Malware Analysis Report

2024-11-16 15:50

Sample ID 240204-kz6d5adgg4
Target https://www.youareanidiot.cc/
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.youareanidiot.cc/ was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-04 09:03

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-04 09:03

Reported

2024-02-04 09:05

Platform

win7-20231215-en

Max time kernel

107s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.cc/

Signatures

Detected google phishing page

phishing google

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLs\url3 = "https://login.aliexpress.com/" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLs\url5 = "https://login.live.com/" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url2 = 0000000000000000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 707266174957da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000d5599129948fbc4e88b999a9f43e7eb91a91f85ab652be063529fa14c54bee20000000000e800000000200002000000093e8568bb99244e4fe68f438d18020994586fea4dede81e7963a4ebf7fec04969000000052dbe849250d3317a071b283836544a0d7da93fb1b154901d2ae307fe352e17d407f88b3ac842fe3e39d67d6b5602dfd0888bfe54db2ab55aaf15cf905b5f26d2fcc2a52f369520c96108410631e0e635d8bb5337e19893ce37aa364284ee9282714f16a1103cd1356c53699a7f01e3ee820876eecd93632ac7e384bb74d41314430f3d7b302f0b7d00a0d05f131e58f40000000732c3cab98e2d85643fd793c58d887dabf69818ae3bea7a0c959d5d4a097e42a8a7d0aa1116f71f4490137f7e840ff2093d6b0c7cac23dc95127b5b00a507e29 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url3 = 0000000000000000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLs\url4 = "https://signin.ebay.com/ws/ebayisapi.dll" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLs\url6 = "https://twitter.com/" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413199274" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url1 = 58c325384957da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url5 = 0000000000000000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\AutoHide = "yes" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url4 = 0000000000000000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLsTime C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "yes" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a0000000002000000000010660000000100002000000070b44349e0ed64768d66817ed3e3bbc1b2a63d5e2a02e42a405fbca67346904a000000000e8000000002000020000000fb5ef919d0284420c4cc92c6428b8779d98b9f919fe126ea441650c9b9bba84b200000003fce1758e4f08dfacf370b8eead79ca8f34b6a1037f17981907c8920f38fda6f400000009bb9e22a87d79bed5732272d6bf02c295726dd90263ba1912fa2291b425203dbf41e87cc2549de033282e3053a8ce4fe39a588fdde91b49f3f4c6203a7d1418a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{42510C71-C33C-11EE-9439-EAAD54D9E991} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLs\url1 = "https://youdontknowwhoiam.com/" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLs C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms\AskUser = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url6 = 0000000000000000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLs\url2 = "https://www.facebook.com/" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2496 wrote to memory of 2208 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2496 wrote to memory of 2208 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2496 wrote to memory of 2208 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2496 wrote to memory of 2208 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1892 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.cc/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2496 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef64f9758,0x7fef64f9768,0x7fef64f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1252 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1432 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3400 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3628 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4040 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3408 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2700 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3452 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youareanidiot.cc udp
US 104.21.95.69:443 www.youareanidiot.cc tcp
US 104.21.95.69:443 www.youareanidiot.cc tcp
US 104.21.95.69:443 www.youareanidiot.cc tcp
US 104.21.95.69:443 www.youareanidiot.cc tcp
US 104.21.95.69:443 www.youareanidiot.cc tcp
US 104.21.95.69:443 www.youareanidiot.cc tcp
US 8.8.8.8:53 api.bing.com udp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
GB 92.123.128.133:80 www.bing.com tcp
GB 92.123.128.133:80 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 92.123.128.133:443 r.bing.com tcp
GB 92.123.128.133:443 r.bing.com tcp
GB 92.123.128.133:80 r.bing.com tcp
GB 92.123.128.133:80 r.bing.com tcp
GB 92.123.128.133:80 r.bing.com tcp
GB 92.123.128.133:80 r.bing.com tcp
GB 92.123.128.133:443 r.bing.com tcp
GB 92.123.128.133:443 r.bing.com tcp
GB 92.123.128.133:80 r.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.133:80 r.bing.com tcp
GB 92.123.128.133:80 r.bing.com tcp
GB 92.123.128.133:80 r.bing.com tcp
GB 92.123.128.133:443 r.bing.com tcp
GB 92.123.128.133:443 r.bing.com tcp
GB 92.123.128.133:443 r.bing.com tcp
GB 92.123.128.133:443 r.bing.com tcp
GB 92.123.128.133:443 r.bing.com tcp
GB 92.123.128.133:443 r.bing.com tcp
US 8.8.8.8:53 theaviary.me udp
US 185.199.108.153:443 theaviary.me tcp
US 185.199.108.153:443 theaviary.me tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
GB 96.17.179.184:80 apps.identrust.com tcp
US 185.199.108.153:443 theaviary.me tcp
US 185.199.108.153:443 theaviary.me tcp
US 185.199.108.153:443 theaviary.me tcp
US 185.199.108.153:443 theaviary.me tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 youdontknowwhoiam.com udp
US 34.205.242.146:443 youdontknowwhoiam.com tcp
US 34.205.242.146:443 youdontknowwhoiam.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.212.206:443 apis.google.com tcp
US 8.8.8.8:53 youdontknowwhoiam.com udp
US 34.205.242.146:443 youdontknowwhoiam.com tcp
US 34.205.242.146:443 youdontknowwhoiam.com tcp
US 34.205.242.146:443 youdontknowwhoiam.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ogs.google.com udp
GB 172.217.16.238:443 ogs.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 54.161.222.85:443 youdontknowwhoiam.com tcp
US 54.161.222.85:443 youdontknowwhoiam.com tcp
US 54.161.222.85:443 youdontknowwhoiam.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.178.14:443 consent.google.com tcp
GB 216.58.212.206:443 apis.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.46:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 rr3---sn-1gi7znes.googlevideo.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
CH 173.194.160.72:443 rr3---sn-1gi7znes.googlevideo.com tcp
CH 173.194.160.72:443 rr3---sn-1gi7znes.googlevideo.com tcp
US 8.8.8.8:53 rr5---sn-1gi7znes.googlevideo.com udp
CH 173.194.160.74:443 rr5---sn-1gi7znes.googlevideo.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.246:443 i.ytimg.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 172.217.16.225:443 yt3.ggpht.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.206:443 consent.youtube.com tcp
CH 173.194.160.72:443 rr3---sn-1gi7znes.googlevideo.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\favicon[1].ico

MD5 0b6dcf9c1429088c7f079d7cc291bb66
SHA1 d23f9a17c55011a829c1365bcba999b27c4115f4
SHA256 4b0358b16230208179720a09d205b99a3e9764e63815b09e9f1716a02fccadcb
SHA512 50b3d19252cf4601c93108639c0c82cd578c1869aeedbb327a7f917c7c9142ebe893347c9a065ad8dbd61b0edcb160b5169b7272c2f3a3f807649b007461ab74

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 e7a1109f7f4b4a43c58c35b0d593b695
SHA1 69b018e30fa2b9c55f25fa8dd7ed05eb9b9e21f8
SHA256 1f56373614c2cabba3a186a70da160022da8a03b1750664ffb6d6e805aa9f324
SHA512 e9ed690fa78d438934e99b7a58b2ef46e78507f58ad9b0a706693b58ecc77bfacb52b998bf0e955bda0f189085318538e7199f6ac89341aa1e7d13c255a6e63b

C:\Users\Admin\AppData\Local\Temp\Tar2540.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab253D.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91fa5bb9eed34d5475215afbb2ed5e9d
SHA1 3dc200eb54cb305c65d8e3072dc8a6bda08a260b
SHA256 a900afff7ec7840480b460f36e866cef3735fda1355a560fc3268fd640265afa
SHA512 2e073116158480ff79615436104ce91c51715ed4d282275b7049229809f826b50572fb4fa5524c9db39e9cc00cfa93efe0b1ceccfdd3877465334662a0618605

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27df42691612ebe27b51cf20d4b9ff45
SHA1 711ae7300b9216d0681c273fedd20b851fdb785b
SHA256 e633f2cf2901eff18d6a3eb7e543659401205492a81145f35eb3a2344ade0644
SHA512 3c732bf362f8949b7a8aeef9ace027f989f64d7cae3bd14fbfce7b42d1276c6b818af8706859f17d0666476f22027c25146092c2316d6b8d4f493ba2a7311456

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bf3c67bf7dbde0e695ad0d42b62ce63
SHA1 5b92a3c2e2ecc237cb75818e04757dfb69f53856
SHA256 3bae7d1917c839e2f3a72903be8e1d0b43750f4df718652cd11d81af66ad9643
SHA512 d45a9d03f3feb607f8cf4904e07ec7832ba2306cc151def74de1b02b47288a42e3324f5c89f1e8aac29317af0cd7d6ae767e883ba5dc89b4b9d734850230ccfa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58ab4ca0c8471218c650107f0a5031be
SHA1 d1edb234fb243fc3c7df87671217b49d807d32ac
SHA256 75272c952789c28f4efe80028d89c5b22875ce5846ab7151b7ee933012f94989
SHA512 5bd00048ea424a7b96f072c2025dcea1e4968da6ee9ebbf14c82b554065ec7ada6d6d0163631c36f8ddf81b724053b81db20754b9bedccf18aab8db014055cca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09de9ffc32bc5f9171658dffe1db4b7d
SHA1 06f66cff618cfbcfc910fcf9ae16f53dc474eb5c
SHA256 db98e6d3be8afee4283d048c4d6fab8cd9a0193e9e64dd247fc04fefed2b52ab
SHA512 a97d617d0a94633820c53cc0dd54013c173a7a4c5ac0b425ac22b37058ba89df984ae975769b8e102755a45c757a547fb667a3eff799efbb146620cd710167eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67532980e058c279977dfc6fa7b97cdf
SHA1 6cbd6b1f8cd6b7f4f7d4accaac7a3d7edc9446eb
SHA256 18e8e2a8818184608ece381c7fd4bd0887a3f83d4fe7021d3d44a90157028720
SHA512 f3fefaef34db277e57b72d594c99f8de4ab4bc5306162e821b76fb74d0a368104f542215dbb1d5148bd9b76b889f1ff84e322bae12d59ebd972fcd5642b92900

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e26112f84c965613a163084f7658e8c2
SHA1 bcb6f8cf8b9ed2f2e933a5f797a1e968362ded0f
SHA256 a25adc042901060ae905fcfc35dbffdcccd29116a4d5704a44cc1aed42ee9780
SHA512 49514d6d81dc9727b16d3dd2c05422319d16bc47461d4aaca999eefd507bc7094a74cb30ae06ef895d97d29187e70be8ccc19f337082827081c798cfd12414c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e39180669ec43ea5b977e383a85da64d
SHA1 6935227c9f964ecb44e3b893cc09bebf5a4827f1
SHA256 209ccd8d1eae4d53ac196a7cf8739f59c4fb8c1a4c1a592eb00ea2011f432ae5
SHA512 ee6584bd50b4742d2e848f53722e04da3c4416540260f5be2a85f793dcf7c5a1e50f3167f5280ed47f861e6fc0a3aa492d42749cf4f115b21b3b901517644e1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84f9d6668de24efef66e21f87072d7a9
SHA1 aebd251669e816ea049a875d9dc65b932788df26
SHA256 06ef3be2816eac25d7d93b9020063711b02cb013902dcf16e177554ba456db36
SHA512 1e3e89b385e8bdefbc42063ea3d9fb18d61edcca378f4b3f1409818d975bd470bb253da1c9548dda1595658c2b279050ef73483b75dfbb96f6448c582f8bf07d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\qsml[1].xml

MD5 514f66e77a08799f9f92e031aa2d754d
SHA1 f09a050f8ef2e5a3ca22d5b072e21f5322c5dbc5
SHA256 8f8047de4645d98e025f60051224e2b47191a42dd0870a8c5c002127fb1240f0
SHA512 e6fb51ef45d314009f78a0cd1af8bbaa1c99e5aa89a14d5c9c0ddd0ef223c2872c69139e6b1c55b67b235b7bfdaac814caede901b4a4facedd6b89cb9a0ddff8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\qsml[2].xml

MD5 510fd81a4fbdbe5b8a8e462a5352b0a0
SHA1 8e4388191e00466a17262fb1c63e200fd3eef9d7
SHA256 dee64cf133c99a443cd25fcb5cd0e0d045c14021fe701f6a704d5a81a5893c23
SHA512 c915d0ec3d2de6713547e69e67ed82b3244f0894814533ff4f32b479d0fd4b7d8d94b7a0b16c5e84faff9d0b72072b87d112fa4448ef98fa687b6499ef37c53c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\qsml[3].xml

MD5 a4aabb3e7540271a1f8f255be11f7c7d
SHA1 4797e7ae3a20e7055e9122a44b459fb9dcda0fa9
SHA256 93372332846a25e6cf7d464dc89318c38a797c2a78910de55f33e4f0790ba334
SHA512 e662d9ae91047c4363c5c2f75a4dc782cdb9dd86a5dfa2057c1af4a9d1cff1c01526af7b42e916d2dc53d2b6a3b2b4e159d80ce8f89f7c008695bab4216ed9a0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\qsml[5].xml

MD5 f3b28831ba8d86defced8c389c6802ae
SHA1 50f01b112b38b6cc55ba74cabc547b478e94ac94
SHA256 7817ed16388b1dcdec4d299abfc96a943e6069bd82c752bdb151ce38b770c230
SHA512 bfb8e094d7910314963416775fef51c2bcf2aba928476d1559ffd6c7ed926dc42888abc66e2592139ddb8f784a84cc8f904380533539efb7c36a3585145fd6bd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\qsml[7].xml

MD5 3a851facf004cf3172214a0c359df2c2
SHA1 589c42ca9d872a69e596d84003e19d90008f5789
SHA256 0d3146678f3b0884f87d1b01a477baa7dfcfa1df134d16e63778466870042d46
SHA512 d5e4636b3e60a7be193d8559be1f4917e9eb93419e8fe791fe86ace870fa27017710e74072bdfcce6418024e77353f5e7d6db8c1b3a8eb15a3c8744cfbecdb11

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\qsml[8].xml

MD5 51c2e4bcdc71d9ef9d6ec94e341cc1a1
SHA1 01d08c442e0556317c1a785e700bffe4107cce9a
SHA256 019f21ebabd9f16357da829dc651c143517ba963cce34d5601701e689b9352b3
SHA512 496b7569a295239633aeee5678ebfffdcf37f7264c48fc3c305356454e9de0673a96c127a67b79cbb5d313472c73901a17d2ef6196a1e7618befdb69cd8ba0ed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\qsml[9].xml

MD5 3402dcbd1b3a1c77170dd04fe32fdac1
SHA1 7fa9166563ece90ab9892f83fbe33e5f76c50fd8
SHA256 bf2eb053714657307f1b82f12b7d2e047b8ff230f902d6bbc40aa6e23e8914dc
SHA512 748bd42ff1f2e2fa8f010ea7b24f94a52bdae31f20dfad2604b4f7c57e078fab2340752b0d5a7289fa49a55c5d607a448f917683f158d337dc506d4b2ffdc7f0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 81cdd18c475812dce20bc8947a4a5024
SHA1 6626a893957a6a52734c6ad13401f65603ee0b26
SHA256 85a119fca8224ea3a6777e0147ec7f698e03aec07f7d74771c88714e92482a66
SHA512 a951b97f39cfc028450b607e20f3fd9d9e601d37b9aee79c94e45dd9a0666f9affd6ad8905d876b72d7f073ac24366010b79d144edbf92568f78f1f34782271a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3F2LH07\favicon-trans-bg-blue-mg[1].ico

MD5 30967b1b52cb6df18a8af8fcc04f83c9
SHA1 aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588
SHA256 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e
SHA512 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7272515ec0da21a22c5194ba8f566fcf
SHA1 e4725fb6893b89d078df05350b78a3d18b82a0c6
SHA256 c12152d1af9e605f6d1eca842075945b966734c0916088f94fe86635f7699fbd
SHA512 da83b564dedcbb635b033a5b57af036da62f83b0c8102216279af94ae2564e00742261045f12692ec0c881ffb874b4218084f3fd89e68b308f542a437cfe70aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f41c13d35549b27112cfe458dd970180
SHA1 b3f1b90e49817aa02d096b06b5000e23dba74a2f
SHA256 d603a056d1c92d2e75e955dcbbd4fb3351c99ef7ed9e629f5ac79da856d9c113
SHA512 7407fbacaa2309fae36a13f0878b3adc4aec4283320c527116221efd5ff05c178bf247a72044cddce059eba3f964518821b9023cfc8d75ddfcaeab2262fbe4c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 07dbd0d4e786211d35618bd2ce0bc6af
SHA1 110eed8ad7f34760af118bcb1b5e7c505e5e7a45
SHA256 1266b23e3c50eddef983e408ce30baf3920d8ff1e3ccff8df7511a54926dae9f
SHA512 f23a2f55c39424648f5320fbe3f75e72723a2b6ab138203b1551b0d6b118c322afdd2c923a575c419dbaeeb1b235283e37a0c2ee45e3fd155f89c5c62a89f852

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 463145297775110744eceefd9efaff42
SHA1 3e5efe2daf24a1cbc0de2bc640da1e4e8c5a086b
SHA256 c1c0cc411d072e4b883c1cfbaee8391ad2a3b2f71eb5e295af899db8746b4f10
SHA512 f769604c50550b49f33e68d16362e4e6977aab82f97dd95089bc3f68dc5ea302ea663f0558b5b346ae5ce9ca11ade742db3526f26f660fdf9f9553658c290cc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f4c2e88f12813e537db2300a91fd506
SHA1 709704a13cdba61798407922c108b8a634268ee2
SHA256 30c78cef05b6887a24b89bd036cc0a4906191ffd83ec99b86e5f68f4e0321108
SHA512 1e467fd5f89c6bfdc4e4632041bbf45c4ca815346c70b3968afdcc2c1fabdd7e5d66e031f4c142917dd3a13109697a77dac902d4f72b953e0227728a3e5acacc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

MD5 f55da450a5fb287e1e0f0dcc965756ca
SHA1 7e04de896a3e666d00e687d33ffad93be83d349e
SHA256 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA512 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

MD5 6d5ba2f65d1e422a774ffd343dd3f41b
SHA1 ba71076b1d94262fc868d148ea0f283325ea2a15
SHA256 c9738f9f06398ab31281ccc085b5ed892ab770105bd2b7cdb8c06ce45ad9ef8b
SHA512 92b2788beb424ec7d91d2746a00bc572f102ebd46fcd5188ef059152e0df4bf4dab7c0dec1291c4e15310043264d5e35990d503f6537bd75d49c7e41079601a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c65030d2255a84d342fc189e2e6b1648
SHA1 12fa549e2025d3992169e61d5894088ccbef86c0
SHA256 6b21adee63e06bab8571aa4defb05971461336fd4b3500759d172ee5ad542a59
SHA512 df2683d0ff6a9acce74f42c51b45aa9a18857668d40340e11ae87183fee7bac7bfac63871f74de6e9010f5443a3e804da1aed022cc21ea3da65dfe521391ad85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00d7bdbbd286d2b4e1153f7f255114d3
SHA1 47a1c2ed127ab353d54ed12588b9c3f151ffe1b4
SHA256 07474e12b49763d55c8fa9eb447dea47e062b73be8e8bf1f6d271499cb9046bf
SHA512 48639a1ea88548e00c1490ed3a8d5c8d4ce52f2fa6cbb2de63605874bc0811105eac5a12cb517aabc1dfa9ac24cfb0a4b20cbbaccf4306e40456bd5b9e230d06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80f07c734f481414f133042d01325ff7
SHA1 e6028cc93595427c08ccec53e6e49ede2d8fe625
SHA256 402a13f3de08d0586e46643c4bae3db69663968ce42aaaf49612d3cbaa342c2c
SHA512 db1452f1e160e9e22383238e9d30a43f1dca916c3307f10fe1d6727807688f9913184811ae8e4fda555c9d3a4cef831e48185b49f9acefa214acff8cf51e3506

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46cf169c43ed6b5b72ab28b665dd96d0
SHA1 e225c7d6c1eb13676a9eba0a4e12bf47f127d02d
SHA256 9029e692cda2cb5176ff1aec63e73c10acf0f9b4886bf93e54ad4eccdecf9435
SHA512 34f9fcf0f8647c6a35ae8ae5121d772e359de7c1060175845d1d94ff4cdf13453f3c0aa3c4f532f9525569564583f8bf83a9731e9c95e83cefdbc0502cb034d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcfa2f66c59347da0f440eb59d6a10b6
SHA1 20a71128d30c078d62fbc4a687a4b1a990412dcc
SHA256 1a6176d0e4ae47004717030a476e1b9f322beb18edf1f75fd6eea8551593459d
SHA512 b85ff04fe297dd93b5c9c9ba299b37b8654fd4700bd4c36dca8d32eb47ff7ea5475ea9c2dd3dec473057ef4d38df0e3cf2f918508f4c14a9b1c7d096b7000cbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a79f36b62dd811bae360bd1854b0a35b
SHA1 94665613a51e29869b8813df94765f45f3ef49ae
SHA256 d9515dbae50640cfbbfb8b301cc7725233c2b2aba66534389b54bec571b8766e
SHA512 afc399dfe5db1d762a1fba87ffd35dcae2e4b85bf8576960fe8870a8d6bfad698dea3bab82fed12851174271f26f6dc4cb2aeecf35c7898d414e68219559fe96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1dffc83a8f56b082dcbbe8313ab6f5a
SHA1 3c6e7c6391deedeba81601d3d22bd7b4fb9aca11
SHA256 4fe2e001e828f2fd18cb76d0e158f3be27d0c9f0caade601d7e061cc71764631
SHA512 24ae0612464946727ef138acdeb2b3c582136280e7c618c4de7e2339372ad17996ad4a331e2bddfd7a4f0fba668c325d2e50a4d11fc3e00590f12143dff89cff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c40657f68bb85c8ab32ff53fabc96a0
SHA1 6aa2f60dc0ced157e39add6dde0347b160dcc67f
SHA256 106d47a15dd9a6864b232ce785efd13996193a30a7701ebac78fd4dfa6474890
SHA512 9003cc03dea6dddec45d628150d4a72655bb7965d3d371011ad7871fce9cb0feea372ce4edcb558019e4382a9f8d963606eee45da633829d8f1fdfa260cb40dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef5d93e936a983ee4e2626d5e20a457b
SHA1 5dd8e229d4e1dab55352fbe5c9e4cbb219b18703
SHA256 f77b9e166e753ef2feb557ce9782bbbac1ea191385dc360703f1677c7ea7f6b5
SHA512 af23fb3a09634f685335f3ef65e081782355aefa4b8c8f507d2c49a7832ef99e2e656946afdd478927842e23d02079df4503e84f8a0d3d96b5bbb149284f30f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f35e5989e7ab35ed6728f955bb16dede
SHA1 d385e5dc56907b1f45557063c7495ef48dec468c
SHA256 00188ad7ba5cdae90a54a95ba8bc821d66672767244d1909b404efffa5697530
SHA512 4d1cc384b96c8171e620ab533cb66406731f7b913b870599a3a64bba7f508d8cc79c10b8e9813a49c66c227020192305419402487c6b3c36aab74e5a2ed1dc61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e243e4a47999888903440c8721d18ee5
SHA1 1af9ddda52f9cca8486545fc3cc61edde033b25d
SHA256 89d997a3e5fea49dd42c8f0d5c9521743746bc2408eb220fa337286fa71301f4
SHA512 cfcbff8d0bfa3c02c41285e837210b9d1a8ee23cfc0992d4434db1060249296b0b6f983f199abf3d6bb1de6c6ea2a14a6ff6dfd3820ae4040792f1ba7435c8c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9501f870705a4b7e3460d2a9fbf391bf
SHA1 5a8f6dbc2dcdc5a1218b1cd09cc0ce99119a3bd7
SHA256 c02b52608d38825950cd3fdbddc0fef9dcff0f9e6b14d2edce4584d540ce5a01
SHA512 cab76af21ec00431e507dbd7e889cc29fb7705a97fd0c8c64b79f102f6df4579302cc5584b25d9a81656add79dc1b09a79dd8cc4684b363062ca943b7fa37daf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcdfcbacd4098b3f06f8010fd21d1b2d
SHA1 eacc447a73a9178457a536092bb0d5199687c25a
SHA256 93ad4cfb6c95c2851deb17de15ab18f0d888d918106e007003871475fad632b8
SHA512 7ba855787da0658da3484725bdc014ad0d0d36034918e4dff3427d6642b0ee266b0ac1e85cb8733369e00b81c213e3db88c368e52b331541a5690a6cf6550e4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8c5755563b31924c47a0ecb96ae7331
SHA1 20174660c93a54801bff9d60378c4d6823808377
SHA256 585f2475f8b9ac331cf8bda779c4879d6dceb3b8c73ea0107e3620cd7db09ce2
SHA512 6dfb617155b037606a9c51571b1e146941e865c96b523e8a01ab72b1491d45166eb320a064f4857c5a234db75ddff47ab997081ee53b559f1afda212a1c3bb64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a859d2658b7c8b7fc77b67d167b1af6
SHA1 91ebcd01a65eb938bb325d2f374fa25c7693d4b2
SHA256 837f63e7ce6482a19497eabbe66c0268bea5aa1207a25fa9f13c420f884277c3
SHA512 f35f3ca09d288e5ef89f1a37a24724ffb99b2224579b8e5e92ec0b6476d8f793656e505f5d43f3211f96cdac9d7c7a1b0592fdbfe0d471b50c08823a3e9957a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c24221e533e10bc5d274ce5b92949b64
SHA1 6fe2657c44179b71028db18370658e8b675d4eec
SHA256 2ab04aafa9de1af4ec75eaa59039587dd01cf20967f075610b78db3fa58bff4e
SHA512 71b7bcc2dff78d16955fe621c70f97ac3d9d8f4a64b128f550caf24a17ecbbce38af52449d8674e71ec576a4e5488f12e71c2fa3cfc9cfe92b8d795b57a107c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4248691beb5b11643f2ea15fb842e6e9
SHA1 fd41f453485c6024f9dfe72020ed3aa4763ef3e5
SHA256 a9e59b91858581852d5a5219c04fd6465300e7c64ad8803d93164727b04437f4
SHA512 7b4d4843f4fa996e64e3d5970743ada9ad0236c3bbf71668f8f3cb654d286d266648487892840516e3884edef24a22cc79ef8b2345ee78510c7dd6ff6598559d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5ae64fcfb49ad115247226f27814f03
SHA1 67369c453b6321339898bb86842ecb875ab2359f
SHA256 a43a486a773a97775f9a22b91c5885a8043a31ccaa4ed909fc5fd4f58e789953
SHA512 998313de47791a89553fd201d9aef35965c89416fc101c6d9af529aa408c61978da163e6c96550485ae74f2e9a694318cd5e003160ce6f86ee7d45f2ee6c9a93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 575d805a7acb3731207ecdb1b00b5481
SHA1 b5caa7aca2529ad10d971fe099f5cd0845dad98a
SHA256 0b9ef81106053b34c34e1bb77a24b7aff940449dd0cf8fac35e23391bcccad7f
SHA512 ff6ea12fbbe863443e0aac9afe43c729cef4959ef9a0791403fd9c789a3049d32b39202cd3e1cc1962e2d3a42b6c900b37253f1c2a2971f790e2a38b2a748d8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3F2LH07\idiot[1].png

MD5 c25a5b5f9c57ee2b0450ba6000232f21
SHA1 ed2caba08975fa207119fb1b895b516506f41af2
SHA256 cd87d30c5ccd43ee025ea376fe4a4f6636e6760de8113713eb55051b0a11fb35
SHA512 360d9c7740ba9206e6ac1108039b2ae7b7214944526c605ed9158b2d6009d849c0f37655fbbca8456d14ab2df1b62adb323195442a39298bf34ce50f62fc5aea

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 d9dab1847490febb4efcbabfe58ef43f
SHA1 668665cd5ad69e605f72d29e2fc0dc099f6f35af
SHA256 124cf5a489e3a255c09d107744c3902ef3e034c5d111418b17ad974302cefa49
SHA512 ad61a2e08f202fd900293fdbaca0389100e853b448f8e366f84f60c87162ce6a3ae342e946651da9faa136d52a547fc31d61f6ec09e475e4f96d02e033c5e424

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 073670322809a4660dd96822d0f964f1
SHA1 9830bbbdd57b69a24f3cb1900db49815654ac6ac
SHA256 e5c906732bafbd80e3992bad6eda9e925cfc700d383f9f37c0103b721d50f5d3
SHA512 4f783e80ae99510a46f9f2518e6d94fa5d24b390915a9daced46efb9fee82244ec2fb12c726e43d928b0ff44721787c7ed979b8371d5e8a1eb7170f30ffad7eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 263155a4ab18d7bb41c0795abf087749
SHA1 5e422214351e8354b12213736cce3e0ac15d6541
SHA256 081272819f3547b73a09b831622e899d3cabc845da3d952fe9098e27feaa4032
SHA512 b815cc8c6e09b7126a787137945988c56ec17b52d88ef1190c6e43d4cc769a442e5dd472a4084cc66aa82b8e7372ac257c9aff9a0463b0160032b913f49eff40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dae3231072f900572e783c999faa1d99
SHA1 878478390e981c237d71ca1ab1152b27fc14c643
SHA256 bd841230594b502f359ed5b9fc668a39b274810ce452a78982e1c597e0671e79
SHA512 edc1b49f9cea09c2245aaa34bebda94d673a816fd2da5fd663a7716092f794b0435dac7d99f95837a1c15aa3119681597ab60d977ec29ea77b05a622a012ac09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b51c474c63db6191fd7be7e66ddce397
SHA1 8ab6749bce77a28a49b20a24ce2ec84b3d6e6729
SHA256 c179eb2509d97c888a733e6eff203a1e2d16ef47da79d89de472f7e6a4334ab1
SHA512 f662bc308f5e393c9b88b2fb9aacd0262589bdd3c1bf57e38a91b3e4ecdb17ea7cb42131fd9cbb8f457216f0331410e787535a2da5837f47adb43054110f4d32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30894e58003093ef8239bf5b14cf4396
SHA1 cec05fcac024fa07a7c3fb5581a983542f37cedc
SHA256 8d4a901a2ccb920816c48302b9dc0b667e69a2b84314cfa2db786304b1c49444
SHA512 932194b9a3921fc835ac15813fe146c86bbc84c4a6a2be272062041a6b8da4ff08c25ea79a5efd7a8c13297bd3a0ffb659045372143e6d03e06920de0f6d593a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b397f51fed4fd0ca837c92d4b94f4b8
SHA1 448673ac0e1044d3f3acbf54d9981acde234616f
SHA256 db014e48415b492a29685fa8b6bb56798f9955dbd08e0183294dc3808873e278
SHA512 8adf3dec099983fe4ef5fa9bfcdb34edfbfe3c522b640825c2f0346251a056061b3e03de7d8f8effcd4eb3e257c77587f582317d32f19e6160159522048ce7a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 6b865a4a25009a670b321ca00ed328c9
SHA1 afbaea397e963b9b8300ee31a6bd467a4bc2f0eb
SHA256 0981491cf173a620af708947ace299d7eaf14426bdd050562d7218ab5b9883c4
SHA512 2082960e1ca277b498151073dae05c0a008886b37d9aa011f2fdaa2f4e289860e812afb7370db6d295a05e9e6454d8537f1c646fd2194c07ce89205104a63acf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf3b5e2f1265a8af96c7e3b76c070072
SHA1 dc93f497f7bd1200e479a4b1f0f383b618f8cf34
SHA256 80e3d3911e4a62234f608e67feb92c746beee54f68953db7421bbd46913f73cb
SHA512 180fd4b9ea70d6e2c36689545b36c06eb5b762c71aefeddb557a19b6e4fabcb90519014113e75549f8228ffaa8420d63c5f6c87d29e1cd1686fb70530e1a393a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58583cf8064e5306211e211f730988fc
SHA1 fc3a850ef13d18b8534d1d76971e151d8962a7eb
SHA256 20d1e8586cfa24a14d4a4a327cc42b1cc1735b71e796d39ec783f09af76223da
SHA512 6c99e3787adfd500fd8382dccc59dd0ab815a5bafc9b5e48147ec27e50e0a018240c7f3d0299869e9feb068b62e4768947bd66d11f876724038b764ee5efef31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49005f5352d3b1b809e0461e4316c8fa
SHA1 bd1d112b736e6d3a141f9c493901e67eb4646763
SHA256 90f091c2b7f253eeab825284c2863149752d1a661d3f0b1ac0b0d44b7a9359b4
SHA512 a09df8bc30f5138b927a7fe1514a917d025d2aff7800f29f188fe6f91eda217147e5682ea88cfe5130a6fc454ab980bc0cabd12ea626ab512e5bfe469167d5d2

\??\pipe\crashpad_1892_MXSHVMUNIKKIMJSW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 3769f53ac22cdf6658c874805d9983a5
SHA1 53ba470f9cd12bbfde1d1149bcad0029e0f8a84f
SHA256 87ec66df2ed0afbd05a6094ba5ad5bc5b3ef6807828d00323b1addb6addd1c17
SHA512 56ce76ea6aeaaafac14128912b31e12a16a2ca85b97ece7f3034bea5ca3b249c0cfe974b2823f35d38c46d6b3faa7278732b183a86c85f469c422384f08f2925

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 54ea80f685cbe707af73351b4968ab8a
SHA1 dcbe5b431cadf97cb07e7d1bd6114f50cc4696eb
SHA256 33b56421b382dbbf85c84488aa952cda2537d2ede50777750d8967bb526e9410
SHA512 8a10dbf83aadc5e3d69bf05b6d7ef8b681a4c21371175c841b656e204e261d87bc31c5c0536dbd5abd8ad0cf6c1d4c86f6f3eef2575770a3b88ad7462e0e3407

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4ea7470c50aa56e74e39d2f7b878c612
SHA1 9047d28ac79b83ddb9368b01630c29b2a17d34ce
SHA256 b50c608a0da000e73d6fce74137b1b46d9d5ff346cf12a7e35442c2543f6da89
SHA512 1fa3ffe760e38bd5e5da3628f48b2ae487791ecc9c7b82f13cb2e6a86c239691484bed4af708047eef8817c2568e76b40811560bc592740952507d8976b2b6f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d76ffecb10ad070a33af123cad9fa641
SHA1 a29a1f01e4a0f9bc3504dd24e7779a62b5b32a28
SHA256 954d45e298c2b3cfd905254997b4e898d8652d4105a755dc3c446b20f988b634
SHA512 12afc23b93d36f20a31df5522cb9cb65d362641544caf8e6f183e233106f43e6c84395bcc49e803e0828fe4d50b8ad480b13a7730df5159581b31b27cccfe896

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7bf28eb0b1fde4573eed0434976063f1
SHA1 f22299040c960adb88a93ab5c9395e73f366f2a6
SHA256 dbb9269440439d5266f6f650307e1bb8005442e1e334eb2131f56e193fc4793b
SHA512 17457178c36b5293b7a38aeaffe7ef336f38d9e046be20133989e993457d72f6f9def070974d5e6d745755bb38ac7188e95f0a86307d34109617effbad6bc0e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7834a7.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 41153f717f94d4ca1f3d3c601cdd80ca
SHA1 73f10f2587e2fc8bfd6dc2e48f746327bcc8ceff
SHA256 1bc078fbd53be19cb708f114809e68f0bda914921c30d54b8b7a88e8c912ae41
SHA512 5c92a675b4c4ff4e208af38836207778683e792c8186771dd93f35a96adc48549ab8fff8e71748369c3f470a05fe632d3fae2b48070e0514b8394073b845ec77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1892_1995738864\Shortcuts Menu Icons\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 3ba7e6919bc260bb6ab523197f2be3e1
SHA1 ce2d7fe3aa42d99d733266d023f6aef3766e7785
SHA256 1032fd6f298c16aaae3f1ae2059591f2f5d40e839de4f22a5bb6d41c38a39818
SHA512 2806c96ff57678813e20abc51ffbcb8ebe8986b3775df5d42812be6b50c905840503486d1b963d1fcc6c3de572da4bf9ee175b802032753785d3de69fb0768fc

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-04 09:03

Reported

2024-02-04 09:06

Platform

win10v2004-20231215-en

Max time kernel

151s

Max time network

155s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youareanidiot.cc/

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4424 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youareanidiot.cc/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc43a46f8,0x7ffcc43a4708,0x7ffcc43a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youareanidiot.cc udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 172.67.143.125:443 www.youareanidiot.cc tcp
US 172.67.143.125:443 www.youareanidiot.cc tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 125.143.67.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 201.64.52.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fa070c9c9ab8d902ee4f3342d217275f
SHA1 ac69818312a7eba53586295c5b04eefeb5c73903
SHA256 245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7
SHA512 df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc

\??\pipe\LOCAL\crashpad_4424_MDZSIXRVCBOGMUSR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 36cabcd6d7c940ae178737e8830ab47f
SHA1 a08afb7757323955be68ebc531ae57c67c7ab7ad
SHA256 bcea26d0912c24c7aa1a392830467ecf4c310aa0024e8f9708140dbca88b5532
SHA512 fb5cace87fceb2dc0a7f4ad3524f0a4b22ef6f9b90612ba839664bfc04d2b712068597fe4523724e8c12d6575db4d91607479fb8e72bf3fd9a93d34acfba7245

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 81e6acfabb03a2cb9074f312b89d5d77
SHA1 2e9039007fa463b3054c7028712aa705bbff2fbb
SHA256 7d776cdec5238aa7b149d4f343f840fccbd2c0bdded758749af357ccbd55a978
SHA512 001002882d4f49ab991d0e35a11aa0128f92f53f6fb97883c92081a5859df5e28b807803572e096ca1f8b721ff670aae0af5115ed6d6120a6633134b7741d60e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a2e846bdb6e01e883fbde39eccad2ac7
SHA1 a20d148ac9d5d27bb76debec4182a35c74730fc4
SHA256 9f089abc9f0823d927ab3dac18e1749678715b7f26a576bcedf2071badcf89bc
SHA512 74e6cb05fdc05442c445de8b9e5a3a87e3bc07d8105fac5ad4fdf701c2fff276f77baeac40419f967c229e7ef0cbb27b9b0d9ce3bac2cd56f33f1c0fc0277ed3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 917dedf44ae3675e549e7b7ffc2c8ccd
SHA1 b7604eb16f0366e698943afbcf0c070d197271c0
SHA256 9692162e8a88be0977395cc0704fe882b9a39b78bdfc9d579a8c961e15347a37
SHA512 9628f7857eb88f8dceac00ffdcba2ed822fb9ebdada95e54224a0afc50bccd3e3d20c5abadbd20f61eba51dbf71c5c745b29309122d88b5cc6752a1dfc3be053

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2d63c94a5f5926572752ab60afef426d
SHA1 e8a68d9c2b8c5af963c787df554beeb84f25f890
SHA256 5b7319b2dfe0744ffd22904af11bd6f989675e5bec39f427e959d45fc23c6109
SHA512 f3ed02dab106e194e3eabad2e95217993fa69e589aea6734b8a8cc5c47e82ec7d396fa1c576fd515ebb110da42f1017e775869a4319a8a1fc3b242a4f961ea96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dba6ea719fba17ba42ab36e12242fd47
SHA1 6bd961df78ff6faff73a1cada9ba33bca8f68c50
SHA256 a681d91ec0813e91a158523638f5ab456ec76a072c9a7f2458778ab054d78417
SHA512 1384faf5b6bb75d3d216c269fe3eb3d14641310cefddb57227175a8bbaa339c11b11d30336a1b77fcbdfa9b6181e4e10b4624d17f855e58531141efb916e22ba