Malware Analysis Report

2024-10-19 06:53

Sample ID 231118-kwfdjaec2s
Target Velocity_free.exe
SHA256 accbd63c3e331e30f61f09bea91a4bea918687f50c62b12536869612a55ea981
Tags
stealerium microsoft discovery persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

accbd63c3e331e30f61f09bea91a4bea918687f50c62b12536869612a55ea981

Threat Level: Known bad

The file Velocity_free.exe was found to be: Known bad.

Malicious Activity Summary

stealerium microsoft discovery persistence phishing spyware stealer

Stealerium

Downloads MZ/PE file

Reads user/profile data of web browsers

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Looks up external IP address via web service

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Checks system information in the registry

Detected potential entity reuse from brand microsoft.

Unsigned PE

Enumerates physical storage devices

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

NTFS ADS

Kills process with taskkill

Suspicious use of FindShellTrayWindow

Delays execution with timeout.exe

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Enumerates processes with tasklist

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-18 08:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-18 08:56

Reported

2023-11-18 08:59

Platform

win10v2004-20231025-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Velocity_free.exe"

Signatures

Stealerium

stealer stealerium

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Appdata\Local\Diagnostics\Loader.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Diagnostics\syshelper.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Scheduler = "C:\\Users\\Admin\\Appdata\\Local\\Diagnostics\\syshelp.exe" C:\Windows\system32\reg.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Diagnostics\lsass.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Diagnostics\lsass.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates physical storage devices

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-177160434-2093019976-369403398-1000\{B660E1BF-9D0D-4AFF-9479-4B090AA7725A} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 223891.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Appdata\Local\Diagnostics\Loader.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Diagnostics\syshelper.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Velocity_free.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Velocity_free.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 780 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\Velocity_free.exe C:\Windows\system32\cmd.exe
PID 780 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\Velocity_free.exe C:\Windows\system32\cmd.exe
PID 4348 wrote to memory of 2752 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cacls.exe
PID 4348 wrote to memory of 2752 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cacls.exe
PID 4348 wrote to memory of 2076 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4348 wrote to memory of 2076 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4348 wrote to memory of 1608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4348 wrote to memory of 1608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 780 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\Velocity_free.exe C:\Users\Admin\Appdata\Local\Diagnostics\Loader.exe
PID 780 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\Velocity_free.exe C:\Users\Admin\Appdata\Local\Diagnostics\Loader.exe
PID 2600 wrote to memory of 2636 N/A C:\Users\Admin\Appdata\Local\Diagnostics\Loader.exe C:\Users\Admin\AppData\Local\Diagnostics\lsass.exe
PID 2600 wrote to memory of 2636 N/A C:\Users\Admin\Appdata\Local\Diagnostics\Loader.exe C:\Users\Admin\AppData\Local\Diagnostics\lsass.exe
PID 2600 wrote to memory of 3028 N/A C:\Users\Admin\Appdata\Local\Diagnostics\Loader.exe C:\Users\Admin\AppData\Local\Diagnostics\syshelper.exe
PID 2600 wrote to memory of 3028 N/A C:\Users\Admin\Appdata\Local\Diagnostics\Loader.exe C:\Users\Admin\AppData\Local\Diagnostics\syshelper.exe
PID 2600 wrote to memory of 2952 N/A C:\Users\Admin\Appdata\Local\Diagnostics\Loader.exe C:\Windows\System32\cmd.exe
PID 2600 wrote to memory of 2952 N/A C:\Users\Admin\Appdata\Local\Diagnostics\Loader.exe C:\Windows\System32\cmd.exe
PID 2952 wrote to memory of 3452 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\tasklist.exe
PID 2952 wrote to memory of 3452 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\tasklist.exe
PID 2952 wrote to memory of 2524 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\find.exe
PID 2952 wrote to memory of 2524 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\find.exe
PID 3028 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Diagnostics\syshelper.exe C:\Windows\System32\cmd.exe
PID 3028 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Diagnostics\syshelper.exe C:\Windows\System32\cmd.exe
PID 2760 wrote to memory of 5016 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\chcp.com
PID 2760 wrote to memory of 5016 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\chcp.com
PID 2760 wrote to memory of 4072 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2760 wrote to memory of 4072 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2760 wrote to memory of 5004 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\timeout.exe
PID 2760 wrote to memory of 5004 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\timeout.exe
PID 4920 wrote to memory of 3396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Velocity_free.exe

"C:\Users\Admin\AppData\Local\Temp\Velocity_free.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Diagnostics\nat1.bat

C:\Windows\system32\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Appdata\Local\Diagnostics"

C:\Windows\system32\reg.exe

REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Scheduler" /t REG_SZ /F /D "C:\Users\Admin\Appdata\Local\Diagnostics\syshelp.exe"

C:\Users\Admin\Appdata\Local\Diagnostics\Loader.exe

"C:\Windows\system32\cmd.exe" C:\Users\Admin\Appdata\Local\Diagnostics\Loader.exe

C:\Users\Admin\AppData\Local\Diagnostics\lsass.exe

"C:\Users\Admin//AppData//Local//Diagnostics//lsass.exe"

C:\Users\Admin\AppData\Local\Diagnostics\syshelper.exe

"C:\Users\Admin//AppData//Local//Diagnostics//syshelper.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C BatchScript.bat & Del BatchScript.bat

C:\Windows\system32\tasklist.exe

Tasklist /fi "PID eq 2600"

C:\Windows\system32\find.exe

find ":"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpD1A.tmp.bat

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\taskkill.exe

TaskKill /F /IM 3028

C:\Windows\system32\timeout.exe

Timeout /T 2 /Nobreak

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff79fe46f8,0x7fff79fe4708,0x7fff79fe4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3360 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8

C:\Users\Admin\Downloads\vc_redist.x64.exe

"C:\Users\Admin\Downloads\vc_redist.x64.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9152 /prefetch:1

C:\Users\Admin\Downloads\vc_redist.x64.exe

"C:\Users\Admin\Downloads\vc_redist.x64.exe"

C:\Users\Admin\Downloads\vc_redist.x64.exe

"C:\Users\Admin\Downloads\vc_redist.x64.exe" -burn.unelevated BurnPipe.{5E3F8E4A-9BDE-44F0-8364-91A3A90CAFB6} {CA614423-98C3-4700-A493-381B00D0F651} 2804

C:\Users\Admin\Downloads\vc_redist.x64.exe

"C:\Users\Admin\Downloads\vc_redist.x64.exe" -burn.unelevated BurnPipe.{50ACF07C-8744-4B24-B654-B556C4C12258} {D4D720A4-2FA9-4CFE-B3D9-61E7E552BFD3} 5936

C:\Users\Admin\Downloads\vc_redist.x64.exe

"C:\Users\Admin\Downloads\vc_redist.x64.exe"

C:\Users\Admin\Downloads\vc_redist.x64.exe

"C:\Users\Admin\Downloads\vc_redist.x64.exe" -burn.unelevated BurnPipe.{9DAEA97E-A48E-4570-B7F7-923023DAB801} {DF10A268-1655-43D1-8236-1BF80E1E8B02} 4172

C:\Users\Admin\Downloads\vc_redist.x64.exe

"C:\Users\Admin\Downloads\vc_redist.x64.exe"

C:\Users\Admin\Downloads\vc_redist.x64.exe

"C:\Users\Admin\Downloads\vc_redist.x64.exe"

C:\Users\Admin\Downloads\vc_redist.x64.exe

"C:\Users\Admin\Downloads\vc_redist.x64.exe" -burn.unelevated BurnPipe.{39E05AAE-3F9F-4C25-9195-3D3C97C31738} {C2C92D6A-4883-435D-B8FC-3FB3B9D3B102} 5648

C:\Users\Admin\Downloads\vc_redist.x64.exe

"C:\Users\Admin\Downloads\vc_redist.x64.exe" -burn.unelevated BurnPipe.{6AD5AC8E-3190-4171-B7CE-AFE9A43977CA} {3AAD2956-915A-46DA-B4E2-B573775347B6} 1916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13556473066661014258,17193131915708205108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 bitbucket.org udp
US 104.192.141.1:443 bitbucket.org tcp
US 8.8.8.8:53 1.141.192.104.in-addr.arpa udp
US 8.8.8.8:53 bbuseruploads.s3.amazonaws.com udp
US 3.5.28.175:443 bbuseruploads.s3.amazonaws.com tcp
US 8.8.8.8:53 175.28.5.3.in-addr.arpa udp
US 8.8.8.8:53 api.ipify.org udp
US 173.231.16.77:443 api.ipify.org tcp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 77.16.231.173.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
N/A 127.0.0.1:52912 tcp
N/A 127.0.0.1:52914 tcp
N/A 127.0.0.1:52919 tcp
N/A 127.0.0.1:52921 tcp
N/A 127.0.0.1:52937 tcp
N/A 127.0.0.1:52940 tcp
N/A 127.0.0.1:52954 tcp
N/A 127.0.0.1:52956 tcp
N/A 127.0.0.1:52961 tcp
N/A 127.0.0.1:52963 tcp
N/A 127.0.0.1:52970 tcp
N/A 127.0.0.1:52974 tcp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 188.240.123.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 88.221.24.41:443 r.bing.com tcp
NL 88.221.24.9:443 r.bing.com tcp
NL 88.221.24.9:443 r.bing.com tcp
NL 88.221.24.41:443 r.bing.com tcp
US 8.8.8.8:53 9.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 41.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 learn.microsoft.com udp
NL 104.85.2.139:443 learn.microsoft.com tcp
NL 104.85.2.139:443 learn.microsoft.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.67:443 js.monitor.azure.com tcp
US 13.107.246.67:443 js.monitor.azure.com tcp
US 8.8.8.8:53 mscom.demdex.net udp
US 8.8.8.8:53 target.microsoft.com udp
US 8.8.8.8:53 microsoftmscompoc.tt.omtrdc.net udp
IE 52.210.32.130:443 mscom.demdex.net tcp
US 8.8.8.8:53 139.2.85.104.in-addr.arpa udp
US 8.8.8.8:53 67.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 130.32.210.52.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
JP 40.79.197.35:443 browser.events.data.microsoft.com tcp
JP 40.79.197.35:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 35.197.79.40.in-addr.arpa udp
JP 40.79.197.35:443 browser.events.data.microsoft.com tcp
JP 40.79.197.35:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
NL 88.221.24.41:443 r.bing.com tcp
US 8.8.8.8:53 vcruntime140-dll.en.softonic.com udp
US 35.227.233.104:443 vcruntime140-dll.en.softonic.com tcp
US 35.227.233.104:443 vcruntime140-dll.en.softonic.com tcp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 softonic.com udp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
NL 23.222.44.133:443 images.sftcdn.net tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 35.227.233.104:443 softonic.com tcp
US 35.227.233.104:443 softonic.com tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 bat.bing.com udp
NL 23.222.44.133:443 images.sftcdn.net tcp
NL 23.222.44.133:443 images.sftcdn.net tcp
DE 172.217.23.194:443 securepubads.g.doubleclick.net tcp
DE 172.217.23.194:443 securepubads.g.doubleclick.net tcp
US 18.239.69.43:443 sdk.privacy-center.org tcp
US 18.239.69.131:443 c.amazon-adsystem.com tcp
US 204.79.197.200:443 bat.bing.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 104.233.227.35.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 133.44.222.23.in-addr.arpa udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 131.69.239.18.in-addr.arpa udp
US 8.8.8.8:53 43.69.239.18.in-addr.arpa udp
NL 23.222.44.133:443 images.sftcdn.net tcp
NL 23.222.44.133:443 images.sftcdn.net tcp
NL 23.222.44.133:443 images.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net udp
US 151.101.1.91:443 sc.sftcdn.net udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
DE 172.217.23.194:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 18.239.52.133:443 www.datadoghq-browser-agent.com tcp
US 35.227.233.104:443 softonic.com udp
US 18.239.69.131:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 btloader.com udp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 storage.googleapis.com udp
NL 142.251.36.59:443 storage.googleapis.com tcp
US 8.8.8.8:53 133.52.239.18.in-addr.arpa udp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
NL 108.156.60.103:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 59.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 103.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 198.23.217.172.in-addr.arpa udp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 c33ea5f11321f4c6cfde349a47c037fd.safeframe.googlesyndication.com udp
NL 142.250.179.161:443 c33ea5f11321f4c6cfde349a47c037fd.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 api.privacy-center.org udp
US 18.239.83.51:443 api.privacy-center.org tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 34.120.63.153:443 prebid.media.net tcp
US 34.120.63.153:443 prebid.media.net tcp
NL 216.52.2.16:443 ap.lijit.com tcp
NL 216.52.2.16:443 ap.lijit.com tcp
DE 157.90.0.13:443 shb.richaudience.com tcp
DE 157.90.0.13:443 shb.richaudience.com tcp
DE 157.90.0.13:443 shb.richaudience.com tcp
DE 157.90.0.13:443 shb.richaudience.com tcp
DE 141.95.33.120:443 id5-sync.com tcp
DE 3.67.4.190:443 ad.360yield.com tcp
DE 3.67.4.190:443 ad.360yield.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
US 8.8.8.8:53 161.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 51.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 16.2.52.216.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 84.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 120.33.95.141.in-addr.arpa udp
US 8.8.8.8:53 190.4.67.3.in-addr.arpa udp
US 8.8.8.8:53 13.0.90.157.in-addr.arpa udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 18.239.81.30:443 aax.amazon-adsystem.com tcp
US 18.239.81.30:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 142.250.102.156:443 stats.g.doubleclick.net tcp
US 216.239.38.181:443 analytics.google.com tcp
US 8.8.8.8:53 ampcid.google.com udp
NL 142.250.179.174:443 ampcid.google.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.googletagservices.com udp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.39.98:443 www.googletagservices.com tcp
US 8.8.8.8:53 30.81.239.18.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 181.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 156.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
NL 142.250.102.156:443 stats.g.doubleclick.net udp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
NL 142.251.39.98:443 www.googletagservices.com udp
US 8.8.8.8:53 player.anyclip.com udp
NL 87.248.202.119:443 player.anyclip.com tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 119.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 config.anyclip.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 contextual.media.net udp
DE 162.55.236.224:443 sync.richaudience.com tcp
NL 104.85.0.23:443 contextual.media.net tcp
US 8.8.8.8:53 ads.pubmatic.com udp
NL 104.85.0.200:443 ads.pubmatic.com tcp
US 8.8.8.8:53 acdn.adnxs.com udp
US 151.101.1.108:443 acdn.adnxs.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 104.18.38.76:443 js-sec.indexww.com tcp
US 8.8.8.8:53 23.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 224.236.55.162.in-addr.arpa udp
US 8.8.8.8:53 200.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 pixel.anyclip.com udp
US 8.8.8.8:53 trafficmanager.anyclip.com udp
US 8.8.8.8:53 ipv4.icanhazip.com udp
US 8.8.8.8:53 assets.anyclip.com udp
US 8.8.8.8:53 vid.springserve.com udp
US 34.204.249.148:443 pixel.anyclip.com tcp
US 34.204.249.148:443 pixel.anyclip.com tcp
US 44.210.49.138:443 trafficmanager.anyclip.com tcp
US 104.18.115.97:443 ipv4.icanhazip.com tcp
NL 87.248.202.119:443 assets.anyclip.com tcp
IE 54.76.207.8:443 vid.springserve.com tcp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 97.115.18.104.in-addr.arpa udp
US 8.8.8.8:53 8.207.76.54.in-addr.arpa udp
US 8.8.8.8:53 148.249.204.34.in-addr.arpa udp
US 8.8.8.8:53 138.49.210.44.in-addr.arpa udp
US 8.8.8.8:53 notix.io udp
NL 139.45.240.92:443 notix.io tcp
US 8.8.8.8:53 cdn5.anyclip.com udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 92.240.45.139.in-addr.arpa udp
US 216.239.38.181:443 analytics.google.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
NL 23.216.240.90:443 secure.cdn.fastclick.net tcp
US 18.239.18.118:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 marketplace.anyclip.com udp
US 34.195.243.248:443 marketplace.anyclip.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.hadronid.net udp
IE 52.94.223.167:443 aax-eu.amazon-adsystem.com tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
US 34.195.243.248:443 marketplace.anyclip.com tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
IE 34.255.67.121:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 34.195.243.248:443 marketplace.anyclip.com tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
NL 142.250.179.170:443 imasdk.googleapis.com tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 90.240.216.23.in-addr.arpa udp
US 8.8.8.8:53 118.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 167.223.94.52.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 248.243.195.34.in-addr.arpa udp
NL 142.250.179.170:443 imasdk.googleapis.com udp
US 8.8.8.8:53 s0.2mdn.net udp
NL 142.250.179.134:443 s0.2mdn.net tcp
US 8.8.8.8:53 a.ad.gt udp
US 172.67.23.234:443 a.ad.gt tcp
US 8.8.8.8:53 hb.emxdgt.com udp
DE 3.126.190.82:443 hb.emxdgt.com tcp
US 8.8.8.8:53 121.67.255.34.in-addr.arpa udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 tlx.3lift.com udp
DE 54.93.131.179:443 tlx.3lift.com tcp
DE 18.197.118.54:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 82.190.126.3.in-addr.arpa udp
US 8.8.8.8:53 179.131.93.54.in-addr.arpa udp
US 8.8.8.8:53 54.118.197.18.in-addr.arpa udp
US 8.8.8.8:53 answers.microsoft.com udp
NL 23.206.115.143:443 answers.microsoft.com tcp
NL 23.206.115.143:443 answers.microsoft.com tcp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 152.199.23.37:443 aadcdn.msftauth.net tcp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 8.8.8.8:53 143.115.206.23.in-addr.arpa udp
US 8.8.8.8:53 37.23.199.152.in-addr.arpa udp
US 8.8.8.8:53 answers-afd.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.123.41.162:443 www.microsoft.com tcp
US 13.107.246.67:443 answers-afd.microsoft.com tcp
US 13.107.246.67:443 answers-afd.microsoft.com tcp
US 13.107.246.67:443 answers-afd.microsoft.com tcp
US 8.8.8.8:53 162.41.123.104.in-addr.arpa udp
US 8.8.8.8:53 filestore.community.support.microsoft.com udp
IE 20.54.108.3:443 filestore.community.support.microsoft.com tcp
IE 20.54.108.3:443 filestore.community.support.microsoft.com tcp
US 8.8.8.8:53 mem.gfx.ms udp
US 13.107.246.67:443 mem.gfx.ms tcp
NL 104.123.41.162:443 www.microsoft.com tcp
US 13.107.246.67:443 mem.gfx.ms tcp
US 13.107.246.67:443 mem.gfx.ms tcp
US 13.107.246.67:443 mem.gfx.ms tcp
US 8.8.8.8:53 3.108.54.20.in-addr.arpa udp
US 8.8.8.8:53 51.15.97.104.in-addr.arpa udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 13.107.246.67:443 acctcdn.msauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 assets.onestore.ms udp
US 8.8.8.8:53 ajax.aspnetcdn.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
NL 104.85.1.163:443 c.s-microsoft.com tcp
NL 104.85.1.163:443 c.s-microsoft.com tcp
NL 23.222.44.18:443 assets.onestore.ms tcp
US 8.8.8.8:53 160.19.199.152.in-addr.arpa udp
NL 104.85.1.163:443 c.s-microsoft.com tcp
US 8.8.8.8:53 download.microsoft.com udp
US 23.36.245.101:443 download.microsoft.com tcp
US 8.8.8.8:53 163.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 18.44.222.23.in-addr.arpa udp
US 8.8.8.8:53 101.245.36.23.in-addr.arpa udp
US 8.8.8.8:53 c1.microsoft.com udp
IE 68.219.88.97:443 c1.microsoft.com tcp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.200:443 c.bing.com tcp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 identity.nel.measure.office.net udp
US 8.8.8.8:53 aefd.nelreports.net udp
NL 23.72.252.163:443 identity.nel.measure.office.net tcp
NL 104.97.15.59:443 aefd.nelreports.net tcp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 59.15.97.104.in-addr.arpa udp
US 8.8.8.8:53 prod.tahoe-analytics.publishers.advertising.a2z.com udp
US 35.84.46.10:443 prod.tahoe-analytics.publishers.advertising.a2z.com tcp
US 35.84.46.10:443 prod.tahoe-analytics.publishers.advertising.a2z.com tcp
US 8.8.8.8:53 10.46.84.35.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 prebid.media.net udp
NL 216.52.2.16:443 ap.lijit.com tcp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 34.120.63.153:443 prebid.media.net udp
DE 37.252.171.85:443 ib.adnxs.com tcp
DE 18.157.128.21:443 ad.360yield.com tcp
NL 216.52.2.16:443 ap.lijit.com tcp
US 8.8.8.8:53 85.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 21.128.157.18.in-addr.arpa udp
DE 172.217.23.194:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 cdn.ampproject.org udp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
US 8.8.8.8:53 udp
NL 142.250.179.161:443 udp

Files

C:\Users\Admin\AppData\Local\Diagnostics\nat1.bat

MD5 82a32b6c97c5656ad0526037baf0228a
SHA1 0da9746aef3dc1ee2ca3de4abce31594fd5e8fa5
SHA256 3209717d23ae9db9d7f055c05bb19c66ee46bbbab704c8e8a70d2c1a2539a11d
SHA512 606ed32f43b87048cfa69df28cd4e97fd80b51694128fca0aa21260a4549af1ef0345f6b5fe303b23d3dcc46dcc79454dc2173600ee1fe4e865f75c3f5efcecf

memory/2076-2-0x0000019B333B0000-0x0000019B333D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ethp5kpf.ymk.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2076-12-0x00007FFF77DC0000-0x00007FFF78881000-memory.dmp

memory/2076-13-0x0000019B33370000-0x0000019B33380000-memory.dmp

memory/2076-15-0x0000019B33370000-0x0000019B33380000-memory.dmp

memory/2076-14-0x0000019B33370000-0x0000019B33380000-memory.dmp

memory/2076-18-0x00007FFF77DC0000-0x00007FFF78881000-memory.dmp

C:\Users\Admin\Appdata\Local\Diagnostics\Loader.exe

MD5 dad075dc918c1040fd09f992af2c31fd
SHA1 4def63f72017819bae5f34fbf5d279afdb685092
SHA256 130e2e0c2123d1c344d96fbf45f4d31c74750d1a255cbcaeae485617078a91bc
SHA512 cecee9ebbd45a6ad688ad50171fd70d13331b820ccd37a1ba578592f1c3eb16c0cd5c27809b09d974656ed70c72bbffb747602bfe8d41411c721185086ead1ed

C:\Users\Admin\AppData\Local\Diagnostics\Loader.exe

MD5 dad075dc918c1040fd09f992af2c31fd
SHA1 4def63f72017819bae5f34fbf5d279afdb685092
SHA256 130e2e0c2123d1c344d96fbf45f4d31c74750d1a255cbcaeae485617078a91bc
SHA512 cecee9ebbd45a6ad688ad50171fd70d13331b820ccd37a1ba578592f1c3eb16c0cd5c27809b09d974656ed70c72bbffb747602bfe8d41411c721185086ead1ed

memory/2600-23-0x0000000000830000-0x0000000000838000-memory.dmp

memory/2600-24-0x00007FFF77DC0000-0x00007FFF78881000-memory.dmp

memory/2600-25-0x0000000001030000-0x0000000001040000-memory.dmp

C:\Users\Admin\AppData\Local\Diagnostics\lsass.exe

MD5 285c3fa034f83e831faa557664cfe18b
SHA1 f885180648052fa28e472eeecb986cdef4f299e2
SHA256 190548c6016f5590e454afffdfaa404064f291190685491ddb299ff282956699
SHA512 1397ee40eb9f15504559a12c2442cc78225d4fa2c0197f285d26f4423d04b01ef3b158ac54318004fe38750d502e1a494da79ab71b81e5f389dee9cce8f441d9

C:\Users\Admin\AppData\Local\Diagnostics\lsass.exe

MD5 285c3fa034f83e831faa557664cfe18b
SHA1 f885180648052fa28e472eeecb986cdef4f299e2
SHA256 190548c6016f5590e454afffdfaa404064f291190685491ddb299ff282956699
SHA512 1397ee40eb9f15504559a12c2442cc78225d4fa2c0197f285d26f4423d04b01ef3b158ac54318004fe38750d502e1a494da79ab71b81e5f389dee9cce8f441d9

C:\Users\Admin\AppData\Local\Microsoft\gooOGIVGFAC.zip

MD5 3b85f0a4c55e6801c2a72dca0187abde
SHA1 b2fa3a2b12b07a5d2949a914b78d51515c621fb3
SHA256 9c5411c4644d0baac13aa0224f7f52fd37c5e38240534c5e76caf2fc9522065b
SHA512 d19e03f9d2974b92db004b755db418acbe857897a9df6ab98b9b4c7f62b04773d78f8b03a0cb88c2541ba18b6091de36a687addbe4aa84d1e83d32ef2237db64

C:\Users\Admin\AppData\Local\Microsoft\gooOGIVGFAC2.zip

MD5 6bf645acaec3f8326369f03c0b1c7784
SHA1 227c3a3221f960ba11db8847eb9aa2ff15b18fa0
SHA256 4a71659016334cfb8af9faae2254c658525fc37906b8c61b2642d9bf14921694
SHA512 74e212bb124bfe115ef2380ad30b1d7077a3572aea98bbbe8e87f170f897794447fd69a10b0da5b319266fc66a91c33135e7a6054bbc0dfdac3edb7d345da5ae

C:\Users\Admin\AppData\Local\Microsoft\MicOGIVGFAC.zip

MD5 a428c38aa4db7235f73b3a70379d8bf3
SHA1 f4928b6643b6b6d76c33585776bc2318101c7106
SHA256 7f0178fee0242cad9cd5655db17c857430c4e2cc197cbb24a3dc33d583a451a4
SHA512 c4b5c818f4385521e748be2531b7ffe187e3c40a5156739d9bd148aa82e24104fd35afe9c3d319af9c39000d550af1ee06000bf1a8b4628b22034f3b8de3a152

C:\Users\Admin\AppData\Local\Microsoft\MicOGIVGFAC2.zip

MD5 67da56e1cae19d42bf8665f44b2bb00d
SHA1 12bdae1b5477813883fa8d188d1ec65a18a36a73
SHA256 24f33e16c3b8b3d1b2f3d1843ed9b850cb898b8e9d23ba92fcf3f0ad4f706ba3
SHA512 b636bb9eb9f74fe4cdcaeb3c6e3b30b8a94793cf521c73079840f890b0f47361f526706a3716e1e4fd5e62fe1a9b95306327265454f359f1dfff0fb29e4c6a5a

C:\Users\Admin\AppData\Local\Diagnostics\syshelper.exe

MD5 8076665d13f725a1874fcbd0cfcc7db4
SHA1 68107381de917f4d9d7e85a5a2cf7ffd7a9559dc
SHA256 2ef65b48c0c784f1b7f8568c9a2ccf001cb9ab68dfa61e86b7a5d194e57c5b74
SHA512 0d27ef4b2013804bbdd99c21e6e3b29cd307e8b7d5c54fb74953687769038cbd6a3f78d8b95c882cded71db66542d22ae2eb7d36b8f057ec5890c36ae40acc97

C:\Users\Admin\AppData\Local\Diagnostics\syshelper.exe

MD5 8076665d13f725a1874fcbd0cfcc7db4
SHA1 68107381de917f4d9d7e85a5a2cf7ffd7a9559dc
SHA256 2ef65b48c0c784f1b7f8568c9a2ccf001cb9ab68dfa61e86b7a5d194e57c5b74
SHA512 0d27ef4b2013804bbdd99c21e6e3b29cd307e8b7d5c54fb74953687769038cbd6a3f78d8b95c882cded71db66542d22ae2eb7d36b8f057ec5890c36ae40acc97

memory/3028-74-0x0000029F10950000-0x0000029F10AD6000-memory.dmp

memory/3028-75-0x00007FFF77DC0000-0x00007FFF78881000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BatchScript.bat

MD5 96a29341380815aa6c259a54d46bad8b
SHA1 58db7c62c38f9c322d85eb218dcd1ae5bae69722
SHA256 0547e3e793a0ac0393a4d26a6442ba7b80dc5090bc6afa01bbc33696b2d7b543
SHA512 3ae02b9ef2a886d53f79832ce80f76bb8b0f5bd4574ee11a490cec804ee801c95eeceebb8afa66ecdd9923cbcdbbc4fd24ab21fd26b9c80fc1d0e8d9bc6950a1

memory/2600-78-0x00007FFF77DC0000-0x00007FFF78881000-memory.dmp

memory/3028-79-0x0000029F2B090000-0x0000029F2B0A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpD1A.tmp.bat

MD5 e48f7bc999552f35a8e0099ace5875be
SHA1 485b018aa454748bef7df1b1ef4e0a6f9b911c2b
SHA256 72d48d7d469ece29a71e5e887826f1310b4f04c38ebe6d25e6bf949710e54249
SHA512 d0567617b4a767c371127f537c3f4f5cb8460968c5177a90569d4a5679507eb90bb192c2fb99391d35dffc4821ee95b5e74a2a1f086641adb00f743dd3742343

memory/3028-82-0x00007FFF77DC0000-0x00007FFF78881000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aed593b08b94f34dd8f68fd369652ac2
SHA1 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95
SHA256 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7
SHA512 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

\??\pipe\LOCAL\crashpad_4920_JHVQKLFSMEJWTVCX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cc34779c38c0a4d0cd36912664b0e0f9
SHA1 541ceb2988abc85dc041b242e0a3516435a23041
SHA256 b6258ff17e525de5ae541ce61ba348fd425a857ce3915048897a4b1a39061e38
SHA512 ff1c5e232b16c263f5b31a30b5cde9638ceaebf8bf43004fdec657b469fcef406d7052df599d18046c9dd813ca825b0460782445f3bc66b1ea682968247cd92d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3f70b324f3bc6060cf384c8af757d81b
SHA1 79d91d24e5c12b0451e702f6b2e423f31e26899d
SHA256 f97d8d2be64b64dc5326aa3194eb87a310f97de7e4059e8e845c12f49c0745da
SHA512 cc717607c611650ead11c0212eb5868b118113343fab559e8e75323bb000e6a5b243c10be3cec77df9dc2c30956e2348ecb12dfe67be0592e5cb173b5ec2cbad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f647ec6b6cb3dcbc9fd047cacbaa9987
SHA1 06e3434dbf9c308552dad78f66fa08674690d13b
SHA256 35ca57578cfbf8d92bff2b2a78f04d2befa33847986ab36f42b7ec534390aa36
SHA512 51fd1be2175c3162dbf4d5c502863b22606a2945bb58e147a2dbbf8be034b9cd204a61bc3e4f4e3f43924156e859cff181d73253ea44223c8afafd65be151769

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e2565e589c9c038c551766400aefc665
SHA1 77893bb0d295c2737e31a3f539572367c946ab27
SHA256 172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80
SHA512 5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 89341bf7fa63481af4ccf5a62b85d74b
SHA1 a1af00c41db3f219b62d56f061322115e89eb8f4
SHA256 81284d112bd30b73898faad14024efd4d3121b59295f5575a6356c3a5d475ef0
SHA512 e2c636517e2b784c825a0a5f492111648144406e6a15af36f236be9257f7a39444e137d4876429ba3957767ab518e14a5d8341336d3ed1f6d74f5063e9af00c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c1c673b0162864bfe161789bc548b489
SHA1 9d202a7f77d0c6f1f8a01d8493773620211a6c44
SHA256 1c0dba69d644513e84ce97b2c5aeac7b424878c2df820227d219b4263b4fe36e
SHA512 18ff8a80cb2f8f38cb41f7286eeac937c1892beb807a132f4ddfbba000a9d08fb35749c6a491763ac52c7557ae0bd2cd950823dc9ab1724303ca05f20f31ca7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bf53.TMP

MD5 3def52b126eba7fc7a07332281311df0
SHA1 8c370abd85666213c06abd9db5f1866c1cc65a08
SHA256 782a5d1636f3963e097fa2de28f9a674da6095d1be54450d703cf43b13567d97
SHA512 e0761bbf7e0f28dd919bb1d66ee10d09ac08f74b838db767a342039e99fc9ea6c684c03ba8438629871a3b6985e5e097351d3425dfe618d1969732f3ad7a9a75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 7b576ab0dceac99eafd1130a16d5a3c6
SHA1 cbab4dab0f8dbaccf56d2685e06cacdec6e07472
SHA256 e0bb65e955923e9b024c49a2712234ac9d7b3936b64e1562dcf14cdd1a3b30ce
SHA512 78991d20f166b85b95965b0132eaafe41c1303bbcfe5841fc87ebb1eb1a7687cb76215e4878b4123f6dc369534ac8e70e1fa3949b6f930432b3681bf9268852d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 bea64c447b0f2a1012d0ede8e09e700d
SHA1 03c4e014a1ed074ed2611b5889ed79b6f1ed8aa6
SHA256 34dcdd7a5b57897d1eb1a2620ae5bc31d4b5d80e761e62fb8cd3c2a3b907241f
SHA512 ac1c4b495b990d8fad333f54d3e61d5573efb7a0c7c584659cea48be8d4857461bb011b1f2a4966cd714bb9252cc1750e8e53f2203418ca19fcc8143fdea6b76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 45a177b92bc3dac4f6955a68b5b21745
SHA1 eac969dc4f81a857fdd380b3e9c0963d8d5b87d1
SHA256 2db3b6356f027b2185f1ca4bc6b53e64e428201e70e94d1977f8aab9b24afaeb
SHA512 f6a599340db91e2a4f48babd5f5939f87b907a66a82609347f53381e8712069c3002596156de79650511c644a287cbd8c607be0f877a918ae1392456d76b90ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 9d8cfaec22e61ca1b7cc22df63743709
SHA1 f88ffc0756ac9e7f5760076f741af490fcc8fc1a
SHA256 4e571a58acaa3f7fd70b6f4777a62cf09be98de4ae06ab86e8795c05f3b935cf
SHA512 41a35dcfccf501c7bee5b4febbb8a7cedf15c21921d4617dd48acf11af7e158b0ea92eb0476365a24eee760f66f6b32cbc17b8b3b247b89d4eb7a5ffa9199097

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aafc29eb0cec753a21ba82de236ec1fe
SHA1 ec31c2e7dcaa5307751e520833d699d10326b103
SHA256 a430f3509ef61a2e513d5b3e821ed0ec8ca19ced4d6fdbd59a585dd6868860ab
SHA512 b0f474bb29a9f5bb7473c256cd130c5f264c35f5bb4da9d20f4e197d993c4f9295243aea24c63a0f5d05cd2bf03f5e5d98d58c89106cf4f91ed55529adbe2b29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a77859c2b07b0bc07a3fe602b6a8da60
SHA1 28a114a680140f3154c0fb3f68943de9f31a8e25
SHA256 088ea600122ebc913855c12e6bb59906c888a81402a44d6f632194d28c9e97dc
SHA512 2d4aec8f67b48f788c038c5a261f0fdebca02f945f5da2c824d84fc117689a68b4f65f1ff044dac9069aae6f127e5f4b94839ddfcaea659267f41a39880b4045

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 8edb759bfdcc3114a4f8216e1c7dd5c4
SHA1 fe4b43eca82cd5fa5be69767e5d79406d83aeb41
SHA256 49ffb76589c1ad70745710486e8b35f7ee9c5f28d391ba699de71b6ea49d4ef7
SHA512 261727f576e806a3b4001c8b1d75d2cfcb8be9b0d3e5acdd3e3aa9e959eb068d9c9749f058dea2390586c130722ee622dededebdfffe70fa375c0fdff0754f71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bab2e289d0046ce7ba282f9632b231c8
SHA1 be2df9f59d38c18a7e5fbe95a713880e350c0077
SHA256 803ab2ca404da87a567d611babc88cc5d8637057faa3bac665b257c02afa0819
SHA512 057c2e01937004177c2479960028b7e45f73968203f609ae0860f3963423c3dc5ec0ca082c3789b7be6a6d4d505def63242eebd082ec256a7c46fd48132d2230

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fdfb6d7dd55b075a5d1ce125e40647c2
SHA1 672d5a863f22a630f3df2069679539ba8ec5ad9a
SHA256 88457b4e9bd05d77c60c3a1396c42b0793ba6cbc130253b559341a6b47af8abb
SHA512 ed14d40883e0580562ac1636e7e7e1b1955862f04a55d255151eb33668c4fd4df386010ecc4688b397775e08eb9c8764f93f453f11d1d77758cccb7cb552bcb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 e51f388b62281af5b4a9193cce419941
SHA1 364f3d737462b7fd063107fe2c580fdb9781a45a
SHA256 348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c
SHA512 1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9e32d1116df76bcbd472422de8e7c1fe
SHA1 9147c051e51bafb1a0493ee1fc7ec921983371b7
SHA256 300a882b67217ba6bc089f384b8983ec21781d6096830232f60054e80f105c03
SHA512 c0ca506e9f6afd0de4615401ab57aeca8fb84abf8341e7ba2a3d6028a556d1277edd0540a56f39f7ed311319022fbd58d3af5d74022c209613b2db2de1c89d03

C:\Users\Admin\Downloads\Unconfirmed 223891.crdownload

MD5 27b141aacc2777a82bb3fa9f6e5e5c1c
SHA1 3155cb0f146b927fcc30647c1a904cd162548c8c
SHA256 5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3
SHA512 7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 de6067c69d405828b06317231eece1f4
SHA1 d887e026a9aca121cec5ed0c8cfb0bacd23850e3
SHA256 955c058ba15a781d081ba5a9958eb78e10cc36a2a2d2569906c3fe62866d431d
SHA512 3c768244d163bf81bb7237c23de97f592073d314d278dfad011e398b5b98fddcb5916d4793132d2e1f3d0a2be904d09b63cd63efd76dde2ede37d6396e7b021b

C:\Users\Admin\Downloads\vc_redist.x64.exe

MD5 27b141aacc2777a82bb3fa9f6e5e5c1c
SHA1 3155cb0f146b927fcc30647c1a904cd162548c8c
SHA256 5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3
SHA512 7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

MD5 4565435f13b9b7c5719a84d34a03aa6b
SHA1 1fd3f24148a349c4001c449529901c27ef13400e
SHA256 5df4b43ec8eee08e61d9f5286bb0046630a8ee78d7c5f65927bda56506ccca86
SHA512 b3867ba6bc400dc73cf717f2abd3bc32afb0f92eae79f6a70eb827643d468af1de5e28b7e672c6a7ba81c9b548dcd2a60677a62b3a2675550ab6438bead2f462

C:\Users\Admin\Downloads\vc_redist.x64.exe

MD5 27b141aacc2777a82bb3fa9f6e5e5c1c
SHA1 3155cb0f146b927fcc30647c1a904cd162548c8c
SHA256 5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3
SHA512 7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e67451f30578daa09a3537303c7861ef
SHA1 53bb7b06338a015e017d5a5e0290f57c2be51e2d
SHA256 41a0aa35255dcb6f89ea4154861357637a193a3681d8fb4e2f8e12f96ecdcc27
SHA512 7e9738b69407ee53cdfb3f9f835347d836daf7b8c1e4a8ed1b7feba5efd9d6316bae74f26b0df1455cae91f179a9a2fd222f7ba6c289e0c9556f575398288919

C:\Users\Admin\Downloads\vc_redist.x64.exe

MD5 27b141aacc2777a82bb3fa9f6e5e5c1c
SHA1 3155cb0f146b927fcc30647c1a904cd162548c8c
SHA256 5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3
SHA512 7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

C:\Users\Admin\Downloads\vc_redist.x64.exe

MD5 27b141aacc2777a82bb3fa9f6e5e5c1c
SHA1 3155cb0f146b927fcc30647c1a904cd162548c8c
SHA256 5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3
SHA512 7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

C:\Users\Admin\Downloads\vc_redist.x64.exe

MD5 27b141aacc2777a82bb3fa9f6e5e5c1c
SHA1 3155cb0f146b927fcc30647c1a904cd162548c8c
SHA256 5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3
SHA512 7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

C:\Users\Admin\Downloads\vc_redist.x64.exe

MD5 27b141aacc2777a82bb3fa9f6e5e5c1c
SHA1 3155cb0f146b927fcc30647c1a904cd162548c8c
SHA256 5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3
SHA512 7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

C:\Users\Admin\Downloads\vc_redist.x64.exe

MD5 27b141aacc2777a82bb3fa9f6e5e5c1c
SHA1 3155cb0f146b927fcc30647c1a904cd162548c8c
SHA256 5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3
SHA512 7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6fe52a76b511027e5e0628aa55da72ef
SHA1 72b002fd944e5020a110294b6bbe21034fe7ce8d
SHA256 c566cac0180b7f3a25213e6a9e46759f34e5d8217f3f2dd82ae58285f849473b
SHA512 89871045302d0b442760d8f4b018aee3c1c4be4509d199e872ecd03c144ffe0e15b66a5f3f6168fb6929f051cc55bdede2ca9d6ab79c191abef0b02e5f4f4868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f50126b988de2d692ca805b8a7783e7a
SHA1 ae0e34c426f5a93c86344930d12d736d34d011ae
SHA256 bd48e8325ab98a2bf7e5bd902b05b36b38c7fc2a4ed2045de8d0ee593bc17cf5
SHA512 83841a1d88eef850b9a5d833dbe1731dfea90fe3376c8e5fafcd89b0024be18d453d1127abe372413d842b97ff218313c44d96968116ca88190e08ad24e4ca45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 df8be4be4e7e4321d6352fdc8ee8afc8
SHA1 e106e8bc83f27fc8064dc032880f72fe6468bf8a
SHA256 b97758b956fbd45442123f19cf4c832210aa4280df9c70514ff321e41c716fb7
SHA512 612144517296740537ee986eb10ebcfa0ed2a065796f6f760ac1f2905d9d3cf35529fca9db0ee06a8ec099a2d2cf0ca987adf56e95892e14a062e3468aea0d32

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba3\wixstdba.dll

MD5 4d20a950a3571d11236482754b4a8e76
SHA1 e68bd784ac143e206d52ecaf54a7e3b8d4d75c9c
SHA256 a9295ad4e909f979e2b6cb2b2495c3d35c8517e689cd64a918c690e17b49078b
SHA512 8b9243d1f9edbcbd6bdaf6874dc69c806bb29e909bd733781fde8ac80ca3fff574d786ca903871d1e856e73fd58403bebb58c9f23083ea7cd749ba3e890af3d2

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1029\license.rtf

MD5 fd8353f3bc88a47b8880b59a5dad3f03
SHA1 22e908ef2dd80221cde6c2bb1ae27099c5f5697d
SHA256 2428e8ba8fc9648422333b6b4b92fb476741fc1022de7cb59d030ec35cc21ac7
SHA512 44ff2df62cb7381eb247800ca4b9566747e1a7a2a2321a002d7f49681ecbc5e797c91b56ea80b99565d3acfcd38dd1444c616a7e17f5f4d2923e6124e99eb7f0

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1040\license.rtf

MD5 1d07e27f97ce22a58780a04227be6465
SHA1 2fcd519823f1664c59a959acbee37093ec94f62e
SHA256 f1214784c57aa3323426af64d132045970717994eba500b25283684dc1adebaa
SHA512 d66965269c9ea755266f9a76221528213648e2aa7ab2e6917be356ece279acf69d0c1982fe3c4b8bd1bb79a094abe98ae6578c6f6ec311d46cd2950390b23fcc

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1049\license.rtf

MD5 eff73c35db2d6ac9f29d1b633c984a95
SHA1 05e1a450fd077607612aa0506143140ccc8017b9
SHA256 f00a2a67106ca3badb4c233951a262ec0a9bba3151e1d8da0362dcada7928dcd
SHA512 1d89c50b2b2ea63dd464268dab4272991d51e2d27a407440585be855d86e06b5982f685d797e8f7917e75512f72cc1496ff5f21466b4a649aba43458d8dbe8b8

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\3082\thm.wxl

MD5 47f9f8d342c9c22d0c9636bc7362fa8f
SHA1 3922d1589e284ce76ab39800e2b064f71123c1c5
SHA256 9cbb2b312c100b309a1b1495e84e2228b937612885f7a642fbbd67969b632c3a
SHA512 e458df875e9b0622aebe3c1449868aa6a2826a1f851db71165a872b2897cf870ccf85046944ff51ffc13bb15e54e9d9424ec36caf5a2f38ce8b7d6dc0e9b2363

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\2052\thm.wxl

MD5 3d1e15deeace801322e222969a574f17
SHA1 58074c83775e1a884fed6679acf9ac78abb8a169
SHA256 2ac8b7c19a5189662de36a0581c90dbad96df259ec00a28f609b644c3f39f9ca
SHA512 10797919845c57c5831234e866d730ebd13255e5bf8ba8087d53f1d0fc5d72dc6d5f6945dbebee69acc6a2e20378750c4b78083ae0390632743c184532358e10

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1055\thm.wxl

MD5 defbea001dc4eb66553630ac7ce47cca
SHA1 90ced64ec7c861f03484b5d5616fdbcda8f64788
SHA256 e5abe3cb3bf84207dac4e6f5bba1e693341d01aea076dd2d91eaa21c6a6cb925
SHA512 b3b7a22d0cdada21a977f1dceaf2d73212a4cddbd298532b1ac97575f36113d45e8d71c60a6d8f8cc2e9dbf18ee1000167cfbf0b2e7ed6f05462d77e0bca0e90

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1049\thm.wxl

MD5 17c652452e5ee930a7f1e5e312c17324
SHA1 59f3308b87143d8ea0ea319a1f1a1f5da5759dd3
SHA256 7333bc8e52548821d82b53dbd7d7c4aa1703c85155480cb83cefd78380c95661
SHA512 53fd207b96d6bcf0a442e2d90b92e26cbb3ecc6ed71b753a416730e8067e831e9eb32981a9e9368c4cca16afbcb2051483fdcfc474ea8f0d652fca934634fbe8

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1045\thm.wxl

MD5 15172eaf5c2c2e2b008de04a250a62a1
SHA1 ed60f870c473ee87df39d1584880d964796e6888
SHA256 440b309fcdf61ffc03b269fe3815c60cb52c6ae3fc6acad14eac04d057b6d6ea
SHA512 48aa89cf4a0b64ff4dcb82e372a01dff423c12111d35a4d27b6d8dd793ffde130e0037ab5e4477818a0939f61f7db25295e4271b8b03f209d8f498169b1f9bae

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1042\thm.wxl

MD5 b3399648c2f30930487f20b50378cec1
SHA1 ca7bdab3bfef89f6fa3c4aaf39a165d14069fc3d
SHA256 ad7608b87a7135f408abf54a897a0f0920080f76013314b00d301d6264ae90b2
SHA512 c5b0ecf11f6dadf2e68bc3aa29cc8b24c0158dae61fe488042d1105341773166c9ebabe43b2af691ad4d4b458bf4a4bf9689c5722c536439ca3cdc84c0825965

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1041\thm.wxl

MD5 dc81ed54fd28fc6db6f139c8da1bded6
SHA1 9c719c32844f78aae523adb8ee42a54d019c2b05
SHA256 6b9bbf90d75cfa7d943f036c01602945fe2fa786c6173e22acb7afe18375c7ea
SHA512 fd759c42c7740ee9b42ea910d66b0fa3f813600fd29d074bb592e5e12f5ec09db6b529680e54f7943821cefe84ce155a151b89a355d99c25a920bf8f254aa008

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1040\thm.wxl

MD5 d90bc60fa15299925986a52861b8e5d5
SHA1 fadfca9ab91b1ab4bd7f76132f712357bd6db760
SHA256 0c57f40cc2091554307aa8a7c35dd38e4596e9513e9efae00ac30498ef4e9bc2
SHA512 11764d0e9f286b5aa7b1a9601170833e462a93a1e569a032fcba9879174305582bd42794d4131b83fbcfbf1cf868a8d5382b11a4bd21f0f7d9b2e87e3c708c3f

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1036\thm.wxl

MD5 7b46ae8698459830a0f9116bc27de7df
SHA1 d9bb14d483b88996a591392ae03e245cae19c6c3
SHA256 704ddf2e60c1f292be95c7c79ee48fe8ba8534ceb7ccf9a9ea68b1ad788ae9d4
SHA512 fc536dfadbcd81b42f611ac996059a6264e36ecf72a4aee7d1e37b87aefed290cc5251c09b68ed0c8719f655b163ad0782acd8ce6332ed4ab4046c12d8e6dbf6

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1031\thm.wxl

MD5 561f3f32db2453647d1992d4d932e872
SHA1 109548642fb7c5cc0159beddbcf7752b12b264c0
SHA256 8e0dca6e085744bfcbff46f7dcbcfa6fbd722dfa52013ee8ceeaf682d7509581
SHA512 cef8c80bef8f88208e0751305df519c3d2f1c84351a71098dc73392ec06cb61a4aca35182a0822cf6934e8ee42196e2bcfe810cc859965a9f6f393858a1242df

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1029\thm.wxl

MD5 16343005d29ec431891b02f048c7f581
SHA1 85a14c40c482d9351271f6119d272d19407c3ce9
SHA256 07fb3ec174f25dfbe532d9d739234d9dfda8e9d34f01fe660c5b4d56989fa779
SHA512 ff1ae9c21dcfb018dd4ec82a6d43362cb8c591e21f45dd1c25955d83d328b57c8d454bbe33fbc73a70dadf1dfb3ae27502c9b3a8a3ff2da97085ca0d9a68ab03

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1028\thm.wxl

MD5 472abbedcbad24dba5b5f5e8d02c340f
SHA1 974f62b5c2e149c3879dd16e5a9dbb9406c3db85
SHA256 8e2e660dfb66cb453e17f1b6991799678b1c8b350a55f9ebe2ba0028018a15ad
SHA512 676e29378aaed25de6008d213efa10d1f5aad107833e218d71f697e728b7b5b57de42e7a910f121948d7b1b47ab4f7ae63f71196c747e8ae2b4827f754fc2699

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\license.rtf

MD5 eba5faa2129cafec630b82adae942aa9
SHA1 52ba1e75accbef329f64ea75111666f643d8987c
SHA256 4d7b2abaab1c0d46260e5d48ad4ce4bbc3ec02c660838a9a578f1bead68d6b35
SHA512 2bc372d51ff28be5a7d8a957e3d98093d5cd8f88efa5dad914d6d5313cabbfbd1e93fff7ba46ff1ed90f9074f4d03cf8a244b9d22bcef88c562ff577921cba8b

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\logo.png

MD5 d6bd210f227442b3362493d046cea233
SHA1 ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba3\thm.wxl

MD5 fbfcbc4dacc566a3c426f43ce10907b6
SHA1 63c45f9a771161740e100faf710f30eed017d723
SHA256 70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce
SHA512 063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\thm.xml

MD5 0056f10a42638ea8b4befc614741ddd6
SHA1 61d488cfbea063e028a947cb1610ee372d873c9f
SHA256 6b1ba0dea830e556a58c883290faa5d49c064e546cbfcd0451596a10cc693f87
SHA512 5764ec92f65acc4ebe4de1e2b58b8817e81e0a6bc2f6e451317347e28d66e1e6a3773d7f18be067bbb2cb52ef1fa267754ad2bf2529286cf53730a03409d398e

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\3082\license.rtf

MD5 64f1444d27e3f3489f057e7280e9c973
SHA1 3ddc843d2021f62994c6ed35ebc8a193c4045994
SHA256 55929413b6a530f8c4acbb1e7eee81fb9ed0bd64af5cd26d6f5637cedfaf0a2d
SHA512 8d9ac8300c5a6815d2afa02a54f23cb3a8b28192fa504c26f747fa3d4e70deb55f8c19ca4abf6e93856bcd1f1d9636a95e4e8f134d8d1e4ecc4081579f5b27cb

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba4\BootstrapperApplicationData.xml

MD5 92606440ab8ba761a3e9b291f03d2181
SHA1 f1109649b5b2e692f69539f34bb21f12e50a7ad5
SHA256 bf16d6bb90582a87ef4bcae91948bfd04bc1af5ca153f288917334affdeaca42
SHA512 86fef47891054873840dcedbbcea30c04b3de559f3e5b9d49146ebf290ad4fbe26ab95e43696a0d2c8d8fb2815dae20e4b27b9a382dddb777e92ffde3092c2fe

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\2052\license.rtf

MD5 31afec54446e496ce2a1d1cd3b257738
SHA1 e2b4f4cf493929ad01edb33d9034f9129a15742e
SHA256 63f463f0ace41fa088acfb70f501db47e3b83600db31538d8daba010e6b83d42
SHA512 8f2bc3343109ce6c0e3ef9e81cffe96a70a56d5c5c28ee3ed2f933189818269c06a9dcf3b8783cc1ae0b379aa53a899cd6aaa59be7a9e0f9e0d51e587a533829

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1055\license.rtf

MD5 362f60f539b629bf59021003f426583c
SHA1 c9dba340889aafd07996a8bfcab7c14f404e07a6
SHA256 1e602773f3071636e0f9c6b27037b7b4094dc26f7c2fabcdf3287bc9bcaa8652
SHA512 10f475bb075ebc597cfe1d2333f9b4b26109fec974e4517e9f77bc30d609ed47619f4347124274f85e9277b14ef52d7863d311bdc4176e7ae7fcb009420b15c1

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1046\license.rtf

MD5 137a9579ba2e02ebb87817440fcbdcb9
SHA1 fe033a175d4f0c766b95d67d5da933c608323159
SHA256 42dc678ef9d5e4e147bf178ffe2fa3cd4bbbf9c904872b4e344d8bb22c473ed5
SHA512 601d98c7994ea569cf5d0c74d4357503773cce1ec1d1701fc363fb66aa003c968900cd56a0702b3e8661da157367755b40d473fa870800936b02980b021931c8

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1045\license.rtf

MD5 a0d88589a339e57e412ab01e763d6a27
SHA1 e4b954832036d98943f2380dcce636473a84f9d5
SHA256 898d5ca01a3271d97350d06a6ccdb8803a176bb42baf7e2c8f76c9037235ca8e
SHA512 504e3939e96ec78e59ecda356b463b2e54aeb94026b97669428730acb202d73db510fc9c6b5060ac48dd564e0dd9896e1b65ab7e1d30c58c9f2a954cb585d704

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1042\license.rtf

MD5 f6e7a2a05efb4413295c156a179578a3
SHA1 91036034ca0bbd9a30bfc0bc2045791d57e94005
SHA256 dcefd9b37d78f37ed8aaef70ac2bfcde441dcfb97469a6aa6af89c1ffadbf814
SHA512 029aa788a5b6e0194d5a52005cf0327c375196e54f7ebbce2758a3e6684d6ddf6765519564c272abf5ebebeaa5a1b4b3c3f0dc9b5377df151dca825fec02dbdf

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1046\thm.wxl

MD5 be27b98e086d2b8068b16dbf43e18d50
SHA1 6faf34a36c8d9de55650d0466563852552927603
SHA256 f52b54a0e0d0e8f12cba9823d88e9fd6822b669074dd1dc69dad6553f7cb8913
SHA512 3b7c773ef72d40a8b123fdb8fc11c4f354a3b152cf6d247f02e494b0770c28483392c76f3c222e3719cf500fe98f535014192acddd2ed9ef971718ea3ec0a73e

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1041\license.rtf

MD5 0d9dd57746d5609494b35314fa88fd93
SHA1 8a7a57681813ae27f9579427b086685143073d13
SHA256 ac0d8e0eaab1875909a6a6f106a37cd7468f87f71887a44263f5f0178f99c40b
SHA512 e365c8416c70581bb31629b8ec62c6581539a80c7a4c06d489c64978d84c55b37dac72c09d1a89a2344e07f0f59beb4f371d9c78f92d9903f431b3f0b94bbaf8

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1036\license.rtf

MD5 6f70759df32f212dbb65464258eceeaf
SHA1 f8c597e00968431a66dcdd79a8de95705976d39e
SHA256 c7f03da5d9a7f689b8dcbd507ff0b3fa98daba55616f902e5e47e9839b753e1f
SHA512 99309c17af1a323ab905a3b610b46b9ce9201cf7083103d990cc4c6b509f28743d99a9bc17dfa7e89ede4496bac30fd86c9356aba9f292bfbf591ce6b6b7ef3e

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1031\license.rtf

MD5 b4a1f60a329e18dd44c19f91e19e9a0d
SHA1 9a27b68a23be4aa2cbd1f0f4d4616df52a74134f
SHA256 c017edfe3b0d308e20fbf3de8795fd4451a530475a2d0ee0824e166045eadfb7
SHA512 d7e571b66271f82c275fe7b83c67679352b9b37aacbc13692346f8d56d01f4c61001b46c64f118f3165de39b5f6dd625703996e1a181743bfdf2263f50707067

C:\Users\Admin\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba5\1028\license.rtf

MD5 efa0e0316dbe1d01b04db8ae55216e89
SHA1 99e9a3879e14465d3abe47e03a0eb52ecb7c1fcc
SHA256 d5147ee2ba7826d5b68e0dc10fc2ac95079f89c38264c5648d924dec9290d085
SHA512 b544d5c585981ddadf1822403fff5a4765031c2b484ab88a821c626b88ca3286269b1914e2f39b7d25ae748b69c8bc8d5ce7141bf72acacc09e1888f623c3e38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b1fbf1f47d1def7a307d0d2df515f619
SHA1 41c7a253c1a96fb3ffb1e5ff6f97c377714a259a
SHA256 c3b96993d68761d5e7d7c5a53e9bccddc02daf7db2ab78bf6e075ef7b825b77c
SHA512 9c1c9d7ec5615f2cba15211b3443d092de5f38527a7bd86b2c716042dce5bf40f5f7fce28bd0e555d39ae7c64fc0f9c9157ea8c13c70ad93e94a194a9d74dd75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7eec02903aa6d194c7b9b80b0fb24106
SHA1 b4d1705fbc44a024eb1d20b572749b94d0f82f4a
SHA256 6137417343582e5a25815e5e3cd4da5a26f583ecd06ab83558246628134d4430
SHA512 7d641ecfc99e2dfe2b7bc842e02fa800e353575c32b072e6c4e0478fcd8b147cf9eabcd06aa17edfddef82bf132af93a94b5b93114c950b343272d122b25e39e