b09e3ae1b975c1
SHA1 97eaa4d70a8088f978f23d0ca0da80920001da61
SHA256 639da13941becea3367632e3b1de46cb864bd7774cfefb4d5bc9a03831c3c656
SHA512 561adae64ac11ae28ead424931996438264bbaaeddd21757bbe01c17b1c41e99c6e509b881891ece78f09d3590783d00fb1fcab29e9d12b681ed7d1877dc5809

C:\Users\Admin\AppData\Local\Temp\_MEI27402\pywin32_system32\pythoncom311.dll

MD5 2e1f0350a846bc85ff5fde64b5f9c5ac
SHA1 e601f4828ed00ddfd82c9bfaeea4d494cfa7256f
SHA256 92d02b537ad6058ed417b5a71aa70aeae9d6da5009afb254511f0af61baa171e
SHA512 68bf5f3f80e374f97258f659df525bdb76610ddd5524c7a9199bbbf71855a78374a72a820b7fbef3de55651fdfe193dcf9baacd74e4338f52102fdd76cade364

memory/1656-140-0x00007FF838FA0000-0x00007FF838FCC000-memory.dmp

memory/1656-142-0x00007FF836D90000-0x00007FF836DBF000-memory.dmp

memory/1656-143-0x00007FF829720000-0x00007FF8297E2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27402\_ssl.pyd

MD5 6eab88efb66abaa42a3f6ec2f0ada718
SHA1 10f21dd91c309df77a5c1399fb059c8e70749fb4
SHA256 03d67916ef72469257a1e4f7c891a63769f1289d0104eb4f19508704f0200317
SHA512 14259bb728a75eae6ea93e2591f9e9aaa8677fe00f349210803db0e9fb42cfdb53e1d257bd9295905629b87c5741cd8409cb45a08129dd5838510670e13bbb53

C:\Users\Admin\AppData\Local\Temp\_MEI27402\libcrypto-1_1.dll

MD5 14c89f5cf35732f5eae8c381935b53d8
SHA1 be143c04a004e86b439f495a01dbf4661566187e
SHA256 67a7ceab9a00047b3986855a438acf51faff86b6f13980fd282e5b312ae9e54e
SHA512 9a631dec362730273ddb4ed39dbe8adcc1bf87b53932dcb81e07fe4d5197fe56fa20c98a261cc950f4e4766ccfa8a9db93d6a975d10afbe1a0758b19ee879252

C:\Users\Admin\AppData\Local\Temp\_MEI27402\libssl-1_1.dll

MD5 12ce2e61d0b52bec18225c1a7542d5a4
SHA1 9b34515971021d678ffc6087cc968c93a16895dc
SHA256 17096a9f8be7cb4bc65318c2b64643949720965fadaf7d128895ccdd7215c896
SHA512 e28eeeb8f51f82b596cb8dca5cc0d538b647487cce7304a32ed7730fff6b3968ffd6c6a00f57607c2ac12766286251004e8a8452ea299dca86336b5ed725be41

memory/1656-149-0x00007FF829B40000-0x00007FF82A12A000-memory.dmp

memory/1656-150-0x00007FF835790000-0x00007FF8357BE000-memory.dmp

memory/1656-151-0x00007FF8298C0000-0x00007FF829978000-memory.dmp

memory/1656-155-0x00000220C9430000-0x00000220C97A5000-memory.dmp

memory/1656-154-0x00007FF829000000-0x00007FF829375000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27402\_asyncio.pyd

MD5 18c820001b120056058fd7c2b5d89234
SHA1 7847db19f7a4afde1de89197bbf3abfdfaa91fc9
SHA256 30c9424b4e821600ba9de7480357cc9c2aef992667b91214272caf9798042bd6
SHA512 e198d6596b03c14151a51fca173f781292c707135fba906f4243d1bdb796aa6a2f809f6f5f70e03d65adc6d31183682e448b08d52ba403b5f45997c498bb0c81

C:\Users\Admin\AppData\Local\Temp\_MEI27402\_overlapped.pyd

MD5 9ef7e3555c1b95a819bf150959445b10
SHA1 0b0d939508840682ba468c3e43a376130f0c548f
SHA256 6c9043bdd88ae252aa375e0031347fe4586c8a320836628d382822046ae1f2b6
SHA512 947c8c2fb95bf1a8261cb9266beb315b2cf803f2071fb15dfe9140576e70302caad53be595d580fc5cd7632f523ea64dcaf21c7e0ee7ea384b8e1a898fb35cc0

memory/1656-162-0x00007FF8390A0000-0x00007FF8390B9000-memory.dmp

memory/1656-163-0x00007FF830200000-0x00007FF830215000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27402\_sqlite3.pyd

MD5 bbe2a08a0e997eacc34735fc2c9df601
SHA1 0d0fcdb43a038ab9ef2dd46e00187a41e96c1489
SHA256 28add6e21b62ff80168e83efc537454f56ed55b8c758f4342cd36d51c89ae5df
SHA512 e799cefaca9b1908d78f61b0ba2a829c10318d0c1d9b031c73a71e3ed86c24c73f9bfa2a22e997f91b53c0e8aef972de5cc4698f26e1247530cd191bd57f4e1d

C:\Users\Admin\AppData\Local\Temp\_MEI27402\sqlite3.dll

MD5 dd904ba8cbc5933ca8dcfd08724a4d23
SHA1 0b1acb031846e8eed30e3f508cdae4c25ee96fc4
SHA256 94ce8d7282fe94377edd09998ed23107b072c3562785116c4e79ce7391b3511e
SHA512 be665d19e4b4afa873689ad391dfb96101a27d513872fc63302d47ae0ee8e8631230f03ba9e01f06d6b6caf1b4243e65ad285e72b956481c88d475958b5ac83e

memory/1656-169-0x00007FF829870000-0x00007FF829893000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27402\psutil\_psutil_windows.pyd

MD5 21131c2eecf1f8635682b7b8b07a485f
SHA1 fe245ad1bd5e56c81c40f555377c98a8d881d0eb
SHA256 4b3b5d15d13a96e3643a7be25cf6135d1a2fd13f41f6431239e0fa89b0d2ed7a
SHA512 1591cda50008fea7532f3ace4abdac0279a12b03426459d0a8454ed773fa92b032f79b633804757291eeaabb05ade90a2a9b7a5c2cc9e385c5ce1cf8ac099b77

memory/1656-173-0x00007FF829850000-0x00007FF82986C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27402\_hashlib.pyd

MD5 d6ede55082df871c677d0da68a49684f
SHA1 61b73740621d7ac9f677cdee1b776d14a7e9c2ff
SHA256 1aba7710685d8d86e182c5faeab604e71fcb3fff1b6ac905152cb4f1331f36fd
SHA512 337e880ae4859f72e86223785c628f40b84848ed6fa2a016031d16151fe655e1cd7008b4935cf5ad2c10decd25352eed04a0b9574289b0fd5ff3bc29b7550864

C:\Users\Admin\AppData\Local\Temp\_MEI27402\charset_normalizer\md.cp311-win_amd64.pyd

MD5 9ebd5ab917ec3d5f33c1749f44e01a49
SHA1 8c5a98fda8e867d0308db487ed0b97945794fd92
SHA256 85074082800b56a0ab994af38af0c36ac510b20be67392bab3cbefd1d24ec9f8
SHA512 b46b6ecd47ba9ef4739fafbbfa0123f6b7f950ebce05c3b768bb39c50d7ce57f96ff2fd12819a36e8d472f5e43a2ce7d5c6b6b721cac929e97078b5fc1be2444

C:\Users\Admin\AppData\Local\Temp\_MEI27402\unicodedata.pyd

MD5 b895bb4056e6f35014aa7c6807fe09c1
SHA1 528757e7173de08735da1737011b5d670c41976c
SHA256 2a544f5d327d76529c808fe40b6ba35433b569ad5216814e51f31804ec0cc1f6
SHA512 8c06697f2a5c5b055d6e936ba5a63163e3641e3d45b5ffffd32fe0a78ba3a743b36a2b7c2369a4e25cf733b54c0ac69285045d59d1ce4e129ca6e0bba63a93da

memory/1656-184-0x00007FF828860000-0x00007FF828885000-memory.dmp

memory/1656-185-0x00007FF828740000-0x00007FF82885C000-memory.dmp

memory/1656-186-0x00007FF839650000-0x00007FF83965D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27402\_cffi_backend.cp311-win_amd64.pyd

MD5 c4a1f9801e8a4d1e45988844bb1bb5e3
SHA1 5fb9956110bb03bbc42a908d33b7beeb40154f4f
SHA256 919c377454f3a9917fb7b638fcf212dc46ad5992153fc18d304007370eb423f4
SHA512 53269794bffad0d3bdeb523660c838f86bcafb62678beece5c13c8408d4d6670cde69389f3629766a5803abb475f2097b5dbe053102ccb2c5c47e0bac51266d1

memory/1656-190-0x00007FF8286A0000-0x00007FF8286D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27402\Crypto\Cipher\_raw_ecb.pyd

MD5 c493716c33f4078a3784efd5e6d8d7b7
SHA1 c80237c7130036ada30a0af9cbb3c83a31aaa0f3
SHA256 bcb8976ff5a25b85d9f860f53626cd3c98f39e8e0615e5a84972b41b7aa3e4ec
SHA512 2c3e94e8ac1406a8d097cb6c8ea59bb68a908560ce35580d8b7049c4f169c142121f9181400135a3fc9248d3b55aac9172dd149d30b183567880fdc31ae38148

C:\Users\Admin\AppData\Local\Temp\_MEI27402\Crypto\Cipher\_raw_cbc.pyd

MD5 4b2831906da6ba560812f71ccbd2cc26
SHA1 056a1a0251a1835c22e03b746e9c3977c0b88ff8
SHA256 f2e586d236a96e9a1f15de48acc988052af63ca8408fc167ee08e2a82c3f9a86
SHA512 f89f133e61c993e05510f0257131a885d856aefd18c934cbde4e070b3645b1b619db2eb92e706112aa98154ba453195f35486ffac56731aac38103aeb55198b5

C:\Users\Admin\AppData\Local\Temp\_MEI27402\Crypto\Cipher\_raw_ofb.pyd

MD5 3dd725d468e7835f9fce780ee81e86fd
SHA1 08193dcd4d353bfaa0c18aaef5e906cd7be2d2cd
SHA256 579b8b07eb0eb02f3fd276ff26d06b952988804a4e860ad966f83a9deefe7e7e
SHA512 2820ae8d06f6c5cc5e21eb5c5934c35903fe63b62c161fd5358481ac052c5663b38975fc39e701c8fa061e72ac824e480cfaf74ea92b9887f2d7386514992008

C:\Users\Admin\AppData\Local\Temp\_MEI27402\Crypto\Cipher\_raw_cfb.pyd

MD5 b151e41644336c2f59a6945d52d3436f
SHA1 34e2b2c51f02e3a341c4b0e8e3e126283f81b1a5
SHA256 ba18aa282f38c9cfaf5ff6157ed3c99757a9bc961c41a81eead4c0df6942ab9a
SHA512 6bebb26dc1bfe0ed3ae15676e2135e13e724798b8cf260e6869fae8cc0c10fc72c8c7e6cc6a1397faef6d40824bcad96a9df6c634437a9d0fac67d1cc74bf5e4

memory/1656-198-0x00007FF836D90000-0x00007FF836DBF000-memory.dmp

memory/1656-188-0x00007FF8387A0000-0x00007FF8387AB000-memory.dmp

memory/1656-199-0x00007FF829720000-0x00007FF8297E2000-memory.dmp

memory/1656-201-0x00007FF836D80000-0x00007FF836D8B000-memory.dmp

memory/1656-202-0x00007FF834E20000-0x00007FF834E2C000-memory.dmp

memory/1656-200-0x00007FF838660000-0x00007FF83866B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI27402\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

MD5 c23f8204409f8d98381d8c5edc453e4f
SHA1 c1f71d38cd7e50b07c535b100eb0d066b4712445
SHA256 be32849eef60ae7c278c7c429df73af30ca7f0e5ae66993fd742f4679bcce701
SHA512 0654ff2f33cdc4735e652b8c72c56840d18a6b931382d1ff0aaed89fc52cf4db943943469d668e4c7b92726bc9b999b9fb8d9beeb5364ae37bc542ce134be1db

memory/1656-213-0x00007FF82FB50000-0x00007FF82FB5C000-memory.dmp

memory/1656-212-0x00007FF832250000-0x00007FF83225B000-memory.dmp

memory/1656-178-0x00007FF8297F0000-0x00007FF829804000-memory.dmp

memory/1656-176-0x00007FF839060000-0x00007FF839095000-memory.dmp

memory/1656-171-0x00007FF828E90000-0x00007FF828FFF000-memory.dmp

memory/1656-167-0x00007FF8298A0000-0x00007FF8298B2000-memory.dmp

memory/1656-218-0x00007FF828680000-0x00007FF82868C000-memory.dmp

memory/1656-217-0x00007FF828690000-0x00007FF82869B000-memory.dmp

memory/1656-219-0x00007FF828670000-0x00007FF82867D000-memory.dmp

memory/1656-221-0x00007FF828650000-0x00007FF82865C000-memory.dmp

memory/1656-220-0x00007FF828660000-0x00007FF82866E000-memory.dmp

memory/1656-224-0x00007FF828610000-0x00007FF82861C000-memory.dmp

memory/1656-223-0x00007FF828620000-0x00007FF82862B000-memory.dmp

memory/1656-222-0x00007FF828630000-0x00007FF82863B000-memory.dmp

memory/1656-225-0x00007FF828600000-0x00007FF82860C000-memory.dmp

memory/1656-226-0x00007FF8285F0000-0x00007FF8285FD000-memory.dmp

memory/1656-227-0x00007FF8388E0000-0x00007FF8388EC000-memory.dmp

memory/1656-228-0x00007FF8283A0000-0x00007FF8285F0000-memory.dmp

memory/1656-229-0x00007FF828640000-0x00007FF82864C000-memory.dmp

memory/1656-230-0x00007FF838FD0000-0x00007FF838FE2000-memory.dmp

memory/1656-231-0x00007FF835790000-0x00007FF8357BE000-memory.dmp

memory/1656-232-0x00007FF8388A0000-0x00007FF8388CB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\9f2xdur649\Minecraft\User Cache.txt

MD5 90de5a993afd41eb1d8a01c91501d245
SHA1 accd080b861316ecf97dca452e4ec1150ae56608
SHA256 9b5180c04360197d0973f4be3d4f759254bfa39c42303ce1424063ed80245216
SHA512 b8c6abade3a01f315acd0001cde73f929c691eecb186efe55c4b55b99b51a154dc1360000db12bb15e4e2c4a48658892a21cb17c855b833d0fa5edf27e8d5740

memory/1656-245-0x00007FF8298C0000-0x00007FF829978000-memory.dmp

memory/1656-246-0x00007FF829000000-0x00007FF829375000-memory.dmp

memory/1656-247-0x00000220C9430000-0x00000220C97A5000-memory.dmp

memory/1656-248-0x00007FF829B40000-0x00007FF82A12A000-memory.dmp

memory/1656-253-0x00007FF8390A0000-0x00007FF8390B9000-memory.dmp

memory/1656-260-0x00007FF835790000-0x00007FF8357BE000-memory.dmp

memory/1656-261-0x00007FF8298C0000-0x00007FF829978000-memory.dmp

memory/1656-265-0x00007FF829870000-0x00007FF829893000-memory.dmp

memory/1656-266-0x00007FF828E90000-0x00007FF828FFF000-memory.dmp

memory/1656-270-0x00007FF828860000-0x00007FF828885000-memory.dmp

memory/1656-272-0x00007FF8286A0000-0x00007FF8286D8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5c6aef82e50d05ffc0cf52a6c6d69c91
SHA1 c203efe5b45b0630fee7bd364fe7d63b769e2351
SHA256 d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32
SHA512 77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7c6136bc98a5aedca2ea3004e9fbe67d
SHA1 74318d997f4c9c351eef86d040bc9b085ce1ad4f
SHA256 50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2
SHA512 2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dd2a4528117702bd4a1a7185792e8fec
SHA1 30c6d444ca096ca63b44aabea7e3cd9488e55702
SHA256 22f1e92585a106b7ad8663e3b070221bd0d724de406302ba5f2de8382999922a
SHA512 67bd5ac44f38affa8e6453193c31f17ba47c009d82711c69c53d621829a5dabcf47e4cf6878c165dbb62f9e6e3d7caa57aae5b9f1b251fb1e029ab1ef12e1f4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5cc8791744f0897ee62ab5d170e233f3
SHA1 9e6be311cc33e016170db1612d5960a099550800
SHA256 983670bd8f7268901eb5819afd72edca434cc4acdf751d0d8cc487d23bcbed35
SHA512 726529b24efd2a1f05289e9e16cac31f87a611daeac20f04645229e0667d84f5570594445a757f96d84b53fea63acde5a28f32e5bfd686414a9704af1e990c9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ed047bcb4bdc39dba6d09e9828463925
SHA1 c1edcb771e68d483950313ae276e8d429ba37a14
SHA256 b9adda7d8d3d93aee84c92be6ba3fd1ab99ef00b2e593d7c497d149f7a2e81df
SHA512 064ae49ef30d81130987df27b18ecce854c5471bbe9dd147ff364e6d5584677a36ce69805a1f93d17bda7a8e0a9b2e998674bcd2ebbf594718c03731769188db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d41c03b457da0dd5ee23e19ee9cd2025
SHA1 4bdb0dcfdae714a3b1d3048b5477eef4d9159087
SHA256 36bd82ad0be222196ef3540364440d9ad8befb5af9d665dd8d522fbbf243e8f5
SHA512 5134427dd60996200af1684f8f572ee3cb84373c32502a9d7a817f6394bbed2df7fd22be193da8edd5826a09953d774d7db025593a5489f8cd42a424cadea584

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 451352f1647636715cd9c957e4fa7dc3
SHA1 6b1d326f650f35515d0e2c52a1b1034da8184a7b
SHA256 145f5624bfe043f580ff6670301e8151868dd2ed2fc642f5df1e004a29483049
SHA512 e5cfe4f2d5066b200e649d8223db97a0301eac046ac9499b12825272a105e2a2111766a8fb94717369f645d6413cb5fd7061c43832ee094c3a0a30bc62b23180

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 27bd3ff179a28ea96e7124991f87d372
SHA1 bc9ee846bc2368ea0aa617b0727df6d67b25e88e
SHA256 cd085252349a44d65791d6c5765cc4ab00ea401969d2ea957be8372ed92f843d
SHA512 933f55a9ad09db446db298f1c7c977ce0a69c29dc4e1d8349b6c81b9f54e174bfcffa943c1a457a7dcab1ea1c649f5b2788e40ed687690abec1cea041843a2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58da00.TMP

MD5 1623b614a5f6cee73022845626287d9a
SHA1 677026540821b833209c82c601392b547d0fafe8
SHA256 0a19f8c84be83c35d9df057a8c9276991970ac9165b24a0bb8a152d2f2de11bf
SHA512 665a2a9a84e39b4c4a099aaf073435753535b8bc2ca2b47eeb9701b0b685c7ec11b5f322dbb617cc0a5dc867daee93f566addf6731b695475102826825014c19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f8da11e536554964510e547220ff9a12
SHA1 de2231679792ad6bfbf0d3fa89cef140fb7560be
SHA256 b4f93de208364acc566504bd9778cf47b1fea9106f34f42d7928b413997c7a4a
SHA512 582044cdc0b24b6dc0c20ffd4cdebf689a2ef318cf65f3d6ce12a5acd45ab63a7c6c5575dec37d39b3095f86d481f357929aadb91f0db1caff90c81c33ce5f54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 75d176818fe5a3b080b53360268597ab
SHA1 decbb6f71affb7048dbb4b1833844cc99450025e
SHA256 889ff5de9b321c4dc8f0f6039ccfc1a6efa3913d5825cab1903395003b9187fe
SHA512 4cab43d4d57a3fdd5cd40846e9862127c8baa8fb2cf6a78432bff6a2af951d86ee5286b335ab3179859894a779718399544b7684cd2064835e1a2f8795a50509

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fe417554f92c9abf679bc951e2af27a0
SHA1 cdb7da98103b15d32f9fec684a7a26f035592c2e
SHA256 42485e6006a59b1d6268bd6607f30680993ef4be7bbb1d019c6f586a6a2f0f11
SHA512 481395eca89eaa71224b3516299cc944506b22d7259f52ee83f0ac80bdafcc7166dd9a026b0e43a1af16f008ee5b8c859c132976d670829d7424cb9a9f88ca06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a0903ae947a95315b49d95687d894219
SHA1 fbdd255d5f43bddf3d1b11081ef6cd7619d6f372
SHA256 0164f5e791f4f99edd5d2aa6aabd3179dc1ec5fe295884b09e3bb58a141fd4cc
SHA512 8f728866a2cb5ab847bc54f73c5476388c0c6c0871b5fd807a65c13230144ec291989646d76564359ab9e01f97e5e661196e1bf048373a6f8501c9735750be98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cd78aacd99f47875baacda6aca01d828
SHA1 8bcf6a2215e1f286475e9d683116d115331fa075
SHA256 c2fd7613f520ed3a4a9fe8100a383681d89dc1af5c0f8e476f0f841b1b0a54e7
SHA512 1c7e6194f92020c81637adf23cca40b98ecc21011728a24694baf779beec0e78cbd0fd58734e4c414f2a9eacf562f5893406f8093890fc26f6bc80826c254b3d