Malware Analysis Report

2025-01-18 04:06

Sample ID 241028-w6xw4ssngq
Target ctt.exe
SHA256 8babb109a6f8beacac92c1a6d44fab8f7e75004356202b017166caef6ae93664
Tags
quasar office04 discovery evasion spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8babb109a6f8beacac92c1a6d44fab8f7e75004356202b017166caef6ae93664

Threat Level: Known bad

The file ctt.exe was found to be: Known bad.

Malicious Activity Summary

quasar office04 discovery evasion spyware trojan

Quasar RAT

Quasar family

Quasar payload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Drops file in Program Files directory

Checks for VirtualBox DLLs, possible anti-VM trick

Unsigned PE

Browser Information Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Modifies registry class

NTFS ADS

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Uses Task Scheduler COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Script User-Agent

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-28 18:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-28 18:32

Reported

2024-10-28 19:10

Platform

win10v2004-20241007-en

Max time kernel

2145s

Max time network

2144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ctt.exe"

Signatures

Quasar RAT

trojan spyware quasar

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe N/A

Downloads MZ/PE file

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Checks for VirtualBox DLLs, possible anti-VM trick

Description Indicator Process Target
File opened (read-only) \??\VBoxMiniRdrDN C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Auto Keyboard by MurGee.com\MouseShortcutHelper.dll C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyPresser.exe C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Auto Keyboard by MurGee.com\Helper.dll C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Auto Keyboard by MurGee.com\is-SAKEL.tmp C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Auto Keyboard by MurGee.com\is-E7NSR.tmp C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Auto Keyboard by MurGee.com\is-G2NHS.tmp C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Auto Keyboard by MurGee.com\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Auto Keyboard by MurGee.com\MurGeeKeyPresserInstaller.exe C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Auto Keyboard by MurGee.com\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Auto Keyboard by MurGee.com\is-BS764.tmp C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Auto Keyboard by MurGee.com\is-MGAHI.tmp C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Auto Keyboard by MurGee.com\is-LSTDO.tmp C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Auto Keyboard by MurGee.com\is-41H3F.tmp C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Auto Keyboard by MurGee.com\is-0GEGP.tmp C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Auto Keyboard by MurGee.com\KeyboardMacro.exe C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Auto Keyboard by MurGee.com\KeyPresser.exe C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Auto Keyboard by MurGee.com\MRH.dll C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Auto Keyboard by MurGee.com\Macro Recorder.exe C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File opened for modification C:\Program Files (x86)\Auto Keyboard by MurGee.com\MouseClickCounterHelper.dll C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Auto Keyboard by MurGee.com\is-2KPV2.tmp C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Auto Keyboard by MurGee.com\is-RJIAA.tmp C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
File created C:\Program Files (x86)\Auto Keyboard by MurGee.com\is-9787Q.tmp C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ctt.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 74474.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 118377.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 392892.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Client-built.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Client-built.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Client-built.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Client-built.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ctt.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp N/A
N/A N/A C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe N/A
N/A N/A C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe N/A
N/A N/A C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe N/A
N/A N/A C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe N/A
N/A N/A C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe N/A
N/A N/A C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ctt.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe N/A
N/A N/A C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe N/A
N/A N/A C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe N/A
N/A N/A C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe N/A
N/A N/A C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe N/A
N/A N/A C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2528 wrote to memory of 2432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 2432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\ctt.exe

"C:\Users\Admin\AppData\Local\Temp\ctt.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9d60846f8,0x7ff9d6084708,0x7ff9d6084718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4296 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4296 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4988 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6220 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,7676183788445815501,566927637826804552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3776 /prefetch:8

C:\Users\Admin\Downloads\setup.exe

"C:\Users\Admin\Downloads\setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp" /SL5="$250052,754748,58368,C:\Users\Admin\Downloads\setup.exe"

C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe

"C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d60846f8,0x7ff9d6084708,0x7ff9d6084718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6204 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5708 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8

C:\Users\Admin\Downloads\Client-built.exe

"C:\Users\Admin\Downloads\Client-built.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16591444065136013609,2612907333077654214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1

C:\Users\Admin\Downloads\Client-built.exe

"C:\Users\Admin\Downloads\Client-built.exe"

C:\Users\Admin\Downloads\Client-built.exe

"C:\Users\Admin\Downloads\Client-built.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\Downloads\Client-built.exe

"C:\Users\Admin\Downloads\Client-built.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa21a1d0-4485-4c56-a822-c2d9817c10d6} 1688 "\\.\pipe\gecko-crash-server-pipe.1688" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05ea1f15-6c2b-447e-9f47-c33067879868} 1688 "\\.\pipe\gecko-crash-server-pipe.1688" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1640 -childID 1 -isForBrowser -prefsHandle 1644 -prefMapHandle 1540 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c60100e-b9a0-48b2-be67-2722ebba7eea} 1688 "\\.\pipe\gecko-crash-server-pipe.1688" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4384 -childID 2 -isForBrowser -prefsHandle 4376 -prefMapHandle 4372 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08c007c2-8ec8-4446-869d-f2d5f9375d33} 1688 "\\.\pipe\gecko-crash-server-pipe.1688" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4920 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4892 -prefMapHandle 4824 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dec2ca33-0bc8-4e3c-80bb-3a2959cd90b2} 1688 "\\.\pipe\gecko-crash-server-pipe.1688" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5228 -childID 3 -isForBrowser -prefsHandle 5236 -prefMapHandle 5248 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6f8e651-802e-4005-8111-02decc8a986a} 1688 "\\.\pipe\gecko-crash-server-pipe.1688" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5484 -childID 4 -isForBrowser -prefsHandle 5404 -prefMapHandle 5412 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97969bd3-b780-4c15-8ebb-1a02cf2b7e1f} 1688 "\\.\pipe\gecko-crash-server-pipe.1688" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 5 -isForBrowser -prefsHandle 5496 -prefMapHandle 5508 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1040 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b2ecaf3-252c-491e-a28e-f3047d0b7ce6} 1688 "\\.\pipe\gecko-crash-server-pipe.1688" tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 72.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 213.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 2.19.248.31:443 www.bing.com tcp
US 8.8.8.8:53 31.248.19.2.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 2.19.248.31:443 th.bing.com tcp
GB 2.19.248.35:443 th.bing.com tcp
GB 2.19.248.35:443 th.bing.com tcp
GB 2.19.248.31:443 th.bing.com tcp
US 8.8.8.8:53 35.248.19.2.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 20.190.160.22:443 login.microsoftonline.com tcp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 200.21.107.13.in-addr.arpa udp
GB 2.19.248.31:443 th.bing.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 2.18.27.82:443 r.bing.com tcp
GB 2.18.27.76:443 r.bing.com tcp
US 8.8.8.8:53 82.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 76.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 autokeypresser.com udp
NL 13.227.219.25:443 autokeypresser.com tcp
NL 13.227.219.25:443 autokeypresser.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
NL 18.239.36.29:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 29.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 25.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.18.190.140:443 aefd.nelreports.net tcp
GB 2.18.190.140:443 aefd.nelreports.net tcp
US 8.8.8.8:53 www.murgee.com udp
NL 18.239.36.34:443 www.murgee.com tcp
NL 18.239.36.34:443 www.murgee.com tcp
US 8.8.8.8:53 140.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 34.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 crt.sectigo.com udp
US 104.18.38.233:80 crt.sectigo.com tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 www.murgee.com udp
NL 18.239.36.61:443 www.murgee.com tcp
US 8.8.8.8:53 61.36.239.18.in-addr.arpa udp
GB 2.18.27.76:443 www.bing.com tcp
GB 2.18.27.76:443 www.bing.com udp
IT 79.16.224.116:801 tcp
IT 79.16.224.116:801 tcp
IT 79.16.224.116:801 tcp
IT 79.16.224.116:8081 79.16.224.116 tcp
IT 79.16.224.116:8081 79.16.224.116 tcp
IT 79.16.224.116:8081 tcp
IT 79.16.224.116:8081 79.16.224.116 tcp
IT 79.16.224.116:8081 tcp
US 8.8.8.8:53 116.224.16.79.in-addr.arpa udp
N/A 192.168.1.10:8081 tcp
N/A 192.168.1.10:8081 tcp
N/A 192.168.1.10:8081 tcp
N/A 192.168.1.10:8081 tcp
N/A 192.168.1.10:8081 tcp
N/A 192.168.1.10:8081 tcp
N/A 192.168.1.10:8081 tcp
IT 79.16.224.116:8081 tcp
IT 79.16.224.116:4782 tcp
US 8.8.8.8:53 ipwho.is udp
DE 195.201.57.90:443 ipwho.is tcp
US 8.8.8.8:53 90.57.201.195.in-addr.arpa udp
IT 79.16.224.116:4782 tcp
US 8.8.8.8:53 ipwho.is udp
DE 195.201.57.90:443 ipwho.is tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:57001 tcp
US 8.8.8.8:53 47.156.218.34.in-addr.arpa udp
N/A 127.0.0.1:57008 tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
IT 92.122.225.216:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 216.225.122.92.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigl6ner.gvt1.com udp
GB 173.194.183.137:443 r4---sn-aigl6ner.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigl6ner.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigl6ner.gvt1.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 173.194.183.137:443 r4.sn-aigl6ner.gvt1.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 137.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36988ca14952e1848e81a959880ea217
SHA1 a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256 d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512 d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

\??\pipe\LOCAL\crashpad_2528_BPTCKAJGHHKIXTWI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fab8d8d865e33fe195732aa7dcb91c30
SHA1 2637e832f38acc70af3e511f5eba80fbd7461f2c
SHA256 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA512 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 34c524ea8c986ea13c15a0a4b49c00b0
SHA1 7038ef91dd01b7dbadd200cb20dc751c471ac1fc
SHA256 b96a2cbdfc201b1047ebb7c62342b9c2fdc8752528da0d22cea34a5fd1b1c9f6
SHA512 96dfe882c4ba1cc0b6d46df83649e7450bef52500da3ea28eb424775f0a5a8194369dcdf611ee8dd0e8ff8d5500915d345d236c6ac261ce7ca617aa653f52bb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5590788e5fb43c04a02c5b2fc4201835
SHA1 76de0d9bbe0c0c55fc77dfe066189b9f2e073823
SHA256 05a8ee8fbab24bf29b9728628396d69e57b6ec2a90e25d82e451a0ec17432daf
SHA512 67f382fbe144a97b8eafe1d8b4bdb6335cb58110d3106a5ee7be1e8b5fad1e415eccbdcc19a2cbf771035a1f6f3c39ea6275d850f7271f21a301dd880de8a181

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1cea2899828564136c6deaf7ae2040ac
SHA1 b6623c6959109054b362c42d19550fa67348593a
SHA256 a50e8ae006291563b99d27c0df237ace82a240fdc518a8b307c481e150bddbff
SHA512 754e70059143362e54c621236fb14b6d777cda9f0563998601e9bff28a982b00230d284139b5a45d3b73cb082d3fbe023d66a6c6f65bf6a0a3825a5b10414dea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5b7fb3c0fc4be3b71da51012a99d104b
SHA1 794842120982515f9bc041dc9d5dc2aa48335590
SHA256 65bb805bd887b494edc51ceec33c847f6ce3ff7dc6f8fbf5e18e5f47a3e58ec4
SHA512 89579a50087e8a688eb07c51698b7e4cf897e7d6865905ac511a9e094f0543041240a331abb519fc7f54762ac3325bb0641e1035c94b33c88c07f8e002b49958

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 fb2f02c107cee2b4f2286d528d23b94e
SHA1 d76d6b684b7cfbe340e61734a7c197cc672b1af3
SHA256 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a
SHA512 be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 44a0efdb62c8716a215a27af435fd27a
SHA1 d293b55224f753fe1eb368a8b7599d78709c3b87
SHA256 4e7f7517db2a941ef752966fefc24801b7c8a94d71bb5cc9c64dc8fb697dc0b6
SHA512 c039c14abf279adfe16d0c3621dc27a4713c447a5cced596fd8147bcbe5c5e60c444f30102797628954fb7cdff8de13448c190a95f5dd29713f409e7cea3fac6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 7153c0e56f2bd0b9d61cbe3c697e3bf1
SHA1 59c1a4ba00584dd66c94113e7d38b8fec194da14
SHA256 ecf4f22780a8de18840ba98100130e64734d0406893841ac7361a3d73903a2ae
SHA512 33a20aa2217b42b59bda70bde70681fb75c0e615c651a799849b71afa276114e77e15087f97b2db231e2dc66cd842f367355fb268f74714de51ff15d2112a37d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe6a4673.TMP

MD5 8c635345a45dd9b3fa4cd643ff8fd220
SHA1 5860bf7ac88d3feaed796c91972342aad4183c4b
SHA256 10f70f57429c6f55af8c1b66c29f86916a566f307554d062b790031888384b33
SHA512 3a14c9f6c0a5e26996675bcaefa9cab8181709f2c868c67af77ba53e46437478e9ed023de9a75f6526f4d2ce1abfc9b2c955dbea10878addb8902e5e303d9cee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 871186f77be651f25c1cc26a68d61357
SHA1 dee233482515fa2495242050abfcf20155a3c958
SHA256 0baeea8619ba36dfc9125e5f72fe02bc5e2cc6c05abf738fc7b9a692e866c43c
SHA512 a67644a1481113544635418c794d01af064fc93226db5004c2692954a57ddc111b531c52bfe5ea75880d166a3da937df982064711fb633c4d06a0318044b96da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 612f134b0483f71f3700d52837bb2615
SHA1 b6acecbe70ee7cdf7d1ad557c0beab0037b7d6ef
SHA256 fc9d473faf8c2acb216e130bc5bbb736f56edb0e1d8d549d632c172854a1387e
SHA512 12ec7466374b28c5cf7f290bd841fd623cfe266dce82a129318d00fabfffddf70d31eb222a4e9ea0a7fe703e58101316c0cd1c3dfb48da5b6433ce7431c47331

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2a143c80e9c1cf2538f8c3b522fa9477
SHA1 eb8823a41a4238e2698493a8800f9c131a5f1a8d
SHA256 5353baddf5c2f2a528968424642463cd2b8c8c112dda5f62954e4d59905b4143
SHA512 943c4901c1891491231440d8b16d2b7da4957e74cbfb8062fff4bb8e27efb1110e5e156d1d0a34c2b75d32c1872ff98f1f5b9666a8795aa28942a254612ed1ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 11b94be8f2c73bb798be49a0a6dd61c2
SHA1 757fc913dc7f19f1fa17115eecf20f0a4e96dd83
SHA256 547f9277aa443360b434da17a68857a01e7a0f1f5be1f5955bcecd2eeec1cfb9
SHA512 93ba393f2a4b20141b419f324a393d4d67f1b032f161a4be3b0b66a6299d2df442997f4fe8a024f79192836c1ccd6a1280ecf36d1351b870c1cfc28228acf330

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 ca73096d241a63e659343bb1175f6c3f
SHA1 0b95ffa70bbc837a9a9fe1ba7f331aedae1e8902
SHA256 a9e19c42f1330c343b458f807cd1490248adb5cd795407f58289a8e6c4f5e66e
SHA512 bf7d5d7d2916b6f10b71acb08fdac75cd659b2115c419eba4d3ce5d8cd056e387cb4917fa83f0f470202a3d21a23ea9ab707f9a388419571b803df79eb7f3d2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 2766b860b167839e5722e40659620a47
SHA1 47766dc72bcace431ee8debed7efcf066dcd2b59
SHA256 725a5e52a501bcd107624aafa44a857c00d02286fde07be774afeac2efed68c3
SHA512 a97f77977518ca755e9460cac34e0b5358ba98b3624c53f0e1ef7b947e62a6f3f99caf2852fb3132c822525d88b67b9c1ed778b3e40083d9df36028c85f73ae8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 2389054bc92fc6a9b9d21997feabb1cd
SHA1 d46b4bece5021bbb060dceef4273475b879c75de
SHA256 5c38b4d4f6b902a99e4eb9cd922a2a2a37b549388bb4dda0b756bf6d5887d6da
SHA512 5525a4228fe65d25f0084fcde29dce0b97b80126e36875d226549f379e56ae52c0b2ae12752b188fb9715812d14d740f1ebf35f3ebb5c1b4e3b564836ed30b0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 b376c55a7ba31e51dd8e8255789fe89a
SHA1 439c757d3520f276a8d313f8c337aa90ddbab16b
SHA256 97eab72e32402a938305438fa0682cbaf45b75af692793bd35bf9134782e3bef
SHA512 99b31f6378611df26a3dc827aa24709e0854f2a1595097482530087cc26761db5efd6be323005e49b89563de1169d44d86888c98eed8e9ffe880f516281a9c0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 cfff8fc00d16fc868cf319409948c243
SHA1 b7e2e2a6656c77a19d9819a7d782a981d9e16d44
SHA256 51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a
SHA512 9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 76d82c7d8c864c474936304e74ce3f4c
SHA1 8447bf273d15b973b48937326a90c60baa2903bf
SHA256 3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8
SHA512 a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 c67ee59476ed03e32d0aeb3abd3b1d95
SHA1 8b66a81cd4c7100c925e2b70d29b3fdbd50f8d9b
SHA256 2d35ec95c10e30f0bddbfb37173697d6f23cd343398c85a9442c8d946d0660e3
SHA512 421d50524bd743d746071aaad698616e727271fdf21ee28517763a429dcb6839a7ad77f7575b13c6294dc64d255df9b0a64eb09c9d3b2349fef49b883899d931

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 2e23d6e099f830cf0b14356b3c3443ce
SHA1 027db4ff48118566db039d6b5f574a8ac73002bc
SHA256 7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885
SHA512 165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 c130e937317e64edd4335e53b17d55a2
SHA1 51bfff9dee11ab5a8c43198c0d6178799ed9433b
SHA256 46025a134ebdd6c6464ff422818e60938fc41af735f7951f4febe29f57612a49
SHA512 68e5fa69101a7347028ad30d7c004dafabcbd8f8009df90d0471b19a36741075d72da56a2b1693c2067902630584bda5536f0702302db5d69f407424d4a964de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 568f867ac41d3e2fb0a39b4e5aa2b335
SHA1 3ce36e229e8642cef02fe9decc84ee23f409b413
SHA256 86a625287dee58fec499322a390a33e33bd65f99bae9479b9c4a1f3279acebd7
SHA512 badb4a434ed850834a7b188703366d68f3fc5683e8f09e7930e1c714059378e1018b596f17e452bf514ed237970d02d6d93d2305990975031e5de568619801c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 a65f7f00889531aa44dda3b0bd4f4da2
SHA1 c8be192464c7e60d4d5699f6b3dabf01b3a9d1d3
SHA256 0dcf11ca854f5c350637f7f53cccdaf95492dbbf779b905138e26b1ec1dc91e3
SHA512 6f48f0f7cc1a35a9068c1284579db065e0fd4b2651355d68a8ff5ae9df86090be3f6e5ac4589585166829087c8bd3c37431a7066358eaced0cdb6c5a0d544fae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 2940076ef5b451648e126653123622ea
SHA1 46adb402ebad36dc277bc281d15b4b9643c4cb6e
SHA256 2766045315b53c22ce78b0c83624a7f52000765c55061a9deae19ca67897d664
SHA512 f695bdf186be90f1df6d303bf5beb5bec9c71a069978fb6adb23b68c893ef7ca0c5da2cdc32d39cdc9a8f0bbcf0050abeb3cc02c75a2861d9434591ac8680922

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 9f35ba270e9ea92ab439941460109ef9
SHA1 699dd11d06d2d5925cc91c2df7e4fca4acab56b2
SHA256 344f84869c6a5fea3a0ba409a9716b2d5e83b27bd295603d72bdfd6f8af98f24
SHA512 8660fcca9cf7ca63ccedd93e9606b5362babb0d2b7525248d2530a1656043aaddfbd71d4e21cefbc1669f97efc2e54f6f5e60a2da51084997dcc56f02ef4e750

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0d1fe99f47e2aac4eb8861a6c20f17a7
SHA1 642e0a322b7e1bc25fc36860f697dd86a11a32b6
SHA256 0b0f5609afcd337931364af9af16233d17da65f8818e708609135084f099acae
SHA512 46dcf4f5f095950416db9803ccd176c3fdc10455874b18e76f6ee19e6482392defded8fa60b8393851ee0abd76e3461c483869779e6aad099680a0dafb0996b6

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 04bfe7a723735738ef9b2153804b5980
SHA1 12109493818f910ae5b641e7a327df604943177a
SHA256 bf9808a69360ddc0b4b3271b62063fdfe021a3fda829d8b2bfa1da311d8db4a2
SHA512 195f478379a5b88da683b830790ff744a1596230ef1ce01a71d956eff2ed2904c4ba2f61ae3c2dcb58aed18378ee34c24da0db3b855d59d6ae7fbe465e231f74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7bebfa5cb2da25068f82e6a38fc7c3bf
SHA1 74bc8b572b21cc4a5cdaa82c69ac168dfdec472c
SHA256 396a5a911009a9ef723e64300414fade1ae2a9754a02a6bdb036706dcd16eb15
SHA512 a9f90c6e7befe5bf61e8238edd7c771abf46a1916cf090ea4698b28c52a558767b8c23bec03144cd2280541f988c8f6092fcf1bef5e647ea94330ecab9624f7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c6d01071dc223da5a81526f766efb782
SHA1 a0339efc95a4ee611e7398797afbbcac8019a5af
SHA256 42e70fba84763635aec266492a4e452ef493b48d8d35c920fb9ac31895b31c83
SHA512 058c031e7d378cff8dd838529cbdeb1c7bbdfef9d5c230deeb0d84e6ed09b968182954f2e31a00ff581a325a9d63fe99c347d95a0d50af51599a856a981cc785

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 919050bced7154c3876d2eff1545c8db
SHA1 755faf99735b72e4ec663576536acc35716ea38f
SHA256 1f456fda48ab39ace125e72c2c961815b111ba75f062334c0a88ebb55da1e416
SHA512 4c17afc6b01a6398f0cbda20f0f0b4ac6197efba9238c6dfac2a3368a6d8e23d0ac5d8e254636cc07e67d694dfdf624b6adb3cee9d01a5f10df47d693ad9c9a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cb89e46bba0d2c4ba75d694e30b97b46
SHA1 5b6bd734281c31d0c0043514c2a3dd1adf6a3f49
SHA256 6c05ac73a6edaaa275fadd53adb8e3d12d350d29b444c63d88ba44a8fbe84d89
SHA512 827897ad8dd2fea2fc309def5ad637936d81c69605c44657566aba9a53610a6117cd7dc93609f69f173e26dd40c7e2963104ee61dbcd2aefb2a3c274ff8febbb

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 a88910f73141aa2e796dfd186d43520c
SHA1 ad8d8c52971402fb0b03cc18c72f3b0537d09483
SHA256 2e354b7b297828924e79f5a70a063e79aa5012534ab4ddb914e497e93b53db9a
SHA512 5eea08e1ae6889ac0a36f47667e530189fc2aca426e8a40dd7beeddaaa46556b14d802814801a57a9ad5d19b952defb87d5ec4fa0647ae108cff9e6411c66a9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 17f498cfb7cdbeace08d8a964c77e759
SHA1 7191fd191c05f69b4884cd40836f6db7434350d8
SHA256 627a0f1b964596024356ee16588365f5ff91a11e8c3805e54bbfb0624d15e93a
SHA512 4caed01c4e4ba1a289572379ab16595a20f24c0cabe91b27253579a8c77f093e75402117b44579d2b50fe061ec54f07c183b15e673576230cae43a7a52a4dbd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9e9cce99c018119caa6b375890a50d69
SHA1 0007db52e0fc3294ccee9ef5d083618f1ba1ab60
SHA256 a380ed9750260500d37437537daba5e4ae74b99088cecaf41ceca4f8de70298b
SHA512 cdaad310ac75660349e0a9723336688794ed2c269a24967731cd7eb9d431cde376cc247e9b59bb0bc00330f0b9d9064f2616d2a1cdc10bacf83fe0bccd1a4fee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e779fd14a7c84026571a60010a90ecb9
SHA1 36689b2e55c60cd57f6bf0ae20990de38d430004
SHA256 0221ca8151f94fd4aa729c35d7af12557bed946a799d7046e8ec056f7f7f7349
SHA512 1f6e944d77ec774edb58536bced30371255e0e7a7deb7fee7b2c0ead69ea151e000c9ace2d18c701a90b92793562cc7954687e734cd73d86c13fe85bc2a83bdf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fea98850fc10c7a9b40d27a9ff384929
SHA1 98fb86dc6c73955163919c07d02a4e3358f05350
SHA256 4e5cfd774a7cc64d05f578e35d82e7b8c12f93780f1fecec18a6645ef51b54c5
SHA512 4c40446517ab99a16b990937e9e579326779b7239aff85f61854b0fe4476f699deb124f0d7affd2dabdde6b2f4f9b97df820526247327dbb21cb330281fc44ff

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 7db32414b8b9bcd6b87696c2d0383eee
SHA1 b9d75c509c22a2a028e7c98edd43a8aa646607dd
SHA256 45557eb8fe1af4bab6bfb47e1afed70c855acda9b7cc9c18ff8cb5d1ac7a3267
SHA512 8688d62bd97b3a5ef185e9df76cf145e8bdd23b4b27a9de8610c6b95768352d3cbb5194f7ea829cf749ca8df0533fe7f6d6fb9ebe61c78b0c92467557f1f13f7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 bc2fc3c97402c57002d5638de98f46ee
SHA1 a42d646e8d06fedc402e4d08b0110c89ed65345b
SHA256 7b38a4bb4127408f0fbcca2b09d18370a9d10f22ff7b79b1a8d8676bb0d34e50
SHA512 c5899c442a2a3d9f4a90bf0a64f50d612a48e8de0f881f7de8491217a05289b2dae077fcac5334e52f4f46f586baaf92377c3cf8b0aa2a6ed23e8c70c221b938

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e2b026dd78e0a98a1f59677ae7e9bbff
SHA1 5fe8e6a93bb8d73135c9ecc92a8fd1043709337e
SHA256 a0e253a4547cdbb7f3888752c6cac6ccebbcb62374cce53b45e1130a8898878f
SHA512 005f19b970c4bd107c902fca34bb1ed7bcdf77dc3e2b952ad6b9b18f19da8f52c7c277ee1815be1f7449ebc01248a74737908fa8ae3c8391a99dc7fb91f36c3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9bb52d659590e0bb60e11219be198051
SHA1 5eb9907f21747ddb7539abc23452406d83a9f2c9
SHA256 8fe721e6479c2b1e3048c7582e92c642635ccfd3060aba959af1188a3140a6d8
SHA512 843e01c75129e01a1db2c9bbd98c69f8462068a5e0f6673f76957ab4e68df9186511d25792a851066b57fde1ee7c0bbadf7ad440febb1b23f08f83f12dba07d9

C:\Users\Admin\Downloads\Unconfirmed 74474.crdownload

MD5 0d611c4c2921947ad959ad6814acac97
SHA1 221f2c2690181c066e48ab436a3943d322f5cd4e
SHA256 5a6711a76fb666f4bf88281b7cd0a37d3bedd8e95e183df49bae8faa0a6e4bc2
SHA512 2d3df35fb17da2d773baec02d7e8fefd254f83f8894931c12c67d0aecfad41008e6adf42ba8d0b4f65e0032cbf0244c36ff70dfd0c96518ac1774079b042d5ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 47baae3e123f20da79131190dd9d118b
SHA1 2cc1191b5d71a4c92c034a23c2216b56e4783028
SHA256 63adada9dcf557dd74390e4f30029420ab3e82bf8dcccc6cbb447da7924321ed
SHA512 844f62bf5bbbf2b705482a80525e3d537236e2e6572523abf2121d6dc25805a7b8856725bd8531ef5fbcd18c73430c3fc76e5dec185ccbd8ed2d16496c9dca4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 05e39969f33161cca6061b6280b8d8a1
SHA1 ac5a4c08c2b36a5e5da5fd9948cb3bd6c955c101
SHA256 d41c846de1d36317073a96db3da653960da45a6afed05d68295ba862472e0b4c
SHA512 bbdac97672e75da336d1da49d80a6cbab46db07394f872bf3ea5a17e4a4b2b86925cfd48df9d89f2e226eb375cab041011ade0278ac0da62ce9305b0fd0a7df5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4565276f6cfbea4007aaa86cded6edc7
SHA1 f76480a966b1e095ef7ef72f769b9ed650a4fcf3
SHA256 676dd5f4eea43e0980f72027a63af9c83244571755a0dddec0be26612f3f4482
SHA512 7a30116b814ed8bebabef1cf21b4b6af53fdc48b83216203a6588c3841d16f7d73d504a19e3c76747011eea1cb874672542d549ff8607f5db6b73f3708502897

memory/3068-1317-0x0000000000400000-0x0000000000415000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-D26L8.tmp\setup.tmp

MD5 1afbd25db5c9a90fe05309f7c4fbcf09
SHA1 baf330b5c249ca925b4ea19a52fe8b2c27e547fa
SHA256 3bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c
SHA512 3a448f06862c6d163fd58b68b836d866ae513e04a69774abf5a0c5b7df74f5b9ee37240083760185618c5068bf93e7fd812e76b3e530639111fb1d74f4d28419

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 432a848681294ef59f553ce5f6260932
SHA1 59eeea0feccf851b4ba3083d31d6eb757266315a
SHA256 89c54401fc4e607a2a434ff99ff0598627cadc1ca434293863b562049adc52eb
SHA512 70d1babdcc8b911770c6f4bf8bf5039238f6f6bf609fc82fc5c846f90502e20ce67040dd284ddad16dcd1edb430cd9db090736d22bf133f40fd449ec1b5cd4f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1885e6de50a3c9be9d067956f015c34f
SHA1 8a0eee48906381bde73f361b9e6974370b56fa40
SHA256 c5da824530207d2a29d97ceee6f0976f568785af194fb156edf57468d5552fd7
SHA512 1fb627d2c75f8c48ee665a867995494e6d467d00cdd02657d23fc4dc872352838a79c89c9e728eb0ca7216be2cd23c539b8c5e69687dc02a38248b1b464b5511

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f0e8451d95636686d6d31c7373735229
SHA1 d39c1ec73a36b5dfe03a82572d016aff16a515ac
SHA256 e218fa4433b1599337bbc75ecc7b6c2a159278827feb87a07bc6a397902fe8b3
SHA512 88c003b7483e7c236810843abf6d10cf89f8f76e5f581cd711a9205ff056e1f2ccf868e8fb0687192226c58a705d1bdd9c15c813e9e6c7bf508a46962b46fe29

C:\Program Files (x86)\Auto Keyboard by MurGee.com\AutoKeyboard.exe

MD5 946304388ca1aa0887024f81f9644c5d
SHA1 22a947c745dbecaabe6dffdb8fd7feb5767b13d5
SHA256 2c555eb2cda085a4b03bc8811e01cf37b821842808d9e907e87a19634645ded3
SHA512 ab069f8a361f67fa58195f9c1877dbd23b856a2b44a937300ab6f6b6bc6084a66542f26b3f439ba15b16e4b6d49092fc0ef87415376d17f4b0eab229c164b7d7

memory/4008-1472-0x0000000000400000-0x00000000004BF000-memory.dmp

memory/3068-1473-0x0000000000400000-0x0000000000415000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c8bb30e8100687d93d3272d3acc82cdc
SHA1 4eb090b67fb7913e1ce2a2f590b4df9412b3d028
SHA256 78e3320030a6f37d3c8930906b1bdf1427743114ac06611b55aad02c5439af89
SHA512 cf047e733a6f9d70b5b9c4694a16bb1f852e097f1968639eda8ac94dd067926fa245a4124cba6fd674e6e8bccb03329c67b861cc487e6221de1322615644e507

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 79505c630da57c1645628c06db2e121b
SHA1 15163a046f0d5679098ebe9c015a292570254ed4
SHA256 9f1e8d0ac06d79f2d14bb41f3c17ad2a1ae8d5362f67d1e18bd928da7cacd28b
SHA512 6a45281ca28341f9bd2bf836577c5b1b38959eb63b7a787ea56f404f3511bc7f337180990fc3e3098b0776de4cdb00be0bf2c56c1e922cdbda204c3727da635f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

MD5 f2ff65ced85b50eeaaf7c14284dec3aa
SHA1 c46cb614bb0b9b2ccc4d3070d7e3814f25354c17
SHA256 e3f8fee2f7d6a951bb3a6820997c66f951e912eb0035ca7cfad960c46514b993
SHA512 019bbe8af8845f20580bc8e4bb2226a74dec4f84ee098076504fbc23a05c9aa97148f628bd24c39d2570ad4dd1fa5933b101329da9c678fcacfde69069ff0b42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 a08483fd866aaf7f2071654b0fc08816
SHA1 4ba55f66a0bd51a910ea29775a7baf8cba957da4
SHA256 5ac17ef2507d056cf314951a0e82fffc076361de32fcacba71d11871457d817c
SHA512 797124b1228c6478dab98ad9d3e9eca6421b8e950b4b076f6a6c613e3cb5a6d5284863c238f2c8b2f7f2ded1a1ef8d0e1869a1e78b9733e23ff149263d0cf11c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13374615259833733

MD5 796465a7bb9c755d91369dfd9bf16a9c
SHA1 81eac239c0db15422ceb412b81fcbcbda6462e9d
SHA256 69526d99da0aae6c04df10d4a7c61671501adda036ef9b3e334fd3f0916e4d4d
SHA512 c5ddbe26b586c277a2b13ee7ecf11edb9b89b7737d27421a1b0e9c70a59668187bebd03d67befd68e348c132c13c1fccc5f1bae4cb8edd0648802efb7d15116c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 a9b598978eca66e434b958c56effd7f0
SHA1 9819c5984f029528af8c47d09e6b2b17bdb0e3d1
SHA256 01aeba4c01c65c861d0695b55120829295b372b33f30992ab7f567ddc0646f76
SHA512 effb39e0bcb1030e3b0f68fed82d3d51856cb1e1abd9495094fa83c75b7eaef012e89ddfdd7d92976ccb17a8c130dc4ba1c0f2b480eb096d86faae62f3968b55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 fd0cf9a6940f57cd3f29ab71fcaf4a87
SHA1 624da0f4defa7490dd23006dba387fb099c51b1a
SHA256 6927ea8a39dd9a9c368daef2372219420368bcc291513f22d8dd595a1052f903
SHA512 63fcdbfe3f8b130aac6458eaf0d9c369693363514215306fb47e30a96b24bac79c4f1e36d7d0c00c1f21ee0763cfd0d5616439792a5408dd0433da06d163a36b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 e87e57505d17c340343e7aa7a014bce3
SHA1 3af8d9433e5870b691156c48c6538a8b99551727
SHA256 098db2dcea4d9ca4531e4bf716b81fcaa6cd19ef96d83261638f8655bc7b0f36
SHA512 2fd8ed1ca0c7a425fd3b898c32ace91d9914d6eedee755bd32f0cee4787346942dd9bfbc500e8b9875ec3714c7845f924d05a166fe1e5ead0b32f2d34b12d242

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 e7d4a84af4255aaf0037c076fadddab0
SHA1 16ccffe14eb195aa077fe8f50fdbf35213a348d8
SHA256 d53985b63c62c8f3c21a030d3c16e607186268c5daa71c495ba004b417e7cbf3
SHA512 d660dd9b0611b3c6f4708fbf28ae4e26f6e5d8cc68db8d526b8c742d475554dd454caf419595c1d04711194e2614363dfa7a00bb1129308fbc113abe5ca26769

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 9e9f0ce3322590427b31fa841b127418
SHA1 3edc03922c9739194bcf19bab71c35c03049afca
SHA256 7b21fe48ce27e8c11038b85c1ce27f399ace44ee8b90c81d82bdb0b531408fbd
SHA512 69cb4999246168175ecea762c8b454bd2d313202a02b291470ebfb087c9fec26e98ea227f964ae7c3263c1f27cda89fd627ab06f5354fe48abb2c80332f416a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 cb44b27c0e8651ad3d29286ee78ee986
SHA1 a1e3ca3febae70a1fad6499850fe80d241486811
SHA256 41f26f02f4187e721da81ea47fffb17769f2a6d29fcd1b000add9c20ec2e3ec3
SHA512 9ff8e696e957ab82fe8335c1d69d9494f2ad261c8f402970106dbb3e3dbbf173d04b458750171c710003b1369d344185bb80c5b87ed449cd454335401e897cb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 1c4341eb1cb8d792e669dd4f37392067
SHA1 bfcfb5a5a12f9b85bc34e6021f16f5fc1770161a
SHA256 876dc6f9e208efc43daea31f181bddf57583261f1548ed36556183f3f88037de
SHA512 c30050d683a433755cf7b9cadd8383d5652af3284d8f9e5610b669f9dd9b417ce3200106153b1e8bf26ac90ef7b4d643ed150571204b7357d290d4cf2db94661

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7fdd7c8d869774aafbcf45ad5c9901e1
SHA1 279583897f79550bbe00202361172e95ce5ab202
SHA256 30058418677797326646b895d36e9df4ba0a626a59b569885b1a3e3cd725bc46
SHA512 da6d4df336d1d3d02767a90940dd4d9ea54e5c4ea78f7971ddd9cae99c0498bf536b981ed8df382f66660178b6b8bdd4689b7ab2d8c2b973834a3893cd61570b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 6982381e93d5ead16b93fdf110bba3a1
SHA1 54c6307a33d6f97a2a347132ad33150b9d8eef67
SHA256 d8961cb003a5cd7fd64c65738d2641608b119b08cd766eda45841bdfb2616a6e
SHA512 50adae6c1b3b5f2ae4f07d03ee628d3e8019ea0da4ce8efe70489d3d07e28a30feac1a23e4d534f025648b85748168826f8b99a8383e49e357855785f9690ab3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 21b53c70a13494740a702c61483e8966
SHA1 f529f839109ef57b00138b1d6989edbb20953560
SHA256 4098ebdf75a7a2661ee8c7cf5f153f6fb163177611e5efd21161572fd286534e
SHA512 b0c4eeac81a89e4a54d4ae16fd67ac17f1cf501b3fc27251d5a0a5beaa1482125f1d3b77733ed52c69f00f62023bfc1cb877d83ae5c808376882f072681f6eb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 16e0c96aab7a4b4528ba47c9bb302328
SHA1 fe98cd0c5c558cb3a10f678034b497d8c8fa6724
SHA256 6e7115db61e964b70fb89860e974b10843fb7fde92e8d123ce97b4165c7ba977
SHA512 c4156f3115dc664fafa6f9af4d1c0a273c5047cafb555a15fca3595719ed983b898aa774a6af673a69656b6a654c201a3596a5bb0c9867f82796faf462a3a1ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 2ee93abc4bb877b0e4cf40428f66d1c1
SHA1 769eab84b3e2520cf4f4994d880a1ddd2558c3aa
SHA256 1097cfe005391b1115da99fbf7ac82d71ea8cd2d233a241214496efa920d4613
SHA512 ad9fcd1b4cd709848d7e8c2c45d1077d4f84d43720b769bbc44a041623b3b63e5385a892b48a4915c0563f795f710e1be34c2fd57c3aa4a40b7e5cfc7ad11374

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 4c0e2aecce599fe989ee9d944352d445
SHA1 59fed6a23a98f6cab804ef02cff9eb61a06cf77c
SHA256 5ba40fcb52ed7cf6a69af62e488912bca74ba9414f45513110f8c8cd6ed88539
SHA512 e30fc95c03e0a252c96d13e41eb6c03fe24dfe7b4409eb13ade84842bc67dec15bce472f2a66ed860da8d7e5ec19d3ae0da6473747d74b31214c705d7dfbda76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 b9c31dccd660d2431d4f7cf5caaf6ed2
SHA1 08481c3c396012cf60c19f09f36086bc3592ba82
SHA256 04a303decf95d79ca0101c432686c692b6233055a6afc136d074558ba4ebf245
SHA512 05e287f3d2e8dc371371c861b719b4e86bae3aa67233a3e5bacb30a6689f1a3e0aa01a0998a0c654b523ba1617c48adc605d9e48c7cbde111e82d6a123061244

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bfdb85e11e7f8b3da126848d435ccff9
SHA1 0ab27dbc006ce622af0535e7e1348de70daa2288
SHA256 c7b9098023ddde75d22502c6d2c3006fcaf852e1c6bf239dfb2a41cad6feeb96
SHA512 af768c5c5e63dfa78d61d1efb4a3d4d7d3ef4a186a4bb9dc75ae1006c06730c56d1a9497eed1ae5024eb50817c75e77afb773da0ccc2eca632ebfa47a1f61514

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 752c1af3d80210f4342a494fa948aff9
SHA1 5e780a3992760222b59bf3bb4c045918ddf2a26f
SHA256 892822ae3abe664c0156ac29986709b8676fa70cecdbfdf8389a931835ab9eb3
SHA512 c3aab449842e74e68c7d0951c017e8221549d97a4b742746f870c00f7124fd36df4d539099e22c1e7e5d22d91cc8378d61be5d1fa22410d8fe83274d3369299e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 07a6ed96465e7750705d7098218cd23d
SHA1 8a99ef8c8e4431022e040007b706c280e6329033
SHA256 f832822d9b3d2a35c05b4d863c2d887bff713e04e248194a6d7e200f95766b3b
SHA512 701f2f548cb2c779039632e0c37a762e92e9d686af7308614a65a81abcaae73264bc4cc8b124792cd4b8871d3c29e7f424fcfb69244f54764e6c3cfa3c09be31

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 b76d8b6de8fc13f6ea0ea0d98400807c
SHA1 bf3ab2e2296fc1f811613459cd1811b10afa7b69
SHA256 f06c34e8546c01ec5f46dff44a5964c0bca04dcd3f387e1f39d3d39bd69c4b09
SHA512 e5e1c3a8923b9edc566bfcd1e157a68531a90614827d57ceac6f4d8db3e7d58c996d933d69dbdaf8d0f9f6008797e0de9bc42cc897413bda203379aacb414c43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f9f3829ef8a51331d59c4b03b27c31c4
SHA1 db4b5cbf5e84884738984b6025f25a521b7f82cb
SHA256 3ab0d982ded0f8f61467e6723d51b0e56b8b0b3b138fe22df4f55dffd2c6548a
SHA512 6a950b8c982d725fef3b2b74bc23ebd0eb1c6485c906a5dd1bc4c8489595029fad9a8ac920e3ae4b7e284831a599ea2cd41ad7f0ae066b61130da71781a344e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ac55e609819bb5916a5f34091dfe45df
SHA1 f2e97d30be77632faf0b2a36c8da4c307923710d
SHA256 26f0275c0c8e69d7285a54c0cd61282f1969eff6f099acb3c35f90e6ea576fb6
SHA512 3023ba4d889ab23f1af3611dcf290a4000bc641bb9f37dc0e01afd0276dd38a64dbfb46b0c58460da2a0b52ce668361bd474b33266d795ee0b86c04c5ab20e8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 f5dc7ceeca6fcef8754def167093e390
SHA1 38482dc87c2cde7e7ceae99c3414c4ff92903c42
SHA256 8339c5d378302d06ef6d83ac1bc6f499cfc115214cc35a24920d92f31cb80f7d
SHA512 73eab28b79716b014e87ce8408c6d6ffee48208c0d8cfdfb3157e54d935f52f84cf72adbbe033c3a95dd8fc5c10442192a68eda6612b5189872ad6040e477db7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 27f7d16b3ff5f42722e38d0ec14476cf
SHA1 084369da04b0e212efede48486dd2775b71221ab
SHA256 398484d1466dc2beda7b2aeb5ecbeadf9b8630565347205345c9ee8523e182b2
SHA512 7f650115f24555a586257fc8fac2c4b403d1028b0a8f6df93a2b9712c0f08bf7bd3d0f50970380875944ac7244ea4675d83139e70d420c7b1a737f09ca26803f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 4a79141b1759d65a6184772ffc12a36c
SHA1 c032b4993e1948064afd8d9517e03bcd6b4a0fcf
SHA256 ede9ec9add5c087f6a74404a6b3cc1bd8b35625ae06aed479cfa68e2898bd407
SHA512 5b40393b43466219ce7b4b330898b540e5d932196575df24b100d72c454d08ccb1a7522759296f70ddad5f3ed35c3de572357129b1979bdaf31f5f1278dd077a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0c2e7bf9c001cec5d5eedd0d9ac3de4b
SHA1 d6c0a57f122ff99a4bcce065e42c9fc80cfcc35c
SHA256 722a8360abab5f9b09c9f15768861fbd5ad507af7263c0f689380cc01efeece4
SHA512 411b285ac95261c8118d248eee39b36cd0b899c7e0cf35ecc4075adfa175409910ecb2bd5aa5005ed54ffbd814b164d53971c559ab038935e9d3c38d6e3523e4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 793fcbefe8d1729846631bb09259badc
SHA1 6692e55c327c30b2d5d899f3e25a75f9b24da057
SHA256 c05673a855e24482075ae2bda1a0afb611f633562cb43fa5643ba43acc49fe62
SHA512 23fd518265ba8ecda217ba92921017a21a4efa2aac0b1db453f634b2f8b40b93ac8571aef32900524a7b63af34d143c406e93d4352c90774f48a38113ed62d15

C:\Users\Admin\Downloads\Unconfirmed 118377.crdownload

MD5 a9f320e3029b0c53c416b96db522707a
SHA1 90bc4db1db8aac97be94ab8c35ba6c72ddbfae2d
SHA256 8babb109a6f8beacac92c1a6d44fab8f7e75004356202b017166caef6ae93664
SHA512 72a1be6ab09f7a9c5b032e2b042144432981feee2c67a36989b0bda15a446b6b9d078e56c0b368ce99ea0246ae56ab710268d4ac4d5f69ab34de5533f71e7906

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e7bedb4e4dee5da286977f2d932dd3fd
SHA1 e6a2cf1af7c119adb49f0c65e6a9245f54dd5c33
SHA256 765d9348658fd13210ff989dd14d54a85b89d525cc09f411bc187ebe9f644002
SHA512 c7ab119038cc136c918e03cfecdeff70719f89a5fb98d9e63007ecc94cd36002cde21c7eb2968dbdf87aa2940847a17567f4282e8b76a8c738fd64c4b7b12ee0

C:\Users\Admin\Downloads\Unconfirmed 392892.crdownload

MD5 38bc15ae3acbd8e0260c34a7a3df5191
SHA1 51ae6313f5852d0fb128ebe3acd225c686e13df8
SHA256 81a1db18f5163f12087a3b1a6a92feb449b2577fdbb67e6eda3fa645813daa14
SHA512 8669d6d780e3287c9fe646dcea0b7b4a397f9a09acfbb44331e615af81e337aae56e5f355cee90eb30259f409f1f3719963d2b68ff3ae6e0edc46e18494fa28a

memory/4956-1793-0x00000000007C0000-0x0000000000AE4000-memory.dmp

memory/4956-1794-0x0000000002C60000-0x0000000002CB0000-memory.dmp

memory/4956-1795-0x000000001BC60000-0x000000001BD12000-memory.dmp

memory/4956-1796-0x0000000002C40000-0x0000000002C52000-memory.dmp

memory/4956-1797-0x0000000002E30000-0x0000000002E6C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6b744b8923b0041ec0869018d25e4c26
SHA1 a94fdcd84b01bfed39102bd22a0e4e3bcf79ce9f
SHA256 1d93981e29ca5b662026003a63c023af8e4bfe8a669c6a00f9ff0096219df113
SHA512 3b9bba7a54ab26fdff2ec94f8bec80a7fc5228c8a39c488fbe706d1e01aed25ff31eff08e3dd2356d6b3464db6c833c8848f6b63b23860a788d06841898aae5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 21f2f3375e473fce6fe387f94e1dd4a7
SHA1 9fe8ac6c5825ff8cfd1c1bc3d51cea79bae3bcac
SHA256 b90078d9150b60be83e39b6157c599b6456d44bae6693fccf7b57bf7021182a1
SHA512 3caa4055447e475fdc56792bbba68a1ffa74578735e5e0496ea0291c833081bc8f79cbbb185f53cf30fde0021f4d885e64688fce29dc9c3611a3704b0f4f9e56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 65ec15548bdffb88955af02bfc810811
SHA1 2129bbc0476556ff3d545381a8d6d1b25fcf9713
SHA256 09af88f11b670d1c29be8434b4363a004799a26477254ff5f6acf988dac43887
SHA512 11f205296dafbfca417e91b526b4973cd896c1faef5311cce7c9de47c4d4b8d5ec8edbd54798bcef051ea0bbd927db83c5e0dfe7e1991b9c36b695fccb8bbe35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 43a1212079acc2f1c888e9915c8fe0d3
SHA1 13a6a58e6a80ea423832fc5d1407ff0ae7b847d2
SHA256 a59e501ed6e908402744f75c16a477ec844fcd2c28b878a88afe596d1d2b03ed
SHA512 8c0153b964722461f16b98401502ab965a0c9a9aa1dcab612fea672b3fdc92537f56aa332aba17d8aa9439b81620209010d34d2ff6578910d96b46104cdb9992

memory/716-1922-0x000001B30C860000-0x000001B30C861000-memory.dmp

memory/716-1924-0x000001B30C860000-0x000001B30C861000-memory.dmp

memory/716-1923-0x000001B30C860000-0x000001B30C861000-memory.dmp

memory/716-1928-0x000001B30C860000-0x000001B30C861000-memory.dmp

memory/716-1934-0x000001B30C860000-0x000001B30C861000-memory.dmp

memory/716-1933-0x000001B30C860000-0x000001B30C861000-memory.dmp

memory/716-1932-0x000001B30C860000-0x000001B30C861000-memory.dmp

memory/716-1931-0x000001B30C860000-0x000001B30C861000-memory.dmp

memory/716-1930-0x000001B30C860000-0x000001B30C861000-memory.dmp

memory/716-1929-0x000001B30C860000-0x000001B30C861000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\ca3baa87-50d4-47f4-9596-0e1471565abd

MD5 3e8c93aaea1e62d7c1dd19d3f94981bf
SHA1 4e57f17fea51a57d7dd78dd620a86f24a2da7622
SHA256 6cc1ea4da1f097978c2d8dd23f7b1120ba48295589a91e40406ca4e18d46c29b
SHA512 690a35704ab193dea9ad8c4401c31f9f6dfb842382f1f0e467520026721e71d102d4e80ca2237ec55df0e8c0e44c85166c7e2d58c80ba2c24be0d7ec48263d06

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\6976690b-0777-4e84-ba90-7bf992c29c78

MD5 c64004e2b90f7ed1ac335485fb557520
SHA1 9febe465acd6f286ec65cb02cdd4fd9468cbca47
SHA256 e2ab0661be140896f4fb48bb68bb054b119354e6cbdbd15e689ec406f842d33c
SHA512 fdd09f8980c8323944fb0b5276c71b7e1a4afc806331196d08f75e8e3943647a795751597a82ada8f1546c973fbbb72da7e9216a15f43c0cb017cca293f92e78

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\93e18234-20a9-45a7-93ac-856a78439721

MD5 4f9628707145287646f3a0deb026db41
SHA1 5eeddc603d2f10f3da9527978509c9b0d12848ee
SHA256 f5fa261624ee35b3f6a7dddf03ea651b1d1a0ecede377843aa75685b0bc37ba5
SHA512 f4aec7f506a058d6f6a922845f6adb1f3dc38657de0fda28c36c523aaac653d1cb14f9b6cd7b0c8ddab378c4acfdae995be704f62e2b8b264b4e2e19be566ff8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

MD5 25cce96a1efe8fec9ecb5443aec62dc9
SHA1 6e3129fe7ff2dedf23bcd71ccc613cde0fa81cfa
SHA256 3623948968f89059f8713353f5c685a379280a1c86d11eff908effdce62d8837
SHA512 6d358c6fc72f872ba6c2fe650210f57bde25f520545f682bdaea10f12686dd0c66b175e4719300adc5784879379e3837f9e594fe34a721db38a9460cc12ed439

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\activity-stream.discovery_stream.json

MD5 73c0fd7915ccfc5713c2fa825d7a8564
SHA1 682a6ad87d6b9182cd501bad2c669c18f5243e1c
SHA256 e5df5f73a5a94f407a224ebf087ee5522caf6b363ac05bde8c3dc07e5d5d31a3
SHA512 ad929dfee0f357b5cb9de86e5bc13023c50e549deb8443a584e356d93e2bc7db91fd393ead99a450a5bde03f99bb5383fa3fe6794b1deb9c5dfaff6f1f41eb69

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

MD5 026f1c18bf92f3c038c07b13edceaffe
SHA1 5f7053b00c43d4fe19ed6ca9b37971893ba8fafc
SHA256 e53b87fdd013eb94898a45643cf209a09954c108b5c4263f89e7dca4b44715b6
SHA512 b999b82fc1231bc8636404a52c96ea0922a610702a3b2c243133c7775d9953be66150b1aed3aa7a5c89a8113d176f16c4289a4520667d443f9ded8c7fb482458

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js

MD5 c28b7343a7dc51593307b0f9b4d07288
SHA1 4cf6146980e6cf57efaabc4764fc715eb0460b41
SHA256 8a1544282fb62e9773defc80195f84d5d2194a8094b22b44a1b4f8f1234f6596
SHA512 1e5630ae5889c73685b09659506aca7ecfc201e90a49f7c858f26109d9bc0ac782593af15ecaaf58797d689db46ac7e3005fe93c52bb92c272a1f3b16fc3b03d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

MD5 1ea23e2930ca5307b6c4fcbfb263ccf0
SHA1 fe282d1489b20a94f7b11ea61d2e29ca160605c0
SHA256 5eee8c370b8caae6cd0f49c3818ccc70b0d2fd6149e89de2a23ac8001298d4f5
SHA512 684c4bc7c16d2d609ea9837cfd3e30f45df0d89bcf56a9a772f3feb72ce6a518e44218cd372e2f08d52528c677268e6472c7676220927bde96504f2737b88920

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js

MD5 830839283ca0fd721fe48ad64bf44da7
SHA1 48144d0f699fb3bc8edc11b4c89b9f5b7bc2c0fa
SHA256 9dde80f415b3efd21b39ef89b0e7743e82122efe1613615de0b8a47cc3fadc5e
SHA512 15d0c9d3aaaa81ff8d1e4ebdf797d88854803da9c666b61e8e5a3018b63a959140f21eefdcb2afd603a1f90e7200db14ec3e433f23ca26d06f439a3819cfd638

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js

MD5 fe25ca459102bdc66a2b5a7b0bde7966
SHA1 4b90083e5556dbcaa46f153c7c9d694b4f128da5
SHA256 ef7e276c57ec4dd857723baf47568a1ee53eded355dfec154bebd64ef302a7e4
SHA512 b641f9ecdbc3f8e1552e71fc6a5ba7481905c80fa1fdbf3c8c9748492ac961a88a00be29beaa12b3c0870bc9264e414ba70f15c850666e703966d296c7790386

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

MD5 7997a42389576fdb54f2c5efef940f42
SHA1 3b8b916ce34ea84c4afcf4eaaacd6f5e18c79cb1
SHA256 849fe3862472aaf425f3e0b7fd351cc94f5ccdf1263ac99f81a6d68c6dbf4057
SHA512 42951038798127fe5ee097cfc14cc1728c835b2ec2f5a4d11a6906d632f4341290dadeebe369fa1a7f1c3dece75659b313ac64ceb7a4dccfc72177f6d42ba49e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\cache2\entries\D500AD994A7515157BB2A6ADD5B18B754E4D2F99

MD5 21fa3fdc05bd6d965f53dee86d31da82
SHA1 36d88e1b039e14e2b1d05ab87526706f927058c0
SHA256 210539ce62edad3251ea737008b23752a5a30ef7f670ee0d481a0d5ae81bcf81
SHA512 e12b15a3738dba12be7ee6a887732dc5f4d0e3a0569e1bdd76616d818b364648e3b19fda0a57eb4fe4bfd47c4af5c481e34a5b2d0e8e37cf471c5da75c96bc5c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js

MD5 4cba6dd4754ad4d77d7bee24fa75b3bf
SHA1 fc708e1a383e7832f51a7463746470587bc1046a
SHA256 6d01eaee22706735c4f98445e2f8bbbf891ba02ab6cb52dc7163c3679617f0d1
SHA512 3a8708c8b04870b3fa8ab61e6364f9f6da2ba5c4c9672e4df79cd1d1bf43fabf692d38ff40aa226e159302cbaf26250e4bdce41c7065ffe6f8a673002093c22f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

MD5 7e8b9370f8b964728a0b5f872ca82a1e
SHA1 8fa7197a44443b36e9589d00188ea42b773b2f76
SHA256 d118d412d26037c5fe67a6840794ea285fcefa9d23968203e96949243b49a809
SHA512 6fee77dbd87afc13677aeafea9391030de94d73a27ce5f652351c745893e00ca2ab81f3527adebb4b17cff4eb7c3cde340b66669e0f17c56fd6fe39727e0756d

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75