Analysis Overview
SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
Threat Level: Shows suspicious behavior
The file MEMZ.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
Writes to the Master Boot Record (MBR)
Drops file in System32 directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Modifies registry class
Runs regedit.exe
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: SetClipboardViewer
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-15 06:46
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 06:46
Reported
2024-06-15 07:00
Platform
win7-20240611-en
Max time kernel
453s
Max time network
624s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\MEMZ.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\devmgmt.msc | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\System32\devmgmt.msc | C:\Windows\system32\mmc.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\vice.com\NumberOfSubdomains = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000f7518cad3e7bd530ced15412970ea6b0b37ec60d34d8f9d2be3c3f8ab0d7dd08000000000e800000000200002000000062b3847fdd433e2176417d077b8fadd6477e4e518ca4d864695294b25a8266e6900000004ab33ca122a7568e07249be95e18f177a3258cd08a67317fab1ab2f37c5a2d9db08a4a4ba3499b0fdfdf27d17ca8b593b0527deb5630ce2e9f652ad69ee5dee33434dcea369ad4de408909d3b509ceb22cc82610ce603bd52a3b4a9f2fd7256449a0db826b85308c02b52ede47ef58e239f38a8734b2dfa04aa7bdc65d466373f1c545fdd6bb884d7befe9cadb5fd899400000008c80140211c38b34e717db609a2e42eb49bf3cc2786d513722bca37c3482f62d759c1e83c32633d3b20636f585c6e0871dc1345cdcf78ebd6b6098cd6fbb3378 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\oembed.vice.com\ = "8" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "12496" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\vice.com\Total = "8" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\oembed.vice.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "331" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70d2fb62f0beda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000a2e4f1f5e44f5897821b0973f2255fb10d4d9c8d3b428eacbc4e9fea94e5fabb000000000e8000000002000020000000bb86ff259461031c6b32507ae414a4c43b675bc3ca386ab8a65e25f76f23060b200000001eae823d02bc5f2b19d808f038d9d3cb95d09e8b98ef1f7d798d4ec10189cf3d40000000f1dd51630381d0947826adc2e42ce55567eebbb9b0de8987eabfb16755f1f4bd3cae389a043c5edb6577d018bab61c5a5dd5ff5cec482d896a04e9a2b69a212a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424596097" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\vice.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: SetClipboardViewer
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=bonzi+buddy+download+free
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:275457 /prefetch:2
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:734219 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:603151 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:603168 /prefetch:2
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x5b0
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:1324059 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:472111 /prefetch:2
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:3552299 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:3683390 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:3486804 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:3224640 /prefetch:2
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:1717348 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:1062029 /prefetch:2
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:1324148 /prefetch:2
C:\Windows\SysWOW64\taskmgr.exe
"C:\Windows\System32\taskmgr.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:3159215 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:865432 /prefetch:2
C:\Windows\SysWOW64\taskmgr.exe
"C:\Windows\System32\taskmgr.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:3355849 /prefetch:2
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\SysWOW64\taskmgr.exe
"C:\Windows\System32\taskmgr.exe"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| US | 8.8.8.8:53 | consent.google.co.ck | udp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| US | 8.8.8.8:53 | pcoptimizerpro.com | udp |
| US | 8.8.8.8:53 | pcoptimizerpro.com | udp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | www.pcoptimizerpro.com | udp |
| US | 8.8.8.8:53 | www.jqueryscript.net | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.26.4.155:443 | www.jqueryscript.net | tcp |
| US | 104.26.4.155:443 | www.jqueryscript.net | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| GB | 13.224.245.89:443 | static.hotjar.com | tcp |
| GB | 13.224.245.89:443 | static.hotjar.com | tcp |
| GB | 13.224.245.89:443 | static.hotjar.com | tcp |
| GB | 13.224.245.89:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | cdn.jquery.app | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 104.21.66.214:443 | cdn.jquery.app | tcp |
| US | 104.21.66.214:443 | cdn.jquery.app | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 13.224.245.89:443 | static.hotjar.com | tcp |
| GB | 13.224.245.89:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 13.224.245.89:443 | static.hotjar.com | tcp |
| GB | 13.224.245.89:443 | static.hotjar.com | tcp |
| BE | 108.177.15.155:443 | stats.g.doubleclick.net | tcp |
| BE | 108.177.15.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| US | 8.8.8.8:53 | motherboard.vice.com | udp |
| US | 151.101.194.133:80 | motherboard.vice.com | tcp |
| US | 151.101.194.133:80 | motherboard.vice.com | tcp |
| US | 151.101.194.133:443 | motherboard.vice.com | tcp |
| US | 151.101.194.133:443 | motherboard.vice.com | tcp |
| US | 8.8.8.8:53 | www.vice.com | udp |
| US | 151.101.2.133:443 | www.vice.com | tcp |
| US | 151.101.2.133:443 | www.vice.com | tcp |
| US | 151.101.2.133:443 | www.vice.com | tcp |
| US | 151.101.2.133:443 | www.vice.com | tcp |
| US | 151.101.2.133:443 | www.vice.com | tcp |
| US | 151.101.2.133:443 | www.vice.com | tcp |
| US | 8.8.8.8:53 | htlbid.com | udp |
| US | 8.8.8.8:53 | oembed.vice.com | udp |
| US | 8.8.8.8:53 | video-images.vice.com | udp |
| US | 151.101.130.133:443 | video-images.vice.com | tcp |
| US | 151.101.130.133:443 | video-images.vice.com | tcp |
| US | 151.101.194.133:443 | video-images.vice.com | tcp |
| US | 151.101.194.133:443 | video-images.vice.com | tcp |
| US | 108.157.60.44:443 | htlbid.com | tcp |
| US | 108.157.60.44:443 | htlbid.com | tcp |
| US | 8.8.8.8:53 | vice-web-statics-cdn.vice.com | udp |
| US | 151.101.66.133:443 | vice-web-statics-cdn.vice.com | tcp |
| US | 151.101.66.133:443 | vice-web-statics-cdn.vice.com | tcp |
| US | 8.8.8.8:53 | www.npttech.com | udp |
| US | 172.67.155.215:443 | www.npttech.com | tcp |
| US | 172.67.155.215:443 | www.npttech.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 199.232.209.91:80 | softonic.com | tcp |
| US | 199.232.209.91:80 | softonic.com | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| US | 8.8.8.8:53 | consent.google.co.ck | udp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:80 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:80 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | id.google.co.ck | udp |
| GB | 142.250.200.35:443 | id.google.co.ck | tcp |
| GB | 142.250.200.35:443 | id.google.co.ck | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.200.35:443 | id.google.co.ck | tcp |
| GB | 142.250.200.35:443 | id.google.co.ck | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.200.35:443 | id.google.co.ck | tcp |
| GB | 142.250.200.35:443 | id.google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:80 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.200.35:443 | id.google.co.ck | tcp |
| GB | 142.250.200.35:443 | id.google.co.ck | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:80 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:80 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:80 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:80 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
Files
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\favicon[1].ico
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c70czm7\imagestore.dat
| MD5 | f1b45a515be1cedfbae8c29607dc6cd7 |
| SHA1 | b50181870c02f5e1435bc75231d5317765dcf99a |
| SHA256 | 4a8087f4771cb586f17061871a45aaba1ef0ea7f1fdd36561cbf6d4ff72a9337 |
| SHA512 | 5e7dc9dd79b58ec8917b492e76653273ce49a45288e8ff00350ade2e9ac1f85465f4c487904455ace03a63af575b9c57d46c046e37a6c4b7b9a3b3efe362b457 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e23532b64cd076642fd014193e9aa845 |
| SHA1 | bd913bb8e870014519504082a9558bb7d61a9180 |
| SHA256 | 40b4928da63e430a51294fa7ce0635d637146afe02b62c7a2ca1b11733eea073 |
| SHA512 | 3743d2ba7993af70fe1317d80e7fd3d9cd52da4aa27b43daf08f74a0302cd643957c1f9af87e38d887e74667e4ec3eed1973fb83ee9c8663c6318024ad18a8f0 |
C:\Users\Admin\AppData\Local\Temp\Tar3C96.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab3C94.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c7efb1c98eea58221c80d40f8f14da9 |
| SHA1 | 6354c8f17b0c108481ca6af999010bcec790c4e9 |
| SHA256 | 8539580986893a9ca7f05d83abf7ba5811727f5363e67146f2941f53650c4e30 |
| SHA512 | 27c1505514b1d4b97401d4f0e732234b3233b7b7107d969187646a7ea3de2725515d925e14dd952e681c34989db289d2b47a65bd55ac412c8732fdf437a19b19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d9ecf54a4dad45167fc415f9da685e8 |
| SHA1 | 1007357515ea689910a4ccdb0a704e292ceac06b |
| SHA256 | 654da0def2fbe6b9aac09bac6d4e31b88041b9f777d10e57f64e201e0a4e3758 |
| SHA512 | 1efe7d4b52ceaf9ccec11ecf04f23a3628df15435eaff6b136ca1e20442f8a22af18e02f175fed0906fbb49c8a00b7d49c24bf0386f5901564340ca211191824 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b28f1313052660cb5e9b897046576cc |
| SHA1 | 128a750d8fbd63f10a69730b23247622d92b67cf |
| SHA256 | 8f8463aac5e2ef333fc2509041ea73cd8d1e47205b240080c1a7f051a540e66f |
| SHA512 | 1981b50ea76507ef9cbc836e211b0dab743302534f7c6ccc26161b2d1de5d2731c3edcb943aca5769b49b7f898baf29b6cde0625b01903e2e6f22f600e785300 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b01df0365a4e4d1f393b362daf623645 |
| SHA1 | df390bfeefe2277e9867c7570aaf50f51953c003 |
| SHA256 | f9c7ecd195cc2242da798b196800c7521b15c6fbc62b6b5075764adcfc26c8cd |
| SHA512 | b835a1a8d8841267b90cc32477357ae556bcccf22a55f3a57533cc3afb0df141e589139a9e7fd6bb8f7e19010ac3afd640eacadd96c4fc1bba11358995584fc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5e73da0cf2e92fe5eef59eefd51805a |
| SHA1 | 449134727478190d91dc8f878d942ca0e97b43df |
| SHA256 | 226056d87d9b13a197f6cb206f60f0e6e8f47c6a879e51d3d66723f5ff300b88 |
| SHA512 | 039a6252a7a5e8bc61aed0a547663130d3feb2330525a897a7c0464a724d5a387b3666f9570822858955a938e283f30614963f9f6ab73c60b3a6f743cc57a2af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52afe2515b4e4bff51eb2a6c63a081b8 |
| SHA1 | 49436844ce16b9ad10a00dda1715818fa9dfe17c |
| SHA256 | dc4938dedb357bcd4153dc3262221f2e9c6d9b30caec04054deef89d3b652aaa |
| SHA512 | dc1f14ceea33dbefb2703a5b1befa63445a0137add2b9725b3bd932ac1bdb54ae59b84aa9c594dc6d342d3bad5cdf098f8e8932623cd457e69d68bd50d81ab9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d81614cb030d78c4b11ec33e8b7ec4d2 |
| SHA1 | 6663a3bb1620c63185e2f64b2c5200e2e02abca8 |
| SHA256 | e0df3f8635bc653951e67a1e5b0cddf735c69265ca1e6cb94d0853c726ea4091 |
| SHA512 | 855c20c4adec4412899ec6657e3c798fca4bf41b87b72adddd00508ecfbc3041e426fffb6607dfa92c79a6a1f285d29dea78f817f9c2c6e37f16074c61329021 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\S3WEIZPD.txt
| MD5 | 2ddffb40678f1fa785cc399bb2c0955b |
| SHA1 | 0c6f9dd68054b9e3393213a303c0424ab310bf0e |
| SHA256 | 77d7860c789f6e6a57978881f5ba3ee1670b6927f8d0e7b82332218ccf3fa4eb |
| SHA512 | 70fb15bc01a7c6e424f912f917b000fcbd581a2c11dcadac2b36cb7176167f193375047d396f91e33eebb28050c0db9985152b9b6eca436aa32887e7df6e0330 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 87a4863dc59de0bc7c67aa8f13b9339b |
| SHA1 | f466f95e0c8860ba6441cc93c491a656ae3fed76 |
| SHA256 | e68d0b42d0696a8c02b257af823e625afee27276bc197d9709b157f140e50a7c |
| SHA512 | 84c1026ff07eb0749ca0c890d6ceec40fc3e341352ce12ea0f8dd296c6a530628a00249361c91137896ae27ea7a3e97c03d74376ac4c3fe6fa728ea44f5db7a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | ac5336f1f174cbec803904fce0e8256b |
| SHA1 | c3f4bf7a2f88953e56db56275921a2695269503f |
| SHA256 | e26d49105fc12539a2bafdf47186ccf74046c5da69b2f4e8f8656da386118b93 |
| SHA512 | 3b05ee314e3d041efa9ba89a458850bcf544e576aed810034490e3219605a1407b625d031481970f87b7b934a0a83756122f93043cccec71fd3a6a1494981f0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | c7a6ac4eaf783197adc9147a07fc61a7 |
| SHA1 | c62c070ca569983ef9b554326d66e870fa653377 |
| SHA256 | 55c2e9f1c475ebaf9408970317f396689120b72731703fd0e8fe830fbc238e12 |
| SHA512 | b6ef1f077954b4a157d3955b32d972847b096da0a1fd78aa4dfb8207bdfeebf4368191361d85b3eb6d914bc7434e19b37728d40f63cf2eb5ee6ef47e456065f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_A34D3B1C2EC7792CC8F97AA4FBCEACCA
| MD5 | 8d988f4975d833a8a5965909a6736784 |
| SHA1 | 4bc6c629faa5d8842ecb55dba62812bdea4d9a4c |
| SHA256 | 21a6e72528c8e6b98e5c5b4ff262b58648d8d532881ba4dc2b4e0727c6d448fa |
| SHA512 | 45cea9c59c28e22a82a646342b34fe42180d7ca673211750c75f5f01ed616b81217ab6deab29d0a926449eb2e60213b6828de6148408edf2c2eda2ab474c3bb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_A34D3B1C2EC7792CC8F97AA4FBCEACCA
| MD5 | a41ab057c69f3551eb86a162ae4a2038 |
| SHA1 | db709f5b95e68e07443e14ae519ffa8126a3b678 |
| SHA256 | a9fc9fe6315a35e81398ca6309c9fe60d9aec8785ece36f9b666acee950fc6ee |
| SHA512 | 4d573c662f01d430a5b3d39abc58017ee0812067244b4a79b51d27e7408f30fa1402e8c131f0bc7b811ec75d7304a33f3fbbb677ab6341bc1101e52c94f0c9a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 541c5f0111607afecedf8f6992a553ea |
| SHA1 | bcb5e26fb92abfd382f30c3246f09c1d6e11944d |
| SHA256 | 9b315a8977bb13f7eec2f2215524f86979f1ca91e5b5a9e02a7a4c5f80d8e1e9 |
| SHA512 | 28ed504d4fd77fe2fd3ad0dd5db4ef1be576ac223124be37c9a2249de3dd3bda19ef005b932604b92d9978e25023bd0c3872188e9c05bb7bb11ed429eb9ccfc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322
| MD5 | 77a3f107d88e4310e9aa0f380b4e5a0b |
| SHA1 | 5c92518e3d7ae4b450f2bd76281c6d31fb3dd82e |
| SHA256 | 7fc9835a39560f95e59faa5854ee0bc99b7f8375c5bddcd40fe7abbb8b4d1dda |
| SHA512 | 8653c8f6167322d497f2a77d143d149c34cb2c448734b5d7292b41e5b0ca3d2f3094c2f8fd6fe708f7a1f1a0197dc3991ecfe9d7385dbfd9756b77272001f6fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322
| MD5 | 4182f0e25fba923f1901b9de3bb14a40 |
| SHA1 | 73403b5efe56d62ff1ea5520e937bbcf2eec269a |
| SHA256 | 8cac4921af175e3c1c904d8494edfcc6bb289881aaa5a6892006dc2a32a34844 |
| SHA512 | a64d067384cedecc443e34874c9d2b599a9002f6110e5a1b866f18ef89fb3133c9add2f26824b4e5b2e4f65cf2b6adcddf325ec3eef905a9b543746a50519d54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f14d6d4c4170df064741349184b3f4f7 |
| SHA1 | f2034279bdc453d7f58aef1aa07b79b6dc695518 |
| SHA256 | dc088ac10b0e3343fa79df4e3ed0d8af0c60099e6b7dd3b2e1fac9b707fcdb45 |
| SHA512 | 50c9018397e2d40a6c31cb8a4674c1e2a891877ac8263e6a6f99c9b8a480163c509008a154175560883c69998a303a61dc50f65f455e7e9d6c5dedba3416121d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1dece3f49d02c118a02d7124753d8ea2 |
| SHA1 | 2cb6bbc3afdd8638b7491c5e988147cb207e42da |
| SHA256 | 2e5d1e33cecbafe5d2f473fbfcbc5f4011d9e262db30c89efc0d5f688113405b |
| SHA512 | b9dea0627df4ccc3ace838868b88d576e4a7b5912f3399e2f74994ac3b3a3158c5a9db836d323fd96c31f3401fdb4fa326a385011a1e985fee6dfcc761b24531 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 561c0498261ab4cc1414ea9be8ac9e3f |
| SHA1 | 50995544f1a08d6a2b68d8509396641d6b008b1a |
| SHA256 | 323fd0d9d73c42992bd0631ca7e566e3023783910aa4138780adb5e837082caf |
| SHA512 | 0b79a5957fa196b4511dea6f8733a4338eb19d11494891088b56c98b871a9c61f1921a74d9a2dacb800ec3901c478930f80b7ee465db261b7a9408626eebe733 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1780beb4ef591745f15e051899ab62d |
| SHA1 | 6f029f575794c8d69a07c1f61bf20f378004771f |
| SHA256 | da9776d75a094ab0c1dcedaaadb1c9919f0e77695fd0338be5e0b1ad2e3fe279 |
| SHA512 | 65dffc60a965976b444cbf0e101ea29f0ed85e1310db08a6f8f7077e6c8de04ee88b6ca1299a42ec180f4b235d6cd2cfa6b09fe2440735084a2db2b85b0df8ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85a53857fe14a7b663b0e5229db2fb0c |
| SHA1 | 36eb2be34305576ed13311f701cad392e6eb9292 |
| SHA256 | 1769b7183c572f705ba22cccecbb2522533cef7d1c5c422d2e33249e5526ab53 |
| SHA512 | b44a2c8a8af2a364b8e45e791ebeb8c78d0ef6a2e0021202c692c58ff354600fb8f7be9daecdf7a7ce629c9ed9d47106d2ad5099027f7cd5dd69d4f6fa1ef80d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd092b45960078d061ad8dc388a08c2e |
| SHA1 | 4a74bbfba281880e0a9a40fe72cfbf0904f3dbd6 |
| SHA256 | 8295063504a9c0d4c6d6894628a63e0948f09b1c59fea27a2126ca033f3b8ae4 |
| SHA512 | c19cd664eaa4f1032125f698d3472167f48059c44eb8322d9ff53b9022190e5ac0af3d601842c185a18f20cec45deb04f3cc3905dda0c2bacc686a1e36baa4a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bb47e2ebf64099d375903d90c8cd8b4 |
| SHA1 | 3fc60a8c13a3b5f77268e6a92e99d5fa3f3a844d |
| SHA256 | 490082a73bda12164b59dbe52d7b4f1e1ab91534a533115e41b8e555097330b2 |
| SHA512 | 719e274c753b0d2e4f5b5ef057294f7bb12aacecc377aabc1a19206863821aa4bed9225cbdcad3b0007a50f5a7f34293744fce55d94d00a43364146f6d8bd82b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26f0926ec1a967edfdd1b01ba05f17b5 |
| SHA1 | 5e2969cca814f3fd1b695330c0db1ef439f7032a |
| SHA256 | a2bc7aaa3bf5ca81875c57c974e598cfa543f70436352948f3c6b3a54adee839 |
| SHA512 | 44180fc0f1988b024d9e19c65eeb160710fe3c4b2768722a05c4a4426208384c3a98e58f41095585faae634c1e192652e63dc83dc9e6089bb068e7278af2439d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ec69093410f9827388b72ba7fdc66bc |
| SHA1 | 8a446a9e40af2968e3bf419d744977a25eefee58 |
| SHA256 | 5406ee5255bdce95cfde0aa0ca86f4a95e2d27c8d82eecc334bbe17e2b8b1739 |
| SHA512 | 243809bc1049f442a171c724b1925bf1e13aadd184c8081de13649bb1fe69e8b050f6914def1c0c8f893b47fc2c0b1fa7e45d23f77170ffd6cedc0fcbd299a7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd06d6c8ab190c06ca2a81f7840dbb26 |
| SHA1 | 3cd08fa02b640ef7a59bc75899da86607dcd445c |
| SHA256 | 2aaa1b7a1fc41b48e09df586e928ba894c2f24ed95e72da9faa84cea3ca74997 |
| SHA512 | 555f7361620e576634e12e69fa804b6747613fd02a43bffeda86cdd7fd960f1f9b58abaef5f83b3994e31555f35816bba2bbff2efac1d17a38e0959f0fe207d6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\S8D6DJDA.txt
| MD5 | db03ba2c260df76f5c090356868a4492 |
| SHA1 | 8fe60c99497e4b5c950a217e0f29dde9e9efe2fe |
| SHA256 | 79b4912cd87cb2de0569d5f5eaebf96d75211d87262bfc758a4a74fdcc88e18c |
| SHA512 | d612166f42017ba943cf79bc8a84793bf0f6183220fc3daee1f0eb8faf2a8feb3c7260ce64385c154157013254b0a993dfb6b5bd61fd2c41a076303ccc1f10d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40c00f4037f81c3bf3994b0f20f8ef92 |
| SHA1 | 7007c4ad8bfdff5d5beb7334edda5c758c30e39f |
| SHA256 | 75b24063d95292de9322e4da628f571cb4f667a1a379135dae1384119ae2f5b5 |
| SHA512 | 4b7a7def9d8ad32b89b258a3f6e36a7f94d66d253083306d8c68b631e663ce1f47b763ceca6c6237be67cc5a2df35259ee4973224cffd28870af5038d4b3c19d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OT2S05NU.txt
| MD5 | 0f11978ade31019ceaa11bbc7bd2b3d3 |
| SHA1 | 8bf741e449b0e7e61fa72308f650cbaf0e437c11 |
| SHA256 | c607514b62a113746329cba5b017e8e685e1ea72561f3576abc5522776810b7d |
| SHA512 | 74dbea7dfaea70ece6e1e987aa1070a534fd2c4569390e23fdcef3ebdaa9ed8ce6e9b86956c67a5f8e7922f47dc9786337d9ec27b4696dc08d13eb95e027aef9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\M901U21T.txt
| MD5 | 7875eb4e84f39e9d6e77324481c915c9 |
| SHA1 | 81f7af85ae777bff9ae6ca4dcc42d20598e2a92a |
| SHA256 | d5de79d3ce625ac5a80eb837a09c598119d12245bfbbd985a00a1ce1c6ea931a |
| SHA512 | 8ab014b9822330f6a25c80f6c23b6b7fd2bba163ccabea50d97e65262071ae1786acb48e1bb86cfd99103b07fb74ee647c4edf652cb25e21ea2c6e4e25d6125f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4c18e3b70d7a60ddcee4fc7ed3cc11a |
| SHA1 | 1c57ac95815b7dcd97fdad6ce07e733fff5a1ee5 |
| SHA256 | f403494e28c16f74887653104c9d0a00314522c12e38e7940e0e37bb95f45716 |
| SHA512 | 0fbd9ad2ecb6ed3ad9852c4bcb6a53bd46c685ee17f7f4b6171d02c3f3981fd9da610989dffa7c7520e23abad7cd19d548d9dac9de1819e38b5a02e88b205929 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7UF3ALSE.txt
| MD5 | 45ce9045a7f5027afb628d86a240b282 |
| SHA1 | 041f55d800064021b0820980a8b0bdc74afaf949 |
| SHA256 | 47a88f579010610609fa389749a27d77135fae2fe0d5b8d2f67f9babae8b6222 |
| SHA512 | b0cf95ed31ad884dda7b7f8ac40e43f6c949fd2485e57d3e9e7a029f8eeda5ae49eac332c1d1dc05d64766128873c6640dfa3f27bf21f50220131db675b355a9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QRYQQ239.txt
| MD5 | 03979f7a13d9f98593bff5803c9afba2 |
| SHA1 | 8cd770188dfd3876650245726fe988bda4bffd07 |
| SHA256 | 49b68234034034f9123d359c5b8123a4e22c06fc43639b8ae55bddaee065911c |
| SHA512 | 2dfc4f744a5060b8ffa7acc154a829bb06d302c5df3ee779354e39eaddbfd47d550634a249a3fb2d8694883abd50c57ffcf1fccefcb51918b45c6cfaf8cbaf89 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\search[1].htm
| MD5 | a41cc61ffb870a75c7bf6e0da97c931b |
| SHA1 | f8811caae14734241b7aba71a6403e2eb09789fc |
| SHA256 | 824af2d1d22518d618577e004bc94b3c3f8cd843bd83ebd3f798fce5f2278d05 |
| SHA512 | 2c5ac3317452706edeeaaecfdae9624f8da8ad9bff00a7d3703aed832bf5c82e2abe626a1b65a7c7d460385e76b064bbc23b849aa3d9e2717da0e3ad9993654d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6K6SV30C.txt
| MD5 | b09efabcc46ae4efaa5473b3bb2c49db |
| SHA1 | 57ac58a4147cd5bdcd7959414f4d947c3fd4affd |
| SHA256 | 0ba2878d5b12f761c40e5daceaf1173a9e5225644cf7e1ee32d60d318146dad5 |
| SHA512 | d7e0d0710dac6a065c2d05893ec8157ff7f33ef24e818df6f37d3db0b1423422bfa224ea20ffc44ae59cb539e0fed9dd17fcf9a3ceb6f410d37c1f155276d4ed |
memory/2804-997-0x000007FEF70E0000-0x000007FEF711A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\RNJRYX6K.txt
| MD5 | e787281ee484e0ed06be52447be3903d |
| SHA1 | 582dc6f21f63c48106bff13d48ec1166fe981ddd |
| SHA256 | 268a35685cef57168d754d9941ecd9531858822461627d40e2e6b91ff4109e5c |
| SHA512 | e5bb9c80c785981df87f4fef4185bc3bd382ed87f70ef5a2204d2f46b616c796ee8fddb3745cf188eccebc2a3b295c00d0d919d4b9cf48f54c45b7b5f5957ce7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\search[1].htm
| MD5 | 0f38b161f4360f59d395b2c20f40df9c |
| SHA1 | b5893a3035ea7a612ca27521c31fe3edfcfbc132 |
| SHA256 | 4106a27e4e2f3a0b77fbbed59f44216af47c6d496d092eeadd8c83989ed81ba0 |
| SHA512 | 74e1b66cdcd90e8684daef91a3eb88fe75e6c1e193a2ecf5a3c26c582ea75a6b4476398967849b0ddb3809788507e70df5ddbd52bbf1303b45d6f6a435eaf1e7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\GRQPDFPN.txt
| MD5 | 4871c000ab7001b490c8c7f82a9453db |
| SHA1 | aa5d13b3d18b8c20b76ec218b118b0058c09a0b3 |
| SHA256 | 4db04660d36ad7d984d0781a5d09c2b143246f9e50f6bc0d87aaacf78a5bf057 |
| SHA512 | 71c916c4af4a9200b5fda8c17cad45e58eb4ea6177f93b917e86fc035eadbb4a02b372335750cfc15c461453cd3f4b8943c4a704762392a65cd72d31f5800a08 |
C:\Users\Admin\AppData\Local\Temp\~DFEA05483E93831CC7.TMP
| MD5 | bdd9803d5ed64de9f02e2072a95e5026 |
| SHA1 | ec74b54457e12bfd849283f6d692e9fe8a537334 |
| SHA256 | 6785a86738850e47a302aec0059542216c7d30920ecee2d90b8cc10effade603 |
| SHA512 | a3c03f096ad84854a98291445a6d84319149d25572471be2ac49703158712a7ec0f5c7b6124e0610ec76af4b5dd684fabb7e9c1066190f15bb98a7b49d11f08a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZWOBEW67.txt
| MD5 | c838f943ba591c3aa7282ff1f1a8fdab |
| SHA1 | 25c3c7e9376dc3c29ac53c5657855a57f2330f2c |
| SHA256 | f0d2523972be34939c20879bbf8dae4c7a258d74ae1ef2440d577dee371c2dca |
| SHA512 | 32b65796c606c461751e987b751a03cc4ba554256348b583da15ed71d2e24f5ee2c9e460fc98820c36cf525e8eab5c0d247f285db8157d7dfa14bae5a42bd367 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZBTI9WRK.txt
| MD5 | 740fb16a2c2743af5ab6caf89638e60d |
| SHA1 | b85aded6a0b9cc7049b6691c4bddd9071a57dc65 |
| SHA256 | ff23d70b3b0b69f1c9f6599eddda4fc126c6d03a35e877be907f6a5af5e313a7 |
| SHA512 | f62516dccb5c0324edb2c5664cbf63157ab70e46aefd90131b755905f96a3e7f84eddcc48cfa1b460f5d8d5d36b4313acf7515f259a6c1141fbc85e54386f8b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 698c37ed899fdd2bc65a26d9f4e2c53b |
| SHA1 | bd987fb30640fb263de781dbe39be801590812ef |
| SHA256 | 075803f99c5c8cf09a366842337434653490faec462df2f789c7f9fd29766348 |
| SHA512 | 332b14490d6b6ddff62fb9c0ee57400b9142d0342d4867f1e4cd724d5befcab0b12c0033aeba559fdc90d8b687cffa05d588295415235a2fb1cbbcf24d483f01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| SHA512 | 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56b7a6bded2c9ad1bcccb268e8d7f30d |
| SHA1 | 8088dce277f0fc2580fefd79e6020e2372248356 |
| SHA256 | 21d38c96ebfd599465745a90990b41ac2cb8575d4c358e969fe9949c335159e3 |
| SHA512 | 42642cbfab08e0be18d01237c002b2fa110967395e6f06127a4130bbd133dbee36e7c95dfa13d1c901e11d21f0a8d97f21a1b6cc0a6ea0f4856e98df1fb028c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | 83f466b5e107a966961d5a2d25ec2c30 |
| SHA1 | cc80bdf1040436d6f09a8560f82724b2ac2829d6 |
| SHA256 | 09231faa875c114c8048bce3f6633e003f266964815f2bb1434bdc9681e8fad8 |
| SHA512 | 628b740de2810ac6b12008ba1336be91af6305610b464c48e1b5d9941add152654025534b426dfeadf04b1f0fa877b27eaab53173679a5c4b37a9b00cdce9a40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b12675d95f2aea1f18f8bb229795d894 |
| SHA1 | 11153e7143ebe4f424e73a0f793a6e167dce8e2e |
| SHA256 | af76a5eda748634ed2ca0c54eab2962e102c0f34d37c6b1de22c5910f7547758 |
| SHA512 | 339ccae763dae417ab467690165bf5efec3193a4ef7ac3c8fc00a67d0f47773f5235034be665cc4f7ab89c517fbc9aa1a41d202c5d91251e5794418928e4b325 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67dacd49d27d4fa96a2d0327d4458219 |
| SHA1 | ca41641af978514c8c6ba3aa6159aa29e1d503fc |
| SHA256 | 2b91fb5c1a29dcedbdc14a5cde36496c8dc9305bdd5ea40a5e3d9bd15705d73d |
| SHA512 | 2c0342cb15df3285645c0f151017437085f921e82e7020c2fcccce2bbe492787711abb9bfaf52fbfe11f8e86ce5b80d8b86d6c6339b246bcacab03d5d1e715a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37d2827b368ce8c6413e73c1b75e1c9b |
| SHA1 | 7b5c4f50d4cc0b9e9ce446ba4e31053de95e2370 |
| SHA256 | 8ecf2a0c7b1e5313d5f71b34478481f58f1d62261f51b669ae44028cdf6cf332 |
| SHA512 | 0bb1686ab721d71c79fe04f5d7e4d6bf95d77d635b3b28f7893cca080d497f7c81128ec21abdcf3fb5cdb9e423677df543bee936647822a823eeff9d7a38da80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f2ac4afd9407dca5c09821a4386ca7e |
| SHA1 | 680a6409f240f4324e2e559a00de1b3c7f0cc047 |
| SHA256 | ccd261ae0b014b71a1211ee3fa8e62028bff21b0590810c2d12c06faed98187b |
| SHA512 | 1fc63b26a9ac2b9d5c850adada949f4cb01f6cf3acc75436ddb755d235abdd247c25e35e77f2492b85c7ec907b6b4e660ae96fe951a698e348f52e11c39a4f1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01289d08e5b6fc1800b01272aa49d539 |
| SHA1 | d3f4e13fcac110334f0ed8c014c2dec1820e4faa |
| SHA256 | f4dbfd83a72a09f59587c9318d1d0cb0d0e56d334e5a498f1ccb48a5e46c9d73 |
| SHA512 | ed41b61266e495f02dfc3b0209b6ed2bd16e13a0f4c01e675b1f9da0b752ad17d6d54575be800baec2e331fc083a402685f396ac9fd3932d8ec7f2160878204d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\js[1].js
| MD5 | b039b524a63b981f5d25e30ef0b1104c |
| SHA1 | 75cc6a78ab518309775d3da26b444e1a2744848c |
| SHA256 | 295aeb809225cf235b0f2cbcb0302571670e4a87ba9d95743f15bc8b1de314ab |
| SHA512 | fa7f5436897b829c5fe7c947998a67138907d7895f41495c21ff3f5377561b1d53ec41a3f7b4424801ff684aeae7187b9663806f08af5595d576c7a811a8c4a4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\PCOP[1].ico
| MD5 | 6303f12d8874cff180eecf8f113f75e9 |
| SHA1 | f68c3b96b039a05a77657a76f4330482877dc047 |
| SHA256 | cd2756b9a2e47b55a7e8e6b6ab2ca63392ed8b6ff400b8d2c99d061b9a4a615e |
| SHA512 | 6c0c234b9249ed2d755faf2d568c88e6f3db3665df59f4817684b78aaa03edaf1adc72a589d7168e0d706ddf4db2d6e69c6b25a317648bdedf5b1b4ab2ab92c5 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c70czm7\imagestore.dat
| MD5 | e321e44136f76a7e3e6cee8241339c1e |
| SHA1 | 7ed146c985a74064c11ad045a4ef490aff573650 |
| SHA256 | 35161a5a7a153a1460e0f7823901f385dc6ca01abadc4da67b89b0e965da09fc |
| SHA512 | df77afec60d1b24e31abc25e1ba90928bceb7ec12b000cac4fa2d779b805026d3878743b2db7fb5393954474047330a69a777aa166e4517e0682efeec8e8be8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 241574b9bfbd4798ebb3bdb3154c034a |
| SHA1 | 272c225d48a388b4363ec92270ec06e33bfb7860 |
| SHA256 | 162a94dfa5c40bb16ba0f3bc381d5f4ad91fea5c5b7d096d14815ee3176af628 |
| SHA512 | 276f8766d93b6cb1b8259343d3053ab0098da6b61bc17fb37c7e07e6d46e8f8ef44d645cbfd0d50ed69cbd4dd77d4c02e7ff60ebc4dc71197c504eb59d02a98b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a9f94e2cd6b620fbb9affca72559f1d |
| SHA1 | a3d669fcb3604bbc57f2393685686ff0e80bc015 |
| SHA256 | 9c8a07ade78f91836cad51088bf8704c8a79d2ce95fa9edb295017f487b8817f |
| SHA512 | c3549217a47f26620b333f0106fbdc640b120366df565cbd3d35efb96139f551056513e16cb34b8078b5ee278a13753316008b997a21fa527b89e474b0718dce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e71c0325708147958ef2826c0d5e3e6a |
| SHA1 | 4eaf98d6cbf494e3c4a3cfa53daadc89f18df861 |
| SHA256 | 7a7de786088a822eca2775f71642aae8496edc0c2fc15f3ffdf9b7d648895ccd |
| SHA512 | a75859f50686cfbb00337b9502306b4bca349527cd0767aab82536589309889b55281a11e90e3c31d26c395e4650784246484f512bad6b5bfe42b89931fa8bac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a98d099e041a52c4cc92999cba860165 |
| SHA1 | a37b3e13b02237cab60661353548b5eba27dda73 |
| SHA256 | 6d6b9b110fb92c301e94145230234093e57bf882a8059e9c654beb7392ed7494 |
| SHA512 | dc94d8f151b0c746fc43e8a1c3d040dc539f7d9604c8dc6db7f7528ead4d2f034762fd85285d997aed68d86b29188434118381a2f917c4d6ec5156d8f6ade8af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 305980bf66320a6dbc6372a50b962eca |
| SHA1 | 708a5bcac5a62ec1e383dc1c9a8882f367a4cf92 |
| SHA256 | 114f9ddf45863bd0269e38a3434b4bd992bde2839e3720986f7233fcc23e7031 |
| SHA512 | 94a1fb798edc06dbaecfc978090eb15e26efa4ae8540be1f3ca8e8c3e404036b1c2af6281aeb0fa2659a43443460431580aeae2c61f7ce1151132fd46704d80f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 384362a3e057aca90d1c0326bd448627 |
| SHA1 | a60e16c3b4aa82579c925e5bc5252742f001c2aa |
| SHA256 | 3f71efc2eb3acabb26e787f803ef0aac943486cc0e570bbccb0c2ea5beb5fa1f |
| SHA512 | 452ff7ee25517b537d606ae21296db1ab3fe73fd6808454bf7c4b4a42f480ce90b945f110b8d9a594b73b88552b28569f42e038770c2d28af3cb9e91597cee1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40b6f54834ea13e62bde11c9c26e9a0b |
| SHA1 | 3f8205aa8cc435198bff66ad95268d78352d30fb |
| SHA256 | 31a4a6536fed3ad8598679038a5c8204b87f3704d80752e2169133db13372dc1 |
| SHA512 | 59856b9bd9a335658546dae873cf07fb6b26b4a23a27c584e2d1c29301b3b39eb7e8d8c67a21ad34cfbd20c76c559fb020cc7031c02f2240ed02051be5d8fe55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2f0aadc634e13418ca054398094c41e |
| SHA1 | 122947266f697e2c4bda66d6bb16f688ff2351f9 |
| SHA256 | e27b328e165cd6cb8e7ce6ee4f9844f0c35eb3334bec85c44b3a8131cac182ec |
| SHA512 | 52cccd91a45742eb08ed63a3bd39401cd7007ef3a95f0f992f0ded20765f2f7ef460ea046823e72adc0991bdd80e283531f8bd2ab767524129b3a2bc23d9e958 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 986dcf3d1d17f6be493f37abc66d5089 |
| SHA1 | 02bf92e4df852e7ca602ef9bb1422ae0621518ee |
| SHA256 | 4ed43591eda98c79ad7a5f1566091e6c4d1b4724f9f31d4c808a737ff55ec9e1 |
| SHA512 | cf5b882d9b2e286df00515be8583372ae005bc730c6700be4221d7e57c71d04bb2d5cc4facf6b9048a514fd33063573c8caf29b19520953fa25ca9a566da6a6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94937fe33adb3ebbe130bedafecd41cc |
| SHA1 | 34054a85784d04164152ad3493c9698eddeda640 |
| SHA256 | 47f6a10c971b90dd286b6ab236d69fb26c50db738ecc246f80aefe990127fb18 |
| SHA512 | d06b9465b71d36711c7967805198ba0663ac9358f1c44a99912b61b87efcb46b4007c37e131d8cd7c954a5d34a1d10308cc41c49ccec78c6ebb6fa40e1cd72f3 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\V1VRTKKY.txt
| MD5 | 65929e7f3da96b98e1fef3477e53db4d |
| SHA1 | 0d47a5cfe402f4b427ff6fda734ce956567d551f |
| SHA256 | 62b903f1f10c135b19e8d8fa89b04ea67a17a755011ab7cc32e07c80e1eddca3 |
| SHA512 | 37e2a18f0b94252f96f7ce1224e6031b66c24c65d6651c597ca66955278d12f8154862d6560c1f0e744c708c17f38e53cb3f04863e7b5f27459c35e6aa0ba4a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2aed6775b1a7300e68d0928a7c0ac7d |
| SHA1 | 5d5f4514dd0b3b044ebd7e7e46c31db91db49be8 |
| SHA256 | dd2a57ac89a31b99ea5b418099018f244adba0c56b3280bd09e4f0e7ed1e8b0c |
| SHA512 | 4f936d82998b85e5eaa77d14fe39572f15041d0f289b07471316d1ce4068a65aa1256dbcd5dc9a48139b39ceb762a63bd4040e7efa6adbf6b5db24e04cce14a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 77ddd452c6b09ba89416c593350da3c3 |
| SHA1 | 081f95c59700df04466905c3b41ffa929a1efb2d |
| SHA256 | 1dece4a9d0441a466fe89eb6ef3c9c652cca6dc5c1253622dcc65b6060ba69eb |
| SHA512 | a0f8540f63c8a7e89e2676860c7ce982a5d059825a6fefbf90dc410abc098330aa7d8c547acb65db32f3bba1874a71a18cb02110bd658acfc2309b5a222c9d0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbd217f4332ad4282108a0e7d4ed62a7 |
| SHA1 | 76da6fb89945dce5e55098ebe0ee62a7e486b093 |
| SHA256 | faaf5a9ca8f80dcf311133be39e3aea1f50ffbfd741831487ade0d41ea39855e |
| SHA512 | 52f9a449956b80dac36dbbd75aeb3ac2017ea4aebddd39d1514c68c8ba735129c288052d7fb3370ce397d1e6c6b909f9dca1c60b4ce62be0f094e638b03d9e92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7b0a0639841f039ebb53059135d85c5 |
| SHA1 | d15d405861169a5e94407e4c0874956c2af7a8e0 |
| SHA256 | 1b80fea0598c5963079a6a04b1cbc7cc8ae2034c4aaf8b8f87925368a84e1574 |
| SHA512 | 2186267152338a53db8c85b08723d944372204894302ff7f373596ebd9d931f9eecfe64ea788199d085683977e49d0594f0fd4877ab8384d8339aacd2edb7dda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c56d5748541d7b4f253e2bbc49800116 |
| SHA1 | 01e44353a17270f1b9f01c770910558dc418d370 |
| SHA256 | d4ef7898c464428bbfdefd2cab9fa0096e214c681a16f08c4bec7a52dd480396 |
| SHA512 | d7210d943a4f88bb3db3c1444b57bff822164b57b2b8aab8d270e410b9e03ce2d72cbfc56886abf6c9cf36c60ef8880c149aa917f15a5f220a0cfa510de8988f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4576a507d99681213d8e30bba497dd5e |
| SHA1 | 207a1546d30b739017bdfffdfb1e3d5b15d867f0 |
| SHA256 | 18be8f9109ff076fc7e557db0d9f7cdfff2c95683eacc0d44ff5097bf8f4efb7 |
| SHA512 | 887e8f6a899f32afc7424d6cc7761c5619af9271084c05c6493e991f9bc5958b6aace35460139e1bbcf32b2b614db6e41c5667b8d881a2e10ec9fda890ba2868 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0de0eeaa1e90bd73ce852db9a829b832 |
| SHA1 | 5bf326894bc10597bfe54cd0c0e2e71902468156 |
| SHA256 | 58d4e0486a62ef158e724e17e6f3c0df4d03fd8ee59f785f9480b3496ad54bc9 |
| SHA512 | 644f467eb635a4896663fc984854aa43b0dc6b2ebb6406dd75109d1dbabb6f2f0fdbf14dd10b04c76178387422ef1e1105e9c989aeed275442f21348e921ce71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ae091a341262ea5c6ab72a2ca5d8ab9 |
| SHA1 | 74eb2a5b21db0eccd69482dad9e7cf0ab01e2fdc |
| SHA256 | b049c01378ac7a71dc0284c6d48143a947ea88f21b2572a25d8dad0722337bd8 |
| SHA512 | e6b2e8928ce86adb8f07d36113c961b0fb7a807e55ad77cb2356b0559f1be707be741498908966d2667cfb922275dc6e25ea28584c39e17ad48670042caa3dfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8cbd32a5f750f4aae5b6130a48b2e62d |
| SHA1 | 27892c8d065909db5e8411f81901171641fdf990 |
| SHA256 | 1b0b7f98543a3ac3802a1ac6f6989f34725b06386fd5b545e343cff28f0b3f72 |
| SHA512 | 115818c030749b6f27cd4882afbb3a60b6e4fdac8b6faa98fc3a7e9512e5533b870a0b6b7e8ba2c799e52c83ddea5ef7b2aa9f1edc0dfae7482b0753dd2d6629 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0ba8c4492241025d6bf67cd982e3dfc |
| SHA1 | 58d0201c4e6e74544a0763cbc8abdfba2cb6523a |
| SHA256 | 3616b89b824cb3021693ccb96154ae5b66639daaad626edf95dc3cd2c067d4b4 |
| SHA512 | aecf2b18451b840044a2f41f55cff36801cc970364238ef9ac65c084bed57a6ee6e0591a065fd509e30c566224edd9801bd967dc132098fdfdbafa3c03c3ea65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fd8f2b95c5ae9aec382be0b05eed01d |
| SHA1 | bf5cd6a94287e2f9d987366ff10347c37db6e34c |
| SHA256 | 3f360423caf116da9ddbb89a5a87556f820d52de9d7e73506d1553028be6d542 |
| SHA512 | 7894a62abf09ccc74371b06f9e37a18ff6c33a8568f1e77bbae574188591cd546821a831b48e2a5948afd1ebdf88f4e57ad6aeedc3ce173d032ee2c30b7aaff5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a65dbb6d6809d14ba40324483ae7420 |
| SHA1 | 378ecbaf8ae7905afb191b94ccd02dd3e428255e |
| SHA256 | eec81de68bc1472918793e8f432c7b67693dfb28693937a096f85f484cd13fbd |
| SHA512 | d1645ea3ad2fd1f806c039baff2d9a01e9b87b5011561b5a893d0993be3f26f24df2372a5bfcee3309cb063cf6d02e2db1def3e0f180995f2dbafdf315f793a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_AB9E6ABDE5D225B32CD1A91CAF7467E4
| MD5 | 7edc1050e4e5b2907c33f3b65d63c08b |
| SHA1 | f756ba71dcad04cb539f7265ff38f1d584750f34 |
| SHA256 | e59ba2799ada6c91581356ab352fa67180ca4ac4272c2629292516de4e5f37c5 |
| SHA512 | 56575441b853a6f1347588e45cbf8d8719db43eb7da2f573b5b7a1796a8498d90b090082136e16ba0d8c9475e3d2aa6dadbea50fe0e892a9929d920c6b532a0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_AB9E6ABDE5D225B32CD1A91CAF7467E4
| MD5 | c59da2dc41068546adcf30f4b7d6f931 |
| SHA1 | 800618c2ca43275e8bab5f5f50f24a47cde6d1da |
| SHA256 | ebe12c8aa39490b5a9f6876540813a5a31efc56005ce054c325feed9d0a42b18 |
| SHA512 | 119c483805787591f3c5975a39fb5fb2faa7d247e91026ec056fc82467836875fed782201dd0ad08ef2a1ee3d2cedd6c0862540be42d91834e4f36892986bb01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 7f622be315bed2d72a2c404f4b56ac86 |
| SHA1 | 53fa07899c4c831fd8a449e838323a97e518dedc |
| SHA256 | e3d34b10d7661d414ae2167b63ac9a5b635d1638e70ea50b881e92fb911e41fe |
| SHA512 | 6b847dcef2cd3f281c51cca147026958391680b4ebcb9e901d9224dda75a1847cf478c74fc0ed8d2387fb6a7781541518e09c48fb9e43e21dceb57399ba0c3fb |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EB4DUR8Y\oembed.vice[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\coast-228x228[1].png
| MD5 | b17926bfca4f7d534be63b7b48aa8d44 |
| SHA1 | baa8dbac0587dccdd18516fa7ed789f886c42114 |
| SHA256 | 885cf4c748081f6e569c4c5432249084eded544d55f7c85cf47ec1aebe6bdcd6 |
| SHA512 | a99269cc3c0af6a291e5373c4e488eaa3900e66bc3342933da3a18caff5401a4408aa1cb4463fac649c3cc5d88773f789fb120e292ed956188f1f5eda8ca7633 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c70czm7\imagestore.dat
| MD5 | 0e9ea895ff836d8694f423205f4fbec4 |
| SHA1 | b0e9046850b7b63a8706552faeb57c29605db3e8 |
| SHA256 | 9524728ea6b5e75da88083de1b277edefa767001a7a075b817c306478e1337c5 |
| SHA512 | b808a195d48b6caa3f9cf99453834614ebebe10f342229c91a3894b2cf24e9843f8840e08f1bdf717953d5524c42a1740ae00e5cfcbc6aee4ea9e59da556c5f9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6PB5UJI9.txt
| MD5 | 0ecc8ea9b592095c0128acdffeb2537f |
| SHA1 | f70a6d23b663c7dd509ba7c041dabca651fe15b5 |
| SHA256 | 6071a0f707d0b29c213298c271758e72345b4bf6b635304e804f69e9a246c2de |
| SHA512 | 03d6796463aac959518d29d2cafdc4407230a10207c869408bf6c344c467a23c2da8dd3c4b80aa65fbb42ae07706f393575e58acee804c6d050b28e920a38c18 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WUHITWU2.txt
| MD5 | 9626415c41746112702968de1a3d9c4c |
| SHA1 | 005bb9bf14b90d15256df1c831e0c35358d97c51 |
| SHA256 | 23e5051ea4b80a88e43daa97b9d6cd38e4e0e627f1404e9f87cb9f6ed2d83808 |
| SHA512 | 6fe9e53d40c1d8ce96a214e320b2d530ba87470e99646141d7c7cc8589a2c4829f7af1b074be6d7db5875474834de0996acb3cd712f462d680ab1782a2dc8571 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_0E84AD23AC2E74B30DEF739614C7EB94
| MD5 | d55b8958f8aaa2bec65bdf004b0d5d82 |
| SHA1 | a714c0b06b249c4de3137cc0f465157add65dcfa |
| SHA256 | abde29b017a033a780771592d3263da40a92d05c8141d77dc4d0bd757ea63699 |
| SHA512 | bc63984e5551fa8f8a5d6bc305b7e6d4eea403a1f787efa9126bfba56e8be4cf02e99f2fa9edf19964ae1080b061126d94be58789aca84283fe824874fd2419f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_0E84AD23AC2E74B30DEF739614C7EB94
| MD5 | 7188d8815ac719e3e370103f607e5dda |
| SHA1 | 1c702b3438a8345c0558ad2ab3baf5d89ab65312 |
| SHA256 | 586a995fbe3d1735087c015c4b9d4ed25d42081681874a2b498a9dbd444e164b |
| SHA512 | 13ebe79d182ead445434fb159ce1c686c8bd06b81fde652f4b83cab20bd091dd7dc40ba5c388bcb1b3af74111969c0ab569da76458628769a1edcc2f00eda13b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_47A43067FD26B14BE12C55F112579786
| MD5 | f474c87e4fe17ec6e274d4ce1207ed37 |
| SHA1 | 94ab4a865455282384687444355f6599922158c7 |
| SHA256 | 642f6fec22b157141c7140d494f322ed23cf6e99768648f1ff792436c4f19472 |
| SHA512 | 8c956a46a55c5bfdc66899b9e0c2d3a64ccf6f71b05704d4eadd8281c5b5c1fffd986d8a4275dead02f18f17c2601ecf58e8bca1f27df364b17b950ecdc8295d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_47A43067FD26B14BE12C55F112579786
| MD5 | dd70c9de721518fd87b4f1e8fd8c6a3e |
| SHA1 | 899cdf087100e024813763ba9d1b5a61410d7897 |
| SHA256 | 7b6f87b0d58ed547af31a701fcba7255564cda4d1a1dec5dee96e2a86e051a1a |
| SHA512 | cd41fffe36148dddeb01d80ef0b498344333d0dd746bb356e27f979f74440adb3805f53d8d2dddcc52e327c87e929c5e6b2ba3c99e4f76e41e82ada0a7d9376a |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\735B5LKS\www.youtube[1].xml
| MD5 | 0e90c4684eca00721f116bad5fdf1b4b |
| SHA1 | fbc8fdc559396287718bf7027fc39e2fb776ecdb |
| SHA256 | e7d20b3adceecea231998406c681ab61f68e87fb1f9ad5fe49dbbe666015de31 |
| SHA512 | 606c6a73d25aaf14cbd4a945893f39622c64d7929334addd055b4cb87bb8fbe5dbd76ca4d68c3064a5ba9761fb6738ff768e1e8be1c40a4d019f1157ca21c804 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\735B5LKS\www.youtube[1].xml
| MD5 | 52a89806b41d339f5415d015aca5ebaa |
| SHA1 | e85d15eace47046168d407cd4f6114ea575b0ebd |
| SHA256 | 2723238871404964a55bdcfb064e24787d63f6a5744de10ebb1044683ca4cdd4 |
| SHA512 | c6764481ecca5ebb1338c887a034cbbe6f368379e30cdc56f4388563134ab1b7a32b0d58911a47660babc14b1fb5b2c817bf63f88c53cdbed1a01089ff133cd8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2XKP1RDI.txt
| MD5 | 251039df28605082b2d9071395379b23 |
| SHA1 | 6da35ddb550c741b3164808a5308c062405cd471 |
| SHA256 | 9936b5857265c7d324070db9c2774a434ad6e8332794e1673e76055654e30ca8 |
| SHA512 | 0bf59cb6172498c573dcc646826c9b714e301f3b35f6cc704e5b073f4b5b5c8171c18a962118e76b2fc8e51fc85e1a0502e72e46ce998b6faf2234d28d049e16 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\735B5LKS\www.youtube[1].xml
| MD5 | 40c7572dc5df2eb22bdfa55cc31f7d22 |
| SHA1 | b119d4eb7d213925fb01922a83f30de24c4f7256 |
| SHA256 | 37fe3c4788d8391d77ecc2e5fe0d055eee3588a20e248135321b637383d45666 |
| SHA512 | f1fedd7b259fe4377c61f8f42ec463eb25262de26b0d7c43f97b93a2d6c20320e2d7280b0665f63e5ef1abc7bd988d9d67ac7b36aba6ec9382bd1817afd22831 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\735B5LKS\www.youtube[1].xml
| MD5 | 4c0dcb77f8cd7e5750b4354f68669f75 |
| SHA1 | 0731c5ecb2cb6b64d2eab5573ee6cf72435198d0 |
| SHA256 | af19e1738dc6f15814ba2603857cdd0c55baac2fddcac86ff819f09b020cb22a |
| SHA512 | 7bc34c67ff3046c41b27688a3c6a99852702bdc71565c06f1f8ef6fc04f358d8e711a31cc60cb2c18859885c462931fefec2507d41f1c6b3ed2a1584209d8dbf |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\735B5LKS\www.youtube[1].xml
| MD5 | 0b3999b181954dc30ef04f4ccf266d80 |
| SHA1 | 9a0fa60d68a83bb7555e5e9b9452e9be8cb9cebe |
| SHA256 | 0806950fa9a8cc028d63e065704704a36f5098cff2e73b24c4e5faff51bfe6d5 |
| SHA512 | f1ff3f2e03c13fa98d333071823893768309dc4189cf152dce9a4ef1ae2354a4925dfb773692e77ba43cee3335485930028f89f0857ea37db03d1ca51dffc137 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\735B5LKS\www.youtube[1].xml
| MD5 | 3ccfcce6dd4778d0d4491c069d50bbab |
| SHA1 | 896ce8621eb93eddcac648acd544ba928fb10bb5 |
| SHA256 | 20c8cd5ce49e85ff369e7da64eed9c1a167ddca5ed8bb4fa73a9e67321eaefe8 |
| SHA512 | f37d97068818183ff440a88f1ecd5d72f448502aab6b2db113165f6ec692c466be485096f8c78c26280c7f57f629db13f6ad436bc48156ffdc51e09d2e9c09cf |
memory/2804-2842-0x000007FEF6110000-0x000007FEF614A000-memory.dmp
memory/2804-2851-0x000007FEF70E0000-0x000007FEF711A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SM7MXDYT.txt
| MD5 | e76a31a9c5dc794b491d7d8e7dd6aa69 |
| SHA1 | 8d2a9dc0b995668ef02290a8b3fc84be2819ec4e |
| SHA256 | 4e1da3533a75822448d7235d686f6ecf42303605b23a789aa612e5175cdbdc35 |
| SHA512 | 2605fc9b6da2ab6140b36f7947b6b389c42b519fe9d91e96e3f646b7b6b0e90775601368dd0f98095d92712785ac43ab4f37dd8de1870dadadda27abf2dc43b6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\search[4].htm
| MD5 | a4d9ae83d488af6206c02058e591e1e9 |
| SHA1 | e92f3ca4db460708f1c6206d589dc0fc42ce5c1c |
| SHA256 | 385a004f309d9133f9822e32d86e2f19e164b7e55517e5b4f6080de4d689e733 |
| SHA512 | 392edf77be9b500cf00c1d88efe907c15cc921897cbeabd933d2faac844f2b1e823f12bc802bffbc956b591ba6435f948308120a14d08300b6fdbe37f4adba6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdc241bc09721817bed628beb4932944 |
| SHA1 | 8071778bf55d7a5f87fdaa8bcc4e84407015d589 |
| SHA256 | 25c663fef7df25003b019f78d618a1bb3fad6a9404fa89623bd73dbf74a4d556 |
| SHA512 | e0814f3725c10b936a3fb13984b743e051bad79033257868e269a28b3275f88b2bfdb418dda8e19296167adba77c9b524e7d50843ee8d46e91e29b9f1189a3b4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\LQ1N25DY.txt
| MD5 | 337817b28f1424ef994ef02ca43ca266 |
| SHA1 | 29e700a6523bf21c07fb6ac475ee5437cb5f9c11 |
| SHA256 | efa982fbdcd729bcdf631f432c73efa91e6fdfed2832f0c9edf3cc575509edc0 |
| SHA512 | 7659c849285eda366428f404cad6a16f633c562a4ee206ad25246214dfcb001978c62d88b6096bdabd99666287ae3b43bfb7b7c84a3c804ac0efd27e31475e30 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\search[5].htm
| MD5 | fa38658fc6a200e1ee8e0ded5f1835c5 |
| SHA1 | 42a691ab8562a5e9874b7e53d9ed6b631117bc54 |
| SHA256 | 76f40c0d562571e87a8210a9e222360a3a51f819399b7e383361cbd0bbb073c7 |
| SHA512 | a6e70160f4e26c667bd2903f56cb2ac76b05f7b3148c98307d1067d211bf9d2e542bdf88140a703ef6f975f020918df3b10e0f5654f0042e0a4e2d536e118da6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\D8GFLM8G.txt
| MD5 | 7349c81c24ad8bf75a590cb3442786b0 |
| SHA1 | ac620869e53294f855125fb290d219454e5e82ea |
| SHA256 | 7a126e98faf3fbb88f825f4faab11bad18e1cdfa681389ae93733ebd7dd53576 |
| SHA512 | 2f25ce71f2a97474de93474a11797f056044dd5f5a720512ece0aff71e80fb40e0fe60381e3694a2d9d5986b74bcff360f48e95f78af85aab6e56f55dbd94caa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aacfb23b85460e5d866fb857d5c32e5c |
| SHA1 | 0e938d75e36d8ec9db84fd305f957bf7691bbf5e |
| SHA256 | 80b1c87e7c28368526782b1dc390c084d58c9443c695820d962e9fa3f8ee56b1 |
| SHA512 | 71ae39c1ac896ffaf4a03445b3b48a0ec46115bd06c82732427b88f2dd3f55a63656c4cd316b9b4a7a0c84722c9d1c1b22c47ee5ff4b34c257b0f097524276dc |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\18KV47F9.txt
| MD5 | 320ea7ea130f06048eab7e0554b89aea |
| SHA1 | 381e42e22bc7b4cb41fb9c0f707020bdd29ab118 |
| SHA256 | 29a34273eb71e9c6bcc9a655fdbef815bcab83184033007f7c6fe3f9c640728c |
| SHA512 | 1a77525588bc30f3816e6b985d2fc3f439a8bb33e5d96694fb5f1334ea1a5d51fbe7056f5d5dbd65b980b46656fd024a5908572100e7e1918483899e1c0b09aa |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2PWG6CL7.txt
| MD5 | 2d2a46b489c4084d941e0ff11dcac351 |
| SHA1 | b0ac88057043368734c5aee76ab4ac5420afcaf0 |
| SHA256 | 6819b75dae4f55400bed43e9ae0096394837725a74f1ad063bbec17fb51c7b3b |
| SHA512 | f07f6fe69deb7cd61886c77c8c1f24cfc560b494faa1e538dc0eb6abf2873f2aef4898eef492d09de0c465aa301f497d513c12b7ca224650662cd80f135f70fa |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\EP1NG3UB.txt
| MD5 | 2f7f7100db8b6c2e7e48b3f8a9625652 |
| SHA1 | 89c8cb3dce3bd855033498e86927605cd63ef228 |
| SHA256 | 6ad489088afef2717eb4ead600aad59565c2fb566e00a6a0475b317d644ec259 |
| SHA512 | a233f32b110707c47a4eb1e3fe87d3c4a18911d6d89d2c7f19c37e8641204939ea40ef9cf179d3e89ff003250be3328c8d7af2d6387db8b11a175b3404bbd3d3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\search[6].htm
| MD5 | 6b99c7801185b84c7717d1e78ca9f565 |
| SHA1 | 7c1528bdf8fee1cfb3936c3f23f5af907b84bf80 |
| SHA256 | ea2ed4a71053a91f380ca3eda57f5785db0b4649179b3006f5ee23d80ab41a57 |
| SHA512 | bb8735dee1e60753316048c96ec9cfdcc08dc653270cd30383d1e3159ab773e1547a9a401f75d8ac2c0c9768e4c5d69e4a23ed05d6ef35de4d1f4b4b3a3ead9a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CHZNAVX5.txt
| MD5 | 02f60752f875f3a1e92b5a7853ab9f6a |
| SHA1 | f677814105d8b507a75fc7e6868d30e95e87f48a |
| SHA256 | f7d7994845126f19117ba73bc51814e5dd64efdeb91b6714431ea0c9d93d062f |
| SHA512 | 97ef1befc2658cb2788846395f39d4cfde1ee4802bd84f3c7da70627fd67d757ded4fc95bce434439bbea1af19bfc759c9a287e4a6410304f90bb25b26fb2e19 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\search[3].htm
| MD5 | 0c256d0ec24d4a11a1c98da7ccaf352d |
| SHA1 | c146d9d17f33acce5f682a16bd99e0ee6ab34089 |
| SHA256 | 03b2090f235fd2d3bac76d648ab5d6bb16c4c3b8b1e3006787e15332bb2e2c6f |
| SHA512 | 917c88b2d715dbba72c7a3506e8e5a34856626b51ff3a22459b86a50d6bc0b8f549fd8020e066296835c524aecce86be068c4068a4373c9f90dfd977ef012380 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HTPYBD9W.txt
| MD5 | 75c1c03e114b0ca5d66a95fc73aa24fd |
| SHA1 | 870326034597daa735a43e5fb676e50c7047fc14 |
| SHA256 | d49833b3550a8dc3988c3a32ec357ff44a8566a9a4e6ac0e5776510500953c0f |
| SHA512 | d816248bf6eefb88fd4bb5a984365b51c5d0968d00705698a8ecc9f2e88cf189288fff6e8e9838ddd23798503de44a847eef0fa88b752264a159a10662134b19 |
memory/2804-2940-0x000007FEF6110000-0x000007FEF614A000-memory.dmp
memory/3924-2941-0x000007FEF70E0000-0x000007FEF711A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\search[4].htm
| MD5 | db1135c5220b7713371099aa41910389 |
| SHA1 | ef458ad828ec5435a7f940280a8a2ca5b86c4463 |
| SHA256 | c0355cefb0a3e3f661c1253570e12e64860d03a301ea1558927efa98b1689b66 |
| SHA512 | eefccc732158b42e0bf848aeb980edf4ea243c374c6decedfa7080793feb18a21b10e363cb422d26c7f2b56f1c60c2720d3e05be425e6cb6f3c03c89057983c3 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\16RLYSOR.txt
| MD5 | 4ad21ca0c29204394a6dc51e2412d7ff |
| SHA1 | 2785ed4c33ea3681f01b083f4e1e6dc6d1d95fd8 |
| SHA256 | aca2bda7082180b4830f397da03e4e934e520ec5ee53d260229460663f2195fe |
| SHA512 | 1d7cf8b45df21f3ad9655a7ef93ba0855669ad0d5e77d2864df63fc0c2ae335f977d1b38f24d0992f515a3de9f27920b2d5d40c8833f72f3a6fc33a503ae4688 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\search[2].htm
| MD5 | 11869d04ef6d032a1bb0fe26fa126c0a |
| SHA1 | 20a6bf8cc97fff31c956e2b76f1949796abda69b |
| SHA256 | eff0370edb1f31271171c97dbaf7ef0d14a07d4d613d39d18e438d1655911c2b |
| SHA512 | 9d7c5f479dbe8f8609fab5a71b762d8cbc9a6b6fed48ae4492871186955dee80036516f27562a90551c66b6ee9c74b453ec8cafdaaa200c1edd626cc2df20269 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\V3UK14XM.txt
| MD5 | 5130360aa40e9d0fc0e5c18aaf7f90b7 |
| SHA1 | c5521601ccd306be0f7f5204920f8d7a0845c453 |
| SHA256 | 8b1d196001c238d50f027411595d4cbd82f84bf2947fc3870766449b8b04fd14 |
| SHA512 | ebaf889d58e3347122a11d51dd4d358db14eb470674d2b621b7da2ff32b3f164863ac6297a658f3a34c97c8c3c6024d389f1286699b7b1bddf84d003b86608ee |
memory/5068-2994-0x000007FFFFF90000-0x000007FFFFFA0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
| MD5 | 4ad1b4621b0cb69ae560d052848d623f |
| SHA1 | 8e1eeb1e3e23c145bb6ba8d4aa92bf555e689a50 |
| SHA256 | 2b618c71c1eec99e34c09f43c2ca43ac36871f57ff3db73cebcca41b1c39d11a |
| SHA512 | 24d5be56b29c960002d111ffbcee3bdcefba82d0eb3b40f1e27e1e35423422c1c5ef1c8fa59d91e0b4f0239366222105a5e7b30c25287a709221c4c92fa199b9 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\735B5LKS\www.youtube[1].xml
| MD5 | 7e583732e93384c975f8bfa11c31ee8e |
| SHA1 | 89e5e3765ca111b606f0b3eabe45ee6e136e9807 |
| SHA256 | 90d9ed5b563dc3e5bca03720d9b636bcde7cf9cdbab50c104af706b32148b74c |
| SHA512 | ad84d419f73bbcc06f7d959e9d50e9fa124cda4ca0bd8bfcf87cb859ae8e4277f369a1b180deb92ce9df3eb7b1d867998cce2f88a0a4edd30065a1ef3f763e2e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\735B5LKS\www.youtube[1].xml
| MD5 | 83364086df5f33382cdf67d28adf6bbd |
| SHA1 | 3842031a5174531bfe8ebf5e38ca747ac4f6cd51 |
| SHA256 | 33dd81130987544d5efac5a9f6a88dd7cf61bebdf85bafc0bceeb855a54b3fa3 |
| SHA512 | 6ddcc9275ce5f0bdae50546dfb09f476ac340267e7cbb90d144e4e76aff5b679c20922de476fa59ed7ed9db0393d0aa4e591554a72628fd9a4b22af4c8a50a97 |
memory/3924-3285-0x000007FEF2C30000-0x000007FEF2C6A000-memory.dmp
memory/2804-3284-0x000007FEF7E50000-0x000007FEF7E8A000-memory.dmp
memory/4496-3286-0x000007FEF7E50000-0x000007FEF7E8A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 06:46
Reported
2024-06-15 07:00
Platform
win10v2004-20240611-en
Max time kernel
574s
Max time network
574s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\MEMZ.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\MEMZ.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\MEMZ.exe | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{ACAA3862-B7BE-4E60-B1B8-40BEA9F5BA7E} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Windows\SysWOW64\calc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Windows\SysWOW64\calc.exe | N/A |
Runs regedit.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\MEMZ.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4208,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=3948 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4892,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4856,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5236,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5364,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5356,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6020,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6252,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=5196,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6280 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5832,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5668 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x494
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=5240,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=6724,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6260,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=6856,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=6676,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=6968,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=5368,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:8
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --field-trial-handle=6972,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=6760,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=6448,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --field-trial-handle=6984,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --field-trial-handle=6392,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6768,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --field-trial-handle=5728,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --field-trial-handle=7100,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --field-trial-handle=6556,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --field-trial-handle=6460,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7084 /prefetch:1
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --field-trial-handle=6920,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=5500,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=7188,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --field-trial-handle=6056,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --field-trial-handle=7252,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:1
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --field-trial-handle=6960,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --field-trial-handle=6452,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --field-trial-handle=7240,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --field-trial-handle=7432,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --field-trial-handle=7400,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --field-trial-handle=7660,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --field-trial-handle=4720,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --field-trial-handle=7740,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=7544,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=4620 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --field-trial-handle=6600,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --field-trial-handle=8080,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --field-trial-handle=7856,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --field-trial-handle=8276,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --field-trial-handle=8400,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --field-trial-handle=7964,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --field-trial-handle=8584,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --field-trial-handle=8272,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --field-trial-handle=8664,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --field-trial-handle=8684,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8436 /prefetch:1
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --field-trial-handle=8560,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --field-trial-handle=8452,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --field-trial-handle=8480,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --field-trial-handle=8948,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8476 /prefetch:1
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --field-trial-handle=8352,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --field-trial-handle=9100,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --field-trial-handle=8384,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=9260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --field-trial-handle=9232,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=9024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --field-trial-handle=8964,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=9104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --field-trial-handle=9600,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=9628 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 142.250.187.228:443 | google.co.ck | tcp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 216.58.213.3:443 | www.google.co.ck | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.112.168.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| GB | 216.58.213.3:443 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:443 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | consent.google.co.ck | udp |
| US | 8.8.8.8:53 | consent.google.co.ck | udp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | udp |
| GB | 142.250.187.228:443 | google.co.ck | udp |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 2.17.251.10:443 | aefd.nelreports.net | tcp |
| US | 2.17.251.10:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 10.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 54.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.200.46:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | tcp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | udp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | udp |
| GB | 142.250.200.54:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | rr3---sn-aigl6n6s.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3---sn-aigl6n6s.googlevideo.com | udp |
| GB | 173.194.3.72:443 | rr3---sn-aigl6n6s.googlevideo.com | udp |
| US | 8.8.8.8:53 | 72.3.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr1---sn-aigl6nzs.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1---sn-aigl6nzs.googlevideo.com | udp |
| GB | 74.125.175.70:443 | rr1---sn-aigl6nzs.googlevideo.com | udp |
| US | 8.8.8.8:53 | 70.175.125.74.in-addr.arpa | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | rr2---sn-aigl6nzl.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2---sn-aigl6nzl.googlevideo.com | udp |
| GB | 74.125.168.167:443 | rr2---sn-aigl6nzl.googlevideo.com | udp |
| US | 8.8.8.8:53 | 167.168.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr1---sn-aigl6n6s.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1---sn-aigl6n6s.googlevideo.com | udp |
| GB | 173.194.3.70:443 | rr1---sn-aigl6n6s.googlevideo.com | udp |
| US | 8.8.8.8:53 | 70.3.194.173.in-addr.arpa | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 216.58.213.3:443 | www.google.co.ck | udp |
| GB | 142.250.187.228:443 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| NL | 23.62.61.97:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 216.58.213.3:443 | www.google.co.ck | udp |
| GB | 142.250.187.228:443 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | telem-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.228:443 | google.co.ck | udp |
| NL | 23.62.61.97:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | www-minehacks-net.webpkgcache.com | udp |
| US | 8.8.8.8:53 | www-minehacks-net.webpkgcache.com | udp |
| GB | 216.58.212.225:443 | www-minehacks-net.webpkgcache.com | tcp |
| GB | 216.58.212.225:443 | www-minehacks-net.webpkgcache.com | udp |
| US | 8.8.8.8:53 | www-minehacks-net.webpkgcache.com | udp |
| US | 8.8.8.8:53 | www-minehacks-net.webpkgcache.com | udp |
| GB | 216.58.212.225:443 | www-minehacks-net.webpkgcache.com | tcp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 225.212.58.216.in-addr.arpa | udp |
| GB | 216.58.212.225:443 | www-minehacks-net.webpkgcache.com | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| NL | 23.62.61.97:443 | www.bing.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:443 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
Files
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |