Malware Analysis Report

2024-09-23 11:15

Sample ID 240615-hkmblavfmk
Target MEMZ.exe
SHA256 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
Tags
bootkit persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

Threat Level: Shows suspicious behavior

The file MEMZ.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit persistence

Checks computer location settings

Writes to the Master Boot Record (MBR)

Enumerates physical storage devices

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Runs regedit.exe

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-15 06:47

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 06:47

Reported

2024-06-15 06:50

Platform

win7-20240221-en

Max time kernel

127s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"

Signatures

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60dba31cf0beda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000050570ed86928c64d9dfac5cf88fb98c800000000020000000000106600000001000020000000d0d7f0112a7a3b390242f73552acbdf98dcfb429ff37779232db6853e5e0625a000000000e80000000020000200000008116789feef33337b2d6ec2c95aa9835847cfa3df13078b13a96d0ae729e24b09000000054368e8d32a0677fa65c84ffa40887722320a18377149057ae226eee41a38ad7559f2f4f39735c6ece153edf6d926a1b8e1dfd1fa5477b494d6f73de887494663cc4436d114debd4071186dd3c028627642a60e80c8f63c53da837837243c86ea3d2b076bd08a7e2f548164872bc564384e401f09fe335f97e5b4833a5ab233101a9868c8b26cb5a6ae4ab6ca304e6e940000000b09703b29f8ec9e7c3b8cb3a51d47763f3338680212718681f88aa11b1aabbbee63a464d51855bd6e68f4d8d88e81dff5e99c9e85e4cf89c055a9ba8a79c8a23 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424595976" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000050570ed86928c64d9dfac5cf88fb98c800000000020000000000106600000001000020000000e3a3062a740a19af5fbb4be38f33c01ab3a0a4010b8283b20556b30e6138b541000000000e80000000020000200000003190403add59b8e3659aa340c886d066e916eab2700a0b96293fb4d2144125d220000000216a8ed28656e0194e78cdf0ea7671c2aafd17462a7174436c8361e66f049c3840000000a567bcc2b35aca5418044373b7e88a8c1b09923098d05c30397eae11ae411de530cb43d635180b620b7ee83ae95b1071de102b6b68a57ada0b5ae22672fe0670 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4566F9B1-2AE3-11EF-873B-52ADCDCA366E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Runs regedit.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Windows\SysWOW64\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2512 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2520 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2520 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2520 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2520 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2520 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2520 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2520 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2520 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2584 wrote to memory of 2696 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2584 wrote to memory of 2696 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2584 wrote to memory of 2696 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2584 wrote to memory of 2696 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2520 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\regedit.exe
PID 2520 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\regedit.exe
PID 2520 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\regedit.exe
PID 2520 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\regedit.exe
PID 2520 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\mmc.exe
PID 2520 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\mmc.exe
PID 2520 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\mmc.exe
PID 2520 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\mmc.exe
PID 2312 wrote to memory of 1796 N/A C:\Windows\SysWOW64\mmc.exe C:\Windows\system32\mmc.exe
PID 2312 wrote to memory of 1796 N/A C:\Windows\SysWOW64\mmc.exe C:\Windows\system32\mmc.exe
PID 2312 wrote to memory of 1796 N/A C:\Windows\SysWOW64\mmc.exe C:\Windows\system32\mmc.exe
PID 2312 wrote to memory of 1796 N/A C:\Windows\SysWOW64\mmc.exe C:\Windows\system32\mmc.exe
PID 2584 wrote to memory of 3032 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2584 wrote to memory of 3032 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2584 wrote to memory of 3032 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2584 wrote to memory of 3032 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=how+to+download+memz

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe"

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:2372624 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 google.co.ck udp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
US 8.8.8.8:53 www.google.co.ck udp
GB 216.58.213.3:80 www.google.co.ck tcp
GB 216.58.213.3:80 www.google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck tcp
US 8.8.8.8:53 consent.google.co.ck udp
GB 216.58.201.110:443 consent.google.co.ck tcp
GB 216.58.201.110:443 consent.google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 216.58.213.3:80 www.google.co.ck tcp
GB 216.58.213.3:80 www.google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck tcp
GB 216.58.201.110:443 consent.google.co.ck tcp
GB 216.58.201.110:443 consent.google.co.ck tcp

Files

C:\note.txt

MD5 afa6955439b8d516721231029fb9ca1b
SHA1 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA256 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA512 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\3pl5scb\imagestore.dat

MD5 b6df2e4a08713dc61ca51df110225c93
SHA1 3aaaedbb018b88fc85ea9d7aacd1d0a668222bd9
SHA256 084feedb2f22e5438db986226777ee68b289f27d6b48250c031f57c2fd145983
SHA512 0ad8b1984e1ff8f9677a706e4b87f64c4e1283246dedccdcd1653c5d2428067500fbe96b4af97b4fb702d9cd4eea9564aca5719133a694a02f8ce213a73ed9d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52289ebd78680ada0894f005c0b814e0
SHA1 0bf069a356c2811b2b0b81fb793419fe6837270b
SHA256 b9e5d899554b18f40ff52438c694c2364b81267c9040849710563000c069042a
SHA512 6cecc0527aa2cc566e67e323437dcde3bcb94c5ecef2f412aa3db26407ede4b2aded38ea88016263f0b5432e3e615e954a478939a8effb8e8febebc56ad56262

C:\Users\Admin\AppData\Local\Temp\CabCE38.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\TarCE4B.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarCF1C.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7e13fc16bb74f325bb69e975e97fe45
SHA1 4e5f8dbf1e8dd9e5720c38940b5348ce0af6e842
SHA256 b3a78cd92ee5ca59a7e0b022e897f60caad889f736537934bea63ba1c14d1e44
SHA512 ea5f291afcb63a7437d818ca7322afb6ecc772672a1d2bc6709cb46b26f047c008216d68b71f77e126b29fb1e5b078c0b8e259417c789fee0485b44ce2faa9b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8833b3a65d705008489dec63d15744b8
SHA1 743dd58598c205c42452c2f0c5d1352dc3cb6324
SHA256 d4cf7e0e6fafaa855b57593ee02d67104f99c10841acdefa97188b311ca40251
SHA512 501beefa88ee885b30572c7a84eb7f7c8d1eadfa2560881a8547234fb70160d88d1ffe983c93233165bf79b683f75c6ee7e12d22b08fa3870190d61fa813f7e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06e495a40da58f719fdb332f69087b00
SHA1 6ac2f7f1de855fad180121cfbaf95470fd84b860
SHA256 0b98f847b3bc957e0549e859494066365dd0068c46bc08ca8957d99ae44e0aad
SHA512 4bcdff75c9ac74a9aca18f0f0d94f32956ef6d5e8ab438bd2aeeeebe0a17abb0145ba51e2e7d9bfbcc10463fb352fcd64c30635bac48cbcd0ad7092071197bed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7731cdc478a1d3ad1a09bf9de56ec62
SHA1 feca263046e9201cfe800bbd73901cfc29a67630
SHA256 515396934d98c124b9f574b036ed093444307e08d3a468528ca48858541af6e3
SHA512 f54a22041140a817fe5115de63bbfb75a14c6f75006853ba58837e04ef7ce6b7b6c3bee4b339c56a99fb661c621d1f88f1f42570ab49a58d2855e912cd13c46e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97420bbc74589d65f76d42704677549f
SHA1 068a92a10124248ea4cc8eb17a643cb41e7c4616
SHA256 8bf1e1a60fd8c535928465785dec96316e4e77eff6124b7f1bf3e38136489bc7
SHA512 7fedf52ebcca24060a6bcd900e6b01a9076f9d98c61d85e62cea2bb79b160a3560059b278608a77169d95b7288c6dae2f35bc25824f8e871c69426e57cca1669

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d87a5835eb4ca5c8f4b386f02149af2
SHA1 54151e348b1428f40a8a1c6f44d2743695d7f263
SHA256 1cf88df5689262cd0a4ac0cb4102f3ee371759f9caf06df0907914cd7303182a
SHA512 0b61ea9eb4c2a53fdc2140e0047eb2246f3bf9668bd313236a657162d3f66a41ce9c387529c71e29e749fda64e59cf8852c832052ed8fd0a98e6250844ea116c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a43d9b9545aaa1a4ce7e512e14e4df5
SHA1 02fa8e8e5029e562ae7126989368ddad804bc41c
SHA256 3e66a295ae669b7eda6716628cdfc0dc5850d40974533c5ca81063d3a04c963b
SHA512 2cb4d706155b6aa65ca6479081facb68c6be3bb3cf5cc27421843f037a9dd223d17689d569459a6e38cd38f26e9158ee7adcf3b889e64271f965dd3224f5517d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac7a057e306569dddb1fa9bbdf8ec22e
SHA1 dd2d440eaf1fd86a769a58e31d00170398227713
SHA256 d3fdd8dba2257e9b735785b52017f20f791cef567f77bb20f6edcfc196c57be3
SHA512 3421d9cfbf87461a0f8fd3068b826caafe7a4fddd75544d68f82600ec1616eab952cbe4f0c4ccc63bb9524b52b1dd95c1a5a6f36de4a33bbba43f466402a6fe3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f2d3b783bad9c9d6099f777174f505a
SHA1 442aac1ba6994aba6c8825a7d4569d4bfb4b55ba
SHA256 f6438da1dd25eeaf11cd55bcc27125a03ef824b3067a20aa6a81b4dfcab34c00
SHA512 caac5fac2fd7e8b7c2328d6095b14c49fb888cf9fd2c0a31cd36760c79464f46770d3c2ba738f693e01c090152fd4be31a3b7a7483c9a03a5f8189aae38a128b

memory/1936-524-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/1936-525-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/1936-526-0x0000000140000000-0x00000001405E8000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1fbb29dba297a8040aedb1cdc78aea1d
SHA1 aa8121bac4e975db635598bd104637d1aa3f5865
SHA256 81a1b10cc2accd7a08631701fee1672ae2b2563a606c74c7bdee07592d75ffb7
SHA512 5b1ed0d9da322aab4b62f842dde3ec2e387fcbbf3dc78c0d69f895e9d54fe88f70c1964ed379f0dbb1c83f1c6f935ca0295be5027e6ebce1678e1041ab9b8b90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 578308e2761026281da2110e55761fb6
SHA1 287b669f6f5ea39099696d1e636991a8590b4980
SHA256 b4cd16e50933d8a32ad92bd81f695d10a1cfab2b30f1ac8010105d97328c2c1c
SHA512 d6d44ab945649b67394cc9728049164f61eda27fc3c88c81c8de3a41c139dea5993a31d068c58e9e857f589b4ae0c83cbab10b73c08db77f8a92ab120ac826a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 e1280da82c06bf8541dab4914de40d37
SHA1 cc016c6ef520b1f95a908ca4afc02301fbd2e144
SHA256 c1510641aba6298c61da7315c58af2d14e4d12aab3d637de3e7e63b889e5de1e
SHA512 effe4be57ecb5f167a22eee42ff7fb60c83328cff29670e8549d1f31971df616b6fa4e5ab34bd41b4a740a38e8df161dc4908f31f8dc584ca3b44800748b1b72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6cc8eda2f6e880bdde840d3b4692dabc
SHA1 8112825b280b001990ca1254b8241ada3134d98c
SHA256 c0e106096e499f63d05d134dbf0a63aae10343d62c31a5a915cbedf8617a88fe
SHA512 0b6679935cdb9e0906e92b0cdad6fcf3cb9dba684a8c252a6038980ca5ff46efeb818642a6ae6bd358137cfb56eb91005557a1732b0a76aace773467ef9a634d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5770da85cc6d1114cd2e4d60456a16c5
SHA1 ee5a6acd0f6a55779e9992584cb21d6ebcce48d1
SHA256 acf38e701c48abeb1ea563bbf3d6d1fe9ab9fa618b15e82c6fb43d4d91d0f50e
SHA512 4b81d56fcfb0b319b63e08238ccb8f11994c38dbeddac85a322cf924a795b8ac1a25a34358045ab107d2236f76a9a1dcc8ab9cd3042abe52c2895d811a426a3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e15eb24b879b5b8e8e904b22f48869d5
SHA1 2da0def051133220ac9f7b57554156f16f61d8fc
SHA256 df2727bb8c294acdd7d6df0e271b8a7fd85a2da77cd114337d8afdea93a84eab
SHA512 ec3e48e0de2438dab66f4c368653ea43a9c19e67881cac16e2dbeef68d8f4a6a3f62bc9e9eaca23f77d06df14a0e544f0ad2f0b62f8f31ef2dd62edd8895b2fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28951fb3f4e99d889efc6d099dfca036
SHA1 cb4376d476593942c6a462e33ca44a06daa89940
SHA256 d90b829b80749d8c8b670cf8cf026f5b99cd98176b27792e3b32ac03f17e1169
SHA512 1209347db65baaf838f37337ed7027472f31f784c0157ae8acc82b4a88eb89779ca7976caf58d5f0d0d528daa822d7530e74f55562b9244e089c92affc8cc255

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 85bd77b83f1da5bdec196810cb854792
SHA1 5e5d6935a66ce38eacf1a5991cc6457667e93d88
SHA256 0edab1407c35d3eec3896d72ec4a8665d6ff5760080de24960665b40ca33ea91
SHA512 79b12327ebeb6300fad4dc431bcc1a7a7ca8e1d83efcc8afc4f17338f5a41d9087256a4897e8671ac82a1ec73303d615135d8417afd7e6f9d53f65d50380b910

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b4264ced9846e0a222ff938044d7678
SHA1 8fd032b8bb433fb46db4d340374218f4362c5b8f
SHA256 e6b85d40893b7eb134e448acb30a2cff7d148858d0db92a0c685d1680a28ce7b
SHA512 c1219c7eb818aef1eb400adf562f036d907fe7db685dff4de67c6f085d9a2e5ba6a6af702a14596adacb2437a2a48fc305c46ec4622ec7c6fbf5d2c7e1be0edc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6ab001f1ee9df8fbdffd60b4360900c
SHA1 c5edd05d13cc88c13930bbf8ff503aed33ae38df
SHA256 9aef7023c686f3a62f9d23d7d4870ec9e7f63031d250b8c9052504a5f4cd74d2
SHA512 40d9b688306ef371f573bdb97b5cc93fce0f378b4fed221509119850caca549616f242349b0bc1c36c973e6cfa51999c904b4bc13495dc4116ee98867dc0a188

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ea402d95b4e2e612ef77b1459d6131a
SHA1 ec70d803dda225f198b91287ec15a6c023b9ac81
SHA256 430b9cdd226601cfd4bf1ccdb4cee35e5f65e56326550e0de47464506c9bbf0b
SHA512 ab9e9b787c37ad4ba629e303a2ac3456309a902c26d2036587d27bf99b0ead7920e71c290e5d6c24e504c4681c8f0323b15d402acf1100479c8c044aff954377

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06b5d1ac98bf21669215a2d56e68f598
SHA1 67cd5b3d73a0f50c941e146059dc0c769e617b3f
SHA256 92f31fc60a16f183f77bc4917d407744b9c4c8bc66d35714ba8a20a8eacfd565
SHA512 236af038bf03a169a26e5238db73a7daff0c26ebb5758a5b7d498df40e6d29e43e677ce933924bf3cb308dd182a3eaefa220e778b63b853a38cfce9fedac547c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QTEFF1W8.txt

MD5 cd1b81130e35c449240379eb21aad3cd
SHA1 58f843e8b8d04bc055ca2f70222bcb9beb92e67e
SHA256 e58a8384b02bd403e948c93880b37338df55ea4e6bd4d2a44bb0e3efe674cfbf
SHA512 73a5ac727e91ca53ee90eb35b008057df83a67556471247c824f80512d886890fa3db79e8d707a236ecf488c46945504a338fe7dca3ce77d3100e61c6990d31a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 5aeb15dee8317eff4275df3e82b95a46
SHA1 40c02b7fe0f5b2e90645d0d0c64c3e9153937ec9
SHA256 0b21095e4efde5cbb77cb9b5a7f5a67745ba421f7aac5018591c3b18def3028b
SHA512 212aef72b96cf530a3dfde5317be0be3f111b37c922c06a1c6d741d89e1a108b3e49413a153546c65fd35702f24ba7a08992a67927818c37990312cfaf76cd75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cb067f8925985608a74147aa899c29d
SHA1 f2ce610e5f3e905563f42817624ef297b43d97cb
SHA256 eeca1c436060f7e4b6f5655d77096b434b1aede20e7de80f5556abf132463cc3
SHA512 2e9c7f4aa92e371a4a70e2ca41a524385fd31a7472ab78a1c62140f0f0ba705ad0fe76275f0df819cdaf8e91fb8860abdae234dbddede20c1d9ee084e713b0d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ac5336f1f174cbec803904fce0e8256b
SHA1 c3f4bf7a2f88953e56db56275921a2695269503f
SHA256 e26d49105fc12539a2bafdf47186ccf74046c5da69b2f4e8f8656da386118b93
SHA512 3b05ee314e3d041efa9ba89a458850bcf544e576aed810034490e3219605a1407b625d031481970f87b7b934a0a83756122f93043cccec71fd3a6a1494981f0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2df41969ad596ca9381f7e4b1c9fa13c
SHA1 8cf571964b2d671bb77f58726947c5045b42ab30
SHA256 55761743cfa5a222eccf252f1dd6001198d02a25d5a82e6cd0938367e3f3364b
SHA512 77f18653a9815caecdab1c3248fdf37a1c72d746495a20b329068c27e6d3e675f9b0d8ec20871b675174df6c7737a5d7b54406e33cc1f8fa704a49363a10f09b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_A34D3B1C2EC7792CC8F97AA4FBCEACCA

MD5 8d988f4975d833a8a5965909a6736784
SHA1 4bc6c629faa5d8842ecb55dba62812bdea4d9a4c
SHA256 21a6e72528c8e6b98e5c5b4ff262b58648d8d532881ba4dc2b4e0727c6d448fa
SHA512 45cea9c59c28e22a82a646342b34fe42180d7ca673211750c75f5f01ed616b81217ab6deab29d0a926449eb2e60213b6828de6148408edf2c2eda2ab474c3bb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_A34D3B1C2EC7792CC8F97AA4FBCEACCA

MD5 120af9d6d30ff08f89fc5ddfb4a9e8ed
SHA1 395572a2d0071e57c4cd354efe94a46cf047c12e
SHA256 bfd9450bac3e1a1a53dba6c5283d37893130916745112c96861eabec68610043
SHA512 385a4c5a80d8fee272060d626937e338b0c2709788976a5a26ffe5adf8bc36bd7c07a61770b4829acd98fd6ef00fbc2ddfc24712eeab1a4f638e2befedbac801

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322

MD5 4182f0e25fba923f1901b9de3bb14a40
SHA1 73403b5efe56d62ff1ea5520e937bbcf2eec269a
SHA256 8cac4921af175e3c1c904d8494edfcc6bb289881aaa5a6892006dc2a32a34844
SHA512 a64d067384cedecc443e34874c9d2b599a9002f6110e5a1b866f18ef89fb3133c9add2f26824b4e5b2e4f65cf2b6adcddf325ec3eef905a9b543746a50519d54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322

MD5 6bc7c000cc721a095b633207e9e77dcd
SHA1 7700369117f80f018ddc62bcf7a3db1963c7987a
SHA256 816835bd12fd04ed09692c77c7acc7c84003bd12dffe33085e88159e9f81a2bf
SHA512 a2901dbe38eb6cd80c9343fa3ee38a73c984cf084fb2e6f245356a14e275bf5a38c1857d3aced7315b7bee3ecdb51840a19e281b1a05cccb566f3d51d0dd3935

C:\Users\Admin\AppData\Local\Temp\~DF800AF6FC56613D32.TMP

MD5 8525cbbf8148f93684facd4f9478964c
SHA1 83953a540119fefc67fb600393793ad9f8ea5764
SHA256 089c28d1ad2196b9f0afa3ea4331ca35819fe2d99cd57d4e345618ca88f18060
SHA512 02fbc24128259100b50c5e7334181624d2e7084f1f1994ab0a612f250ad7fa507f17eb81773f8f0a0a9e2581678575c318f5694cad04b44b4e5a3551843c2b25

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 06:47

Reported

2024-06-15 06:52

Platform

win10v2004-20240611-en

Max time kernel

292s

Max time network

302s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629079517583158" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\notepad.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1300 wrote to memory of 3600 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1300 wrote to memory of 3600 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1300 wrote to memory of 3600 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1300 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1300 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1300 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1300 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1300 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1300 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1300 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1300 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1300 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1300 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1300 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1300 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1300 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1300 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1300 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 3516 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 3516 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 3516 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 3516 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\cmd.exe
PID 3516 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\cmd.exe
PID 3516 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\cmd.exe
PID 3516 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4052 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x51c 0x514

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2452 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c4718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8c7faab58,0x7ff8c7faab68,0x7ff8c7faab78

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2092 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4384 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4680 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4964 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4292 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1968 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4804 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 google.co.ck udp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
US 8.8.8.8:53 www.google.co.ck udp
GB 216.58.213.3:80 www.google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck tcp
US 8.8.8.8:53 228.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
GB 216.58.213.3:443 www.google.co.ck udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck udp
GB 216.58.213.3:443 www.google.co.ck tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck udp
GB 216.58.213.3:443 www.google.co.ck tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 216.58.213.3:80 www.google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck udp
GB 216.58.213.3:443 www.google.co.ck tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 142.250.187.228:80 google.co.ck tcp
GB 216.58.213.3:80 www.google.co.ck tcp
GB 216.58.213.3:443 www.google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 216.58.213.3:443 www.google.co.ck udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 ogs.google.com udp
GB 142.250.187.238:443 ogs.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 86.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 rr4---sn-q4fl6nsd.googlevideo.com udp
GB 172.217.169.2:443 googleads.g.doubleclick.net udp
GB 142.250.200.10:443 content-autofill.googleapis.com udp
US 74.125.3.169:443 rr4---sn-q4fl6nsd.googlevideo.com tcp
US 74.125.3.169:443 rr4---sn-q4fl6nsd.googlevideo.com tcp
US 8.8.8.8:53 www.google.co.uk udp
US 74.125.3.169:443 rr4---sn-q4fl6nsd.googlevideo.com tcp
US 74.125.3.169:443 rr4---sn-q4fl6nsd.googlevideo.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 169.3.125.74.in-addr.arpa udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 74.125.3.169:443 rr4---sn-q4fl6nsd.googlevideo.com tcp
US 74.125.3.169:443 rr4---sn-q4fl6nsd.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com tcp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.200.46:443 youtube.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp

Files

C:\note.txt

MD5 afa6955439b8d516721231029fb9ca1b
SHA1 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA256 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA512 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b4a74bc775caf3de7fc9cde3c30ce482
SHA1 c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256 dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA512 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

\??\pipe\LOCAL\crashpad_4052_XWXYACBFFCITWIZL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c5abc082d9d9307e797b7e89a2f755f4
SHA1 54c442690a8727f1d3453b6452198d3ec4ec13df
SHA256 a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512 ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 734c602d0e2ed269825dbc755a32bff0
SHA1 91008c2175055f242b9c236dc7b1f095092143e2
SHA256 80f335974d46d59874d36f5673dee30bce9e763cfa7fdc59fe95adaaddf1d3fa
SHA512 0d5e30f4a2c7523a5fab5668d027f88a0b2185faef2d26d24bce22c1484d1ab2e7d9290683a074e7ac0d7db4df2439fa5f13f8a0bc209853c9e7d0b01a7dd6ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1f5836b28e207348725d05c8a0a00b57
SHA1 ba366ffdfe87239507ab2bb6336222ef4161fbff
SHA256 d0b8827e71ed6b5b0b317d5d7968632e19b0944bab8fd8c688ee04c1757df8fc
SHA512 7b3463ac143673c5f438e0e62302f54882f7580d0b7014e5c0ceae9d423ee6d2e2a56242779403c673ac230242ada653f696f3d7b1ddb5898fc8b5e9ac49b6dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eb36ddf57f1a042d7f2bdb6a11c4c382
SHA1 12315a5c49052b6043b4acad82bba8de0bb3e406
SHA256 84b73826ace13010294e0b65bce92ed33267ad91304d5a100ff53562f9ca41e1
SHA512 58a7156c63e8944c865c4edbbb0cf3a07470ac40708b23caf0533539b580a63f43a98ea557eb60cbccc984e29e3223c7c6079cbf77f00c21161c617897136a30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 108f3c1b744ddfa9bd78db6d07519953
SHA1 a57ba9175faa34dd5257d77c12ca00b6c6f489b8
SHA256 d3f4d8ace157f22a167604162204cb56ddfa6a8d536cfe8db2776ee71871c308
SHA512 399e9ac1e2c99c9ff60017162a0cbd1c496ffe36eb8b0655b21888f2b06ced9c59e3b360849668e0f360db33074801485275566b058cc8f9eb84c392f08cdc69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cae014fa22817ef9d75388daeb50d7db
SHA1 0a1c72bcba281da32bc5ce0dc1960cd015233b80
SHA256 313f06d1db89e13ea9c4511d0edf274abe8e697a94b82222167bde1b9ac54efb
SHA512 1f93fa8b4871f5eb0b034fe0d53bd70d80480198a65ebed149ff7876e68fb17c5ffce3200beda1378a325fc2745c381a13d342555ec1b8e03a6d7f020f711e4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cddf968a7be04dcefb7e7db15e6dd68c
SHA1 321604486e2ff9f74836467a6881dcf382f20e34
SHA256 e2731ff20556d6f941ac53be34d94c02d4928053abb66a0d8f3ee41f316f3be0
SHA512 574f1ce96b451c91e4a1640e0ae57733779cd3ef8940ea4850d88d288a0467941c72dbf6cb9c4ecded0456c5a3f74d4eb99df2a094a49d41080c80d6b0855fc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59042c.TMP

MD5 d81cb4065fb0e61d653fbcf0a00e941c
SHA1 a0269b0d4ad26f84e0ac2124b2c59945bdf3ddc6
SHA256 033c515ca1e1ae0eeec8c4925909d2e87cf36a90386e6db2d5908710157625da
SHA512 61e0ead8ac06de9c1a5c7f6d45baa551ef3f428c1f9cfd4229f6aa1ee29ef4aed6e35f64b8850a716edf3d9c1ed97d89fe1937b3ba8032e66c14bd6663d82890

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1e566f48e0a3bd792f57593e3bbb24d5
SHA1 f2484bba8bd1615d59dd3d14240f2510c929a305
SHA256 edd09708c6f63c3b667dd443600336232b5f07b39312e5f3927cbe90b999867b
SHA512 343dafb0894c47038306f2f4454fecedd800d5a05a790fad08a4c7b7b7e4989bebbe62d4e85e6adba5d73c93d5b0a4144de088cbaa51a54c178dbd0eea88913c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 f0c27286e196d0cb18681b58dfda5b37
SHA1 9539ba7e5e8f9cc453327ca251fe59be35edc20b
SHA256 7a6878398886e4c70cf3e9cec688dc852a1f1465feb9f461ff1f238b608d0127
SHA512 336333d29cd4f885e7758de9094b2defb8c9e1eb917cb55ff8c4627b903efb6a0b31dcda6005939ef2a604d014fe6c2acda7c8c802907e219739cf6dab96475b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bb1270527ba95e03a6799cccc1161fc1
SHA1 edbd4b8c30fcbdd524bd16d6910edbad205b065c
SHA256 8ee0ba62a3dce006bb229e1631b2f33465e0f91dc6566fdefe4c9023ea960cfe
SHA512 3659fb8a037492853032b27d59d7e432e615dfdeb10a4be316c884c2a0706079820e654528e2de25e4f71b8d001c72f2c2c1f60c5744178e2fa235e2c4ece8e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a8bece7812aac81ea862546efd768354
SHA1 4a7a7debabd4e5bffa741b81bbe14d20641cef03
SHA256 f4a1079072501a27b65766a88738227d76dd899c30a153cb428169875bb996ac
SHA512 0c79026b43f2b3b1b96e333c0b7e21d0876ad284458eddc582e43007da0dd177229e904e99f8ff83a1999958f5e48771978db30fdd094cc336f654be7903a015

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 96b5880f2ad674efcbf426b52642e5dc
SHA1 0d413330964eeff6ae632aed05466c23f10e5539
SHA256 b24f4a4659b5cf0ade394c93b7b2dac5a6a24c5f246cdda80f303debd305b5db
SHA512 2e2356b5b8ff91aca1965d6bd054e9b6f30f29bfe6100b6e1a4311d1d6970f4596d709d9bec9a6507f583a653f50186c8dcb76edf66af1f167d85c0b3824aff0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9e560303a165b48968c64015c3ab0a88
SHA1 0ad4b09da8697873e955f91256bcdec663200d8f
SHA256 e228d9930d583ffcc5c77b69ace0786e054a87ce63f2a810e6070622f1b52888
SHA512 dfd59c4e5c2af6547e23bdece9ee1e54d0f8a23ad59ae14a71c542a24deb120f3f7b5215a36f4387e4bc9c863fbbe2e228961cc67e4e99f1c7ec5a0e6574e1f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fa7cccd1dd018a86ce9a27fb26e2b6dd
SHA1 6e1aa65defc5824f2eea253d9242b7523c85f945
SHA256 7e2085089df5875ec0f5b6dc235ab6557b1e4f7a86f46289fa888505536d80ef
SHA512 86ef5ef14dc2429e0febb7d8642199fb7755c11a76d30ba2563ef72abd5cae4ba15c78df1600a82a2e47e016baaf93934a454e1bcfdf61624a43b9d2023d15a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 82f6550d1153d16a7dc935a5d855d8d5
SHA1 5abc217ca9022eeeecfd22b79e9a853481dfc42d
SHA256 f5d667f8258cafd355615cca317235a31b02f6de05084807dd1ab1d00525333b
SHA512 3d198ca977af031f8f62f69305c1e6051f3a2b7c9331e7832a6261cfeda3242df5fad8d53533f23f998560a4b9d18ae3620bc4e1e201640bb850dbdd4196369a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b69f7f82e0f6164bfaf2f1c8a1562873
SHA1 66ca17c3ecfeaebfec1ca1348bcee7a208853b3c
SHA256 59538c681016ad79f667f8caa8c718f03f819794e0903ad0c99d832a3b795999
SHA512 db5ae986c37b0235c616041068353d8987b297075ceb832a994158973e184cc0e655180b80e16e96e7e248893c344445f53951da7cbea1488021989fb57008d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 93b7a8babcead9bf086975ecbe638f65
SHA1 9c1187fc19d612e9aa9cdb6543cae96a8e428edf
SHA256 1c7be503844ee7810f9cada30bb348137d41f3b1ab1f9a0bdf943f02456bbde4
SHA512 e3228fc2dbaaa3f24fe2edb7d1c236995c0674ae0070af1887261045d555803d7f06e98d749170673f7397c8cdb6775f1640250ede5929923004498168f9383d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 795b3dcfa5a5f9e8cc22bc9faab2b7fb
SHA1 2e239557c8dcd0199cb8dd6998e5358db4c84624
SHA256 ba55569f1908f672483d6429d372f1a20de31748aebaf87bee5c478a0b1dcb8a
SHA512 aeb0e9f7bb6eaac17fa8dbf04aeb9f337070293a98355a4527d51e93f09683f313846cb1c309dddfb8e8a25a295d842ea5b4175ea2c8a4b2badc9a44fff7e1d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 e9f3b7249d4f3b178a7a1ab8c1e4329f
SHA1 eca4cc68ef94376e2d4739b1d7de5fdb3412c55d
SHA256 1b5dd44b41790e6d6f80c1da7b7bff9ebcd3743a00291fe622cb292cbd47eb83
SHA512 830d9e82904ac99360bd0d19f63d7aee599b4febd0cf7cb3082d129c859b43646d4efb9c18f078d3b66345f27f6c8ed3925517ae315901269295d94170749989

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13362907749929547

MD5 159c987548d8d5aab630b34179a3a358
SHA1 909f46d269d4d2bd68c5ee7e7fe4dff69bd242be
SHA256 73edcdd334d6c13ccf0be089ae96c78fc184fe5b202f879b1350dc4bad6e7f02
SHA512 d2f966b682d2822f9cdffc7da8c7c8df54a5045f657a44d3d46ae4b30a8d07cf509323f33fc9fdd03a8296ac558e60b1d0aa66dbd5db69d0e2dd701a51fe67b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 02f7fa5e8767d95b275abe27472e91e8
SHA1 1ad4b77eb5b7d50833e5804039ffd8a1d7a71913
SHA256 7d28abf3186a971363c4be303f496aad27075709688ed6469cb83a69fd9833f1
SHA512 2db32980ccdce80a82fb345d2812cba9f2aa423c9ded184030cb4eb2b39d89e96037dcc8e293f9beb509801595cee3cd3c454db0b92f960864b87bf7ab6c7fab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 bf1c5dbf8cda076ad08135545b9ae348
SHA1 9344c91128e39b814e7c00df047d476712cb6c9f
SHA256 e9c21f54121fa71cd51749bf7e7756df77148e63db2800ce66456513d1eb8fb2
SHA512 a32dff0d9f99b5cfc1e48f66762278bfbff220c4ce1ef98d46de57788d23852b3be551eac02e58d7eac06e9703f84ae098581561c9ca41cb38f0e2c50cfbf536

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 793e7a81f5c6c258515960b7473cadf9
SHA1 633ef2c4da364b1aa2adececb0cf8b14bb488712
SHA256 c9cb6545e2e2c1ffd5567b19d216c4069e25872037c0782621f2e526a0c0bfac
SHA512 9e7313cf0d00a176d92ae0aa28944e3b6104bc3ff444541e3fc56cb68f041e8ba6deb059395a849dd41fe8d0d13dc94df210a479bc92224f7384f2727f95c2ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 d703e6354467c496bb4cae31d0457c28
SHA1 0f0285164739bc9920a83ef32fdf497a017eec75
SHA256 9b225ba31a9ee9a9aa28d6fca9666b22d2896427318e68597c6ed908cccca429
SHA512 eda11f70a76dc67780dfdedbf0bac51e72abd72c302e1506b995aea81cb6b3859b85d4083b7429af66cf9d98f445888e298109f878394179aded6f348c56af3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 dcfc059c5715d7b48baee3de35811ffe
SHA1 da2198c33256ed9c001e6d1bdfba9eb92b1fd647
SHA256 cf6b810e3a1d52352b37e7ed79d0c1c0b149ccc3e1dfa712e2046b9eb6119d33
SHA512 a21c1aa0a47c3f1424ccb79362681283b094354f11491567a8cfd600bb8e540dc228d84f4ad6c767870119d19fb89124bb51a6b728bface3e67c0621941859db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 d7d9437445aa960dcea52ffe772822dc
SHA1 c2bbf4ac0732d905d998c4f645fd60f95a675d02
SHA256 4ff49903bec1197017a35995d5c5fc703caf9d496467345d783f754b723d21c1
SHA512 335eb1ba85670550ed1e1e4e14ea4b5d14f8306125bf147a42de4def5e5f75f14c422b014414030cf30378c04f748ac875cf056adda196511a0b057b3598fe9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 9e90058d715fd594983b6825c85bc51a
SHA1 ab2d2b47132c07e80a7800c66beb30e2fc071565
SHA256 b55ff15fe4b8198bba3aad035d4fbeaa77cbd9a24e504526ab97658e423f1b35
SHA512 c7cd946786424c73b6d3165d96b9a28971a3aa3ce518d239797888133b510d2630ff44f4e08bd98edf3e3ea9504107b18916544036922d567f9222d061dbe5a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 248bfb3f59fc19890e35b17a97b5b191
SHA1 f41fb7533ae53915a30296d9c6efeae4abe40e00
SHA256 eb35192d5d05b0ea8b396761ee1e6244ac95781408a3e39ef7bc22de5a6f0ab1
SHA512 4a45e9ce826982ff40ac0f7b6d510c4880bc9b5eef211d71fb18b7a8186c877a2c626cd378cd652a0e86fa9474a624fe09b800ff156b2cc2229aedc5a3fffc5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 21b8675e5235b6995df5390142c80224
SHA1 1d18ad08046fdb894ab8f8f4e35a4ce2a1581298
SHA256 567502edf8beaa1fae5f6b0751b9b3401557cc139b33e346bc236fd7b453b81e
SHA512 8663f8d28bd1ce3bdd3940c1b677392f146d87eb67aeed99f87d5b956f9cb841fd12a0dfb8d8ca08502cd9393fbb56307526ef7d0b423f58a383e6a1c7b1f1f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 2e6924a832bd40d17278c74a026d92f1
SHA1 e1d4af7ba59ca72d1abde9b2a1ea906724833bb6
SHA256 66d381cb4542a314eb724e5982cb2e1b4c7ccf8ab0a7eea945a9dc8e204b2b64
SHA512 39c310af647d28948c55901d1d3333689a223b9e02e716becdccd106341494df992739e2ab3bee9e886538af605135dc5ca07d74c5b85e6878a95df20888fdd5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 606e591b4617bd3cddcc24092669a854
SHA1 cd130908396738f4f5914d2179edc4d7f460a87b
SHA256 5e88d16a53fb9ca262fdb191e8241721e907554d04fa32a2f140c330275c3aa3
SHA512 58ab52e55e3de1c6c4ad0c8574306ac54a1f5e4eb3d205ea912c6ba25e16fd5dfd0f996ce324952f59ec218818b40a60e1bef7c5bdd68ce6f8902e4e7cfb77bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d67a75d7a98fb846d438e81b8e2133bc
SHA1 7ef2a2ecd78de8ff6172ea8b9c7950b22660bae8
SHA256 ec8a08c2fc443fda511987d2ec9668b79fc823a214e32040b342ab539bec625d
SHA512 bdd5913b0e1650e8ecaf516aead0039236813f892186e4393069dd74786bd9026fbb195ad240518a6e019f35fb7cf486a29e8fd484dc7302c3e370e670eeea0a

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

MD5 5ee64372f98a3910a4977bf012e01cb2
SHA1 b0289055f87c3e6eddae029f3a072ce02a76576b
SHA256 0e6c51be7a9d5ce6675093a8b13419648e71914eb234987707c17617917bb01f
SHA512 b25fadb8aac5e4e7a0219e10b2e9b3e2f0f6b24f001bdeb01bc5366a28a6aca6f20eda7324e3c0dbc2646f91162a5e46b1baae0ab2c6fc1e047410dc1d9a9437

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

MD5 6bc4851424575eaf03ebe2efee6073ab
SHA1 2d014fe2feb929d03a46322645a94556ca5c9e96
SHA256 abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e
SHA512 af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

MD5 fc97b88a7ce0b008366cd0260b0321dc
SHA1 4eae02aecb04fa15f0bb62036151fa016e64f7a9
SHA256 6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e
SHA512 889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 0e0a11eb250813ecca2a457b0a8ba116
SHA1 3c0320d5661f416f0713022086339382e77c922b
SHA256 9e96ba8d54d8ebf47930edf13a549b6591536fe7901a7709e60235a09834d49a
SHA512 12f60e086f803fba6328aa1f9fc9336ad857c77273f1b91f902f298e0e28ebc87e97b92c21c90dd6be8504ada6e0a08405a81588558f05eb376f6a2ea9b33fe0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 d0cccd3feac888bb3ecd424d83b3a5d0
SHA1 90f4cfaf314bc83ba42419ef6978ef9d48540b54
SHA256 79f0d001fd0b5e1fc6bfa51944b24f6c04278213968d385af810ef46cf24356d
SHA512 626f7a720cb38901358480159614fc04ddc6039cf79b94a3809cfd7b02f150ad6752f2ce7835e47bc7b6a0d720ee7394f801c9edbe7f612f20368fc6d47c583a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 c2662c208907c0dc34b1783b85c57739
SHA1 b153d58a1e3bd9bb022f3b6e62a0500b0f23ba3b
SHA256 f1ca13157b8725157f66758d013a2faa73808f85977b935e7f0efbeab1ee685d
SHA512 b773017905844ed61e13cef92356a423db13574b10e4971d24040e854b3cffcaf1885110fad08cf8ec9939a23f625ad3f388a6c267dffb578ea858da75958ce7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 48307f91e9b6f504db45f9274baa957d
SHA1 c1730d2d588c5f0f1a5ce31011b115c8eaf8e412
SHA256 bb17098e7cd29454a53b70514362d4d464ae157c92693a732a3db3ddba103fe2
SHA512 d14def6edfff66a4aaa5af3b0f695013fbd69516f11fb62d08b22fdccc15b1bccd224e14eda709e647311f65608daa8390b56b3287dbc46c7cb6770157881d56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 90e4af347139064003cd98dff7abf0e8
SHA1 f21dc2a7ca741da1c537f66852d2105cb4aefc8f
SHA256 df621ed33b92e11a1f6e8bad4acfe7ae005a174cab09f942c0e073150a3c1916
SHA512 952ebe4666a1388f32269bddf16212e20ae25d4285c15a10287b33b6b422985de8f7e666a122b330895fbeca6b21820df31b5255ada0350cbdb1364efcd65ce0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 2da44708b498c213fe0963aded24ac9b
SHA1 c2eb286d182d2d5417d6618551e66b9ce15baf26
SHA256 748b7b51391b8bc80c45f0f20765031c489c0934759e4d4ab5e156247064387b
SHA512 284c7675507e8d69171b36240be58f60d5b5c8339c0fc0f8573e81ff6f811561b4a6411974558a15ae84f05ead824132db7114b4e42398bad87a9b49d8a1db49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 f46eb6d2eb1c1c38a8e249ce30fe14fd
SHA1 6d0aac14098b5b30a090aa1ae791a5924dee9beb
SHA256 d01191d271a94a722d1bfd65f8896a3b8fb7da89a47ea5a1f2df80490460a746
SHA512 583290a13a1c1358d4aaa7d399611f17b8c124e4eae1b6c43ad9ca8bfc734118d2bdc8e93d6e6289b5ef0be97e6233bae0193ea0496dc1f97745439a91a83189

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 162e64d3202d3001666aa7d4beef0bc6
SHA1 2cbe30ed99d0e8b3a4fd0ca5a586e12f5455418d
SHA256 f9eb1864ff43b56a899bc2deb866d45246d45769789de0003b4704269f7aa9f0
SHA512 43a604f8f86819ce498af2732fd25a9645c9d280fe7df4080c0e439c546720883fbe20e43bf064f2dd9e4b6e0bdc7165e6077b76ecedde103f0d083756842869

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

MD5 75a37ec2b4901291b36638c37c9f08c3
SHA1 9b7ff05636a614f9a183258b4b60bc54a1add1bd
SHA256 65ec9d7a5de15dec20c969ee25c956d334e586100f0826f881a51ff297825d9f
SHA512 10534b2f959c95ae3e0289a864a2e9666afa68a654a8e95d92eecbae9879c76bb35269eb30f5d59b4be6bfdcf6bf3142dadc7cb98e4218c9e21cc4cc170c28cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3d1ee7c537a9b7b8b43f7446567d7a75
SHA1 c879f1a95651c27e99ac3789fe1c28a4088d2372
SHA256 cd0c5fb888cf75a8f3b509b58b62ff80602061dbf2e43cfa600e85173f96fe79
SHA512 f2250cdfdcde2d54054b8e442ac8fe6a6c77b4f72a1f9eea47340304b00c22ad888c7c46e3fa4c47781a55c8b905c033fc919db9cb216efea5e969029aebc3b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

MD5 1b63ffa8325609f7f21989a5a7717fea
SHA1 74d137782c56504a7d09d6c27dc8e2e3985b4f8f
SHA256 880f695c5069d1901c6a06fa00f2a5cd0fcac3c73d3ca08c00b2c844ff4cb44a
SHA512 71403fe5b46e3db725d03295a2e16eccd25ac74c5f0b4af78c304f1d7f55a03a5c7a7bf97c1e0475116c9926e0c05bafaa4d9d3735930102f598a6644bc21e19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 8aaaff3c635d1f9fc3e466569e60e43f
SHA1 b7d1ab6718f6c430442111112598a424e986ab03
SHA256 66025826b4254f1f51c90d3984f0674b8ed04ad012f105ce86b030f36aa72f4f
SHA512 3ea831e1246a4f72f7af1e8ec091a8eab92a88e5c35476bba5ccfaac437a31c8f8d44198a57c319f9c040e0cc77d24aa10a719801cb4d901c14c524dd64b9009

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 6230a6a239d70817087bb2fd2f95cbee
SHA1 ec5f19740740bec2d29828c078ce78ee48f02fd6
SHA256 618d56da45a6afd2202c0691d7b54a69192e50564652c39efdd33007036b7434
SHA512 c819e17878e55494ce2bd4ea9cd1def1518b95166fcfc86d3325796686a4fc0314d98ac781ba2b7e58552f65592122df35fefa7990f878cfa50bb104d44ed5d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 64654cd31a3b72b6d667ccd5a0219c26
SHA1 348dbc76d24df967ca89ef588ce553ffcbea343c
SHA256 8698d37bd3e0e729ce1f666ade7c6bb3a02fd7910e4bc7eaa67c8f4da5a2276f
SHA512 d3f0fb7c7bbed59a98542cff06f637f19cddb5cfda8cc8613c47cb425b39d17b3d58344a8e174f47fe1c16b86f88cd215208128d1585fc0c694bb233ca5200a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 c63fd958b9130ff018a2c99774ac7ce3
SHA1 4c2df67e756f03f353499f2f1447563277a91335
SHA256 dc71d0fbf1187e150bbbe374c05030110420760fe23e85494c0c0dd166c0673b
SHA512 21064a8f42d7127aaa9cc1b48d07aafbe1f1393ea1fa40067c5911989e1c2e1e94a1b9b4dfb86f11bcadc72135e5ad2f7b18b9b111c97cb979d4c1cccf133683

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ff33323a53e8badfef9118e54d96b017
SHA1 f503642c00302af1363f518472a76b009e709bf7
SHA256 686c99bde3744da62889a159b19c857f95c270e3be3e8d7ba8876695e02968af
SHA512 cc034ba78c94e6c57971135bdefb2b143b63ce5069c6b68afc05e052037c25ab858c49af2e1745b94d3087e303743629087e651994425ded9b10ab1e9f201670

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6eef01ee12911509499e17161654ddf5
SHA1 c81cb75c6cbfc169e2100ca8f64524219022c137
SHA256 a45eb94200c8caf0f5f26733d8348a4a97e4f4c2170a3d04a2a19f32b392a580
SHA512 feed604196d74fadd0ff076b6ee2a2f90f5696b8897a9dded0f137fa164d4e049ebdf2a04be94c0f68098fc6015c6ce56da0a6c2e1209b4290c1bb94b54c38eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a3da60819d62ad4aa5842f152e1e3b47
SHA1 4a273e74c85e4ea9bcea1ff36e884e218da75eb2
SHA256 43c42f7bc3f8f059f2ffb84204e074fd75a685c657d9eb0a2315b13ea012f05d
SHA512 c06b36dfe44b367b2910848efe370a73dbefea1bed62f4508e0bc2b9b169379225fc31d0729bbe13d72467462f6d5e4226670e54c6c5a5ddfdf896deb5438f66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 583de979c44741fe2cf67b694dc54638
SHA1 d7108736ba484e6ebaf557a75641e786b313432f
SHA256 39a7c0858efcabcde21911e9cbb542eb25db0309f03b27b56d53ba97ad8b2e3a
SHA512 6ad9597b8f575d77b52986a261a94e3521123724b6a24dce8e81d347d4800d63a6aa7e1b0931d4a7b7ef56ffc83c72605868a4cb4618046df2931d0c837c1c30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4ea08be08f5b746381e913ae602ac603
SHA1 18c3752b0398d0d3617eea5382b56cc4464610c4
SHA256 f71df8dabf16ca191dacbcc6712f5bdf83ff1ca57d01f0582d780820be7a817b
SHA512 0e18427b99a1c59dd538cc9785352acda3d2bff456080052b61ecbbd153e2d3f0b84f6b7b0d449202a875b0ecc5f36e83093f7d29bfde2307706d809ac44d659

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b5e765c04d3001a4b44a62e14b24b715
SHA1 d262e00b848b40f75ce8354c5a78d48de701ca66
SHA256 040f38e36cea838117afe7b5ad86971a49e26fc73c709525b3ef0151a517a816
SHA512 42db932305b8670492fdd39d96d298f54fc3f2f35872ab814fe6cd3bb88a396ec1c5ae5692f057922a22b21142b361f0e1019dbc3285fe1aed0c416da2303fbb

memory/2412-528-0x0000000005180000-0x0000000005181000-memory.dmp

memory/2412-530-0x0000000005180000-0x0000000005181000-memory.dmp

memory/2412-529-0x0000000005180000-0x0000000005181000-memory.dmp

memory/2412-540-0x0000000005180000-0x0000000005181000-memory.dmp

memory/2412-539-0x0000000005180000-0x0000000005181000-memory.dmp

memory/2412-538-0x0000000005180000-0x0000000005181000-memory.dmp

memory/2412-537-0x0000000005180000-0x0000000005181000-memory.dmp

memory/2412-536-0x0000000005180000-0x0000000005181000-memory.dmp

memory/2412-535-0x0000000005180000-0x0000000005181000-memory.dmp

memory/2412-534-0x0000000005180000-0x0000000005181000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d9ba9f38-c107-44b2-b3d0-ee08ba6e22c5.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6e87a33c286e1bf507f1d16c50064e29
SHA1 aa28da19d2f521c9c89a9a0359c266ba7730f9d1
SHA256 0ccbcc49ec5858b84acbd0f0551f6853ffbdbcebd65c072bc322368fca071a11
SHA512 e292be7f783674474ea146df295a74d3e195d3734b71cab90ebf0008f4cbfdc9cc7a67b548045419bf6eaedfe8f54cad7d03afcc9e08331a94277c5caf4c8e46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 abdd527f820ca3c398fbb1aaf57f944d
SHA1 2def7680e487a0bc6973b5314003834340e4aa19
SHA256 ec7030b1ad21a22ad090424b6ec00c26b0ac1569a79ab5effac78eef34d3830b
SHA512 f4f95885c99e3f01f1db3a251400a79aecb8be96877fa123cf6c94adcb279803a30b36463ddc13f1be15ab8beec61a641d950a420408ee18389e3a8e18022a00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ed99b22ad2eff29076752d0448b762f9
SHA1 137d12fb2400f6b9f5829b1f5508bb77348f5570
SHA256 182f0f7b9bb171840329e2bf3f1a165257e775cebdacf3634ac765109f8c2404
SHA512 cb1a4722a434ebd6e650bb8ef9f9d841fee0c99ead147383a9466aea8146c4b2666c592b8698ce6dd5bed5b92fe993f84dac1de1761d926f69651eea13fb3ca5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d5be2bb9e1d4f90a05587ce523e7cbfe
SHA1 2f5f4ea57e88d61ff0b929dba44837cee2ea1dd9
SHA256 58ea758e1a8dc5667707214ce5c86923a02baf3b9819f463317f6f7cd94ae22a
SHA512 6b8ad57e9c4e7a89e8d33fb334fa96194d66c344a1c0ae9729a66e3facb0d5d7f11b8de105744f5dc240453c821fea09ebd1892984f172bd62ed17d16b5190f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e662063e48ddbc33eb4685f8ed8d4be5
SHA1 3009a24f9971cb77745820dcb18586a78d3b2f89
SHA256 ae584a053120ce8209fbf6d767e6feebab5aff251f2d5037fbdbd1e955e95f7f
SHA512 b5a900dc7d04939a2f9f37c38bd32e0db24b9a3b05af2744b5ff2496a2c76e7fc4e3a2c9e8730182fda68b003bf7dd378fe4cdb667714d332b46033ea5bac256

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b7f3242ef02abcad4823c5c44a24c3d6
SHA1 4b739b5e66e33e18514460442db88da2a961ed9f
SHA256 201c915f11db4c47ecac8d467e38672e59ed4a17da7bb1c69190cdbc6759c825
SHA512 055dc5327dd65a87039a0127b42b6f92960faffc1282214b9acd578259440a24aac00567ece68c2cb81da5077c3f184375135017b487d55c2b2e08bafb26a768

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4cf5ab574953aa6825a7c91209e5ba84
SHA1 58ae2e3ab1764129beb366c31540ea643b82ce6c
SHA256 f9fb7ab249285c9931fdab9fed827722a84510f80bf58fcd649cf277d26cc8d0
SHA512 db4f20e7963942d2f25c48a5b8c2a67bc746b09201ccd0f2ff8f91add26d56eacedb7107e3dfb2898d1fb0c83528aed897f132925d16094ab668534ada149ca8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 010724764331d1b10a95c7427956d488
SHA1 d0a75e37c39894cdfcb282dd08ba0bababa2f3b0
SHA256 19b2c52500f2cbc0bedc7cc92b46a699f3c4ce37d59ebc1d8be2e0225cf1dfab
SHA512 f4dce4986d6a00ff45606c8c55b69a628d68383e726981f44c53f04c80f7f43f876fa7a05b8c1da108011c7ab9d9f4f3515cb487348ceed6b9894529fcd9a561

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 55f1a52aae3c2080d2311c9cd64d7dbd
SHA1 20cb0089f4d3dc9ff4b12d21ac7dd0b716690544
SHA256 7befd04271323dbf8ee879b106ecdc783594b4efed8443126a978514a3ea89fe
SHA512 b812bed9a7b0de95e238eaf3d274437e0125f196ec3111557153c2a65ca7b056fb34ebaee60c501526f3ff0c6682804aa3e5086ec5e24834e3d354cc61081d7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5dc723eacad643d6c287f7d664a25306
SHA1 868c25d22f42b8b57e176f2a49cd45e5b87b0bc9
SHA256 6fed4b7456ec653c8d710498e982b98b8926d26e5d4f740d75c2b84fb652ee9a
SHA512 7a203bc7ee69253eebc09b14d3024e1b9d1ceb52a113a63a65bf02420ff5c74404ba7d587cc13447b904691d56e97cb8d88e315db3fbf6c08f995921db3ece7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dccd817eb23bc5f6c915ae00bb8b438d
SHA1 41e4e04bb77fdc3cd9040e25dadcc82df3577f8f
SHA256 4c1de2a5a3097e527064f34ae5b04fd040820b0c344baa9c3f426b4ac7f5644b
SHA512 37772c4ac18c374cefa9258318b120205c0b2db43edfbd2079a1181cb8032f7aca34b1d8509d69491910d695aa7f8bca44aef207efd75e16e2d9ebe9842d1975

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 74c9e992b8246ef114a6fc128564f16f
SHA1 da03b492967ae22c3d7fa27baa2ca340d7a7c7e3
SHA256 048e57cf65977c4bdc0cf5bce12933e2321214694d2745682ef7a205872a98e5
SHA512 0c6d0a5bc093009f1be43994a255860f9ea7d6bd6b97f678d944024ae5fecc6173750c6627bbb74967388bfe4c148dae24ba1a70eee97e4818c6bac1e5287d15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 901c022cef580715c969fe4d1c9206e7
SHA1 9e0912ec8abe7c2da9235364d608fdf60c21e311
SHA256 a144e34b1ee2146cb863bc08ef077f376e4890142c477b2fac18769cc0edad90
SHA512 175f6e0a027e035a03324a14260039cd9b8a4ec47345113aed9029286990cb1b887d586a32f4c4eb24de2bc6b58627d34337d3f4c31fc774a80a9d18674ab7c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 793ce78d8ac8d52642b7278dc69f6a0b
SHA1 e7d3abb7a6a316d2b3611970e65ea1e3813d3a46
SHA256 613371e4df4790d47cdc8478ba59181c2c104f3e0348810c52a70d6205100d81
SHA512 12657b6a6a10ee8904113ef4ea126a45cfba95ea524a2a3286b39cfcd07e2a919326d1e7b300869fb649445ab221b4fd34326726d207839a8bd97b9ff131a2a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c02a138e69f0f854df9b2c6ddbad1919
SHA1 20d8f2271b1515501c6fd5aa1d3092bc6b43478b
SHA256 505fbaa2f4549b7283a059475a4fdde8bacca86a0d980ec29fcea506b380e9d5
SHA512 fe33add3f143ad223d13b8799357f0b29c5224a1b31e2073999d11f389db199d1082e40f271b4a9996a232a349a0118e71abbb7c9264dcdf0e25a4e0ace1b003

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 839512f5beddb3c64c569c37b51474f8
SHA1 109eb964a7685ba1d7ff201c062f52ed7e158e67
SHA256 58246ed2f3cbd137b363f1c5c3de564c60f0d49f5347288e649d8c578eaa1a6e
SHA512 1cd43e6df6f8ee505eb7b6ea9df93c27e399735814b15a036e99f2f0583182d79dbc99c138998297d89e62583c4867495b3f7851762aee4947a9176894fcee36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d1c5daf849867410d9811aa5a49cc917
SHA1 525644a4a784c60bf51bcabe9eb3b574ca6849af
SHA256 c3ca3d4fa2c1b93282133b6d98c7a6e9e48023f453848a7f98a1c966c1fd3f97
SHA512 5fe02e26eaf9b01a069b763c4fae73350275ecad1cbbf5db046ad8687cb09fd70d350b06a4d93d797e733f1e51c5c031fcb09c6d64731f107a4be333a298b8fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d9f71c8631851e200182b6c39d66a899
SHA1 46442f7e2ead7658f9b30d9793466dc41a013556
SHA256 33e93738c5732a404305322284a73222a41785128b847c7ef2437605becd5629
SHA512 558c12bac0036c36dde9e6434e8cf77b4514bd0f87038614a5cd7e515fedf43012dfb0b77f0c5bbe869682164e56365bf75abd6a591dfe51197ad88cfa911f44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 99a32725623f1aebe8f3400883514f2b
SHA1 5f2ae5faa16234bfbe4e8287493723ca98266b9d
SHA256 467f0464e5df28911bcd38cd95aaea3a089511c3212acbe0994fd98969ed42b4
SHA512 f4b4432176fe9f3596939e0b5e942228fd88a1ff787e67818fe50c79197d6c554ee4451cecbbc31711ab9a3cc612c02dd4e6bd39fbf167c274263f9808da27fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fea27f26364b1348bf673230ef7222b7
SHA1 a5ba3992c08994b551c7489defec3cd476b8808c
SHA256 11bf114e6e75f926617eaa2b613de2f98e0e02ecfa6346fc380493b0d7f3d721
SHA512 dae38a696381f6a2d50ec90c2d54adfdd68d333d408392a2fd4404f66d6b136c114ac1f7e1dfbe08a37a71cb68d5fcb26dc27e154243faefc01479434a6198cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2887e1f05ca23beb54d4071a0f6d30bb
SHA1 476477fd93b066d98d12a91c3f5bb327803d592e
SHA256 912af05119c9ee080d4b6bde04cf705a3b818e72a1f9ed9f4920b9d28b74e800
SHA512 22e3a4ee5885bc836b3c37cc6b20a7ecdbec3e5941a33665faa1650a822a9a211e4e4afdd1edab539033965b2796c96539615844cd2e1fa2eda56cf28943305b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 d66ba6d7b86a90fe8a60c46b6356593a
SHA1 ca90843c5df5a0a0dc2014611718d4eb96b09c43
SHA256 f5aec6017010f990c2d5d5413391404d6178aa40d023466b9b79fa67e46ca9e3
SHA512 11d87643df6cadad1ffd71ec268c2159376627b0dc8f0a7e958228ca6fcbb38f0699287fcd47275d6fc4da71125045307378f311ffe115b5dfd56a519d11b5f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 245f118ca187fd3a1fd98488c655d287
SHA1 406c4a2787987afb76be0521961f29f846c0c1bf
SHA256 1f8d52de0c378c0d83c69d7b423dd6b3cde0dca764c6fdcfd8958a4964cfeab9
SHA512 0dbb505b5878e86e15de81b5102f5b227afa3f853d7e1a8f617db8765bccd90a98fb23399e1ebe8c34bdccf0b2def900fd18b0aafc68d7013a130108bd7243d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f842342d491b6d87432380ec6a4954c5
SHA1 0516e7a4bc949d5f0c0f22420a5f77ba3e52e133
SHA256 097951fe3b2e6c5c1edbf189784c4ec611e59f8292464c94446cb011bdc64fff
SHA512 6d07b353a92f066b897df6a01aa00e8dab0cc7bad74bb3639ca2a14f49d335d6d36ba2ee6e24a20830b662193509e954841b304db55ff47ff26823988b609e01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5bcc93.TMP

MD5 c2b672056637ee4cf96d9230244260e4
SHA1 fbb74704b7d5914b97d761f613b322e516a39bbf
SHA256 600ef711b2722d561ae12631ea823a6dc06aacbc7f616736adf744c0e55b0578
SHA512 aa98c1c23033e2bac84692a6d9b24672323a7d9ff877c846a24cf3c7119bb0d42fecab2ccb10e43e9f671b6bbb0af7466872343240ecba22447c32dffa5e3b7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 90aec54f1e1e375f2ef3ec838f18811f
SHA1 f2c4dcc036b31f46fe36c69562f806a87139eab5
SHA256 05bca8fdeff0b0a8ff0a0fade1c5f2da3529999ee74979569e47573b72959fe2
SHA512 c892725107cfd9c5b35db5973f706d981c066f881efdcce4dc257877e6f09c81e792c6b0fab8534e39bf1c3ab8761e9451ac196f08ef2c7a097015bbb17e3287

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 65d3e1d6205d1eaeda8f0f0d2b52aac5
SHA1 756f1f090ffbc4abd2681fb7488938def3a200c6
SHA256 5a01e763529cb5b92b01137be55b62b19f4bd522a2009412541608c1b6715b92
SHA512 e4e26b52a8cfd686b4d1da5a25bd323b40ed3d1825b74be16bc7e6c9b47a7314a9b2856856ad4bc1271a96b54e0b6ef9f08bd719cb4404c224e5bd21c8b3706d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1412_2110446408\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1412_2110446408\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1412_1415607311\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

MD5 a397e5983d4a1619e36143b4d804b870
SHA1 aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4
SHA256 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4
SHA512 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 54e51ccf742e8202151e40decd3b54b0
SHA1 4c844b78f2633da61907164c8fdd15a29143be9f
SHA256 79be619b73f5bb6279e180306b6ad810a311918560471eae22c3205dbd7e52ad
SHA512 6906bf49375f90e373c73eb6338369502184496d8bb9143bcb3068063c8d0f6c1b18a1933a836037e35e00ad4b78d8a4125ec7ae1169c83994615a7f2125df16