Malware Analysis Report

2024-10-18 22:20

Sample ID 240423-qxkbrsgg82
Target poster copy.jpg
SHA256 59a5632736ce0a74810969b57eedc5b27d24b7867393cb92c37d1b1591b6be81
Tags
qr link bootkit persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

59a5632736ce0a74810969b57eedc5b27d24b7867393cb92c37d1b1591b6be81

Threat Level: Likely malicious

The file poster copy.jpg was found to be: Likely malicious.

Malicious Activity Summary

qr link bootkit persistence

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Writes to the Master Boot Record (MBR)

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Enumerates physical storage devices

One or more HTTP URLs in qr code identified

Modifies Internet Explorer settings

Checks SCSI registry key(s)

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Enumerates system info in registry

Runs regedit.exe

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: MapViewOfSection

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-23 13:38

Signatures

One or more HTTP URLs in qr code identified

qr link

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-23 13:38

Reported

2024-04-23 13:58

Platform

win10-20240404-en

Max time kernel

724s

Max time network

1205s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\poster copy.jpg"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MEMZ (1).exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\MEMZ (1).exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\SysWOW64\Taskmgr.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\SysWOW64\Taskmgr.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SysWOW64\Taskmgr.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583531427809832" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d7f1ac088595da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f16f182c8495da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3832ae448495da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f2323c8d8495da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 45403b448595da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7ceebdf68495da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 005321a48495da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a56351ba8495da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "420644675" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Windows\SysWOW64\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 35527ba78495da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Runs regedit.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\notepad.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ (1).exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2128 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2128 wrote to memory of 4828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\poster copy.jpg"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8b9689758,0x7ff8b9689768,0x7ff8b9689778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4420 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4736 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4876 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5352 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5056 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3016 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5192 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1000 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3000 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3188 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5716 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1764 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5600 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5116 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5404 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:8

C:\Users\Admin\Downloads\MEMZ (1).exe

"C:\Users\Admin\Downloads\MEMZ (1).exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 --field-trial-handle=1784,i,8603733699254216936,9847183486605542030,131072 /prefetch:8

C:\Users\Admin\Downloads\MEMZ (1).exe

"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog

C:\Users\Admin\Downloads\MEMZ (1).exe

"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog

C:\Users\Admin\Downloads\MEMZ (1).exe

"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog

C:\Users\Admin\Downloads\MEMZ (1).exe

"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog

C:\Users\Admin\Downloads\MEMZ (1).exe

"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog

C:\Users\Admin\Downloads\MEMZ (1).exe

"C:\Users\Admin\Downloads\MEMZ (1).exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3c4

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\System32\explorer.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 216.58.213.4:443 www.google.com tcp
GB 216.58.213.4:443 www.google.com udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 4.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.187.206:443 apis.google.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.212.238:443 consent.google.com tcp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
GB 216.58.201.99:443 id.google.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 142.250.180.1:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 163.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.201.99:443 id.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 22.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 216.58.204.78:443 encrypted-vtbn0.gstatic.com tcp
GB 172.217.169.22:443 i.ytimg.com udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.14:443 play.google.com tcp
GB 142.250.178.14:443 play.google.com tcp
GB 142.250.178.14:443 play.google.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
GB 216.58.204.78:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 192.178.48.227:443 beacons.gvt2.com tcp
US 192.178.48.227:443 beacons.gvt2.com udp
US 8.8.8.8:53 227.48.178.192.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 softonic.com udp
US 199.232.213.91:80 softonic.com tcp
US 199.232.213.91:80 softonic.com tcp
US 8.8.8.8:53 www.softonic.com udp
US 151.101.1.91:443 www.softonic.com tcp
US 151.101.1.91:443 www.softonic.com tcp
US 8.8.8.8:53 91.213.232.199.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 en.softonic.com udp
US 151.101.1.91:443 en.softonic.com tcp
US 151.101.1.91:443 en.softonic.com tcp
US 8.8.8.8:53 assets.sftcdn.net udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 images.sftcdn.net udp
US 151.101.1.91:443 assets.sftcdn.net tcp
US 151.101.1.91:443 assets.sftcdn.net tcp
US 151.101.1.91:443 assets.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 40.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 93.82.68.104.in-addr.arpa udp
US 8.8.8.8:53 articles-img.sftcdn.net udp
NL 23.62.61.178:443 articles-img.sftcdn.net tcp
NL 23.62.61.178:443 articles-img.sftcdn.net tcp
NL 23.62.61.178:443 articles-img.sftcdn.net tcp
NL 23.62.61.178:443 articles-img.sftcdn.net tcp
NL 23.62.61.178:443 articles-img.sftcdn.net tcp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 178.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 notix.io udp
NL 139.45.197.253:443 notix.io tcp
NL 139.45.197.253:443 notix.io tcp
US 151.101.1.91:443 assets.sftcdn.net tcp
US 151.101.1.91:443 assets.sftcdn.net tcp
US 8.8.8.8:53 253.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 171.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 42.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 google.co.ck udp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
US 8.8.8.8:53 www.google.co.ck udp
GB 142.250.200.3:80 www.google.co.ck tcp
GB 142.250.200.3:80 www.google.co.ck tcp
US 8.8.8.8:53 36.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 consent.google.co.ck udp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
GB 216.58.213.4:443 www.google.com tcp
GB 216.58.213.4:443 www.google.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 239.249.30.184.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 23.62.61.136:443 www.bing.com tcp
NL 23.62.61.136:443 www.bing.com tcp
US 8.8.8.8:53 187.173.246.72.in-addr.arpa udp
US 8.8.8.8:53 136.61.62.23.in-addr.arpa udp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 216.58.212.206:443 clients2.google.com udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
GB 216.58.212.206:443 clients2.google.com tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
US 8.8.8.8:53 google.co.ck udp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
US 8.8.8.8:53 www.google.co.ck udp
US 8.8.8.8:53 consent.google.co.ck udp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
US 8.8.8.8:53 google.co.ck udp
GB 172.217.169.36:80 google.co.ck tcp
US 8.8.8.8:53 www.google.co.ck udp
US 8.8.8.8:53 consent.google.co.ck udp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
US 8.8.8.8:53 answers.microsoft.com udp
CZ 104.64.172.89:80 answers.microsoft.com tcp
CZ 104.64.172.89:80 answers.microsoft.com tcp
CZ 104.64.172.89:443 answers.microsoft.com tcp
US 8.8.8.8:53 89.172.64.104.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.0:443 login.microsoftonline.com tcp
IE 20.190.159.0:443 login.microsoftonline.com tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 152.199.23.37:443 aadcdn.msftauth.net tcp
US 152.199.23.37:443 aadcdn.msftauth.net tcp
IE 20.190.159.0:443 login.microsoftonline.com tcp
IE 20.190.159.0:443 login.microsoftonline.com tcp
US 8.8.8.8:53 37.23.199.152.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 answers-afd.microsoft.com udp
US 13.107.246.64:443 answers-afd.microsoft.com tcp
US 13.107.246.64:443 answers-afd.microsoft.com tcp
US 13.107.246.64:443 answers-afd.microsoft.com tcp
US 13.107.246.64:443 answers-afd.microsoft.com tcp
NL 72.246.173.187:443 www.microsoft.com tcp
US 13.107.246.64:443 answers-afd.microsoft.com tcp
US 13.107.246.64:443 answers-afd.microsoft.com tcp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 consentdeliveryfd.azurefd.net udp
US 13.107.253.64:443 consentdeliveryfd.azurefd.net tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
NL 72.246.173.187:443 www.microsoft.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 mem.gfx.ms udp
US 13.107.246.64:443 mem.gfx.ms tcp
US 8.8.8.8:53 csp.microsoft.com udp
US 13.107.253.64:443 csp.microsoft.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 48.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 answersstaticfilecdnv2.azureedge.net udp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
CZ 104.64.172.89:443 answers.microsoft.com tcp
CZ 104.64.172.89:443 answers.microsoft.com tcp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
FR 51.11.192.49:443 browser.events.data.microsoft.com tcp
FR 51.11.192.49:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 49.192.11.51.in-addr.arpa udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 192.229.221.185:443 lgincdnvzeuno.azureedge.net tcp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
US 8.8.8.8:53 answers.microsoft.com udp
CZ 104.64.172.89:80 answers.microsoft.com tcp
CZ 104.64.172.89:443 answers.microsoft.com tcp
US 8.8.8.8:53 csp.microsoft.com udp
US 13.107.246.64:443 csp.microsoft.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
AU 40.79.173.41:443 browser.events.data.microsoft.com tcp
AU 40.79.173.41:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 41.173.79.40.in-addr.arpa udp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
US 8.8.8.8:53 answers.microsoft.com udp
CZ 104.64.172.89:80 answers.microsoft.com tcp
CZ 104.64.172.89:443 answers.microsoft.com tcp
US 8.8.8.8:53 answers-afd.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
NL 72.246.173.187:443 www.microsoft.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 consentdeliveryfd.azurefd.net udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.253.64:443 js.monitor.azure.com tcp
US 152.199.21.175:443 acctcdnvzeuno.azureedge.net tcp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 13.107.253.64:443 js.monitor.azure.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 8.8.8.8:53 csp.microsoft.com udp
US 13.107.246.64:443 csp.microsoft.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
DE 51.116.253.170:443 browser.events.data.microsoft.com tcp
DE 51.116.253.170:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.133:443 login.microsoftonline.com tcp
NL 40.126.32.133:443 login.microsoftonline.com tcp
US 8.8.8.8:53 170.253.116.51.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 8.8.8.8:53 answers.microsoft.com udp
CZ 104.64.172.89:80 answers.microsoft.com tcp
CZ 104.64.172.89:443 answers.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 answers-afd.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 consentdeliveryfd.azurefd.net udp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 8.8.8.8:53 csp.microsoft.com udp
US 13.107.246.64:443 csp.microsoft.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.44.10.122:443 browser.events.data.microsoft.com tcp
US 20.44.10.122:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 20.190.160.17:443 login.microsoftonline.com tcp
NL 20.190.160.17:443 login.microsoftonline.com tcp
US 8.8.8.8:53 122.10.44.20.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
US 8.8.8.8:53 motherboard.vice.com udp
US 151.101.2.133:80 motherboard.vice.com tcp
US 151.101.2.133:80 motherboard.vice.com tcp
US 151.101.2.133:443 motherboard.vice.com tcp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 www.vice.com udp
US 151.101.2.133:443 www.vice.com tcp
US 151.101.2.133:443 www.vice.com tcp
US 8.8.8.8:53 htlbid.com udp
US 8.8.8.8:53 oembed.vice.com udp
IE 18.66.171.16:443 htlbid.com tcp
US 151.101.2.133:443 oembed.vice.com tcp
IE 18.66.171.16:443 htlbid.com tcp
US 151.101.2.133:443 oembed.vice.com tcp
US 8.8.8.8:53 video-images.vice.com udp
US 151.101.2.133:443 video-images.vice.com tcp
US 151.101.2.133:443 video-images.vice.com tcp
US 8.8.8.8:53 169.168.66.18.in-addr.arpa udp
US 8.8.8.8:53 64.145.162.3.in-addr.arpa udp
US 8.8.8.8:53 vice-web-statics-cdn.vice.com udp
US 151.101.2.133:443 vice-web-statics-cdn.vice.com tcp
US 151.101.2.133:443 vice-web-statics-cdn.vice.com tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 www.npttech.com udp
US 3.162.148.27:80 ocsp.r2m01.amazontrust.com tcp
US 104.21.66.34:443 www.npttech.com tcp
US 104.21.66.34:443 www.npttech.com tcp
US 8.8.8.8:53 vice-sundry-assets-cdn.vice.com udp
US 151.101.2.133:443 vice-sundry-assets-cdn.vice.com tcp
US 151.101.2.133:443 vice-sundry-assets-cdn.vice.com tcp
US 8.8.8.8:53 27.148.162.3.in-addr.arpa udp
US 8.8.8.8:53 34.66.21.104.in-addr.arpa udp
US 8.8.8.8:53 images.vice.com udp
US 151.101.2.133:443 images.vice.com tcp
US 151.101.2.133:443 images.vice.com tcp
US 151.101.2.133:443 images.vice.com tcp
US 151.101.2.133:443 images.vice.com tcp
US 8.8.8.8:53 cdn.privacy-mgmt.com udp
US 3.162.140.38:443 cdn.privacy-mgmt.com tcp
US 3.162.140.38:443 cdn.privacy-mgmt.com tcp
US 8.8.8.8:53 ccpa.sp-prod.net udp
US 8.8.8.8:53 38.140.162.3.in-addr.arpa udp
IE 18.66.171.108:443 ccpa.sp-prod.net tcp
IE 18.66.171.108:443 ccpa.sp-prod.net tcp
US 8.8.8.8:53 widgets.outbrain.com udp
US 23.53.113.140:443 widgets.outbrain.com tcp
US 23.53.113.140:443 widgets.outbrain.com tcp
US 8.8.8.8:53 widget.sellwild.com udp
US 3.162.140.114:443 widget.sellwild.com tcp
US 3.162.140.114:443 widget.sellwild.com tcp
US 8.8.8.8:53 108.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 140.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 114.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 widget-pixels.outbrain.com udp
US 23.53.113.140:443 widget-pixels.outbrain.com tcp
US 23.53.113.140:443 widget-pixels.outbrain.com tcp
US 8.8.8.8:53 static.anonymised.io udp
US 34.107.217.107:443 static.anonymised.io tcp
US 34.107.217.107:443 static.anonymised.io tcp
US 8.8.8.8:53 segment-data.zqtk.net udp
FR 172.234.63.227:443 segment-data.zqtk.net tcp
FR 172.234.63.227:443 segment-data.zqtk.net tcp
US 8.8.8.8:53 cdn.browsiprod.com udp
US 3.162.140.29:443 cdn.browsiprod.com tcp
US 3.162.140.29:443 cdn.browsiprod.com tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 3.162.148.27:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 107.217.107.34.in-addr.arpa udp
US 8.8.8.8:53 227.63.234.172.in-addr.arpa udp
US 8.8.8.8:53 29.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 events.browsiprod.com udp
US 52.33.121.3:443 events.browsiprod.com tcp
US 52.33.121.3:443 events.browsiprod.com tcp
US 8.8.8.8:53 yield-manager.browsiprod.com udp
US 3.162.140.24:443 yield-manager.browsiprod.com tcp
US 3.162.140.24:443 yield-manager.browsiprod.com tcp
US 8.8.8.8:53 sourcepoint.vice.com udp
IE 18.66.171.123:443 sourcepoint.vice.com tcp
IE 18.66.171.123:443 sourcepoint.vice.com tcp
US 8.8.8.8:53 24.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 3.121.33.52.in-addr.arpa udp
US 8.8.8.8:53 123.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 sentryio.vice.com udp
US 184.72.227.89:443 sentryio.vice.com tcp
US 184.72.227.89:443 sentryio.vice.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
GB 172.217.169.36:80 google.co.ck tcp
US 3.162.148.27:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 89.227.72.184.in-addr.arpa udp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 ccpa-service.sp-prod.net udp
US 35.174.161.188:443 ccpa-service.sp-prod.net tcp
US 35.174.161.188:443 ccpa-service.sp-prod.net tcp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.6:443 static.doubleclick.net tcp
GB 142.250.200.6:443 static.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 172.217.169.36:80 google.co.ck tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.213.4:443 www.google.com tcp
GB 216.58.213.4:443 www.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.204.65:443 yt3.ggpht.com tcp
GB 216.58.204.65:443 yt3.ggpht.com tcp
US 8.8.8.8:53 65.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 firebaseremoteconfig.googleapis.com udp
GB 142.250.200.42:443 firebaseremoteconfig.googleapis.com tcp
GB 142.250.200.42:443 firebaseremoteconfig.googleapis.com tcp
GB 172.217.169.36:80 google.co.ck tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 google.co.ck udp
GB 172.217.169.36:80 google.co.ck tcp
US 8.8.8.8:53 www.google.co.ck udp
US 8.8.8.8:53 consent.google.co.ck udp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
US 8.8.8.8:53 answers.microsoft.com udp
CZ 104.64.172.89:80 answers.microsoft.com tcp
CZ 104.64.172.89:443 answers.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 answers-afd.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 consentdeliveryfd.azurefd.net udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 csp.microsoft.com udp
US 13.107.246.64:443 csp.microsoft.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
GB 51.104.15.253:443 browser.events.data.microsoft.com tcp
GB 51.104.15.253:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.72:443 login.microsoftonline.com tcp
NL 40.126.32.72:443 login.microsoftonline.com tcp
US 8.8.8.8:53 253.15.104.51.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 142.250.200.46:443 consent.google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp
GB 172.217.169.36:80 google.co.ck tcp

Files

\??\pipe\crashpad_2128_ANJAIPWJQNVSPROB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 606c8ba51edbb73f61d4ec5896b81d7c
SHA1 d9d726726a8a711c577157b4e5287b76da309d09
SHA256 41d638cda1561fd58bd12eae93a97f10d90aeb53296ee59a3eee16ad0bb6f16f
SHA512 6b8579ad45b0caa8b6834c98f91456dd30930594b5d071d763d11612c9fa9e755205863a41f2e9e21da03f15b5acdc6bc9b8d5278287d41f44fe0eb37a67d5d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a41f3c5fd111c7bb736c3b038b672af0
SHA1 bfe5fc0a098da57d351c887787d235c3e42823a5
SHA256 46faa5da1c929f5a7e04670ee473d904e5f1277d03a58a61fc06109932176d7d
SHA512 b640b5c120927df15ff0e33d898648ce6f8ac2116308969baf850f67794adc32049c67cc80656de8a2faf2f0aaefec19e150bd757301b504d921b472ae194ccf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 399c8bcaf4061b4bfb2ccc2f85b38822
SHA1 09c30fff0ecb6ac421fad168581fac931bf9042f
SHA256 8076df1b83ced7dd8c18274b3237dcc97d52f260d64b8dcae39030517411cea0
SHA512 31526950c237c164ddaee30f62f1b13e41246e1dd5ffb9345e658aa8252fa0de48602af9ff437bc174980cba5ff1ff047b334b2c0f7e8064424c05c4821d6d9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9dfe55d74575e4c89ead34c0d8049c52
SHA1 25c20a8289081b322f921b7a858260edfd4dbb39
SHA256 d7ab29c24e03661bff7ace7027f8fe9e659d4bf80de5e0abf271471ec515f39c
SHA512 7f524b55b79e5c6ea4e88977be82a4e7b5aa66e9858f1ada47c3817ffa636c990cab979b6946377490934c08894c8deb6060c2a66b037cb974f1e1a6f0440618

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 01583d466dc182e9bc74d91d567de145
SHA1 6b343ef6db7507688fa2db55b70753de0038217d
SHA256 9d38cfd39af0fa34cbed6728dbe1c029e27b5de5d4daf156e69d1eaa7e18dcb5
SHA512 9e965d0d5b31ce34cd30d5a7697da630777c9943e662d0ec6137d7a3a9a42d8f5ac0154c3f81b235fbb73db0777e2552d64bd9ec0f742b6e1db2f994d5166833

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2bfeb2e6cb8f3916e8bc3676f34386fd
SHA1 c3808d42c95165d91a591da6e6d40d1c5b701c21
SHA256 83791b6f2f4d987229c1d1dac1a7f1289cf93cdcead85729616923ac9d50a930
SHA512 a2ab49be182052f3736d3e6a8df868260ceb3399d90c3365431bb482c6a8a5f023d0fff5890497fa2e51d415abc799cfe81ba08c572c26eb85381090e3285b1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2bcc22d493a61bb36a1f2e7a7ccc8d04
SHA1 f7b0ae81d13e4a01c61043fb74a9a93413d766a9
SHA256 1df64324f7dcecb907e64a8de60d94e12b1048c637229f70ae34f7961de764e2
SHA512 c490333eb87bda96ac66d2c734d5a77a9f4784c9492ce71619826da352571ef744eea4acc92e977685e85899116664bd83844697f9f1736f17954835ec9fd798

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ec9d1ada1581117c3eba21015b9788b8
SHA1 0d934813a6da3a94afcdf26924b3127a3f7dc7b8
SHA256 203cfbe233dc2736e3ece66ce9e467cdde0eb676a3ae9b3b8ddc24447dd047e5
SHA512 915742e4b8a5895ae0986d7a8d828075f9cf62ae47f6bdf1fac21c91183f9d8e72c99f94a4065dc703112dea9a41fed25e45cb31b6bab47690e20cad444fa3f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 49ef2f62fc3eaa7dda1803b8e117aacc
SHA1 a4318e99effd53e24894ce13a5590f2e89106e6c
SHA256 94c7979b13ee429cb79d27b1f00757fb104e9f6f1a9cf0efde689cd20a85bc9d
SHA512 823405204b7ab68ccaf8aa784df244082f14cc53d5d576406b239145a64e27017e522d2dd59e0c493c2db5ee835e94a0f09eb5abcc055e62c27499f9233ec448

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fa6a836b4a717a4ced4e9c51344bed11
SHA1 cf2089439f15bb0ab17ec3cd3d80842db01feb3c
SHA256 8405ce535c92f18913b90a54a68bad608d3ccf326f50972a8259959729a8da2d
SHA512 5166837b89df0f645d84230488d18c0aa678a1c038ad3132f333e701b95988b7cf7ec94b648610afca3042183f3adc1519a651d30cd3aa6b8eae48be64963981

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c94a524dfcdcdf2b9e7ce57e892d05da
SHA1 17a75f9fa3dc66605a345d46cdce99e4e0cc4343
SHA256 702f722d8bb9fd247d3bce502d6e684e2293b6002a0b6b3139596228e1a3f0c2
SHA512 692f78778ce2a7dacddcb760a09651d4cc73566af58fb73d525a437dbc444433d1ff18f8e9957ecf52f97807759cd15a2375d330a52ca42ba345c3b782f19b2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 86862d3b5609f6ca70783528d7962690
SHA1 886d4b35290775ceadf576b3bb5654f3a481baf3
SHA256 19e1a1ad6c54fc29a402c10c551fa6e70022cefca6162a10640ee7d9b85783ed
SHA512 f0746c23a06effd14e1e31b0ea7d12156ff92b1f80445aa46e1a4c65cf5df4bc94f6dabe7aead01f1bd6a6c7b851b577a11697a186426a2c8dca897c48515ef0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\51ae95a4-2e59-45aa-8be0-b2574de87bb1.tmp

MD5 7428472662d09fb32cc98c9dbff065a7
SHA1 d21f7b3ed4b3bf3f8905d7df3c20cea151835d50
SHA256 f26259edc68f01607618e1a8bcd18263218409e353ff7aab169aa40c452df920
SHA512 87233e53566a14033d290669ee916305b509ffaa97cec93e87713776b9e33c2ffdd7def39cddf1bf016f70f0ba0951061a8a77c634e28af01dc9ad545118ef12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 efc10d42cec8645c0b3e6ef2decd3900
SHA1 20b6cb9918dc21d3baf3b64730ca93b02a050efd
SHA256 f81e072023d23d1294281317fc5ff9ee5ad51ab2f0383614c743ecbcd27d690a
SHA512 b4292d6bd96935934395c0f7c69bf53e819b34039659d8c2a04f2b0af73cbee5d1c3beae43bbab81a4fe85544ce2be3266d4f523f0d31c5b2a9bef8ea3d0cbfd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 9ebf7224bd6257aca83b0b67e5738b8d
SHA1 1984958fff79338573e001536ab22d73924208a4
SHA256 1de4a0b392dbffad60bab275f03b5e441e50a6532471d7557065b61fb763e1ab
SHA512 51dafab71d8c8acc13a87bc1ce1e49a3c435671117563c51ab570d6527bcc7a8b161c14a79c1cea90f612a976e0bbd3a955f8d1781a29840b979631be9cf767f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe591534.TMP

MD5 3d4538303b36e6fc8a14d0123502b797
SHA1 bcdaf3d96405bc65276bb42dff8a468b0227efdf
SHA256 d3a3b8fab73e7e4d440d412a037b68a45fbb32daa8ae351bc8bedd5e1c6ac6c0
SHA512 bc8271046a7f6ac53e7c81cf29caee2dfd3be2c1e255553773f71f2917d5b075520e0e85229158e62d21cb31524bbd1790ba4de5c817dd067d4d6b9c95e7eece

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a52340943a4e1b20e7aae81bc0efdd78
SHA1 baa57c1cb53c7788367164a6c32e98f13ebeb8a1
SHA256 d19633e8912c4c9f4f700131dde679126941014b6388bc4a664b0f97191b2f8f
SHA512 9dc3114e87152b7f216c5604c8e122a8a59df4f3dcc23a280104c228cdca10496ea9f4f63d6e9a19cfa3355fc6a034e950d7fb8647b108cc4a4a80f84e602284

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f67dab00cd8b8af441dbc74438a4c08d
SHA1 b089e71361aa19e6f1d2679d47e8c8f9c895acc0
SHA256 d536f58a8afcbee25bea656ef18d5e5c253a464b4b9f2601afd097a18581d799
SHA512 8c2e0035276d9edfad3606f8cbec3c035973254a6e8ead4da5d98b8025f5803b82f2f0a12dc3001297a9352a88023e8dffc0ebe32e37df28e15c7644c6bf4e6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 752a5970b3c327afdbb37f5a9710b80f
SHA1 ec2b8fbf7e05f78efea59f0f9f5b97bda3e9ea43
SHA256 f7fb34abaea7ddd1ca2ac834546c50bff781a1a94718beae30862a6cf39986fd
SHA512 eeafa6fe76b2b1d9e6eac900348f97f6a79bb211d2ccecd7bb88733deb35fb1bb31556872c4abda9806ed7f32c165c1827353e34b454e08107e6eb2199e9279a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 373a0347da9261db2cf5de7050fc602a
SHA1 6f2487bb8e13106578d8d54cf6b8f6caf09545c0
SHA256 81f625276bf14a65ef98531e0158c3177b53166033a740ea32cdab09a0f94840
SHA512 e3178e769c7c65692e9ca08b8d33e7d5cd5d90d4fd2f95f97096fedb953292a684e6dff9b51834cffae6244c1bc285b9ce6af2a5332173dfd7d4f6284968f530

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8f263dfa1ed51cafc381a75a2c5b1e69
SHA1 97bb145d93b8d3f66fcadee0bee03c1398fe1e6b
SHA256 71d12f09da6164d6f903ea2da9c31cb1f7b42d2641d426e4f14ecca2cf248102
SHA512 1e5f2c1acd0a54bfb7a7c3613c92b2410dbb098fbc547afc0b75d358d533ea39b5b19d4c5b0f583494ba1bd0aaf01d7ec5c8ec9241a8735258cd0031551b566a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 acf56c7dbe715760ca45c84192582aa8
SHA1 9987e1d62e90f9d1eefd4b45f4c68d1fb541e895
SHA256 78dc013fe969b4dbe8b0c2283cbe27be6a6416cdfca0567a1ac185a667ddaaf6
SHA512 d5eb29613109391445ae76b26ddbb9ebf3aa4caf06dc5462bcaa4307261029d3fe690bfb25bc0682ad7a4b14e075959c1dcfce464e34d14d5608ce50e727b198

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 05c802a5f3cbe7edf594db3834ca3f8e
SHA1 a7eb658e319b4d7e6e8ab8d5a13c3dd7f625e4e0
SHA256 5ba9f475e660269a0ed53514043ef6cd5af64512c5c5f5dd40d3a5d69229a4e5
SHA512 67f12c687efd876e94f43f86bb87bbb17f33b4b8a9734e21906a26755dc768acc4936d7a553e4b07fbf332cb775e65050a17eca1afa60cd59228a58e49872969

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 652dab8bd9728c8059fee1e91da7275a
SHA1 1b7b41b66c3bafa38e09afd7205b6f5c71109d22
SHA256 22b7f555ac943552d95262b2eadc1aae4ac1b3c8e9a82ae358daba2b81852ee4
SHA512 a0377df4619559e0e3a6ebc90ea5bc97e3ebec22a2d71e46229b2a56f4c7e69c76c52d48d6323b5f65d39069fb0f9813997e43dd615d88c3df9f881c4ae6acac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe599c94.TMP

MD5 cbd19ded5add8b579b08851dfd650dc7
SHA1 53ba616eabc7c3414699403330b1073cafa3b143
SHA256 3146cfd85892164c45f29a089835576210499ccd1c2f6f2590b43fa391c919b5
SHA512 94de66312f11f4ffed075b19fce9feb6f721dbb379029236e64b38c13cc692a83ddfed026ca77f30d0eed40853831941cb1e860a58de68d0488072c324e03345

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a4b358198361541822ba55d1f8a0db93
SHA1 fc72a6f01148efaf3c3a8aa5dc5c84937e65f04e
SHA256 05647d8bc7cb33bb9099c6636af77816552f765a62e5ee0a5a750d133300c11f
SHA512 8e275149cadc9211e7855c53be37099cfb0822612a223fb877c40200f4048d4ea0d2efe1e25a44cc5312c0226dbb4a11a0851bf087fb1bbcc8a265c8034fe834

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2c75da89cc9c22e53c171e6ea4696ce5
SHA1 1cb2e6e147057d4d25151a93228dde0a71f72ba2
SHA256 2c1c2ccdc4f4f4599800c05910c1906dfbc564535d2a2838dc80f3fabaade5b8
SHA512 0cc86cc8b5344703815329a4a24d87f2ba6cea59a9403a113b94602b1864e3231d5dceb683d4f2da4fa3bc1e98bc754940065ed48b2c684dfee2e2c0b1fa256d

C:\Users\Admin\Downloads\MEMZ (1).exe

MD5 1d5ad9c8d3fee874d0feb8bfac220a11
SHA1 ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA256 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512 c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7be81763632e70e28f8c6ecc8b88c9a0
SHA1 eb734b7e3ad201d91e94d37845e96d1259efe438
SHA256 d6463c4c245f062c60166d1c9c9b0807f3035bca1a12b62b47672d5cefd81caf
SHA512 61928ff2cc72a7e650bda6a8fc30fdb7f92545d204c453593a517b30fdec0d714c6d70d2f518f3c0240a9045f04680d961dec85ac59d241e9342815dd42aac14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 83bb47967e3e2b30fc2a20a0996b4ecd
SHA1 545a95e90792640ae9771938425776cc7c40b33b
SHA256 3723113696c6f13724ec010b4d97c46beab6311b4cdcee195e58ff84344a07e7
SHA512 f87b2af5c4071b1123c05789c3c030180d46f4aef2125139145048dd2dcb2d8e17c4235541f35eaefdfc211acd3994c9943d469593a2f17d308f4739e09e30d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dcb69a126a44d7d08619cbd6d5d1ed84
SHA1 3776bd2f669b6802864130872a70f25081d1ed4d
SHA256 ad5884a65553e7094a5c509a04505fd25fc369f55f101fc977bb68f6c1cbe672
SHA512 d2130e38512d8e43cc70404d3ac37307dc0d86bcb6d945bad078241160371719fe790b14073f5bb3658f1e5b62a02ae2fe268c53dda282a2d2afe7b7ddfed21a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5151b1bfb22d3dbc77ec0c027271b906
SHA1 c8e6b387490449de6b3f0d913110006d93ea109d
SHA256 4f8f976ad6fb75a7239e69c0b57f184d9feb1d00d81038a3fcc25d35ef2fc11a
SHA512 d0d5bb195ba57930682c35e5896186b8075307de3350fb5fad60ace0100048f145131d9bf8b4c8a3d68bffcbc06e37111958afe23f417ec17c65b2ee4d5fbde0

C:\note.txt

MD5 afa6955439b8d516721231029fb9ca1b
SHA1 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA256 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA512 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0a7ef0d51a2c1bbb2732252f4d75f074
SHA1 42804c615c01e737d7a67107077086cada36d0ec
SHA256 1ef887295deb03dd90923411e8d665fe26b166f550efa809e35987fe4d1d6e80
SHA512 079caec0db55783934ce2d1aa7ec80569011a7c34b7fd34e7b1defafce0aa9ffa29c1b44da333f75b171241b5e8bafcbcf8e99e06ad724e1fa610f6549d56f9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bc916f80240e52d1d84934eb44484fc7
SHA1 56a3ed38163e780461188aec403573c5f32b39d1
SHA256 4f20e3e347ec4c4dd1ed704ab25ad4fa9d1dbf1a17420c627c697c6db42deb0b
SHA512 73c4d89de040f07e1f4feb4fd687c2407365b5e58d905c8d65748fd86446f2d2bc7da722db1f2f68a8fc617c50877567ed5364cd68d72fc5824bcc94c35b7175

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 43d71a2d99b79ceb744e31d3a9a3b315
SHA1 baa3ffb2e60501dd7b332a316cbd98cae6420ee9
SHA256 d9ab21795debda82dd0e65e75a0a3542aa49a68952878207907af7d39d018b1b
SHA512 17d361a05df3991422f3b2a2a75e25c2ec9b68f97b172d05ebd3847bdda1c4cd63f34f9d1b11278686a0137361595aa2bd1bdd17fed21b6619f40fc2bd82649a

memory/4968-797-0x0000023C4E520000-0x0000023C4E530000-memory.dmp

memory/4968-813-0x0000023C4E720000-0x0000023C4E730000-memory.dmp

memory/4968-832-0x0000023C538F0000-0x0000023C538F2000-memory.dmp

memory/2492-1080-0x000001669FEA0000-0x000001669FEA2000-memory.dmp

memory/2492-1103-0x000001669FEC0000-0x000001669FEC2000-memory.dmp

memory/2492-1116-0x000001669F690000-0x000001669F692000-memory.dmp

memory/2492-1152-0x000001669F6B0000-0x000001669F6B2000-memory.dmp

memory/2492-1187-0x000001669F6D0000-0x000001669F6D2000-memory.dmp

memory/2492-1232-0x000001669F880000-0x000001669F882000-memory.dmp

memory/2492-1252-0x000001669F8C0000-0x000001669F8C2000-memory.dmp

memory/2492-1262-0x000001669F900000-0x000001669F902000-memory.dmp

memory/2492-1286-0x00000166A4200000-0x00000166A4300000-memory.dmp

memory/2492-1290-0x000001669FAA0000-0x000001669FAA2000-memory.dmp

memory/2492-1294-0x000001669FAC0000-0x000001669FAC2000-memory.dmp

memory/2492-1304-0x000001669FAD0000-0x000001669FAD2000-memory.dmp

memory/2492-1313-0x00000166A45B0000-0x00000166A46B0000-memory.dmp

memory/4968-1348-0x0000023C55360000-0x0000023C55361000-memory.dmp

memory/4968-1349-0x0000023C55370000-0x0000023C55371000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\FDCKBH4I\b80692[1].ico

MD5 ac0cd867e03ed914827807d4715bdfe7
SHA1 4051a8c23756c10d9cc00fcde6f7215c780fdf6f
SHA256 b50546da121186fbffd2aec430249cb21c7c2e2c85e561a393a9df9abfc4477c
SHA512 fa11d1d76c39719c218b4ffa34de8dd44d398bdcbb236a666f0be6eeee96bcbe4da9ac65a89441ad284c0de21788c135dc4fd21f6f82c7039f00c8a7c705c8e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 45a5c16f9b792ef3465b77fd979970a8
SHA1 35cd93df457a47c8accac33a85aaf811c9f43ac0
SHA256 f594fe4b5488ada4cac021e7fceb1fe9a6d34d8ba65e60f59f76f1bb348d5c59
SHA512 8748e3b191002e4c993e86041f27428875bc0c8d555674370f9017fc38f7d5dc945da7140699cd4b0d5e6404604b9791bb06b426d678a2eca80baf25aa0b798b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 1fcd101606c09e7e3e12dbadafd542b1
SHA1 2b0cd3c3b759145a132dcddd781a081a8da87e70
SHA256 07bcad6145bee7d690206a917cf8daa2ca70488fd76f6ec265b4c7e9e25b406b
SHA512 37ee2cce3793f02bd03a6912fa70d51593cdb03cd6e555f159bfc83fb03cda391fd2cde2b03700e9715faaa668f429fcbfa1455f8d8f4cc595c6258ca348d924

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b4589b305311feb31e2c62070ff6b0b9
SHA1 d3d9838eaf97aacfffbe3342780fb71a6f76894e
SHA256 1e699f7550042344fee9f05e6ec70ed6c355ba67157c3be672f402a15f5de22f
SHA512 95af5fc4c9e833956f8c32a0e50057bd40ab7509b942e06d1f884b2539d7e62facfbaed9f39c46bf0361848c4a38d3f42ef6fd120ae705618b5fd4cef76912b3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2TT8RSZ7\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8057ead326ea6aba80a7500999681a25
SHA1 20075ed7d042b1237f6ee228c8e609fe4cbfeb88
SHA256 a2a8b2630b92d36243d47fab4f7b64acf6bd35c774e9796ef09344aa809f6c01
SHA512 2b63823ddc6b45598521e84c4c7e91f3991e88273c08806d370aef067fc66879ecd5435c785dfac71d4581fe354841f5854e3a8ee2221e6d52fc10619a379c98

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5M5FWMQL\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_E52F12F30DE193E10231A582710DFC46

MD5 dddcef1da0f52559a209eb7abb65c929
SHA1 648a1c7b881f6e68381516f11f626edaee98776d
SHA256 3c82e01160059b206831a34535004adc212a4157ce9804def013804fa3c0fa4b
SHA512 9c3cf644d9eedee823412e1f1ed2ed79b1ad3776c9d94c68da2fb1d37bc41d2dc6c7e501fbea496501a9986930814485504f1dba6dbc53ee8681ed25a94bf386

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_E52F12F30DE193E10231A582710DFC46

MD5 ad24e42b876a539f11b20f73239a4571
SHA1 7477f7126fcdf3bb054ed4a63afd1a8b3c787704
SHA256 9363358d486a46379eadba9e1a380e338c11ec3ea54bce8635a104225ae0403a
SHA512 17602d15e3be1f9a84fa1c01012547160d58062135cc98f57356f68d6916b250f7670fb471520ab117b01938a640dbed952088283444091332dc14987b7aa865

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6U17TI3N\googlelogo_color_68x28dp[1].png

MD5 c4a931d597decd2553aac6634b766cf2
SHA1 6ec84fb4a2745b4b71520241be77db1fd1013830
SHA256 f56402b127698db4b4dc611a97a6f081d04c4691c60522c5912d189e37c94a9e
SHA512 4932e0f7f38085a7c52539bdd5c7f470740e560a4471bea30d12ef9e3efe77f6bbfac28d26c62a245c43d98ebf74c824b2b414843080a27edf1563a5f874ac84

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\8MF6Q8GB\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7161abbfebe254c1a2e3c5114e69c6ad
SHA1 e741e30884a43c9ee1cad738d536d1b8788bc1a0
SHA256 e07f5e8dc49bd827581b5b481aa42409071b1bbe761b56a2e4070d3cfc83d250
SHA512 5ae0852dc4f8ee1c21c209fbd8aa30167dbe5f6ed465d6fcf98cf2ebe5125094fc9aed67ea59da6983263c754e3359cb37c24c082b3dd31c031604cf8fae32a0

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\KNS18QEN\answers.microsoft[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T1410QD5\wcp-consent[1].js

MD5 5f524e20ce61f542125454baf867c47b
SHA1 7e9834fd30dcfd27532ce79165344a438c31d78b
SHA256 c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9
SHA512 224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5M5FWMQL\favicon[2].ico

MD5 b939aee911231447cbd2e3ff044b3cce
SHA1 0f79060358bea92b93ded65860ffbc9ecae3dc14
SHA256 f35fe126f90cecbb6addd79308e296e8409dbebf6bc589c31749e67713e9bb3c
SHA512 8053232364d54966f4b8acdf9af61a1366bae09789d6a76b8e723d7c3f96287460248eda12083795766809569527f4821f7e87ca4a644ae900c3df33002c9977

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\4d6dbg1\imagestore.dat

MD5 3d19ab43dedc5f8ab6e8a48921e9c3c4
SHA1 658791496281df320bd3e867e0a22ca3eb56d419
SHA256 0291178bbe575dd85ac6e746af9cd76c95fb204f1d4e987079676beb92eb31c7
SHA512 dd9c50c4815e959b49b3b1bef307e026d378bd97a84bb3709abde6165766517aefaf6ba3b88b34b86749e39dbe7f54b43ad4f772fd7bbf5b08d59166eb87e8ee

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

MD5 f343c19c32cec4cd85ad1e63fd2bac96
SHA1 5c77e28ec1c705766a34ae6f4c60044b2b5c0345
SHA256 3b010d7f7b50f5e8b6983a21e972ed7817fdfe1d934564149d19192c2c740099
SHA512 02d64ce0be24e5e409020c03d1896e6320f63edca2bcd48d71ced58e72b45e0eb7452d1c52aa625cfc3f3476543f11022002897400e90dfb03d9663b4bb1fa3f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

MD5 52ef9e3990c51ffdb99855a6a6d3c27c
SHA1 b88f391e3d07ef74abca06b53ff79535cc9caecb
SHA256 37ed1cda78e1482fd72471516c1286713ac440d1db117be0b5739370c5ed2a11
SHA512 563030264f17271f51ac5de7aa1e7a5e7a65e63e9763f315b59679ad7cc47288d46d12969a2baac47a5ce1cf2834010aff0ce3b072a55f55f93188a374c71ca3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EXL5J2XF\7a-c9e644[1].css

MD5 b7af9fb8eb3f12d3baa37641537bedc2
SHA1 a3fbb622fd4d19cdb371f0b71146dd9f2605d8a4
SHA256 928acfba36ccd911340d2753db52423f0c7f6feaa72824e2a1ef6f5667ed4a71
SHA512 1023c4d81f68c73e247850f17bf048615ddabb69acf2429644bdaf8dc2a95930f7a29ceae6fbd985e1162897483a860c8248557cda2f1f3d3ff0589158625a49

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6U17TI3N\site.1.0.4.83.min[1].css

MD5 3afea3e37b6b00c3684a143167156c1e
SHA1 cf7d2cb177a382a5c7591736608b17231d61aa98
SHA256 07d62b7400714fbd65aaa2053e8165562e3a93b29af619f59edfbbf8d065a20d
SHA512 41813753933e5636e57589e01444de639578edeab986c8d60cca2dfb006a2ea5b031f4d0d569c40945183917d4f97cdc94327ce0dc4ebd04b74617ad23e21c81

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LK76EKKU\responsive.search.1.0.4.83.min[1].css

MD5 191acb4a225687f615e56dadb2688681
SHA1 47c33c3fdf2ff46990fbe764ccef961974f1a941
SHA256 bbfeea95c11a1a6049692296da37bb67c0162d39482165fff4543069361b98fc
SHA512 d8d5a7f8af55fd132c495a153d0aed77a8a33c2db9014b43b2024a1729d2aaf268d07907ca0188de1f49016573daf294e08c907958fa307d49f93e0d229608fc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6U17TI3N\responsive.core.moray.1.0.4.83.min[1].css

MD5 cc06d54b8c334d95786fe530760878ab
SHA1 6101684547a56fedf27d50ef3defb09d800669fc
SHA256 7742d4d4fd8f0946db61c0cf2a7936443d3bab738a54366dd6d2efa6264a553f
SHA512 51a0a610fd470ffa084f630444d746203820f0cd57ec7d1f7ea8b2f49307df5c0161e4542179eb8abcd219ea4f704c186f053c6b7654003e9fcf2427dce56d70

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T1410QD5\RE1Mu3b[1].png

MD5 9f14c20150a003d7ce4de57c298f0fba
SHA1 daa53cf17cc45878a1b153f3c3bf47dc9669d78f
SHA256 112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
SHA512 d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6U17TI3N\moray.main.1.0.4.83.min[1].css

MD5 a803fb1e4939fd155fc9a43a5568aa91
SHA1 486ade947ca190a8646c61d89250fe3f13a8833e
SHA256 c3a199c3f1e76cc10a583dfc7ddce2ca674aa4a3f56362f1e1a8dc086d905034
SHA512 459b25381a8cadd73c53198ff1ce5f625db85ac569b25ce89c04af4fafc679db8bfadec326e44a1201b6fedb4fd158c9496d844b9c5be0f22047a48fb28efe3c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LK76EKKU\jquery-migrate-3.0.0.min[1].js

MD5 04105b94cfa9cddcb38f59ec8afc555a
SHA1 b1dcffdd8762706a67d8d2d91e4694c2f72ec083
SHA256 8c2669cd92da7fbb351be4287c3ea7b99599948a07431b80ec630570b87cf174
SHA512 a0a70031a4c084c2f058b7798c7e620e121cac265a76f77cf14392b86f7bd702d1f95e73b61a883445d6a0b1604ceceb6ff60fdab4b793a83dea1418239b43f6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LK76EKKU\jquery-3.6.0.min[1].js

MD5 aa2460e638343a1c2e585b37c228772a
SHA1 2d88f1d758611de7375c6bb4eb9e70de5fcafd77
SHA256 528a1886f07e7777a6ee359f49155202a3ca8670e7f8feb399ca186a8bf80ac6
SHA512 3ec06a5e6b1cb03015ff1991413793a9f844d4095a35899a7f6e2065db9d486dfa4fbf31d575f9b937958a334f555825fbfb3ef53e832965539af38faa8ccff1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EXL5J2XF\ms.analytics-web-4.min[1].js

MD5 980d73a0137e5551defdbd0b2ec375d8
SHA1 2e9e819deca8f7c54da873c36e9bde49a3720b15
SHA256 0d7e2f7aaa0b683cd0e5ae10a5258c8af3c7d1ab7a71b7d7517444972d520c9e
SHA512 a39a91cabc930d0746cc88da89852b9f23aadfcfc63228eb9ec7b9937ef3d22dbb875623f3e343f225a842dad26920167cd81397a9ba57830a750c5b40512ca0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T1410QD5\mwfmdl2-v3.54[1].woff

MD5 d0263dc03be4c393a90bda733c57d6db
SHA1 8a032b6deab53a33234c735133b48518f8643b92
SHA256 22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
SHA512 9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EXL5J2XF\6c-7627b9[1].js

MD5 b9c3e4320db870036919f1ee117bda6e
SHA1 29b5a9066b5b1f1fe5afe7ee986e80a49e86606a
SHA256 a1fe019388875b696edb373b51a51c0a8e3bad52cd489617d042c0722bdb1e48
SHA512 a878b55e8c65d880cdf14850baee1f82254c797c3284485498368f9128e42dca46f54d9d92750eeeb547c42cab9a9823aa9afab7d881090ebbfa1135cdd410b6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LK76EKKU\vendors.1.0.4.83.min[1].js

MD5 a6c9708278f2154ca17e43e5db283c08
SHA1 f8c01011419cd656705f00cd316ebe7f51eacdc8
SHA256 fc1949fb950692000b735e89bfddfa590598dfde5faa1f131ac0cc19e1892b43
SHA512 e6a6af81a8004a7b5985f132b376a49ed96d893eb58b2d1a581c27ea61d176fad33e3f14c1e3609cb24b341f59ec993e44200157421054d8596fe9f9006b748f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LK76EKKU\banner.1.0.4.83.min[1].js

MD5 80a362327c73bf257b5cb74b33f8994f
SHA1 34c5c781a7b8cdd1f58cf7e869d130f6fffa12dc
SHA256 6d718e116e5e99b58f6207140c8d477138417cfaff0aa29dc4ead3115692d06c
SHA512 ba9568cd907d9bb3d789549025c493f915a244d6c8c24b4134df0533f7ac4246251d7e4dc559e72742cf7cb54ce6798c76f16471ae76749f14348eef05afbb59

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LK76EKKU\ucsCreativeService.1.0.4.83.min[1].js

MD5 0848b540e7cefa19b6b90711e600470e
SHA1 15a6d705e861bdbd6e4620f3982c4cdd6581bcd5
SHA256 5e8cb94e51f938396c62aab378e9cceb8d94c008730084188aac207e8151697e
SHA512 6a33f5b167ebdb7ed2c21d1061603d61577a366b833155400a687cbd83e108910a4a58e29b36cae96b51828e4d0d7c4bd714b4bf2c8c6834225839a5287288b5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EXL5J2XF\meversion[1].js

MD5 0b307c674f51991919d5dcaa75f42c61
SHA1 875e3f67ddfb61e664214ae4c3994b18fee6760f
SHA256 ce63a8c003597198f5459ba4cd2db4e6ff780bb8ffc33f1538e9d12977d30c37
SHA512 cba5def61489a4742be1b68f37323c547f038194f43e7b494ef445c12d999c504698d0aa39ac126bff47114c840a5e0ddefdf7469284ac63a1e132b226f58f80

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LK76EKKU\RememberedAccounts.1.0.4.83.min[1].js

MD5 e3e4724647e959b9fab3ef4c4ae2e647
SHA1 5fdd2ae3adfd2b46924b22eef13ddb86e4a71291
SHA256 bfd0ed30bff483dcf953da5806d86803f73607e82a2e0cc85b546bd5d2fb458f
SHA512 673498f99b1d608c5169acb8005a847a2bc11f48f1827a50f7e346b916ccb52c9f838329b39fed437efad27e772a66ea5861a3f4d06123acc052a9a58d0faa27

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LK76EKKU\bundle.core.react.moray.1.0.4.83.min[1].js

MD5 e65411d44cdf10d131eeca99aaff3cc4
SHA1 4975074b1d6f0a170946ac06ab47cf223ae3894a
SHA256 4cce5e489bea0a264e9951969d52280e7db3c49ef720384d4304dc972a0e4984
SHA512 98ff9bc6d478e9151b64f1fd4e428fcc54b1e4e5b481c3b5123fb4a3df01bbebb75e2812dbece0ac1b26df031ab18eeee4707f6ade0ef7109aef4a136b27aba7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LK76EKKU\moray.bundle.1.0.4.83.min[1].js

MD5 213e6a79e6807e56b162595b58de1ad5
SHA1 208209ec13838c75e7759e78bc8a2089dbf1be2e
SHA256 c8a01f26c87fb691e9b6311fa5e470948c26c7089901a065ae90d2a538e09b3f
SHA512 cc568d58882add52f79ac2e4299192505a427bdee49e1cfce3f7eeaa4c1d9f18dbb501efc6b291a11e0d8ef77527737f1e3ba7364e85193209d7a61f9e4eebe8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T1410QD5\savedusers[1].htm

MD5 d1aa658e556f3cd3717195b83f0ca8c7
SHA1 fd258ec5c8613d7bd81343f8759cd7fb8f67250b
SHA256 dcaa484bd8f5f93d1d0274114fb57e07ad22ae4360214e0426ad6d2b87b52476
SHA512 13ff997fbb6b24ffda1f03b0b090dbf8bb4cbb2ac21353105473f054627e02850e995b4ede47b6ed31ac5cff2fe153adb44e67eb2f24661c795011597b65c6e8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\IY8Q5B8G\www.vice[1].xml

MD5 052a9fb1848e45442d2f823a49aa9c0c
SHA1 94128aebecba03018b34a431748eccf4548c7ba5
SHA256 a3a584dd3814bc405a740f1670f2c6e9d6530a8a1a20593bcaa263584329b167
SHA512 918374b441e59e28d4b63bdf50cc3a9094f296194162c7dbbbadea54040a028dd558216502c67196751580cc0982b83a1a39f1ca7ea81c851de4aea8164a3b68

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\8MF6Q8GB\coast-228x228[1].png

MD5 b17926bfca4f7d534be63b7b48aa8d44
SHA1 baa8dbac0587dccdd18516fa7ed789f886c42114
SHA256 885cf4c748081f6e569c4c5432249084eded544d55f7c85cf47ec1aebe6bdcd6
SHA512 a99269cc3c0af6a291e5373c4e488eaa3900e66bc3342933da3a18caff5401a4408aa1cb4463fac649c3cc5d88773f789fb120e292ed956188f1f5eda8ca7633

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\GX7431PB\www.youtube[1].xml

MD5 a3b7300e1d8688ffa4921b143bd573bb
SHA1 ecd98bf52888a7d25ffd32e117c39b928f22cbf7
SHA256 ba44018315dfb2e9f75783711d770f0bd3d0b008b23a3cf495a4ec6cf9cb7549
SHA512 e9e79a74929e2e3ea410401ee7a681d83115f2cf430108a6503e9cf7b41131682c6c3d30c57b9cf40531e643964bc4451380edcc6227b6fff0bbcd75adbec48a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\GX7431PB\www.youtube[1].xml

MD5 d2d863e7e921a79745c3431dc476a9e1
SHA1 bd4d73b811b31bc5077df355a7d39ed0f66c2f57
SHA256 c81e7acfa0a7e0981ef754d4581a75025ca76461d9986091cc3a29b049acd0ed
SHA512 33c764bb707a555e0b4ceaeffae234b4c69d226bb7d646c4ead965e69d198148afc32d7bc176f7cf6235022105cb5dd645048c35710d0977076c856afffe175d

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-23 13:38

Reported

2024-04-23 13:38

Platform

win11-20240412-en

Max time kernel

3s

Max time network

4s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\poster copy.jpg"

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\poster copy.jpg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
NL 23.62.61.138:443 www.bing.com tcp

Files

N/A