Analysis Overview
SHA256
f9ca19c8fa421287522b0606e25a97b0e6f9a6737d0021813da685a36d3151de
Threat Level: Known bad
The file Badware Unban.zip was found to be: Known bad.
Malicious Activity Summary
Cerber
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
System Network Configuration Discovery: Internet Connection Discovery
Enumerates physical storage devices
Browser Information Discovery
Kills process with taskkill
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: LoadsDriver
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Modifies registry class
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-25 10:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-25 10:24
Reported
2024-07-25 10:27
Platform
win7-20240705-en
Max time kernel
17s
Max time network
19s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Badware Unban.zip"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-25 10:24
Reported
2024-07-25 10:26
Platform
win10v2004-20240709-en
Max time kernel
143s
Max time network
147s
Command Line
Signatures
Cerber
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\IME\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\IME\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\IME\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\IME\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\IME\AMIDEWINx64.EXE | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Badware Unban\BadwareFreePermaUnban.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Badware Unban\BadwareFreePermaUnban.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\IME\AMIDEWINx64.EXE | C:\Users\Admin\Desktop\Badware Unban\BadwareFreePermaUnban.exe | N/A |
| File created | C:\Windows\IME\amifldrv64.sys | C:\Users\Admin\Desktop\Badware Unban\BadwareFreePermaUnban.exe | N/A |
| File created | C:\Windows\IME\amigendrv64.sys | C:\Users\Admin\Desktop\Badware Unban\BadwareFreePermaUnban.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "70" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-464762018-485119342-1613148473-1000\{8F235D1D-D7D3-4852-A0B1-4F730E0DE796} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Badware Unban\BadwareFreePermaUnban.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Badware Unban\BadwareFreePermaUnban.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Badware Unban\BadwareFreePermaUnban.exe | N/A |
| N/A | N/A | C:\Windows\IME\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\IME\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\IME\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\IME\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\IME\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Badware Unban.zip"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Badware Unban\PermaUnbanKey.txt
C:\Users\Admin\Desktop\Badware Unban\BadwareFreePermaUnban.exe
"C:\Users\Admin\Desktop\Badware Unban\BadwareFreePermaUnban.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c color 06
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im KsDumperClient.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im KsDumperClient.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im KsDumper.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im ProcessHacker.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im ProcessHacker.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im idaq.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im idaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im idaq64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im idaq64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Wireshark.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Fiddler.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FiddlerEverywhere.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FiddlerEverywhere.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Xenos64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Xenos64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Xenos.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Xenos.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Xenos32.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Xenos32.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im de4dot.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im de4dot.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Cheat Engine.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Cheat Engine.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im cheatengine-x86_64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-i386.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im MugenJinFuu-i386.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im cheatengine-x86_64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-i386.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im cheatengine-i386.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTP Debugger Windows Service (32 bit).exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTP Debugger Windows Service (32 bit).exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im KsDumper.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im OllyDbg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im x64dbg.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im x64dbg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im x32dbg.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im x32dbg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Ida64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im OllyDbg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Dbg64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Dbg32.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start https://discord.gg/badware
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/badware
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffba94e46f8,0x7ffba94e4708,0x7ffba94e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,3583413328166821080,1289759231425895947,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,3583413328166821080,1289759231425895947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,3583413328166821080,1289759231425895947,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3583413328166821080,1289759231425895947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3583413328166821080,1289759231425895947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3583413328166821080,1289759231425895947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2492 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mode con: cols=69 lines=18
C:\Windows\system32\mode.com
mode con: cols=69 lines=18
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start https://discord.gg/badware
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/badware
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffba94e46f8,0x7ffba94e4708,0x7ffba94e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,3867336326991576516,11829740134295437859,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,3867336326991576516,11829740134295437859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,3867336326991576516,11829740134295437859,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3867336326991576516,11829740134295437859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3867336326991576516,11829740134295437859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3867336326991576516,11829740134295437859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,3867336326991576516,11829740134295437859,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,3867336326991576516,11829740134295437859,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4900 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im epicgameslauncher.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im epicgameslauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im steamservice.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im steamservice.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im steam.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im steam.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_BE.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteClient-Win64-Shipping_BE.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteLauncher.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FortniteLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im UnrealCEFSubProcess.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im UnrealCEFSubProcess.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im CEFProcess.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im CEFProcess.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im EasyAntiCheat.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im EasyAntiCheat.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BEService.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BEService.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BEServices.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BEServices.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BattleEye.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BattleEye.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im smartscreen.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im smartscreen.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im dnf.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im dnf.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im DNF.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im DNF.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im CrossProxy.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im CrossProxy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im BackgroundDownloader.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im BackgroundDownloader.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im TXPlatform.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im TXPlatform.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im OriginWebHelperService.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im OriginWebHelperService.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Origin.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Origin.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im OriginClientService.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im OriginClientService.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im OriginER.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im OriginER.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im OriginThinSetupInternal.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im OriginThinSetupInternal.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im OriginLegacyCLI.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im OriginLegacyCLI.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Agent.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Agent.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FiveM.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FiveM.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FiveM_ROSLauncher.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FiveM_ROSLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FiveM_ROSService.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FiveM_ROSService.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /SS %random%%random%-%random%%random%-%random%%random%
C:\Windows\IME\AMIDEWINx64.EXE
C:\Windows\IME\AMIDEWINx64.EXE /SS 2242310577-252215933-2204318834
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /BS %random%%random%-%random%%random%-%random%%random%
C:\Windows\IME\AMIDEWINx64.EXE
C:\Windows\IME\AMIDEWINx64.EXE /BS 2242621326-1031729996-3235822760
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /CS %random%%random%-%random%%random%-%random%%random%
C:\Windows\IME\AMIDEWINx64.EXE
C:\Windows\IME\AMIDEWINx64.EXE /CS 2242621326-1031729996-3235822760
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /PSN %random%%random%-%random%%random%-%random%%random%
C:\Windows\IME\AMIDEWINx64.EXE
C:\Windows\IME\AMIDEWINx64.EXE /PSN 2242621326-1031729996-3235822760
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /SU AUTO
C:\Windows\IME\AMIDEWINx64.EXE
C:\Windows\IME\AMIDEWINx64.EXE /SU AUTO
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\INF\volid.exe C: 7228-8671
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\INF\volid.exe D: 3099-4167
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\INF\volid.exe E: 0271-9707
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\INF\volid.exe F: 9723-2334
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c shutdown /r
C:\Windows\system32\shutdown.exe
shutdown /r
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38e2855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | keyauth.win | udp |
| US | 104.26.0.5:443 | keyauth.win | tcp |
| US | 8.8.8.8:53 | 5.0.26.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:64613 | tcp | |
| N/A | 127.0.0.1:64615 | tcp | |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.133.234:443 | discord.gg | tcp |
| US | 162.159.133.234:443 | discord.gg | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 234.133.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.137.159.162.in-addr.arpa | udp |
| US | 104.26.0.5:443 | keyauth.win | tcp |
| N/A | 127.0.0.1:49345 | tcp | |
| N/A | 127.0.0.1:49347 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 162.159.133.234:443 | discord.gg | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
Files
memory/4844-0-0x00007FFBC9DB0000-0x00007FFBC9DB2000-memory.dmp
memory/4844-1-0x0000000140000000-0x00000001419DD000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9622e603d436ca747f3a4407a6ca952e |
| SHA1 | 297d9aed5337a8a7290ea436b61458c372b1d497 |
| SHA256 | ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261 |
| SHA512 | f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a |
\??\pipe\LOCAL\crashpad_448_TRRGEAXFHDLSBSSW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 04b60a51907d399f3685e03094b603cb |
| SHA1 | 228d18888782f4e66ca207c1a073560e0a4cc6e7 |
| SHA256 | 87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3 |
| SHA512 | 2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ac4d31343a44809af7bcc697c6281d21 |
| SHA1 | 739f3b150d26ceb28c0d31a3a8a8742427ff2ac2 |
| SHA256 | f5f866b05e7976e091d46a3592329864265a38e67f2d724dceb8d14852618763 |
| SHA512 | 1fa589f6a9f5300079fc3da0f278d0b668644580ad2c31665d4bb2b6612157fa4127c6cabf12b3a49ea131a502618b7d335d7f110804d30d41bf9e35f681b879 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 886cd5ccb27870c3477d967ed491df60 |
| SHA1 | 1fde61bdff98f14d6d9e3988ec1c72e71d3624c1 |
| SHA256 | 004efa4c4ac99624f0fb1d1a6680b9a2e4de1648e7e53cc090faa8a9d8e328c1 |
| SHA512 | 50c66d8d3957ca755eed93589af331208f4ac9b86fa222c1c61bd80cad8d0f5ecda757e02a52636f30d0d9704bec60794c727f5646b7283580b8607f42dd17cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ae64b70dd3617772853970c43eb78570 |
| SHA1 | db44a65de05887a2a19d044b8374b089d6bb1c5f |
| SHA256 | 24aeb7d2c09578808fbed09f9b9f4f2c0aefb693a70ac47b56aa5cc1f6578fb9 |
| SHA512 | 394f3e43aa09eb3743ada5a004c4a61fe166509009f1401cce7a5999ea469dcf9e9cc2648c8f97d5e5b2ed7a60529816f3696c8fcb5700131ac6af045edc41a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0c50329ee2f173b61c02cb28f06c4c1e |
| SHA1 | b6b791816bc7c576303671f11dcb32bfda2f08ba |
| SHA256 | fa8b1c2dfabaca4514e355951dd62c45dbe0e21104dad77cd6646bd219a979d6 |
| SHA512 | bb115d00c3722f29a0184e954444a92cdad77c04a1600711646757132ab420733b910b97d5cfdaf678dc534e0bcdddb869d530c0cf34594ae69b3c51913618a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 440c1250d6124793ac40c3ba9ae869b9 |
| SHA1 | b82601b3c1420c90de4d8d381abe8fed44fb8e90 |
| SHA256 | 15ce5816eb05c3c4591b73a7297be5eb4b49ba040992494718184b84b407af97 |
| SHA512 | 10b28e8c7dd6a380cdf34ac21d624fa2a7458dea19d1e49f68f76520740bb416f035882710606279537455d6c243f11ec1587eb3dc349273bc6490aa5989df7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 3a12ca7326a0e681cc5408b148eaafde |
| SHA1 | c3edfc2c18ad4b5e1f384093b354336ab5b071f1 |
| SHA256 | e696ad122cb498de4ecca7fa62a2f971e66b3354025238a9951cc81788a91551 |
| SHA512 | 0f9ccbe59be3f74a089a9acfeebd8846fd82c92bd343558c93c9be40047eebce4aa0a7175dc7dd050ba50514e0fed5b7ee62a5b5be7eaa12bded708c0b3bce5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 707a573eb73dfb8ce1d1b5935fb733a7 |
| SHA1 | 4ab20637954d322dba5a1005ded8fb18b35792fd |
| SHA256 | 73e12d661da85959f64eb22a07040818d6cdfaddf16837ff728c9cc8a4cca80c |
| SHA512 | 777d5c46a41c6156351ad9c88c638c5c9fa3fbdf4c61eff99ccd4621c1df6dad55fa757a6541ae0967769f1ea8db5c30aae9c9fc3934ca81aeb50c84e53b8742 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 6e06261a910adef6f7e7398a66c9e57a |
| SHA1 | 81c9a7098cca2b8e4fd9926ccc3ee67ddf3f8bf2 |
| SHA256 | 4c579b6ca0efd9a34c55642dab1d459bfff359d1a0c77474cc65e097adf7c330 |
| SHA512 | a576d7811db528a3bafbdbd89e8548661c0dc91a260e516d24cf00a7f1db5cadaa7f5eac5b459728b4383107d14e3024fe0e5ccf3e52e5d347624f51b79e5076 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6d6046f979e593dafd4b8b1b49fddfec |
| SHA1 | 1e37f6d516feaabf08a6a3155b36429f3a12048a |
| SHA256 | 24f5290e000de03f64091d19ff912bbf620ab3fed67aa1237bf1618d155b051c |
| SHA512 | cf57d956f98f26be475c8b940b23937110e734278d54d959e42e242c717b0c9e2282a50a6afe0c3c7bc71f050490dbb364554580a3969d2d4316be01c59938ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 44e729e0ecb10f48be92005a6c7134ca |
| SHA1 | fb80fec966516cd2a77be5b9cbcb82057d9f26ac |
| SHA256 | 10efa2e9dab9dc2fb783598fad238f77cdd5f8a9f682f11545be48ae8f0f8acc |
| SHA512 | 0e9fa887a5f6bc64c15b8346fbb28a537cae68702c5f3762fc27987f01c3db168d6891d1d16fd094f5f5a3e9611b81f5bd0352609017b3ecb36b249befc6b01d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13366376720263423
| MD5 | 0f786624921f53146ae914f4e66e58c4 |
| SHA1 | 18aec600156e34701944776ed21dd0f27f2936a9 |
| SHA256 | f7f88f739ee681f53ae26d8fac576d5f6fd7b6e07ce225edacfeaa48c45b70d6 |
| SHA512 | 5c37c108ddf7e49e63b154a648a8001bb87af452e013a7d2b28300515903f0452f2f167310d69a05b252f575ba5fb7c03d535eb1eb8ef18764623ea57644aab8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | bba80c5940e1397f4810fa4d14451113 |
| SHA1 | 753dc6f1c7bcefe7617c7952274f740a2b94c830 |
| SHA256 | 5551bfecb205e334ac30e4eff76d1ae75aae99048a9533dc0e5c8185e968c018 |
| SHA512 | eb274364b2db2872a0e802e9b769271368348a0452067857a32a5f59f8005ca8ae086ec19fa21a82bc5c0ac358800980277d35b72cf370b01c5761914e12c7d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 602b29be5e8ea610dbd629322d45ed0c |
| SHA1 | aa596a7b745bea5a367ed16e979dabcd199aab3e |
| SHA256 | 66c496d1fe2aa12084893e5e91d6551f1e282b2021f7fe03caabf535e8e59c12 |
| SHA512 | 8c96adaf342b587d99c3a8b1615f4b52905b14838dd8107f70fe98d8a74d044e7f727691193437a8ae26c46e55ada5aba468ab306783b798792e0b2e573dcbf0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 095a0e572d4fd6309d0204831f7948eb |
| SHA1 | 949ed3064d2e0b62541c087ffefb36d08d4fd0f1 |
| SHA256 | 12c8376613b972dbce33bee1238fcced111b150f930849e993f44338760a97be |
| SHA512 | 34942fed32c56920627f405bdfddd0f91d6d83e6e77866f7de84422643ecd0146c8d7b1bebc6563f08345e89b197dfdaf5a14307e032f9f31247b1a604fe89bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | a62d3a19ae8455b16223d3ead5300936 |
| SHA1 | c0c3083c7f5f7a6b41f440244a8226f96b300343 |
| SHA256 | c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e |
| SHA512 | f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | bb9368a121852c3735f31083f688c0d3 |
| SHA1 | 435203a57c382615949c42ffcffbbe101cbe9c87 |
| SHA256 | bebeef9db7ad49b7c73f84cbccbebab5e44a8dfd601aa042ba9c65f81af03e3b |
| SHA512 | c1ee2b3290318a9541741e596c8c7d4a8b47c2e45bb0fd4d34a5126a2e4981a6c5d59736a224f8d48d64e6bdb9e1d3b4e59b9c75b02907b845cb9135fc8915a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | b90306ad7ed3031a23950960bb2f0153 |
| SHA1 | 681c9f1039d5bdf6a20f7a0d6d6ca1438d809ac3 |
| SHA256 | f1ec8db9fa2eef21b2e536c38b7f241431ea8d6cd30306d459e6ecffdd2c8464 |
| SHA512 | 92d0ef1e0adfea9bea371124de165902f14472ff7fb76e3c3bea8694f9c8ae826ea7e46465eed3485c9a790ade50717c9f29b5f95743bb4ae622bc0e5089fa5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c17efe3e5da8fe4bcced724ed2321e22 |
| SHA1 | 1977d2298a2b12fb7afb046a77d12f54f36a90bb |
| SHA256 | 250fa7f9eeb5594da95938f224e7a2ea5163a7278fcb8d7e8804fd1c31a96a55 |
| SHA512 | de158c44c10094265f1b5578a3ddf98fc476ca93678d1c9f2bea6d08d5635b8291d62d006d078e9b138caa8e6da452443bce2ee5e175f5ed221a9c80036f9846 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | e888e5f540eef97a4db49f0b3830cf1a |
| SHA1 | 416befacbcb895596a2406656aa234aa0f7906f0 |
| SHA256 | 87990f900e77a4ee21a6d99fab79ed945d6badfca9a9baf35c5cb281bf9f2f3e |
| SHA512 | b4613c7c16f15df4fb63a6d61ce5a9f61d5c943f472b61bc95fe5e6673b085ae869bfb70bf3727319dfb173c5831cbc0f4f87de7c1dd9fd20a04b7711ce38846 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 7d5c15ee43e0413aec0c69764edff001 |
| SHA1 | faf51db38eb107b4c5a4dc2c6c9597365f67ea3c |
| SHA256 | a99da84f17fcd442a8dffa61421abf1dcc95cbf76019747b69d34ee9db6a6618 |
| SHA512 | 2e128fe8cb5f6f32b7b51836a6a735e7b2e4ca69b2911835c560edde7a75df84d2e50c82320ed80023f445e36f8ad3616c5dd4d36499ee3db29d11a99c71e3ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | a48763b50473dbd0a0922258703d673e |
| SHA1 | 5a3572629bcdf5586d79823b6ddbf3d9736aa251 |
| SHA256 | 9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd |
| SHA512 | 536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | fa486a61bd6f9f55475de9fa74ceffa0 |
| SHA1 | 6ac89ee801dcade92b4242713cf2d447dd960369 |
| SHA256 | 4b7a2440d48b1fe96fe8e0a99a3f62f52576aab971938a78f556596821cded8d |
| SHA512 | 12ae4ce2ff3c52de8dc2bed05fc03a36a0355ec2842846f07d6353fe5d8d71ef8330e9bc4cfffc8c90efe51b313f0f4c21cb8ce77b691ea00c4b256cca55fec0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 2355366018cfa5f6dceda3e17ce7f812 |
| SHA1 | 1a5816ca531aaf3360dcef8dc6d23a62b9644799 |
| SHA256 | db4d3bf5cad840bbe389d446aa16a7e3a756121140b1fb6b0efff6e71ece9107 |
| SHA512 | 424dc4561e7c4291b15ffa78317564d3b4476ae239e13b524cc0e7b1cdd2d4f9949697745191ac801a73c3cdbb94803715b2ad6e8ff5447a2ff8e10ce8cfd65c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 4356b0c6e71c8df0a45de6b07ff952f1 |
| SHA1 | 62c7b836b4cb41f55d3d9cfbe2bf29f468611cf9 |
| SHA256 | 0d2f1a948e14b6884ddea751ebae10e4227562e8f8d642bb5b16d44c077ac6e6 |
| SHA512 | 1e9b9570a0d7abca4d2128ccd0b9a46b46aeb1fb338efd5ab332fe3c6c7fef0be35cf9a7074f039736f1918416c6c6a5c19cdec816099c3d9b5cb34c88dd20d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 48112cb36d6b5ee5def4319cfda4d935 |
| SHA1 | f6e48b3d80782d8df813d19ec826304b2bd60a41 |
| SHA256 | 8835f3db46f01c95e9f7c274f1e6873914545808a5c5a0b885ae4824f0fa1c2f |
| SHA512 | f2aa3d15855caacbe970488ccafffeb84299dc94387e9e5c3cbc20364b140a7981375408897e997f17da8d0253be8f64f886c4322c972876c2c34fcb03bc182b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 8dc43f9244df6804a88bd4abb62784ea |
| SHA1 | 27cb440a0ca16b4d43d57df717855b5afdfdbe58 |
| SHA256 | 46b13ad900e9d2e78529c437cbfc749e8c94b2215dc0ee6048c35f5145a53b14 |
| SHA512 | 1ffc0bb3833653b309d43a19c046c6ccc6560825c5e2d595fe5efd992982a7974167938b183ebb0ca199128d4b207db17676e8cda2fe909be9af1f0f08efa952 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 0797519784c9ae9ba39fc40ecc1f9073 |
| SHA1 | 855306c310da206ea786dec767f3ded333f2d649 |
| SHA256 | 9b8ab279d0faae7e409ac6256d9977bc6392a23434d126d179ff4c17c1fcda38 |
| SHA512 | 016e0cef5194c05fb9c48b65b83c6fd222f4add224296cca9b9781459f9c924d57939387e0ef9c4e48070153aec75c13e8329288f3337c69cffe06408c581e39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | a5ecd8b53015debc28ee6c7bec44cd74 |
| SHA1 | c2169df7cf9deec90d8ddc9a1e2b799fa109461c |
| SHA256 | b286d821793946afc0924f0fe47cd33760fab3f26260faa97681b1c3ce4c00f9 |
| SHA512 | 5fee939fa9a727b06f09be3806fc0499609d6a59fb72859c08ab269a7f04ec1e975a3aa2aa3ad69f18ebd42ffcd35d0d76edbe239f76629a79e00cba450a36e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 13f04ea9e4af58bb8bbf870924f7c998 |
| SHA1 | 0652ce7a9ee63af8c4d15d39db4554a3c8ee03c2 |
| SHA256 | 5d629cf7f0e6b2bf0f8b055b6909f4777093823c704edbceb07c60c87271f261 |
| SHA512 | 3faedc713368c9032d9c2e9afdad9b54933b71c24e2953e137f30d4b607d706e5a72ca4b69fa505c1feba3edae1e8156234d347d5b479cfaf0089f05f0ba9786 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | d1ebf6ea198fb1873623abf9fcf82344 |
| SHA1 | d7cbbe460ae5e287b4d4e5be3747e22f49d96855 |
| SHA256 | f2695b869b261c44163063a0dfca1c9717b10a34377418abb2e6520126f18f73 |
| SHA512 | 0c0974f753388b60b6cd6a864dbe7b90f90349232088f199405cc2a77a72da8e201de464b10108eb702a1196b4807641df33164fa639cc8cdcc1fe75904c56a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | b577ae9561a85c0632ad798214bcb908 |
| SHA1 | 1bb3272bf746ed6b90048993ba2f2e3cc5909956 |
| SHA256 | eae41098accbf7212f47e2f81fc8f58ac5548a56436795c5368d6ca1a2481c25 |
| SHA512 | 71818c07ce2cf9d4c13828f5c1fd1f1781f496c55a2e14cfb7aba5fc94792d190b0cf10362d609a43cab0fa44e9e73e988a23d75373d11a560351b20c4103b41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
| MD5 | 8b0ce482dd4dd2938705ac2800ccd48b |
| SHA1 | e047400bf9fc0fa553d94b1223225f2cba851208 |
| SHA256 | d268294fd81c9318776f5f837cf07cd3355839facd0a7fbbbf7b4551455bf888 |
| SHA512 | 4ed871df07ca401e1abd216f3cf52d5a1453f0d19b968fdb6dae867b68ac574ba06a36502306aef727cee8d0fa3140dd420f0bf98011abab1fba2e2366fc6ad5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f69564b4fe330436d46df8833f9974aa |
| SHA1 | 070d069349e68169754e138a7a569439c6937e02 |
| SHA256 | 1a3e5204ba47439c3c475e0652006708830f12e00ce6cb4e77bf7d5a52437942 |
| SHA512 | 69c8d5730a5f847f8a1606ff0d0ccc69a20b2b9aca13c714635e48c973fc8d09055231bdfa5c82337b31fca334c6d8296ac78d6bd8862e847b35b0f541d753bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13366376719890423
| MD5 | 7f6367f5d5f1a4bd1840ca3fc9e10258 |
| SHA1 | cc4e1e2d5a90203173f445044e07734604cbb8c9 |
| SHA256 | 0369bac1a00d1918548251bd8984ba193e46b983dbd64c0068e1bf25f899fac3 |
| SHA512 | fee0ef7a3080c8794e0062bf42e46285b6df1aef2f208da1dcd8f43682cacf9a0e068c9324788b6b447b5f8920997a0f4fce3cf1bf7fe5ef6a2206f55e2db962 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 05454636664e323ede483b99f5ee4212 |
| SHA1 | c0b3f7a01b17012c82920efe54ca74cd1f6ec2ab |
| SHA256 | 4134b07ffcbddffe3b9b3a3c8bbb1785098d42d7e79e33db010ad6b3ec878f3a |
| SHA512 | f239c7612c08cae1ebc4953568e71f364eab59c8608714ad9a19ed27484eaa5c381725702714a2c2f3fc02540b1f9d252e8a3c649fec0490ce2c87cea0c31778 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 446ee5f65e42dcb6af0560079620f499 |
| SHA1 | 2f498b0a0d3f455b920fc48e4683a8796d99e9d8 |
| SHA256 | ee86b21f74963d5cd6d3e69ac26c0295d202ae3db708966188b79f413e0cd9d3 |
| SHA512 | 29e55c993cce59546864f613a96b00b29e69c6d73dc1c1efb0f88f320704d22aeee439d0ee4028f093343bd369ff267a90ade2c86d47c69f4a3e66443f510782 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 829fd0690ff5dd7dd99c56c3a9e4afff |
| SHA1 | cf529b6781c220a6c58156ed11b65e06317494cc |
| SHA256 | 8f72bf62eeed09fa52d569a42ac27143abd468767298cfb6d6b5e0a905e1ccf5 |
| SHA512 | fa594f3c466f0c62fb528b7fd55323df28f5d9809edf3a475ac9d7092efd4a0c8db87083cdbce1e039b1acfbbe477ddadcc06c18bbaecc270e528d8cf9ff5884 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f25c64fad06a0d10939bdddcf0220dca |
| SHA1 | 62d92396ae0caafd6dd785ebf452af79db3d6039 |
| SHA256 | 9729ba5de6eac70400d9ee700d966e4a9ab810313dfbcd53434b7c9b6654bcd0 |
| SHA512 | fa57222ee4445cf2c3ac79376728601c31f81c442933d7a966ff6607d8b037586a14d56cc80066712abbe8661d79c50ed5780a1bf97c74c5bfd56cd6c27a1ff0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7af2e895b2040984e32fb3c320a8d50d |
| SHA1 | bfa4f75ed6fba5369fb574e4f440eb924357b087 |
| SHA256 | a8dc4c05b8abce93dba7e74e38c1901c3e6613c5d9fa07234bfe8910a907d192 |
| SHA512 | 10575155e66c31b065556b6cacb32fcbf9b081f07e513186bd381bb2e575ca96206337fe7dc88dc9ff16e246a3acbe4761a9b921ede5f089fb9fdbf544da0a5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | b1744f17d7e274561c688bb35e413b9a |
| SHA1 | c4d58be47d460d57be5a8fdb307a38908943e88c |
| SHA256 | 447955fe68b0fd9fdecefb8b27af0f1ad8ce24f73dd2bc6cbcf3ce015846200d |
| SHA512 | ab1176971b05f18225581f8fa2f52840df4af250484db429d540fceb243b23a6001d33de2866af3bfb3bf02582d39a624642f825e15abd9645c0ce8392187f9e |
C:\Windows\IME\AMIDEWINx64.EXE
| MD5 | 64ae4aa4904d3b259dda8cc53769064f |
| SHA1 | 24be8fb54afd8182652819b9a307b6f66f3fc58d |
| SHA256 | 2c67fb6eb81630c917f08295e4ff3b5f777cb41b26f7b09dc36d79f089e61bc4 |
| SHA512 | 6c16d2bc23c20a7456b4db7136e1bb5fcee9cbf83a73d8de507b7b3ffc618f81f020cde638d2cd1ef5f154541b745a2a0e27b4c654683a21571183f7a1bffd16 |