Malware Analysis Report

2024-09-23 11:51

Sample ID 240614-qbhaaasaja
Target MEMZ.exe
SHA256 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
Tags
bootkit persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

Threat Level: Shows suspicious behavior

The file MEMZ.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit persistence

Checks computer location settings

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Runs regedit.exe

Suspicious use of SetWindowsHookEx

Opens file in notepad (likely ransom note)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Checks SCSI registry key(s)

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: SetClipboardViewer

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-14 13:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 13:05

Reported

2024-06-14 13:10

Platform

win10v2004-20240611-en

Max time kernel

274s

Max time network

277s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings." C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings C:\Windows\SysWOW64\control.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use." C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer." C:\Windows\explorer.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4148 wrote to memory of 4248 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 4148 wrote to memory of 4248 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 4148 wrote to memory of 4248 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 4148 wrote to memory of 3228 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 4148 wrote to memory of 3228 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 4148 wrote to memory of 3228 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 4148 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 4148 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 4148 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 4148 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 4148 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 4148 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 4148 wrote to memory of 4508 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 4148 wrote to memory of 4508 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 4148 wrote to memory of 4508 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 4148 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 4148 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 4148 wrote to memory of 3836 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 3836 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 3836 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 3836 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 3836 wrote to memory of 3840 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3836 wrote to memory of 3840 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3840 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe82fe46f8,0x7ffe82fe4708,0x7ffe82fe4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3045255770440448582,6591554544623447837,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,3045255770440448582,6591554544623447837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,3045255770440448582,6591554544623447837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3045255770440448582,6591554544623447837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3045255770440448582,6591554544623447837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3045255770440448582,6591554544623447837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3045255770440448582,6591554544623447837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3045255770440448582,6591554544623447837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3045255770440448582,6591554544623447837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3045255770440448582,6591554544623447837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3045255770440448582,6591554544623447837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3045255770440448582,6591554544623447837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3045255770440448582,6591554544623447837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe82fe46f8,0x7ffe82fe4708,0x7ffe82fe4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3045255770440448582,6591554544623447837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3045255770440448582,6591554544623447837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3045255770440448582,6591554544623447837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe82fe46f8,0x7ffe82fe4708,0x7ffe82fe4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7497866066381478543,16253734057035525939,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,7497866066381478543,16253734057035525939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,7497866066381478543,16253734057035525939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7497866066381478543,16253734057035525939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7497866066381478543,16253734057035525939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7497866066381478543,16253734057035525939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7497866066381478543,16253734057035525939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7497866066381478543,16253734057035525939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7497866066381478543,16253734057035525939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7497866066381478543,16253734057035525939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7497866066381478543,16253734057035525939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7497866066381478543,16253734057035525939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,7497866066381478543,16253734057035525939,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3708 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3d4 0x2ec

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe82fe46f8,0x7ffe82fe4708,0x7ffe82fe4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7497866066381478543,16253734057035525939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7497866066381478543,16253734057035525939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7497866066381478543,16253734057035525939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe82fe46f8,0x7ffe82fe4708,0x7ffe82fe4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7497866066381478543,16253734057035525939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7497866066381478543,16253734057035525939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe82fe46f8,0x7ffe82fe4708,0x7ffe82fe4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,13998905054486684063,13492531803949491542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,13998905054486684063,13492531803949491542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,13998905054486684063,13492531803949491542,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13998905054486684063,13492531803949491542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13998905054486684063,13492531803949491542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13998905054486684063,13492531803949491542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RestartWrite.jtx

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffe82fe46f8,0x7ffe82fe4708,0x7ffe82fe4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe82fe46f8,0x7ffe82fe4708,0x7ffe82fe4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8935701923088129412,11460288694740714423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 4.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
NL 23.62.61.56:443 www.bing.com tcp
US 8.8.8.8:53 56.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 google.co.ck udp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
US 8.8.8.8:53 www.google.co.ck udp
GB 216.58.213.3:80 www.google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck tcp
US 8.8.8.8:53 228.187.250.142.in-addr.arpa udp
GB 216.58.213.3:443 www.google.co.ck udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 consent.google.co.ck udp
GB 216.58.201.110:443 consent.google.co.ck tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
NL 23.62.61.170:443 www.bing.com tcp
NL 23.62.61.170:443 www.bing.com tcp
US 8.8.8.8:53 170.61.62.23.in-addr.arpa udp
N/A 192.168.178.1:80 tcp
N/A 192.168.178.1:80 tcp
N/A 192.168.178.1:80 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 id.google.co.ck udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 54.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com udp
GB 172.217.169.54:443 i.ytimg.com udp
GB 172.217.169.46:443 www.youtube.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
GB 216.58.213.3:443 www.google.co.ck tcp
GB 172.217.169.46:443 www.youtube.com udp
GB 172.217.169.46:443 www.youtube.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 support.google.com udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp
GB 142.250.187.228:80 google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck udp
US 8.8.8.8:53 softonic.com udp
US 199.232.213.91:80 softonic.com tcp
US 199.232.213.91:80 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 8.8.8.8:53 www.softonic.com udp
US 151.101.1.91:443 www.softonic.com tcp
US 8.8.8.8:53 91.213.232.199.in-addr.arpa udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 assets.sftcdn.net udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 images.sftcdn.net udp
US 151.101.129.91:443 assets.sftcdn.net tcp
US 151.101.129.91:443 assets.sftcdn.net tcp
US 151.101.129.91:443 assets.sftcdn.net tcp
US 151.101.129.91:443 assets.sftcdn.net tcp
FR 52.222.149.65:443 sdk.privacy-center.org tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
US 151.101.129.91:443 assets.sftcdn.net udp
US 151.101.129.91:443 assets.sftcdn.net udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 91.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 65.149.222.52.in-addr.arpa udp
US 8.8.8.8:53 93.82.68.104.in-addr.arpa udp
US 8.8.8.8:53 46.10.230.54.in-addr.arpa udp
FR 52.222.149.65:443 sdk.privacy-center.org udp
US 8.8.8.8:53 b-code.liadm.com udp
US 8.8.8.8:53 static.site24x7rum.eu udp
GB 18.165.160.115:443 static.site24x7rum.eu tcp
GB 13.224.81.18:443 b-code.liadm.com tcp
US 8.8.8.8:53 ampcid.google.com udp
GB 216.58.212.206:443 ampcid.google.com tcp
US 8.8.8.8:53 notix.io udp
NL 139.45.197.253:443 notix.io tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 108.177.15.155:443 stats.g.doubleclick.net tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 115.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 18.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 253.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 155.15.177.108.in-addr.arpa udp
BE 108.177.15.155:443 stats.g.doubleclick.net udp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 api.privacy-center.org udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 push-sdk.com udp
GB 13.224.81.114:443 api.privacy-center.org tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
DE 23.88.8.123:443 push-sdk.com tcp
US 8.8.8.8:53 123.8.88.23.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 114.81.224.13.in-addr.arpa udp
GB 13.224.81.114:443 api.privacy-center.org udp
US 8.8.8.8:53 uidsync.net udp
DE 178.63.248.56:443 uidsync.net tcp
DE 178.63.248.56:443 uidsync.net tcp
US 8.8.8.8:53 56.248.63.178.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 answers.microsoft.com udp
CZ 104.64.172.89:80 answers.microsoft.com tcp
CZ 104.64.172.89:80 answers.microsoft.com tcp
CZ 104.64.172.89:443 answers.microsoft.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.64:443 login.microsoftonline.com tcp
US 8.8.8.8:53 89.172.64.104.in-addr.arpa udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 13.107.253.64:443 aadcdn.msauth.net tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 identity.nel.measure.office.net udp
BE 2.17.107.219:443 identity.nel.measure.office.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 answers-afd.microsoft.com udp
GB 2.16.233.202:443 www.microsoft.com tcp
US 13.107.246.64:443 answers-afd.microsoft.com tcp
US 13.107.246.64:443 answers-afd.microsoft.com tcp
US 13.107.246.64:443 answers-afd.microsoft.com tcp
US 13.107.246.64:443 answers-afd.microsoft.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
GB 2.16.233.202:443 www.microsoft.com tcp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 consentdeliveryfd.azurefd.net udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 219.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 202.233.16.2.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.253.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 8.8.8.8:53 answersstaticfilecdnv2.azureedge.net udp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 152.199.21.175:443 answersstaticfilecdnv2.azureedge.net tcp
US 8.8.8.8:53 211.138.73.23.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 13.107.246.64:443 acctcdnmsftuswe2.azureedge.net tcp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 52.168.117.171:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 171.117.168.52.in-addr.arpa udp
US 52.168.117.171:443 browser.events.data.microsoft.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp

Files

C:\note.txt

MD5 afa6955439b8d516721231029fb9ca1b
SHA1 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA256 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA512 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3a09f853479af373691d131247040276
SHA1 1b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256 a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

\??\pipe\LOCAL\crashpad_3840_VMFCMHXCECENCNLP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 db9081c34e133c32d02f593df88f047a
SHA1 a0da007c14fd0591091924edc44bee90456700c6
SHA256 c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA512 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 29875c995e139ee7f60b6b08a3d742ff
SHA1 c3f68225ae81aa5ba14c196a4cff8cb4edb527a0
SHA256 8fe31be0c7119e9ae52b91dd517b54370289795e1db378ede751ca28dc76131f
SHA512 3de327bf6fa3b31764daf89c12271b0baebb68739210e0a41fc60d3b1576f31b365556fcd43d230dee350f23f67c40c364005cb1e2a5bf1a75cefd7b9922a626

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 063fcb9f85ad88911931ed74921c2c33
SHA1 a0b54a6e7463baba1ecb2a917c1f1405d1ec2372
SHA256 5e67c78b270e973e1424f8b5ce24d20f927faa5189b82425526778602b561ba8
SHA512 3b1a9b79d1d6afe500ddfdb4b45de43c6b3d611a57cf277e4403c44f71d29270cdd32629727ba5d54ad1d563a6a2e871ede4b39a9117215b4ec1c05aee1c08b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 78e375037d5f1beca7df799f511cbf29
SHA1 a26acfed31b99c1f323b5262b032ca7e974961ff
SHA256 003e58b51015591a1eed1a24eea209e68612c174656da2165bc849492d19b76e
SHA512 931879aa9c83a0a4dac273f5f54f1b89358c78bcdb976ec203c50a28bcd692f635b22fe21d9227ee22620fef23f08f21bcf3639ebcbcca8b5df7352ae1a85201

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4a6997dad1c7f3c661fa6ef4bbb062f6
SHA1 0cb531c454bafef4828181c668b17b560062fdb7
SHA256 92735fc3412e3f7f8a866a5b6b8d1ab74bba833bfcc64fff9841c4890fa7c113
SHA512 b9116996d8bc8e22f348cb8001563fcbfcbe3c16bf6efa1d65946e3d13824ae0d6bdc5eacae2f04a7dbdd6870bb79caf47712133b55afd6f843115582ccc5196

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2892eee3e20e19a9ba77be6913508a54
SHA1 7c4ef82faa28393c739c517d706ac6919a8ffc49
SHA256 4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512 b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 995910a9a045cd772babedeab368306d
SHA1 ba0d89af385ac2454ba5490bfe6d74482e1787c2
SHA256 cddfa3a4a0c6656899e074ef3dfdaaad1dec1613ee874f53337ef63a86a97731
SHA512 61352151b88542bfd49541b361190144be779d2cfe9c8c62bf0e1b6daa4650f8a998fbee2232c00ec0f15047efe47955b32b4c0086b92bd8d8ef6ff8f2d9bfdf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 71dbdab00b151c20b83b5016538a7063
SHA1 9bb4ddd4af0b5707fa946b40cac60331e6400d97
SHA256 78cc04b9b1dd8341850f5aef948cdd3cadc60e6162e88bc2aea38587e2ee7779
SHA512 54e5848d19020348c942e68a0a83f2d7e494d93f678e6de0cc24008904db968b733fc2f99e35fa20374fa5662ce58beb8665b71ff081e3c1e7b1ca09857f6238

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c100761ddcf7c680963f356f4872d6d1
SHA1 64c7ce642f12fd8359e21f0cb40518c2e70eb803
SHA256 fe05c2fbe8f648440bb2a03cb335c374b101c3bf2c50ee7c46a3a8b340f7eb22
SHA512 fbaf8a342fffb32688a4c31fe66e719852dc7cd17cfe4c779b7a6452f756309f7b7179aa6738a591f818c107e05da32f3594610c20f7a5e8e236fb6b3f54e924

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 83398c4502a7e5ad60a9869b610eeb52
SHA1 de4aa26112cb06e2ce4eeb2d79fa25ea7210e6d8
SHA256 a3ecba020355590191d787158106e9e74e6234dbb7a1f708b49fc72771d8e23f
SHA512 fce6ff702f57d29ad7fe37db8feaf993d7d5ed71f00b2c2719f2798fd5562c8fc8f44059f195bfc1cb5e1722030b5fab82b1a623451e22939111b1fa1fd8b4da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bc42b5af53247aab7035f2ce611ffa4f
SHA1 6b9cfe63a5c29f715fb9e7128562b59c7769d805
SHA256 d79f98af8565c1818c584417f5a18257e4dfd6a7e0b97fae2e32ab5f12aa7ba5
SHA512 f9db726f93d222b5901f71c34aa17ff3560c42f0141ea63df5e512d72d32eb6b1af9daf344019535802ccc6157556e465fcd17cce1e58d0bc0eceba850ebb3a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4912f07d86bfc63cd6a44160f69251a9
SHA1 962080959ece3912af0f0a003b570a333085aee7
SHA256 d52b5b28bad61b4a950ddb43407037d32dd10d1e52f76c9949b1f845ab063b71
SHA512 49ffcbb5ee99f35b4586d14077ffdb18f052e315c8af39962ecacb596dc025f23f83376c090a211945d9789497d61fa300507f51e4e565b9b18a29db5c4bc2a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5859f2.TMP

MD5 a38e5e806ec62ba96f6b66496ea7086b
SHA1 349dc2f8bccb20227bd581621e1dac3d1ab833e0
SHA256 ef8c6d99581ee3a1d48482fb9d8b08af83878858be33a589af98e7f070293996
SHA512 c343c31f3b64bfc4125e9ad040b4e40a466f8ee865903f3c7eb79acfa3b8b588e85cc26c24ea02afe87699786bf62d5371e5755ad32090d7bfa307142055ac53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 93bc03f034bde55e12847bf931204f10
SHA1 5baaf1a64ab8d76af798065dea2cc680d73fc712
SHA256 48276b498b6eba0f69c36a6876d2c0ff3901826d32cda02c7d463baa49f78869
SHA512 df8846fd351e4db4b8b574a838ac3e2eb40ebb9ce70d1bb5959ab9bcb563428492ec2804262880c4d1249d42fd5ba6f2b85d39962a8b1f8d77692e58643b0c48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 76de7d13157471c08998b0234f87e261
SHA1 063633f88fb7a9ad5d87393a94c40f4a671946de
SHA256 aacb06942e3548e73bbcbc5c56785d95ead1f308a5c7c0366467cac516bfa9ee
SHA512 90c377e1f6bd0b52216b3161b7b7328492a5d253df64d5ac05d3d56cfe17f25e906cc685f299fc72252a303a31aabea92da9d0fc2381641b2097c368eb2e5dc9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 da02228d420533607129b5acf35dacf9
SHA1 6ee15c887febfb0750db734d51fb64e41d3a90d2
SHA256 b17c35d0b57f4e3ca062aa8875b5c20ccc61525cf68f4700ef5aafb40143d19f
SHA512 6c5870116e08728e089eff23c0432d6cc53db56d68325964f4fae3bb6f206a0a8e3d62ca192b56d3fa837ad9014ea7fb5f526055c0be34fa1057041f8aa9e423

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 5cffb4f989722e2bad3d2d8af49e99f1
SHA1 706a055af2a2c3f6269d876536c906dbb6df5040
SHA256 aca3f9fb7e46fe0c8e033de40eb572becd63f4706f489d88c0e9198ccd2cf88a
SHA512 597919fe6c1698c50e2544ce642bd6aea0737f6f2f27c533534ee5505288953df084c915cafa5cde8b152dec45220c52931e5c259ab4900ac4f87c9b9dfcb744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 a5a58b7a66c205a1b5c147fb2c942d46
SHA1 a86dabff2a61cddab289b5e5223522f32662131c
SHA256 a28a9d2a91d244a2b8de67c7e6374602c58f42733f3924e8c0070ce4545be10a
SHA512 0c4c9c10136ca7b94a937d95e306b68d2291b67aece2cbca772f3f6daa8c8cc18070a2f9d973038f05a1a23eccf92cd0c7a3a88ccbc288076485889d789ff28c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 f8a1ef8e9162462dc7d188f59dc11809
SHA1 b69faeadf62c44c00344a86fb2947e73471071a2
SHA256 a999fe642e504c85f270c31e35c2b01a15f6b870e341400b5ace400e8e54b5b9
SHA512 462b25eac6415fbb9069c77c906bde159830f064512a8fea8c188b9f62b4e47cb6ebaf4fa3c576fe992a10b719f8311542989ac633bf40b40ea523d85e699304

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 ad22793dc60154028138ea6206ea564d
SHA1 ad2dc6a5abd5c871232c3c76bde88c44f8412d2f
SHA256 1b785298e1b4f23108c9cc404f3332113f04968f49e407f91fb220fda6666b12
SHA512 f2e2685ff1399897f2ddd798740f9c4cd7703b08fed32b7d9e5d0bc367b1d12f99995d8c5d61a5da68bc6450a6a4e6e4067b2eb0ff6ce803d06bf61416a1eacc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13362843957146909

MD5 39abb337ffaf263bce8fd2ae40ea1829
SHA1 97d0b252930932e933feea1e48e8b40fd07c8be3
SHA256 bc7af9c06ec73c5109c7e6a2c5ba9cbc9511c91cf78792fad96111f02b70f124
SHA512 bd521a51e0f85111c4ec1b872951b5927835ccae09f3d5fc7f07a2b591a9fa3171c978097f3bc618f1efd54871fd5c953460f3208982cc1128210d20f3684bb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

MD5 a89e3ca5265d0cded7a87b42fe034afb
SHA1 74b4ebbb1aac00240725cf07569e46402e7da54f
SHA256 3a6594fdcec5b3617ba2152cdb846e09701503f09901fea7aebbc4f86e754a24
SHA512 28200befe6770c1a5d1edf996170deb1dd5bbc9e158aecd3b4a4f5db9322ea224cb691e59977c0942bb70d835064babc5f46c123e8e021eda1b4d718c297e79d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 db293dc7b842e24479369730067d5ab0
SHA1 c89de4e71f5928469ba742d009930946f4a82a97
SHA256 660bfc94766c8d42d83d1258f26c62809b6a1437eba4f593b7449d3a28609ca7
SHA512 db5e5fce511d23a2533625d414f4ab86ea978723aae0cc90866da085874bfd2c4173031e405629b1610d133d59c8877be961ab0243bd51e172e131be9082bcc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 d3d41c6add377da478a4e041c4bc28f8
SHA1 026538d5a87a80a155c9242994e38afcfbefdf50
SHA256 4fbd9f3961113308bf7353e734e4a89b17ba9b2546c4a1a788873aa50bdc79fc
SHA512 42d8de3773d40e7e329816c274a209478006819059a6cee2273278c47b4ee6ef28d7441aeaf5ad606c7d9a73df45955db160c4c6603cc26085db6c3b61d1e484

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 2b7cf3779c5093f9b76e5f4f0e7c42ed
SHA1 779c3926ff5dba3256a8251e790c2c032e0575cb
SHA256 883ebe2699fbb5416b4b1dd084216018948f107f8357b992fbcb68ae585b9940
SHA512 1c6167802fb4bf48571f0e881e869b72abd9a215e4f874054e7b9971117e7fbe82ae3f4ef0f3970850508bb7289a6ee20646a0d9a5fabaa367f10918a0adc4fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 4da0563a99f44fcdd98424e7f730f09f
SHA1 5323bf8711a609dff078176ab4b0febedd6eeecb
SHA256 ec11fe16a66dd1594cc7a3dbe0e5fde38297dbe89794b4e5c734780994f58329
SHA512 ff52a77857fcaa56753585d3bf9013210a8b2e3a49666184047661e6e9896f29319aa819d8d39fffa9cd583fcd5121f263c3a4914a247ac55e869c1590a87043

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9e901e30cdadc05342ef542c07fd6430
SHA1 95afec42ee54e4188ce446a65890d00a97260c4a
SHA256 a6f99a9a76c9125efd862615035bb2950bca4365e0c5573002b68240a046ab81
SHA512 8d1f9498fe88ed9822b5a6fe44cedbf15ca52c046cc04a500639251e8e841e252999604b951b3d75130b4388c02803ef19809e8fa3b68e6a332c15800c0e30c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 d8dffe0f60d737183654d6da928e0a8a
SHA1 492ddecf01de9058664b9690f04bf6616d40d3a3
SHA256 4dd4dfafc0d28b3569a972aa0e675bca55e805e1551f77338b299a42072b26cb
SHA512 0961dade13b119dc6def01740f888a12417c9139db575b6fc9668946dbf9478baf41234b5d91e846925e64b6abbf3c9b8e1c014ef99961efefab8118e80a29ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 9f52dfe7d0252c41678692a63bfe0307
SHA1 ad8e12006ebeab6e4521b5b0881b53c6795ce3fb
SHA256 67a4fc47972897bf471ee6b71efafa82feb57db4749af523b2d0d2d5180aaa39
SHA512 bcd2f76db80beae1cd1d0ce09884fff67c90ca222256addc744cc7d382f34655a6285064a53ba713ade2bde6a70131e6a55273e6e6340e985cab65b1800810ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 0fa89723027cdced29b14cb4ca506e41
SHA1 5c332cd26f40984cef811ff42bbe96df1f2c51ae
SHA256 896c873829be6abf36d42a0d902175d0d36d6b25fd35a3da104b09c47d7fa631
SHA512 d0061f4f12d1bffec286a695c96ff89c1c35748e96d772ba4f7542602245a23d1a38f297d89690a55376f2c27b09ec95ad58f8f837aad84262d189c1a0511d97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 f7ade3c5acd798f590d733988b097c50
SHA1 82c47b5c92254cafa445bf72e134637b25b8451a
SHA256 ed529a1e4cd3f28b1a9433fc24507919f45bbb23b3e82869e299e0344392e9fd
SHA512 70f5486b17c0c7f9a8ceb2ef9c386bba4d585086117475c366d3058e3b856fd59a62a36ef962641c488563a7b33b937a487e0264cff423db4a54137d1576d7a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 e4733f58847ca452806c20e1dea77866
SHA1 ee51ec0ed5ace31d90326d4135a5cf9dcb47f00b
SHA256 b5a0c796af0e195e18fe8445e1e0f0fba51f55f2d48b6a28f09dec3f02245fa9
SHA512 1d2524a18ee40a6323ccc9398a65893d7e9d0318e362faf73af61f1af84958ec15da27a112f9db5421113e3aa6c8d52bb275c60a11300ac8d9750c63fb4f2e29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 878806703f45dbe15e76f1fbb1533dce
SHA1 f03f2494b6d520fcaf2b4b0ad1c05cd5cdcc9b7d
SHA256 71d9f3a6427941b843bfaa7a5b8449f2658e0ca24291e1f03e0ac72945534b0a
SHA512 f13802d80dbdc3050a1d626eb4d1acdee05427e1cb91baf39ff53a12be3e8f794206144c5ff558e0e46535ea16d7a488bbd40bcad2de851f2a30100e24b1a43e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 abf4fc9dc4b54858e516e14575b217d5
SHA1 505623168fc34d4c3c44a7cb3e6600063deb4a99
SHA256 0a6f156716c0419d02dae9a3f20cb667ac982a91d13882aac87659eb3bd7a10e
SHA512 6bf7672246b5c3659c37c75d043c11546e3160a51bad4a899a8197f6bfc415f280ec7ec754ba369dbbb2b50424c0fbdd3236f13cc4f68a8bb9f996d7fe3d1840

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 0e5d6f0cd0f22fb106ab7ca9766dd454
SHA1 9b7f1ca1c8ba50b1b1245a9f6f6b070d76423bde
SHA256 d63cdb8620aa80d8bac2c57fbd1f245064cc0ad1f5fafdb08a823adb69536d2f
SHA512 7020316e3e08d3514bcfbf15844dffeae97d970c65d6ffd6aaa3fe59b7ca80b9e84cb10040974d087e948c18525be779fbdb7628289fd5b0c724abe72817bf9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 107942c38f7ebbb7c55ac9f220a5b10e
SHA1 6db2eb2f56c4249e88298759d324a993cb97685e
SHA256 110712d9a0c59e9e0a23cdffd2704e6f35f7eddd3a3f9394a0d2caf6a74de410
SHA512 068c2d70c5ef96b953fb0151a5919e429f04980f1db8c8371f7a76f4b30bdc17377f38b608dbae86a31332d6a4b4eebd84b9e8497f5fcf3d48733ddc42044896

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 761d4f73736d8a552fae35414db430dc
SHA1 bd1a50d908d6b54b123a03139948edede190fb1e
SHA256 8d6f26527d4b597e77448f2db41b1c547b895dd39ae685df7c96145d70c6d05a
SHA512 ee2f62bbb8d1f9650933f73937216f9447c326168c55f578bfd28a1f3a0ad82a3ea7f453039e172209c5a2ffe33b8e402e457e7fc8f557df2e83ce68cea67dd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 2c398cc0056945d393ba2e2b90cbaef0
SHA1 38793e1a40e6764f63b92f1d375ca3d44ceaf800
SHA256 731e5af65b4ce928f99c4a74ee60181e054f2f0b27fafb952d1eba7d3325ed1c
SHA512 cb983c0ccf597a72be8134eb4f145215d672061d529d66afd7dc98fdead40ea69b9b4854dcee35933a5c6aa69e72db34155ae405426e12b1a31fb1944f2e054a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 9cba05c67d33442b3634a71c68a7045d
SHA1 a5dc83baa9c38815b9c0e7321491c5e80aac9048
SHA256 1e53c5346e7e3f6c7c5645e2d2c580bcad570296effe28302e661cb469bb5edd
SHA512 fc270046c520ca216b6dc5e43660990735257b388223d13ded90001aee1259108fa83985335c8b8dea8aed9eb6efd6135077db33ab7dc9d6551cb53692188fb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 77c3a8837e6acc56481e787d256b9c5d
SHA1 29b16340420ae766bf40af4c666f2df2a622f400
SHA256 39695f18b1a1ff092d5bb35af8a020056356f03e25abe96bd081e7e89145cb87
SHA512 9e01e190970692b086e207efeaf5e3fb324a447a7729d02453a6450855fb7c7473568bef79b8ad92a04a86c73c6ba48d0227f535bb504de8855ac12e352792ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 7b1cc0877daa2c019ace51910bdeab4a
SHA1 39b231a3decedffddb4bb5d8309700709b112f6a
SHA256 f6f0db621c3e944f70d10b0a80b896921465c4d657a686a584646db7f99328a8
SHA512 6976843066340e226278397dd05cfc3b604ec526e26742cac0bf28beed3b39d3389b1ea2fb740ca0af9a262137caeee3ff38835e714f23d73d823f1ec8418220

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

MD5 8010c7b4e337ba0e504ca1de6c39ee4f
SHA1 66f7314ac325bfc9d6aae73b363a8a9cf8b1caf6
SHA256 c1ed7506c0799c5594405387604260ee34d04d3cf1bc48966d3bba948e18fddb
SHA512 10988c9c8b7b28c574ce3a3d1fdedcf8ed65f01f746a269cd05f405663dc3854ba936f673cf87a7a67f82db89fb89f8ac2cfc0ff2fd34472006d9d9e1d139b18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

MD5 6bc4851424575eaf03ebe2efee6073ab
SHA1 2d014fe2feb929d03a46322645a94556ca5c9e96
SHA256 abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e
SHA512 af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

MD5 fc97b88a7ce0b008366cd0260b0321dc
SHA1 4eae02aecb04fa15f0bb62036151fa016e64f7a9
SHA256 6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e
SHA512 889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

MD5 a33b3a3fdf5161be5bd861804961f557
SHA1 68a57897f1686a3e62ce9808165e18f31661d077
SHA256 ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560
SHA512 c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

MD5 596c754665dc3ef9437ef542eb4b130a
SHA1 2fd7ba914e8df3314850a0f0085d5388e7d45811
SHA256 bc79b14f5edf047445a5ead84ac1c46d8bb2e8015fe8465f1ba90a8286375500
SHA512 d224eca48a06915370fd20858d6250df1f19a8990ec3bf2230fc5d72f1b5f356f609a4098fc5c22fcad8137734d4adfe9d69f0e91836fcfd6c1c4464559168eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

MD5 679aaa8538faa9fc0e7c0d68bbaa9761
SHA1 3fd37866e821e2884ead9efe6ccecb2731a897e8
SHA256 bccc81aa046d717f47c1d1be2e85044d3b98e44bed01d66b17affb8b88595a89
SHA512 5af1d57c49b912430a74f5bb6d5e050e97f1cc11d18525d659faac3f806fa9a4861477c3c322824431d1b65f038df346f6a3fc7a26b92407d927907b86ced30c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 c2e8adea44ace8b677960c89a1ae5484
SHA1 1e208f1e5adc135709d21402dfbfd627084c3061
SHA256 ee37807841b400f808745388671b1e2048b79c6a15aab66d9f4f116922eb0401
SHA512 0fb02a43a1a33aef690a818cf01b31753447ee0cbf0fe396cd97a1eacd8d4a18fe6ec1ad83dc64bbafdb458595210e9cb9c78141b51406a2c6ec6b6ff967defb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 fe2253a7ec976d2646ca40c8f6b73af4
SHA1 d06189cf47abbf7dc3a399415db0023b2e873855
SHA256 d44b2947a69f197e53454ddc3e38baa0223f034341136435b143b7505bc96f83
SHA512 3979e4a2294ad0cb1060f5cad39e8bbca9cfa5f98c2b46cf387dfbf2771737ae4ada16dfb7c691559023ff3bfb8dca8e71c0c0f7cb5e0d6797ae5963827474a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

MD5 5f1a1722a4555cb0b9771a7559e7f2d0
SHA1 ae849d10553815088d2969e08f5f49589ee805b4
SHA256 cb3a1b1654d059b20078e7293cb2645b7ed7c91c702ba22e3a49f8dc510a0b04
SHA512 dcabec77db1f310af33ac29934ad76b4788ea35e9a3c6df3f8129d2c0701b14c93ea7475a2d11c90fcd42301c13465474d06707cb28e617cded2a256125c5ce6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

MD5 f85f87e5b3ec70aad817a3da3a72f723
SHA1 aa6e4dd36689156f19a2ee56598e900e35e27303
SHA256 d4c924200b3bbcee71cd4330a6842ab53ae18a31447d66de7afcdb5c66e9dade
SHA512 f29ba0b4e0042ddb8a6b1775d3fc49b28ad15a6956184e5a291189e8cf690ae07f29a2a90c010c09ec62c066abe274c815b81c86c940628ee9141a165d3d0758

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1bd62580ba252e51ae03a5b271b14dec
SHA1 c11886ef5e9364db8e2265e0ead97a08e737bf68
SHA256 9bcec25cba7d1b4dabc9dd4615607f20a3b4174c18888b82fed4fc0520fe6802
SHA512 e455fd8a18c442693c93d6e7de2b17f30d2388162b605791ba1b6aabf7df6df32279dd1fe948532793461cab8526a6abccf38dfb584071a94d471d4e2ef7ad22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ab944f5fca3c83d86ea984e885384af6
SHA1 0dd14d617c47c70a7bcb3159d669d1fc137af2fe
SHA256 f02fa567bf9c74ff7b7d576ef8aa257f651827b2f8aa85025582cf382281e5d4
SHA512 4e21d83090824a458364f7f5ccea93e10e14aa874926828884b31ac588ae9d4a8946288ea877f6aa09e3108d590647aea4ec3b4e156542b3ff51943d1ed650a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3704e6f2c6ed6090c93029558d633322
SHA1 26cb7f17bdcb6fe0ae80632c17f04a836eefbbb0
SHA256 94a597a2035bfca162222f507f8abb049762dd66f12a3ba35826960a889aeff2
SHA512 2b3d6b799ee014e2478c1bb367d9a0597432fb635beafcc6b5dc3f94eab4063031c9f8c21e80feafd3eb9602f3b3e3dd10a5c0bceff5ef5c9c2798f17742a436

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 99916ce0720ed460e59d3fbd24d55be2
SHA1 d6bb9106eb65e3b84bfe03d872c931fb27f5a3db
SHA256 07118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf
SHA512 8d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7dfea71cf9900c81bedd78581d9f1e43
SHA1 be885371218b7a7d45791c230a8ce20663818927
SHA256 90768c1f47f5f105c78d632d1f32a4348b83f7ab1308765869615ccfecab17ca
SHA512 4a7a6e14c0d915aa6a6833e85798c141fc49d9d302a2851ae274b1c8096a5ed300801ad2d8f4411d8f20081384f013aa03df173cd066aed891754210ecef5035

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a397dde6f266705e7af57415544fb34e
SHA1 2b003802dceddaf997c686a9e8dd70508959d5cf
SHA256 d137cfb807f92d0fe37c115b7286122990b946d62654fd88bb3e0b2c896e23e6
SHA512 d1b4717d9a8e5044efe9206a4393e41c903b450d8e1d8a6b7bb0d6cdccc9de83537935df3a80eb5db0d5214bb7e305746790e0f0f3b00f8106ce7179fb7283f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b15f65fd9b46f0cea1342f5bebec0ef0
SHA1 0af2065c50e42d534e77b3dc9b66245da519a203
SHA256 6c225bd3e970a0f68e1e2e3629dd78bc71d0bf7ce7bd15a5545993de591a053b
SHA512 2062edbbd7eb6f44a8a6b65e89b363281b25081103559e1370ea1da3248563ed053ecce7ecc6bb728914b642bcb64d4203c1732a2124ff2c92cabb60b86bcb4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b56e09552d395362f40a5b895842095c
SHA1 762c1cfbb012d9cccba2b4938e58942088e956c2
SHA256 c47158f264246ae5f724ba2b0358f232b990ba9f5449c122beec2e3cbfb4a5fa
SHA512 da61c438c15e5012e3a91363d32d3cfde1f011f00fa9df32dfaddffe8ae4d06d2e7cfc3c32cee7dd31eff736179b0c2bf749cab9e2b53ed66d499f5518da769e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dab922d520d47547561c06445fccdc72
SHA1 fd897a159eb355e2299253fcb11d142ee5ed7fbd
SHA256 42d6826d7484da61c03f44f43afc03d3956e1e15060bf7da2f6f0f5446812067
SHA512 cbd36f18c029ba0ed86337553f720f086c193446bf31a1b48b6ab5ec78960abbe122b6356cbd162e148bde9977e90c40e5662d6d0ef5d64fe4c5a60f2bbd7fbb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e73195815cee3d65c53d6e1d7c6a3ce9
SHA1 3788e3a0f8fb1af09b28d872543d7f5fb14e0abd
SHA256 cce10d139014d3066916822b800f2e991921911e7e8dae53e1daacc8a6cddc23
SHA512 b28c1296a82d1911c31c2222214131a23bffc908bc0696b3cf28a5c46a9d60ff1c8d3a90a6d1c05d6af99a5ab78d4796d33db623c90156181803900108bc3458

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f177997abf180584e9ec3673b138be0f
SHA1 964d9d1128e480e8c4656f3ab2063497cefa6b2b
SHA256 54253fa0719a89a8112e2debdbf2b621ff43b4c2d6f0e245c9db3e98c3adf211
SHA512 b12899ee05e904559ce370fdcdf40cb7ea2185536d51b68a98314557a3e0c1ea1a922cef91745da040ca5099b639fd396fe9bd1e108aef4e5f906ad71e1126db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9d6c566fb2723d689722aa6854cbed4a
SHA1 738cad0b7f0dc17b9960b7c662c27025a4a710cb
SHA256 2cdaf95e092515644d3f904965fe2bab9834406792574ba09a3f791e1e94ee46
SHA512 e39782aa25efb32083d4b415e18aa26f5ca12c476aa888c2975119a03038967489aee87bc1ac3aea388afadbc1ead8fb27671b9281c4c5c856b0674acea33fe6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fde2228174cb026efbc43ef9f26aa1a5
SHA1 f20b4c36c1a6441a669348c934a30e87f7f2cb4b
SHA256 a2d3724975a4a34212e45bfd0886fcfcddeb7393b33ba54cdab9eb56c1bfd712
SHA512 dea9f9b60c2b0d9d5b6f86a16a84cea196822a12753a6b852e4d1a513503296d1605ec9237db2208df19c33de1838000ffe19adcdc6b792a6f1b38570ebee329

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 63dfe19d079fcd20634faa049c990ed6
SHA1 e6bfaffbc6a27c2498c6b67e52d106e7ce55eb6c
SHA256 1a35ce8bfd7d5603c17a85cc38afa4fde8f872f6f974e934dc6de9108b2e7faa
SHA512 32d88c379806b30db531dd325c8e48c35c237a78dccf51a9b5ca56cf3f10e330d2746213962fcc961a09bbf265a0270ae0f7f827565cf974fcb916eb650caebd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b245aaac4a7b96a07d0226f252bcbbb2
SHA1 cc2a47dbe97901b8f9f17fc43e27c01dd48e46eb
SHA256 a38c7b288f7efdfd8374df4cac6f5b1813eb5cbc59f093590333f441ab0f1acf
SHA512 e5c3449841fc333b4b0080374ab52886ae67939f6fa7e0030bb0c4898687c78774dc88b7209c423386e85c2ff9b8df54d9e5c1e7d676df87ea6fd2ea5f5c6967

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f79707cf-6f8b-4a79-a305-42c40391ef9d.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 62e9c950edd7681d01866f0b7756305d
SHA1 01cebc3b5788860d0ebbf10a72cadb946d33476a
SHA256 5f5bc0bd2eb685c4cb270b8c869298ef189e74454882ff7276004a93506ffda0
SHA512 b5a5c1ff0fac2289cb35ea71e5e6ffca2283671e89b810496e094accddc925eabc4c51731474375e83c307b90fd67dcd197c881229f8226ef48bd429b5a0449f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a9b467e56fcbfcd45a819a0afcf21979
SHA1 cd5bcfe122fcabe4c4181936fbed0c29674740f3
SHA256 024705933510f5d2742bce91a3e07ed70847b5ed03e1f73510f6bee32b8d79da
SHA512 3087c2166384a5415ac852f51f9b529b19f665d49b41180a3efd150d8a1781a870ff2ea8e68df00121a73f8dc12fdd6f04d1c3059134fb261e274d87b88dd4c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 91cda4a4c881ce5b12823cf3bdaa99e8
SHA1 9587d4b2dc95880f103225a2a3c0d56f55345002
SHA256 a85eaf2ce273022278e0623adc8782480ffb1095b2fe8b358867c116276c5cdf
SHA512 09ddc9006c23f5f6a46a7d1712139a3041220e6e1c67e783c661d5f6c15bf999dd852cde6f1707e43e4fa669b8798abc74c0bbae256358c9f65b48c45b522560

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 00b873d129f2eecd444a2c29d37204c1
SHA1 aa593f0baf79f409edc280aa5b6300b4a8163d3b
SHA256 b8371dc73a12c2f3ecad0864212dd8063e7d3037a5cbe0dc93e1544f26a4bca2
SHA512 0a38239407b66b68c15c9b882f2e8743b385a2ec378c03916c4e33689c8f180d7fe13b3985fa818b6af46878a527ccbe454c59e2b8e20e8eb6fda846391e59c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4a555cabe3dc92ae1eb4787ab23f6a26
SHA1 42003bbe8851a5ecc24948b9e0c915967f91d0dc
SHA256 1929d7e29f4404234575dbb01ef668cce05b3e52bbd6c2f512cdb20488ff7075
SHA512 2845860e1cdc3c7b628d08a7f8aec8fd8116232da53a00e632c93f4e3ac96e27b518099078a50c98130d7360c6fc9fe8305f7ffc3233186fbaa8c86eafcca3da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0a0ea1281596f5d4ff1edb4b3af0a352
SHA1 1929338e1484aa917b331990725a2e26eaa8268d
SHA256 9ce0f13e8aa31eff14b6e7941c18fb374d8a88706e3146989f79607e77855ec5
SHA512 519169f6a33c7e21aa323b9e75d8bbea67d635c898e62d72696f116b84aa9b0fdc4938ed0701dc7e3e51607a036a0eca51ab9b3fde34fe7308d5790a79397376

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2489554ae5b6b8bcc08f9bf0f6fe83d6
SHA1 a6e2aa582ea20bd0fba017112394895ddfafbb76
SHA256 d365aa323b53a5a3c50d4ccd4f728b059506635373f038aee4bc78f75bac9478
SHA512 6c57f2ac47ae41368a35c1df2f6e949d4ca844cd78f37e5968726db6c83adb27dc3c0381c52a60bb42eca8b5f382278f9e32a5f2d4c754f93684b020fd7838cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 079b67d1636c483df10d9912d755fd51
SHA1 c3163526859195c18c225319345e3ccad5d602de
SHA256 44b3b6d962d3d3562dc35122969e3eca3b7ae0307c65a534e5afd4e241d19c59
SHA512 648d6de71b5dbdf818354220e7d337e28a281cf8843b832ea0a6241edff429e5ba1cbf5766018ac4f863038c7f4a75741e6beacc8c11d4d930ff50a934626bd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 906ed2a0e8c027bebc78e2356fd30d59
SHA1 0e49a66c8099a4de7e270be5c8234484fe561f3a
SHA256 4d386f2c06ff1e2a0f871471f4a093a0a47d9e10228e5eb474bd5083eba4b6be
SHA512 ed4d4c64107ec3843bebe73c4fa30753a2adb354f9eba8b6dbbce72479817ce0cae977d8f461cd7be667a2c000fd9f88f14f3b84f98ae59b48144060afd7c7c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8339af32d4f11d381b5ebf524949544d
SHA1 234d3b7cd7772cdbe39a74b3f94c0931693d67bb
SHA256 4247d9e041894541387f387661cfe7f711150f3c2d0046ca23369b5d6e0457e7
SHA512 cf89bdd6a8d70ede3f321c0ecf2f449d4fdc6c90039c9f7f297ed7883e52ec568f7e2e22ca05546459c0423e4f72e15ffaed41698a72b6fa676c7a8b3c0c9754

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 994045a59a61d33dd651ce2484fbf366
SHA1 b8c4f75a1c8cfcefa4b6743576eb1ab504f1f79e
SHA256 6c677216b28741d604e1f0d0b4ce489d133c3d2fb8aefa319b7874bfc2326e75
SHA512 5895ca61eb1f62d23030ea72c78f948af683d5451e5d5b768640e83ae6920c6d1ce985ca59d5ce4ceb69f0003951cbcd92d523b8a85c52237e7eec0c815033de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f9ed5b9480d5ac30bdfcfb1443fb1404
SHA1 0cd9f92a794981ad898d84935602800f81f12f2d
SHA256 23b6e7903a7f7160e4f48c9caf2aaccbe10e09792a9c38d5a1334ed392a2dde1
SHA512 490698c2857b4e68f137aecdc259a0393adc98587336eb6403e86cfb1489c21fe221dbe228164c5019d00e3f9535b0a52f2d7193ed99475b58d7c801b85c6969

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bfc389f380e4bee334799dcb1f9d652f
SHA1 cc610ab22db244413530f69de02c8c9fd8914837
SHA256 30715dfd6e2503429ec01be75cbf30d4c290717c469bac398743370890a91047
SHA512 63f5782c646cbac2f032beb86d081572d766695e2b8324aaea1c953dc5457d59c6602ea42e1360b0b5fce30ef3e7216c1fb2cc34af266140195b593b45ea5123

memory/3412-1049-0x0000018424E20000-0x0000018424E21000-memory.dmp

memory/3412-1051-0x0000018424E20000-0x0000018424E21000-memory.dmp

memory/3412-1050-0x0000018424E20000-0x0000018424E21000-memory.dmp

memory/3412-1055-0x0000018424E20000-0x0000018424E21000-memory.dmp

memory/3412-1061-0x0000018424E20000-0x0000018424E21000-memory.dmp

memory/3412-1060-0x0000018424E20000-0x0000018424E21000-memory.dmp

memory/3412-1059-0x0000018424E20000-0x0000018424E21000-memory.dmp

memory/3412-1058-0x0000018424E20000-0x0000018424E21000-memory.dmp

memory/3412-1057-0x0000018424E20000-0x0000018424E21000-memory.dmp

memory/3412-1056-0x0000018424E20000-0x0000018424E21000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 13:05

Reported

2024-06-14 13:22

Platform

win7-20240508-en

Max time kernel

902s

Max time network

1050s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"

Signatures

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\devmgmt.msc C:\Windows\system32\mmc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000002bb396130d72e5284afad93db91fcf98dca4275d94edd35495a8279113a827db000000000e800000000200002000000070090fcbd9b301641270e2e22da0b0fd5aebd3d0f164156c4f29fde5060022ab9000000074f57172232c9b82aa07418fc8639f025a9b588a63061e8b70b66754879a6618c1e43c1414144f90fc47c9dd7a3c85a40d6a409d69aa567a907a4867d5470199f8fc7f394e4982223f7009dd978453af54df33a78af8db80723259e07e5670ff8db128a0d898de5c1dff7a8f011d328fc83276532f960aa9a8edc200ef83338049ae8c77e0bad321810ca45abdfe1346400000001cf73c1480baab782464b7469d5efc59d9fb6106cd2daf364da1e66f717c93b4631066bc2f1eb9a8d655cc5c6be4a034b0f4c5ddab83fd09c1743156c316363a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{817341A1-2A4F-11EF-A1DE-66A5A0AB388F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424532544" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CFBEB3E1-2A4E-11EF-A1DE-66A5A0AB388F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c00000000000000010000000083ffff0083ffffffffffffffffffff03000000000000008904000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{781C3441-2A4F-11EF-A1DE-66A5A0AB388F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Runs regedit.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Suspicious behavior: SetClipboardViewer

Description Indicator Process Target
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2844 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2844 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2376 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2376 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2376 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2376 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2376 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2376 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2376 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2376 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2752 wrote to memory of 2976 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2752 wrote to memory of 2976 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2752 wrote to memory of 2976 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2752 wrote to memory of 2976 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2376 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2376 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2376 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2376 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2556 wrote to memory of 1468 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2556 wrote to memory of 1468 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2556 wrote to memory of 1468 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2556 wrote to memory of 1468 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2556 wrote to memory of 756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2556 wrote to memory of 756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2556 wrote to memory of 756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2556 wrote to memory of 756 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2556 wrote to memory of 2260 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2556 wrote to memory of 2260 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2556 wrote to memory of 2260 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2556 wrote to memory of 2260 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2376 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2376 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2376 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2376 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2376 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\taskmgr.exe
PID 2376 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\taskmgr.exe
PID 2376 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\taskmgr.exe
PID 2376 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\taskmgr.exe
PID 2556 wrote to memory of 1892 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2556 wrote to memory of 1892 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2556 wrote to memory of 1892 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2556 wrote to memory of 1892 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=virus.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:275461 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:406559 /prefetch:2

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x1bc

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:472116 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:406532 /prefetch:2

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:668689 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:865303 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:2503720 /prefetch:2

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=mcafee+vs+norton

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1744 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1744 CREDAT:209930 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1744 CREDAT:472079 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1744 CREDAT:603147 /prefetch:2

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=stanky+danky+maymays

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:264 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2508 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://play.clubpenguin.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:209929 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=g3t+r3kt

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275464 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:865298 /prefetch:2

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:799768 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:603182 /prefetch:2

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:537653 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:1061929 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:1127469 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:799924 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:1324103 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:1848402 /prefetch:2

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:1586356 /prefetch:2

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:2765911 /prefetch:2

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:2569324 /prefetch:2

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:3814507 /prefetch:2

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\System32\explorer.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\System32\explorer.exe"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\System32\explorer.exe"

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\System32\explorer.exe"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 api.bing.com udp
US 8.8.8.8:53 api.bing.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 motherboard.vice.com udp
US 8.8.8.8:53 motherboard.vice.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 motherboard.vice.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 play.clubpenguin.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp

Files

C:\note.txt

MD5 afa6955439b8d516721231029fb9ca1b
SHA1 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA256 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA512 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

C:\Users\Admin\AppData\Local\Temp\~DF895224CF50209821.TMP

MD5 97dba62418a176d94f0864d4e6f0a1d5
SHA1 c8a3ea6df31b5b46956bdecf9c8ed9b843059a34
SHA256 f1ad140992741ad5c0d5708c084463a5d133ac35dfdb24389ad31d36630fde44
SHA512 63565cc97aa6a97614e6f936d5cb6c4dae4ba82af5407d09689d4809ae994cb80cab49c859e1014438d355ec21e722167121806b59808ed06bbfb176917f0ae2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{184F4210-0D57-11EF-9189-5ABA25856535}.dat

MD5 56bdd82ceeb1b152770bd1328e75460d
SHA1 c91746daeb272da60a79a6274a9d118c679dc65a
SHA256 fb289e4bcc2e75431f57583abebf18f8347f0746bf5598b13e5e9631dc7a6cde
SHA512 e921bf1868a0a2ef1e830656be24d91d1eed64f8904c792dfd355c8e5f7b2e87718b56266b664ca6bb7fc4496344ce153f78e1fd95fd23c8dcc23a4c4a578ea1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{CFBEB3E4-2A4E-11EF-A1DE-66A5A0AB388F}.dat

MD5 2e90c7b82e0ba2088627137b3e92cb44
SHA1 ca80aec73b8fcd2515c16b4f9e537375dbb15931
SHA256 ab0bac6f074a6b3838e3558e63989645715c15fd2353a47e23287406cb51c0ba
SHA512 e3cdf9675b44e70f548b2d51d5f05908456d9238880cb953b6d2d22581f98a9e3096390e2cbfac55890cd6230f5a4e6532c063cbbf41c0c164559404c83b5a64

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DEB4B841-2A4E-11EF-A1DE-66A5A0AB388F}.dat

MD5 b430a34a082b2adaeb8d672a232752bd
SHA1 f7572b6131f1c7fdd93c793e369afb99d1036693
SHA256 6538bc060636aa56128df22edec4c00f4434e9cdf21914eecfe0a031b549d49e
SHA512 9c9587ba775f48b8977c35b80d5fbe211f073a2d45d46bcc5582ed57d9ba61c602967378b90431aee6d3af90eb9cfa89a9bf33e881b975f00f4dd39c480c6981

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\dnserror[1]

MD5 73c70b34b5f8f158d38a94b9d7766515
SHA1 e9eaa065bd6585a1b176e13615fd7e6ef96230a9
SHA256 3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4
SHA512 927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\NewErrorPageTemplate[1]

MD5 cdf81e591d9cbfb47a7f97a2bcdb70b9
SHA1 8f12010dfaacdecad77b70a3e781c707cf328496
SHA256 204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd
SHA512 977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\errorPageStrings[1]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\httpErrorPagesScripts[2]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{1AC7BF81-2A4F-11EF-A1DE-66A5A0AB388F}.dat

MD5 90c76a12b303a0f72c6db7c91d528711
SHA1 ef83fc5bcd15daa0331f7c90bea42006303d2b9b
SHA256 c962fa70fe94f9940c4566a52fe0aa575159709e86047cf0f352392a704d32a1
SHA512 8ca188aabb13c00b36cc8c8d91bffa1f9bfc5d7c8103ee9e4dc4274996e1aa58ec41de1fa13e32879531183ccded129f6705b31e42fc7359726fc4d3c6cd17c3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{1AC7BF82-2A4F-11EF-A1DE-66A5A0AB388F}.dat

MD5 b0d9c56e85090f78931e5cbed8720590
SHA1 4043efc17892fff8f820890aee42d6e7cb88768b
SHA256 95b2e49fb5821ca464e7e5d83971fd8a9f2bbd14c3be788ce552fc1f81fafaf5
SHA512 f1914a0ab295a1fb41068c657f18e8a2160b2b42949de5c1c35be50026dccd9a60c699f7dc6fc7ac924dcbd1d3ff15f35bff4bf21a522ade632b15f4df9c2790

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{1AC7BF83-2A4F-11EF-A1DE-66A5A0AB388F}.dat

MD5 d4b2ea9b284f034dc546c8dd985f30c2
SHA1 50140e0b01fcb9bb746a4e3f650586616acdf6c0
SHA256 eebcb9ef910dfa6c7983f2349b5ab91701d1d115505d235ddffc6bf175ab1386
SHA512 bf2ab0a7ef770a21fc1119f51690edbf206107bec969bba48ec2ab139c6c8fccab93b55bc88f3c1d7bae317e9c7e50069b3c3540e59e442d2cac815d9215ab78

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{1AC7BF84-2A4F-11EF-A1DE-66A5A0AB388F}.dat

MD5 ff2f6235e6bcf10db3cdfb4f84cfaf81
SHA1 169c7042b3c62ceee092c3f0e045cf08d7bf621b
SHA256 7c8e31834b0f126287a68455298222857d8390242c5de75376dbb7192a8a9cff
SHA512 186ee9b03f8cee6b90d0f9c4ba0e041a9a453474bc67efee461e88bf615ddb8a720ba5a86af4094687a062f1ba8dc8871a8fc08c1025f83a7bc90dd8aa69594e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{184F4210-0D57-11EF-9189-5ABA25856535}.dat

MD5 339df2f134d4518b5f757cc887720af7
SHA1 410a62081dfff8ff13ced58a121a4ab97d56cf2e
SHA256 977cabffd71632a681bb2d85d63c016b9ff69b9371b42404b1468c75e85dea11
SHA512 89184ca626af49501ac77d40adfe623c9d96a88e4a1aafb8dcfd7a9ac48fc0d13548a127ee0cf001115d70e884e7a595b3f1f15ce1d6b7cc4834b91ad509d99c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms

MD5 12ec3542cea8e8a736815fda8bad02a0
SHA1 eb4c2c66fab5fd3e353057f8be20b35cf794824c
SHA256 943409cf1e9cc8ff71f1263f4dd8fe4507baed2a12735b9021d390fd479ef16a
SHA512 84acea19821daa2c96b52f3b4544de960ebd24eeff969fc45e27d1eb952aaaa35af2cb1d20a1e469bcddda37c778568af00419ee5b648075dcf93ab44b418328

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2276D9A1-2A4F-11EF-A1DE-66A5A0AB388F}.dat

MD5 9a0168f022674f9cbaec3dede88b1dea
SHA1 0e2390198dd63a03a51f28da2c3afd282e8a1bdf
SHA256 74565777a314fb06381fcbe1536a6fb1c62bba67a5c8e3bf8454751492bd83bc
SHA512 149c34418cf0e0e4ae3d0626175b618629826b3e8b4b010fae955867565be2b9bd2c845b4c4a3b1a1b970b645eb01fbec10e70a26908f71a243a83a198998d1a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{184F4210-0D57-11EF-9189-5ABA25856535}.dat

MD5 152b4aafb5e3993062aaad59e72a2ae4
SHA1 040660b7ecb979854e4fcd8cff3438a1be52cc9f
SHA256 b44aad62e97c1007f77bfe5204e042071044928bc664d562d50e487ac889e6bc
SHA512 8b7451d6f00c3391684716d42b7aa56b1d757b139e20e9716e382455a042197f5845879f5b08af412b3b26eb87b99e5171bfad9c72b219af3406c8a8f3ee6ef3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{4B189562-2A4F-11EF-A1DE-66A5A0AB388F}.dat

MD5 dbcf40ea894f333a0bf21fa4502969e7
SHA1 0f0395a69a7df238389702343ca16a3a98359748
SHA256 422845a2bc80d730f19e487fbe41f348f0f4a430e4681f648c82a16f2053295c
SHA512 1d17434c24d11d8f95d9eb2db6d2ce674242e44ca3c0ef35d3e65f23aa4a130b3909820fe0a3a023ce5d8afe110d1a620c2c42fcac984d8c527a5a588e270cfe

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{4B189563-2A4F-11EF-A1DE-66A5A0AB388F}.dat

MD5 65532d8d7418265a3bc0868477fcae3d
SHA1 9e24d3d8eee15326fa41b6e2b1293c78b3849348
SHA256 9fe1bae728784989a3bafa625b09d746e664cdb28a4089e8898dd604bec57c2a
SHA512 88e9a820b6348596a2e268c3c3fe0062eb1f5da46f103bc5297c882dcd1ca9d35d5b5735a564ee74ec719089d89e384ba38745c494a6c4782aed80ccca4192e0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{4B189564-2A4F-11EF-A1DE-66A5A0AB388F}.dat

MD5 306fbdeb6d590b0ed6807f451cf9ee0a
SHA1 f4e9063af336824a13c8278d77feccd200db7d9c
SHA256 3ffedf659fb58ac59dea7504134456e650175098cfb0cf16b75b7f0fb042c421
SHA512 78c03b8d8dec1246bca11647b01be1daab8aa4e98e85be7ea6e9feb2bf3c2e26a8ea103e93fb5b9da991fb30795972a8a2b88fc7d8f7127b6f19c047b6c940f0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{4B189565-2A4F-11EF-A1DE-66A5A0AB388F}.dat

MD5 a4cbdfc19605be983d671d8fa96803e1
SHA1 28ecef448aeeeff6b6781b8318fb8d5abb33d2d7
SHA256 e95b12a1d9440ef5c95337cf0c7ce6067accbeb24ac2611192cd34cc2c2510d1
SHA512 23e59ec48f132de0a098ff246b9ac4a1954079228a6a22f5f3c9c7ea16c564afff4189a6f03261bda329908177ed81e30022d02b1cfd97d336f90a0a304cbb08

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{4B189566-2A4F-11EF-A1DE-66A5A0AB388F}.dat

MD5 54a8076c4e796530a52f7f4f145d6e49
SHA1 7e4a5ce6d0c5845acc39a224111ccb0dcdac4de6
SHA256 67bc39aeccd57e8c1c2940af289349ab21c2987649dc7b73ffbb5f9e48d32344
SHA512 a742656bacac3da2545fcb4fc7f9581291f2364c5f953f31471fd26c0cc3d39db2763855df3ae8f1c2be57cd882ee1510da44f5fcd5b93aa0a923a8dcd6c4b06

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{4B189567-2A4F-11EF-A1DE-66A5A0AB388F}.dat

MD5 aaa3e8364d716687551c73d68347e507
SHA1 a11853fdb455558186feb4aa03e729e475853ead
SHA256 831a10d22da5a06028ead6901117917375a2d48c3df5a11e7797887fd4ebadda
SHA512 4fdfffab9e32247791bce97ba02b92369f82a7643c12b77f1d78c0f85ccd06359bdbbed2de5061f01b26ebe535dd2cfb80c160ce44585134d71d6988d4dcadf6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{57520A01-2A4F-11EF-A1DE-66A5A0AB388F}.dat

MD5 6b43e438f2b93374c2bffdfbf0f1859f
SHA1 05e36e0cae2a6b704bbee1c31daf2d78683e3e6a
SHA256 a5b89b8f125ae770d1050055b914ff7d5d210b59a5218a77ed7d49e373ad5098
SHA512 4ac08ca36632b8d0867c4c0e18ed49fd329e3af677a198cb57d3db7e1dd9d528f061029d687806bcdc5f3bdbde1e6abe714f9a368f81b022dfe486ebf61bb15a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{6F73C605-2A4F-11EF-A1DE-66A5A0AB388F}.dat

MD5 43306158b53b70ad63e9a8009cfd41e9
SHA1 783443a6b2f96b50088253d8de4240d6a1a7e0f8
SHA256 72a21d1566729430ec9406ece11ac87dd8d97a21b280ff3f0bf20cd9d166d0f0
SHA512 3c6a866b7c24346ad3b9a0a731b7c392ba3f503b81e6778fee9ec1230866d7c673330eaaa4c46f8e653d98cef2c6c8cd097f39c6975550c6e7d0adffb1357939

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{6F73C601-2A4F-11EF-A1DE-66A5A0AB388F}.dat

MD5 57eb30f59450c0256f92376a9f1a8904
SHA1 c0366b4c5b2106a6bcaee62ddbd12565ab4ac2e6
SHA256 e20f121bd82cfb375a9484aab44bd9a33fb976c42e678afc7436926120da49f9
SHA512 58c78a0aa9b724ac2417966dd7091754048b42780062290061d003361eb77b974133b4bc0cc2fbcef9a85c1232371b312e60d087d6125ce9fb7c71c7b8f2eb07

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{6F73C602-2A4F-11EF-A1DE-66A5A0AB388F}.dat

MD5 7b89bb287c780d3fdea3fad92b949710
SHA1 d6d1a530782c85eafa19d1c6a550e0b08858762f
SHA256 b25653b9d34593ff50cbe3de60fcd49dc6d42637fa5a03c775af253606fc6066
SHA512 cf9f1f50d21817f3e827c8967d7a65a41e1a454080716776e57238b3e707fde8800062915feec220d578424580d10c26294a996972b3761f5597230ce7e4471b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{6F73C603-2A4F-11EF-A1DE-66A5A0AB388F}.dat

MD5 4f738387a659762ca9915a9c945598e8
SHA1 68250460ef184c0cfef561da3c26d80fbbd7b46a
SHA256 7cf7c122635b6495dc67e9e809d3c6147997ed81441af76bf7c285a89f144e68
SHA512 749af765e600a82af34e9fedb63d6da24acf7d80928f4828daabbfc4a71cc90e0797e050ec58d3c95fb5ea38c4267d4e27c8c3ca133bc98926545a05ea23c0d2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{6F73C604-2A4F-11EF-A1DE-66A5A0AB388F}.dat

MD5 50826721d5a30b86d414661726d0b454
SHA1 9c9129d1568fd9c089b3ca9e135ddc941314ae2e
SHA256 87b4fd6879ae40575a167226175597836ddca57362103163783b29c95e7742fd
SHA512 f1e0a97485dd242e66f561bd690101e3b9c42bf3629fc4a793bbf495f687e58216cf179fd97bac050dae4c39fb45f5dd64d6840f85716900aea24de0f4f03a26

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{184F4210-0D57-11EF-9189-5ABA25856535}.dat

MD5 cb0da51b748960276e943974e9ae796f
SHA1 987869380219372bd224a09984c6c28b5b8cef74
SHA256 ecc7a65cd32e30d66f22068885dee437edcb9b7248dd39c761daaaf40e1ed8a9
SHA512 1d2711c9e008d85f42453b391ab9fdaa31f92683afae225e858fed9f9afe2bdd3d4278fb1f6fef79363856c9d2387326400514784873ce2a1050485f76a67d08

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{781C3444-2A4F-11EF-A1DE-66A5A0AB388F}.dat

MD5 79022a3a0ef7853602b067bf31c7f48c
SHA1 24cd3ac53b795adf8ac1377d97c6fe765dc467e0
SHA256 899050ba1aa1cdc5fb901c3f3d6dbd7aaa86cca9cfe7332f16125ea69563590b
SHA512 258da3ad103adb44a117e93af995c9e5169fc94c31de3ba924105ef1a7f796b2cc21546bda0cd69244a6266869d8849ff82d8ca613ff0ee7ff0b86da8653deca

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{184F4210-0D57-11EF-9189-5ABA25856535}.dat

MD5 adab1e8fefcc04e5d295d1383a7d608b
SHA1 6aa30ac5904d19d5ef6436a83cfa3ac380f88faf
SHA256 548ed5987c202ed83693be88661a92eb636431617fc11261dbabf06789f0ed69
SHA512 0de53a01547d0a76db9238d2dc06809e1f68b50a319877c4aec4941b08455b1b0935d6fa0c91817b73d063999e4636ce1d9b4d0c5ac37ca87d407ea2590819cf

memory/936-226-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/936-227-0x0000000140000000-0x00000001405E8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{7CB19AE4-2A4F-11EF-A1DE-66A5A0AB388F}.dat

MD5 2891597150626fa7efb6e62fb924afff
SHA1 33131251346e1ad24d88b59009e72fcaaaeb42fc
SHA256 000c59037fe08a75bfe898d606943db367741e90d0aa140951447211153bc26c
SHA512 6fa1f0b6ed2df7483b79cdca8f651e5650f2dd010118545d71949b992c4d00594aca0a26f97855132568666a26537973def6208fc7948180efb28ef76f7a5f7a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{184F4210-0D57-11EF-9189-5ABA25856535}.dat

MD5 ccbab46ec910c01a6a13dd4f9aa7fc95
SHA1 822874fca54ee83736eaa676533742fedeabce59
SHA256 d272912b3b07cb2a259d4796689c1c2edb2eff0046171dfb7901f679df12bf1d
SHA512 839f80e5a4d6d452be08cf89923081344d2833c17661211c44f7fa1095881bc766e1b5b38b9efe552b3a724fcd4e844e407192c60e2db424ac9334ecfc2d59c1

memory/3732-544-0x000007FEF7350000-0x000007FEF738A000-memory.dmp

memory/3732-773-0x000007FEF6DF0000-0x000007FEF6E2A000-memory.dmp

memory/5528-774-0x000007FEF7350000-0x000007FEF738A000-memory.dmp

memory/5416-781-0x000007FEF6DF0000-0x000007FEF6E2A000-memory.dmp

memory/5528-780-0x000007FEF7350000-0x000007FEF738A000-memory.dmp

memory/3732-779-0x000007FEF6DF0000-0x000007FEF6E2A000-memory.dmp

memory/5528-782-0x000007FEF7350000-0x000007FEF738A000-memory.dmp

memory/3732-784-0x000007FEF7350000-0x000007FEF738A000-memory.dmp

memory/5416-783-0x000007FEF6DF0000-0x000007FEF6E2A000-memory.dmp

memory/7104-785-0x000007FEF6DF0000-0x000007FEF6E2A000-memory.dmp

C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdui.BUD

MD5 bd72dcf1083b6e22ccbfa0e8e27fb1e0
SHA1 3fd23d4f14da768da7b8364d74c54932d704e74e
SHA256 90f44f69950a796ab46ff09181585ac9dabf21271f16ebb9ea385c957e5955c1
SHA512 72360ab4078ad5e0152324f9a856b3396e2d0247f7f95ac8a5a53a25126ac3cff567cc523849e28d92a99730ee8ffb30366f09c428258f93a5cca6d0c5905562

memory/3732-907-0x000007FEF6DF0000-0x000007FEF6E2A000-memory.dmp

memory/5528-910-0x000007FEF7350000-0x000007FEF738A000-memory.dmp

memory/5528-924-0x000007FEF7350000-0x000007FEF738A000-memory.dmp

memory/3732-923-0x000007FEF6DF0000-0x000007FEF6E2A000-memory.dmp

memory/5416-931-0x000007FEF6DF0000-0x000007FEF6E2A000-memory.dmp