Analysis Overview
SHA256
486d950df74f13356dc307fa4c38f8b33db342fc6922e9fdbb13ffb53904a671
Threat Level: Known bad
The file trivia.json was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
UAC bypass
Possible privilege escalation attempt
Disables RegEdit via registry modification
Disables Task Manager via registry modification
Executes dropped EXE
Modifies system executable filetype association
Modifies file permissions
Writes to the Master Boot Record (MBR)
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Command and Scripting Interpreter: JavaScript
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies registry class
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
System policy modification
Modifies Control Panel
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-04 08:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-04 08:53
Reported
2024-10-04 09:04
Platform
win11-20240802-en
Max time kernel
628s
Max time network
628s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\Program Files\\MicrosoftWindowsServicesEtc\\xRunReg.vbs\"" | C:\Windows\system32\wscript.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\disableregistrytools = "1" | C:\Windows\system32\wscript.exe | N/A |
Disables Task Manager via registry modification
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eula32.exe | N/A |
| N/A | N/A | C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe | N/A |
| N/A | N/A | C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" | C:\Windows\system32\wscript.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\Microsoft\Windows\CurrentVersion\Run\MajorX = "wscript.exe \"C:\\Users\\Admin\\AppData\\Local\\Temp\\xRun.vbs\"" | C:\Windows\system32\wscript.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\taskmgr.exe | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\sethc.exe | C:\Windows\system32\cmd.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\program files\MicrosoftWindowsServicesEtc\example.txt | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\bsod.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\AppKill.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\majorsod.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\breakrule.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\clingclang.wav | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\thetruth.jpg | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\RuntimeChecker.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\xRun.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\bsod.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\fexec.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\GetReady.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\breakrule.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\GetReady.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\majorlist.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\WinScrew.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\WinScrew.exe | C:\Windows\system32\wscript.exe | N/A |
| File opened for modification | C:\program files\MicrosoftWindowsServicesEtc\AppKill.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\excursor.ani | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\rsod.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\DgzRun.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\healgen.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\majordared.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\majorlist.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\cmd.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\majorsod.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\runner32s.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\xRunReg.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\CallFunc.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\eula32.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\Major.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\NotMuch.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\checker.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\fileico.ico | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\data\runner32s.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\Major.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\weird\RuntimeChecker.vbs | C:\Windows\system32\wscript.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\MrsMajor 2.0\MrsMajor2.0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\eula32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Control Panel\Cursors | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Control Panel\Cursors\Arrow = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\excursor.ani" | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Control Panel\Cursors\AppStarting = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\excursor.ani" | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Control Panel\Cursors\Hand = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\excursor.ani" | C:\Windows\system32\wscript.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "244" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133725056236125500" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" | C:\Windows\system32\wscript.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\windows-malware.htm:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\windows-malware-master.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\trivia.json
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffbe936cc40,0x7ffbe936cc4c,0x7ffbe936cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1828 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1440 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2452 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3792,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4364 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4704 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4808,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4620 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4964 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4996 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4732,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3416,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3432 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3780,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4480,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3436,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4608 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4980,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3468 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=224,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4904 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3504,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4332 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5164,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3788 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5148,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4704,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1160,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4796 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4316,i,12862722968551229133,16373624052898712065,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1492 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\ILOVEYOU\LOVE-LETTER-FOR-YOU.TXT.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\MEMZ\Geometry dash auto speedhack.bat" "
C:\Windows\system32\cscript.exe
cscript x.js
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe"
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffbe8f33cb8,0x7ffbe8f33cc8,0x7ffbe8f33cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffbe8f33cb8,0x7ffbe8f33cc8,0x7ffbe8f33cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffbe8f33cb8,0x7ffbe8f33cc8,0x7ffbe8f33cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x0000000000000474
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffbe8f33cb8,0x7ffbe8f33cc8,0x7ffbe8f33cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\MrsMajor 2.0\MrsMajor2.0.exe
"C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\MrsMajor 2.0\MrsMajor2.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\9D3E.tmp\9D3F.vbs
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c cd\&cd "C:\Users\Admin\AppData\Local\Temp" & eula32.exe
C:\Users\Admin\AppData\Local\Temp\eula32.exe
eula32.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4584 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffbe8f33cb8,0x7ffbe8f33cc8,0x7ffbe8f33cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7299981449181742005,7115683849326646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe
"C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1\E1AA.bat "C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe""
C:\Windows\System32\takeown.exe
takeown /f taskmgr.exe
C:\Windows\System32\icacls.exe
icacls taskmgr.exe /granted "Admin":F
C:\Windows\System32\takeown.exe
takeown /f sethc.exe
C:\Windows\System32\icacls.exe
icacls sethc.exe /granted "Admin":F
C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe
"C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe"
C:\Windows\System32\shutdown.exe
"C:\Windows\System32\shutdown.exe" -r -t 5
C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3955855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 13.107.21.200:443 | www2.bing.com | tcp |
| GB | 2.22.249.9:443 | www.bing.com | tcp |
| GB | 2.22.249.9:443 | www.bing.com | udp |
| GB | 2.22.249.14:443 | r.bing.com | tcp |
| GB | 2.22.249.14:443 | r.bing.com | tcp |
| GB | 2.22.249.14:443 | r.bing.com | tcp |
| GB | 2.22.249.14:443 | r.bing.com | tcp |
| GB | 2.22.249.14:443 | r.bing.com | udp |
| GB | 2.22.249.14:443 | r.bing.com | udp |
| GB | 2.22.249.200:443 | assets.msn.com | tcp |
| IE | 40.126.31.73:443 | login.microsoftonline.com | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| GB | 2.22.249.23:443 | r.bing.com | tcp |
| GB | 2.22.249.23:443 | r.bing.com | tcp |
| GB | 2.22.249.23:443 | r.bing.com | udp |
| US | 13.107.246.64:443 | 3pcookiecheck.azureedge.net | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | udp |
| IE | 52.111.236.22:443 | tcp | |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pcoptimizerpro.com | udp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 216.58.212.196:80 | google.co.ck | tcp |
| GB | 216.58.212.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | 196.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.204.68:80 | www.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | support.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| GB | 216.58.212.196:80 | google.co.ck | tcp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\28742d4a-5b02-4f42-840b-672621ed25a5.tmp
| MD5 | 5f862f5c51b1ece6ec4a71924c5ebde7 |
| SHA1 | eefb6ceda15fec7a01dfd60957f8cf1d96e56b6c |
| SHA256 | 950e5b2f312a9b23dbc5f18f183fa566bf0bfcb5aca15fa298b652a377775043 |
| SHA512 | 949e3aa98194f0183294ef80ecb07389c71d9081a2f8712bd72ce8f2ab0e846e29616568b666b713ed619c93175fd70f885337fc2d1499bfe51192d4c2bb5817 |
\??\pipe\crashpad_5016_SFTBOACRCEWQENDC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 16b386055a6fa8da163cfe201bd1f4a0 |
| SHA1 | 1906e8898519fa4a005e6a5a8c62f38e7d3553a4 |
| SHA256 | 4845e7620eb3f68629e78ef75cc61aaed6bd6b9de321a14156ca320d2dbf784c |
| SHA512 | 5abbd2e29a66a974781d89c911dd96652d05f36533fe1dbc160e8aff5de82891ad7f88ad514657a6f36fd09dfc423dbbbc5d969a70617ed5693eff1cc81b88a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4ce91f3a64cde09e3dbcb8af4d92a393 |
| SHA1 | fdc015a1f3de1e787371e114e61ce78e4b055494 |
| SHA256 | 0b7ec0c6ca8998c93b11e90255a90ea62233fd5623e3c916c0aacfea24a88f04 |
| SHA512 | 9f00352db5c141b43e1cd4302857df3f867b20823da6666b31926f491c751caa24b9e8df9965b243c5e8c56f607ac0a0823555dc0716da71c27db58bd3c30458 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3fda6ba62aa0d1fd784837e8eef9be93 |
| SHA1 | af869e1c7fa14214faa3ceb9f5f72ab6789f9631 |
| SHA256 | e2022ef087298bd24cdd144cb99e41c431c03c49608428e382cc523b4487def7 |
| SHA512 | 66f26751119bfb6b1517c06ef53bcbfd4c99faf044e9ddac3c8fa4662a268ced83d290bbac31ef11e2bd9ab4282c159084a174f7829951c6439d92389c9b535d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ef818cacfe8d9c3e9b066e00c02f6f5e |
| SHA1 | 20980a0f6a8d80791c1b87348075d35a338c72e2 |
| SHA256 | db6f9a60d2653923d1458ae655808c0b0cb024a55b855a60b13099112c177687 |
| SHA512 | f28a90dcc1addec3428f227241a2674b7f5d919db23059297cfe4c5217e2c11def2000acacf4385d872959c49e2a45106d0f4101a5821ae26ce2cab748213b88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 6667074e11334098b6fed83a080b2116 |
| SHA1 | 9fae1c00f978feecc58d4b1fd11d469f092414c4 |
| SHA256 | cb22dfb70ee02cdb8f11feb99c5e9d6d2715c8a9e65e8d10553de2a2e3232175 |
| SHA512 | a93a82c508e6080c7ede7f234dc00a615f9224983fbac56e9d0ce7c5a37ae2aecfb99f79b521ede35b06ec4f844adad6ef525d5163b5d6d2cfe523c2ba9dfa0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5ce1eabe017d10cb46f8dce491ca955b |
| SHA1 | c8b502158a89b3d2e1fee48d2a4e35af41abd0f4 |
| SHA256 | 8a808fce39c9c0f4935966c3b017fa1918dc17eef5481c2f7388f67bd097bc8f |
| SHA512 | 052514882019ddc316740b6ec6d5ae72a35274509151b2592978b0a318638e2c617903d784bbefb6938579eaabe306e5626ba0b1f687ed983bc212135910d633 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2a8fbc0ae790da20a889ee3fde279fd8 |
| SHA1 | 92941e6d65d2611475beb1c97467b7c14d5947d2 |
| SHA256 | 08beffbacc9ba04c5b5298df9c5c2f55e3fbee136fa2132c65f2ad52c5d7ecf8 |
| SHA512 | 7b3005947333062e34aa885063f6bba9f57e5b420c5f475357fc6b324dbd1731b47c3f2fa172b36d11b988e8ea6618d34d2bf51ee8668a441c7b74f83636575d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 67f1a23733e9638cfe4e7d22dd9384b4 |
| SHA1 | 3793911a8771789a6ef1311dd6aa70467caaa64e |
| SHA256 | af859cfb82ed8abb4956b07a9a950c2b8771dc06a24e0cee9971f2d5156fce22 |
| SHA512 | aab8a9140e75213a2f1da6c41eb64ca348b373434e011cea675705fb460c68bc0cc929863004dce480f4d0401487adf2f8eab3b790984f2a717434d5306903a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 423eb8e1d73016901f6fd8d4247b40ef |
| SHA1 | 826baf990ebb5df13fff9e3e59f533e30320df31 |
| SHA256 | 07075ac836010e0ed24e7e0f5b7f675fdd8178b60c1efc468455a48ad7f3519f |
| SHA512 | eb3b57f4b789cbb62d45ba497fe2b6b76c7faf5b5ac71a4413a6289be07f10eb1c3cf0f5ac59b14dfa7e007c72dc9fad1ee0903ffd780f8eef60318ec418da54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 00220cb7eda4d371d947c6abb11fd9f3 |
| SHA1 | 3ec8ec13b9cf16f4c5d857679e94481e375b77b3 |
| SHA256 | fe202e8f51b9d1b0bc4c827c204bd7a8ce7548a504b41904c8800416adb0b156 |
| SHA512 | 593fedf688ac8de2d5135dce2145714a401eb78a3464f79bc6122e0037f107f4399d688178a6a416baf132df4993482ec41a53ad866460e51402c9b3cfea502a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 88494f40a7876c58ebe3061894bdad26 |
| SHA1 | 1fa524121eeb1afd576f6c8849a233eadc26aaaf |
| SHA256 | 49d2339fc67584800c0afcb90a604111d8a522f91fcb014fecc14768c405cbbf |
| SHA512 | 466fbab04334654a20a0d36afa53da8051a842bba384ce54006d94c66a706deab172a3126fdb4771765a4abb698681e61435b35734feb021371628ab15340627 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1ede8fda1d59baf088c52bafa2a93e40 |
| SHA1 | 5ed724460f0c155b2c3a106b7ca3f1f421d55451 |
| SHA256 | c91926d1181f824ed2a1a529102ab63b44da554a5a9a8fca6c87787a3d80bbb8 |
| SHA512 | 0a330fa103d027c3e074ee6a507c7dea889cc964bbc79f502ac7ed1e1c4ffd55e0b561bc19e9850a922e6fc62678f6d34f373efd45799b72052a6411a235ee71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\30c02eab-9d35-48f5-8b13-846e28410176.tmp
| MD5 | e7e93ba4d658e0e7bf0ad48a53121f1b |
| SHA1 | 653b3c3b4217de5b361715de970f386f5fbf9364 |
| SHA256 | 6ccf0a2f8fb8ebe57f9bd7b13142da134af6f0d3e8644c9660ce0e85f35d54bf |
| SHA512 | ade11c141e3c87f4ebad59e12ca9cbc6ba754bf825dc50f6750985b5ab2d34fc4912ae1149a74813ad0b8c11ecf011333b604b089d6e9d8c21fb18809aaf3d60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 44dea07c66a1e4eb4a03ea00a1e2fa3a |
| SHA1 | 4861c0c519d28f01fa7128aab29ea4b06179dccb |
| SHA256 | 36886ca9f9d0990afcb0c39510e052c2c5a956e8151e52fbc7ec69b2dfa479f2 |
| SHA512 | 1cb2a8ed096d8cbd5d6e77e421aea40bd579c4a1252d0a5be15547859b36a8712626c4032789acba2f6248029c23a62af97644e05579437a434ba822a528b990 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 61284ae04ab76ef01cf1b609d1337a96 |
| SHA1 | 52842e945a12249ecb019f2a7a4192f2f6728646 |
| SHA256 | b2065a80e7438798affb74ad590b1d14b3103be0b4784c08558607e4713b8739 |
| SHA512 | 01bbde219f4d35755abb9e48a3aff69103e36687a9af1d7dae0316bd05356653ea38e5276c8623f9130628f459f37b83f4a03883cee7e190f09fd2b6460d5b82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1ebe1fda4610ae824d00469f6d64011a |
| SHA1 | 173321438de4e486ce53a931fb2caa327e48d8f1 |
| SHA256 | 2a8c7290e0fe0e893ac76d5be6f89d24e087cfe92b558c7ef8b8aa68bc8c00ce |
| SHA512 | 1651239ffd0cd219b25aaffe7cb0cd7693dc823bd278c875e9b02813ba52e24678b517a35103ed99a0e1815241b5006d0f0edf4aae77e41a43f7c2ace93abe28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d909a48526b4f5c6b9ec75a36f9b9d66 |
| SHA1 | 210d8a4a68dcbf515ec43bf8422be18c9563b8b4 |
| SHA256 | 9088c830dd6d9417b7df8544fb03034d0fe20ca5ebab904db1e6e9fab501db97 |
| SHA512 | 49bbc64739370591a6de782a9f29847e6d32f63f25b287acceee54b26af03ce7aafcff7e9700318d8f63ea5378d1f9bd4901f7c80ed41a4713a6cc1447ee0765 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2b164a4c99c04e32801c26daff6dae73 |
| SHA1 | b029c63d875051ab9263df5a54e39b254b7a84dd |
| SHA256 | 7f673574f31b6c004fb6207b69a956ce9d28bf9fad1bc66bdc44c8d39ea35114 |
| SHA512 | aacb66d2b250b538792139d63b7e45e7992253c89a4df26ee2db4fff75d87e5ac8b4d1e2163ed5f2319a96cd175bf1cac85ccc46970b9d11a40c7ee9f80aa1b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d23a247d5f54f14ba92737176f53b320 |
| SHA1 | df95ef32ebe2c7761cb351776a62d4bd3dced4cd |
| SHA256 | 959fe7a8ec89f36516c45f26486da0ff4e4c61d9e596e106154a6a2ed2ee4edd |
| SHA512 | 504cf2991b1e87f42a6a29d798b6a5c00786b8094526cd99a931e4936d9b87cc6dfa3edd0184c7f8ddc865a5dde1060f3fc01373fd1cf0792c1c8847be188c06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b8c9c0885b7d9c187c7162965d930cf0 |
| SHA1 | 4142f55b7515d946cffabf386938622177ac205d |
| SHA256 | c31040a69b13519c830d7790d27ae0f5d78161ffa000c4633cf1e7ec0ef67bdd |
| SHA512 | 92e93037d742b2c837bbdd9d2513d3d8faee33f6625f433c88103dbd083cfccb894149d253b69e9c8e3c234a7d69d71718438255e36e1c9d0500a7b083617231 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6f6ac9f5f9d91cd1eca4234e7ad9dd32 |
| SHA1 | b32e67a4bd59e78062122e6c71a0bc8ffcfaa373 |
| SHA256 | 5e20155138dd19bb57524561dab11529d0504367ea20e5ef0a4d057d149de744 |
| SHA512 | bae76503d79ade1aeb594e40719b5ac0fef543bcc3fc5bf00955e472036373c674f72b576ea7fdb4f8f25bb9b28fb53f83e038573513b2cbc5eeb540dc4a5247 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5fe66e55816e9611e3f3ac2bd8390aab |
| SHA1 | 020732d462ac4f133bb39783df806bc88c34c44d |
| SHA256 | b09dd7a35f5b703a96c401d922815973be07bc106fbbaf4499bd5d28790ad8b4 |
| SHA512 | 00bee3cc717939833e45971edd9e4bc77cfc3255984e5abe917cb3839d888589aee08e9ceb5ef9d8a60fa881266485f421381e3d4bfba2e42b7a4c4dba58c63b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 97207cd72374a662940d7e37bf00f658 |
| SHA1 | 2f4e46a5b4506545062081059f053374004227ee |
| SHA256 | bb8df7989dd101f02726f9ac636c56645200617e1e4e85397b45a794a9793209 |
| SHA512 | b2c054b1de530e76d3dcba43bf659a62e925c6ed45a36f3b1d43e92ee99df60c7cf3e69359467c4151a85b8e351686556702c557d7cae3ea1880b52fb3c87a6d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c12be26ff5b7832ffe487fef21817b23 |
| SHA1 | 6e26081ccfef226d223890130903dda07e4e967e |
| SHA256 | 82b7b07563087a68e3931e7fe46eaa8c20c0033849495554d8432385160ad174 |
| SHA512 | 6e6149acb8245fc2e06d1fd3ab82c5f854d9f4852970243433e1916d3f748b0dfa4bbd373ec10e576276829f903113887bcc68ab243e09de010037d633290f82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a395328daa4e77fbb1356bce0d115722 |
| SHA1 | e379d2419be03a1337e3364014c5a92aec864244 |
| SHA256 | 1ed44a8b0d956f68efbf62559f0195f25a261ccb99e11f8e88a03542742b5f48 |
| SHA512 | 5e5441f4e82d233a762e23f3bd802e3ac5d725ced59000ae83b0289568b67daa0a38b47b9af3c68095a6de2472da12ff3391a59b611696bb22835df35393dbc1 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 33e0c7069f807043c2c3e8a222117684 |
| SHA1 | 2775a73be7708301fe3d388b153f1d79aad6f63f |
| SHA256 | bfd9707a24c99c437e3d1d463401b5da08d8360cb24dee410a04afbcda757165 |
| SHA512 | c12905befdf37f7cba2ecfda1b8c7ca50e91c20e6e0d28bb7141bbd0514dc54fe9501f928cef0b760b6b17ed17cbee120268706b6b88ff276044af24d44d8ed4 |
C:\Users\Admin\Downloads\windows-malware-master.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 81b01de7c65f75af167af396d1a43dc5 |
| SHA1 | 3ea56454e17a291323f711418fe96a48fb082a50 |
| SHA256 | 658df2431c8b3e29851dbe7161a575ce7680b98ffa1150d820dea6ad04959bd3 |
| SHA512 | 3c7c163673def895a0586d97c2f7ac89288bfb6810abb3e7a4208a677871b8bbc308ea748efd0bd182fe0e7582ae2811df9f4a749150c8fd2c19c257e025f230 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 89667aea444110d00c5053c71187ff64 |
| SHA1 | 4862073c64e094cb41a54a1bc83c1070df3b0001 |
| SHA256 | dfd2cf03e58fe6671e880a8ccb5b801e8bb44ccbb6de86baa8d894bf8f2f0a13 |
| SHA512 | ff30920f66997c303f723c5c21cb0114c781fbf5bfefa248d6ae438846a9ed26d9ba284ab2ca6bf2afbc6e944b7092df0d0c7fcceb63a229393ef250f83e0c65 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aac8e817447f26cd7e9f744c3e1b3f58 |
| SHA1 | 69afdd32e61125afc749a1283412873108a74fa4 |
| SHA256 | 22e55db93976f2c8a0c122b84ab9046b82f532f31bc1030e19bd700b74acfc21 |
| SHA512 | b8aa5401271db2879d6acf5e3917e1dadb4dc8002ec546bb213115452dbb61773a3c59a6fc96032359851dce15a922a1e3fec8cb8d6eb7cd6121155b69ac4d76 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 80e7e51df0c50f171aebe19eef8537a7 |
| SHA1 | 0a59b75f12812e935f1232d86780e59d80e9e4dd |
| SHA256 | 10d6ea22f17b3c21006bb31d951261649278cdd2a029796cd3043b3b810444a3 |
| SHA512 | 596383c9226ff6fa83489d75173517f20d56eb35c89f523f22eff63c0c4018c3ec9eccc59a399b6c0bdcaa8a77937f1c62518b2501f319a1384ee31803128298 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 2bd80d8934b6bfbbe1dc2aaf1543a0b3 |
| SHA1 | f3515e3ce85722f6e4d1a1471a9a9c83d9a3ae45 |
| SHA256 | c20411c3ba645c96fcada1bb8c11b0882ff4d72ddf644e621011923d0c8911d8 |
| SHA512 | 112cf656403ee56da86695e80d03ff81a0024234f287b0d75a5a6306b7cb053c7880c8c7f010e62ad5e5ab0bb0d9e4270dd8abf2f670d8b8ea52155d30fa09ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b7aa096a22f63d7d070b47955e664c06 |
| SHA1 | 8aa8201799d07a709f8c8c86fa3f4ed541e75ddf |
| SHA256 | 77e2530a8888d2635a0f204091ad6d69301a410824aee56bb2591f8fc755eec9 |
| SHA512 | a9ff49e4c92771b69bb32fdf2cf209d7eb78c21a9dac5655bc5fca99e80a6e70077d8987ee3a9604092bd6899e9ad93eccad07b5460e247555db4a06209ef43c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | acdd7cae8fc40ae904aadd40393af1ee |
| SHA1 | 35b42622a094ead93cb32070ff45b96bbd72752c |
| SHA256 | 8e3333896656ee4a462036019b500c96a77328eb4e41063ce773b4cb7c0bf34b |
| SHA512 | 55e73f43fca62b7ac2edbcbae5b4d3e3128f0a3e5850157c52aac8b5c702ec7c4b7e3736512c403a86ffe0fd2bcd5ab3a9814f1a5daa3d10cc7dd7a7cf8b39d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | da49393c41986552922c674c6f689e05 |
| SHA1 | ce1bbaf4900737f935ee27b47db17a3b1e8ab375 |
| SHA256 | 0d95017809ad6ea6a877aabfeefc61636c5fb9646405dd8d41302e6b04a88b08 |
| SHA512 | cf0a4b8b2ea10010a0d09669763e7589f5c2fd516dc48569ad499694d76a3ed77545a485321ac263a0a5fc125e32381e2b91c81abf3a608cede6fac0085616b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 59d590575e421ceeddc90855bf513a17 |
| SHA1 | b9222fa44930596d35f05f630d58360ad97599c0 |
| SHA256 | 6457e15d11b76e9a24b2a13dffd4a903065b8a27dd12b167f3813fc867d205ad |
| SHA512 | 05c5e7870515db9ee28c7ac48c14ef610d80c5b75f5b32f8af5fab1b5d46078ab650056ea25eae717d930f02d5c352ee11f16b563b18b00d10e34244f475aa39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 23aad183b8621b991512ad22f95b36fd |
| SHA1 | d87514553762123cc9763c86ebfcbc880d94f9a2 |
| SHA256 | bbdedc6cc2e6206f0a6a1654edccac822dd0cf6b19f58bde7dd3ee59574d25d0 |
| SHA512 | b321853bd459f5511a75a46a25eb3ab77e814bc6807323bf1b0fe19fccfbce5af2ccf160c4e3d89d4673b84e94aa7e955eee28b3ef3c34f7e467d2810af305e3 |
C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\MEMZ\x
| MD5 | 3c761ce22476d04f0477812caf5b7100 |
| SHA1 | abcf13660825139c4ffe61aaded89f092e651782 |
| SHA256 | 401224fc27c1d33940d36dbc8b9a57a282142c345cf49736d89342ebcc7afd09 |
| SHA512 | cc30d7ad2a2ee846b0cb97a4a9bf2211293606291ddcb683d5142ebae546b5168b2143e607de8af6b8aacba3601d0e1753caa14db86e1bb6974636052c1ab6c6 |
C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\MEMZ\x
| MD5 | 50ac8ce2c235e0d9689861187532ee1b |
| SHA1 | df8e996a965fdd2b4f31af50434139f649075fb4 |
| SHA256 | 35306b156d60242156557abd95ac2ca42f2b595c2dab8603e34f6c4b477c8f3a |
| SHA512 | 6579f7dfb7a9f06b3b72f7e6fef3fbd18cbc6184e8a78de5e957fc68b63a4cbc7155ccdd10fa6c6fd57f69a7834264c030205417a218587a323dbcc9f2f55ccf |
C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\MEMZ\x
| MD5 | 4263d002b6a51d6c594b0bfe3cdf8b6b |
| SHA1 | 114ff8eed68be7aa0bbe3595c247dc76732efe54 |
| SHA256 | f6af1c2b2933eb1981a5efce41078358adb8c90702001b1b1cbe17db0536d30e |
| SHA512 | a808e9bd6fc818b8dc0b177e1ca6640992a523221dfb57ab1394522303b0c7d609053a9c48eef5876d0f61b8d55290554f38864b48def9451869e1a1c10d6df4 |
C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\MEMZ\x.js
| MD5 | 8eec8704d2a7bc80b95b7460c06f4854 |
| SHA1 | 1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326 |
| SHA256 | aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596 |
| SHA512 | e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210 |
C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\MEMZ\x
| MD5 | 1882f3dd051e401349f1af58d55b0a37 |
| SHA1 | 6b0875f9e3164f3a9f21c1ec36748a7243515b47 |
| SHA256 | 3c8cea1a86f07b018e637a1ea2649d907573f78c7e4025ef7e514362d09ff6c0 |
| SHA512 | fec96d873997b5c6c82a94f8796c88fc2dd38739277c517b8129277dcbda02576851f1e27bdb2fbb7255281077d5b9ba867f6dfe66bedfc859c59fdd3bbffacf |
C:\Users\Admin\Downloads\windows-malware-master\windows-malware-master\MEMZ\z.zip
| MD5 | 63ee4412b95d7ad64c54b4ba673470a7 |
| SHA1 | 1cf423c6c2c6299e68e1927305a3057af9b3ce06 |
| SHA256 | 44c1857b1c4894b3dfbaccbe04905652e634283dcf6b06c25a74b17021e2a268 |
| SHA512 | 7ff153826bd5fed0a410f6d15a54787b79eba927d5b573c8a7f23f4ecef7bb223d79fd29fe8c2754fbf5b4c77ab7c41598f2989b6f4c7b2aa2f579ef4af06ee7 |
C:\Users\Admin\AppData\Roaming\MEMZ.exe
| MD5 | 19dbec50735b5f2a72d4199c4e184960 |
| SHA1 | 6fed7732f7cb6f59743795b2ab154a3676f4c822 |
| SHA256 | a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d |
| SHA512 | aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d |
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9f081a02d8bbd5d800828ed8c769f5d9 |
| SHA1 | 978d807096b7e7a4962a001b7bba6b2e77ce419a |
| SHA256 | a7645e1b16115e9afec86efa139d35d5fecc6c5c7c59174c9901b4213b1fae0e |
| SHA512 | 7f3045f276f5bd8d3c65a23592419c3b98f1311c214c8e54a4dfe09122a08afb08ab7967b49bd413bc748ce6363658640bc87958d5e0a78974680a8f9beadf44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | adee605e2b53a6b8b226ee994a459613 |
| SHA1 | 7e7a92d030cd440ecc3ffc74f9b41d2c33482263 |
| SHA256 | 1ae38015d24dc60b20f19171201103dcb8cd982fa56c20cf558dafa5125d082c |
| SHA512 | e1f902b913f06d7897635ad67190a4941c50701f3c2498385ff2bdce1f935250cac70f6bfa94a6c1ccae9214b10f0d0c53bf9f487e039eb3dd5dd56eac347e60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 197d950d04a7365bb36c91d3ac2514c0 |
| SHA1 | 8cf9f0fdf1d930bb84d2ee81141bd3aadf128f8e |
| SHA256 | 2b849554517a6102e340a7daf4a0418f014a5d8d0516496ae78d52d21c85d53e |
| SHA512 | bf9da326f9547385a05f5b13ef489b14306fb39979828126e1f5c0677a69e14c4497111348703222b13303f9558c197a8a64c58dc632032a49e1661942ed8793 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 644576e835042e225e48139b8ce6b73c |
| SHA1 | 7804847a27a5d045f81211d6f136d13c3b3030a9 |
| SHA256 | 178fdcf254a13316a93f0de2db1a73e0584222d8e2ec5809f209bc268ed283fc |
| SHA512 | a4d303ebab612a99a17dfd2a005615395e28a757fd952ba8e7b884d14357167fd6c756b70fe5c86cf5b14058a32d1e6a2036ef633166321878168876acd5ae9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 072229b584346b596b2936ef32320c9a |
| SHA1 | bf6ac93de38cb69257bc7c748a84756a7f34dc76 |
| SHA256 | a101f167af79b94b1097c7b8651253144cfa5d8e3b5268250b043847e37fce0a |
| SHA512 | ab08a9f7f90d59464148ce46b86c01799c99eeca0c443b1484d1138aa206f4cdfbc28d0ecbad23deff6d26d9b165099586569297cb0a5b7b609c746e93347dc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3e681bda746d695b173a54033103efa8 |
| SHA1 | ae07be487e65914bb068174b99660fb8deb11a1d |
| SHA256 | fee5f7377e5ca213c1d8d7827b788723d0dd2538e7ce3f35581fc613fde834c2 |
| SHA512 | 0f4381c769d4ae18ff3ac93fd97e8d879043b8ec825611db27f08bd44c08babc1710672c3f93435a61e40db1ccbf5b74c6363aaaf5f4a7fc95a6a7786d1aced8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | f942900ff0a10f251d338c612c456948 |
| SHA1 | 4a283d3c8f3dc491e43c430d97c3489ee7a3d320 |
| SHA256 | 38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6 |
| SHA512 | 9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2909dac263297997fc1685240829ea30 |
| SHA1 | eda91698968f438c66f3df194e42ba6e9920aedf |
| SHA256 | c4db296ada6293fa416e169f3124d7934521f8d351daac60fa7722767a7ae159 |
| SHA512 | 85ac5f615050e00f2f895eef94d7970a1713863047bd22dbff4762f6796d3c0bc7b770f1314580e93adf349bf5602deb081d94bbf3c88c10d46bac1ca0b461aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 844c689c0629cf45502da030c1542080 |
| SHA1 | d118f5306cc1e960b8b8132d1ee3705bfa7b73e0 |
| SHA256 | 87317e34ca6a506841fb7aa840d1dd0098a00c8a6b16d79fe2fbb1c599aa553f |
| SHA512 | cfe94323c507ed9c6a22cc0a8fbb25bdee4a338cb9c362fbb036f15efba273e252752b2a985c09b8155bc018aa7c7d4a3b8ccdc22a7f4fc2759f2a3446b9a370 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | faf9f1fd10596467a6761d485991d031 |
| SHA1 | 8169c8818cb02193734d9e75d830ef10ea2f42ef |
| SHA256 | 54edeb85375cd52183442e62fe5a43e2eb41668e21b9ecd0b180ea6a0269e647 |
| SHA512 | 29cff2a8b813feb5d7a74fa9bafeb66cecb559fc9603964bb5fdcaecc0eb6cf3c3a7f7d48e87b4188eb67f33d1c8dbeaf53ff8ca9852f4dbb9a6bf1b273c48c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7738c9b6-37b2-46e1-af8f-c3eb25a9b175.tmp
| MD5 | 11b2ca3bd8ad4866f6b3c9d4bbc4d471 |
| SHA1 | 5a9f5320168f2ad2773242a4360c65dfe55f5651 |
| SHA256 | 73f162b49f563b39ffd5d7dd66aa2d5beb0f9a7c5d4fe3b19ccd65f9a08d7886 |
| SHA512 | fc567ae371cb5d93c9e3ecc383c37cc1c8fc8df8058db18738823e8fc0f850cc675658f82610bb6a351045172cf0cc36ec789c16c948adc017039d92d4d1b9d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9bfdfb6167ab42e9345329a7a622f1c7 |
| SHA1 | ebc400bec41b9e09ff83b2a0b3dee3fa0e9c063b |
| SHA256 | c15cfd7cc089597e72bc9de56f3a61fd244ae30e95f4a38b95299608532ba5a6 |
| SHA512 | 7be92c4e666fac91131ab2c07abc9428329fe78975facf8cd2af61b1e7cda70751bf882049f7757b044f1b9bf70ba469248135f4a076307589f9fd6b4253a7f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 75502b18ce2d63c80309edb88be11e13 |
| SHA1 | 13e44a88f6bfec103c58739f49a18034dd9e6f21 |
| SHA256 | 0ddf807321c73bc38409999292428bdde488522e26c0d9b1ef59d525dd7358ef |
| SHA512 | 5e75e41bff4e205816b6f3003aed4e56acc06c088f3733a5c764d455697b1e93ef532d3bfc0a45dbd438c7d59309a6a919603d1b0d23d5aaf43d347dc4cd9fe6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e4f750fb83b59dc3821d4e66809f0717 |
| SHA1 | 4ba405a501f5df883ad0677b00494f36003c1a9c |
| SHA256 | aa26eeb9dde387b593701808a23ad8641767acebfc4d3afe9f5ec87fcac6bb4a |
| SHA512 | a5ae2f33ce189c7c12d304d0348c9f7388a2aa109f441d8f9309c5c33dba3f12bd4bec2f58a26c033df85dd30570c6c7535db33c8ae77b0241088dd42d58e4f9 |
C:\Users\Admin\AppData\Local\Temp\9D3E.tmp\9D3F.vbs
| MD5 | fd76266c8088a4dca45414c36c7e9523 |
| SHA1 | 6b19bf2904a0e3b479032e101476b49ed3ae144a |
| SHA256 | f853dddb0f9f1b74b72bccdb5191c28e18d466b5dbc205f7741a24391375cd6f |
| SHA512 | 3cd49395368e279ac9a63315583d3804aa89ec8bb6112754973451a7ea7b68140598699b30eef1b0e94c3286d1e6254e2063188282f7e6a18f1349877adeb072 |
C:\Users\Admin\AppData\Local\Temp\9D3E.tmp\MicrosoftWindowsServicesEtc\AppKill.bat
| MD5 | d4e987817d2e5d6ed2c12633d6f11101 |
| SHA1 | 3f38430a028f9e3cb66c152e302b3586512dd9c4 |
| SHA256 | 5549670ef8837c6e3c4e496c1ea2063670618249d4151dea4d07d48ab456690c |
| SHA512 | b84fef88f0128b46f1e2f9c5dff2cb620ee885bed6c90dcf4a5dc51c77bea492c92b8084d8dc8b4277b47b2493a2d9d3f348c6e229bf3da9041ef90e0fd8b6c4 |
C:\Users\Admin\AppData\Local\Temp\9D3E.tmp\MicrosoftWindowsServicesEtc\CallFunc.vbs
| MD5 | 5f9737f03289963a6d7a71efab0813c4 |
| SHA1 | ba22dfae8d365cbf8014a630f23f1d8574b5cf85 |
| SHA256 | a767894a68ebc490cb5ab2b7b04dd12b7465553ce7ba7e41e1ea45f1eaef5275 |
| SHA512 | 5f4fb691e6da90e8e0872378a7b78cbd1acbf2bd75d19d65f17bf5b1cea95047d66b79fd1173703fcfef42cfc116ca629b9b37e355e44155e8f3b98f2d916a2a |
C:\Users\Admin\AppData\Local\Temp\9D3E.tmp\MicrosoftWindowsServicesEtc\bsod.exe
| MD5 | 8f6a3b2b1af3a4aacd8df1734d250cfe |
| SHA1 | 505b3bd8e936cb5d8999c1b319951ffebab335c9 |
| SHA256 | 6581eeab9fd116662b4ca73f6ef00fb96e0505d01cfb446ee4b32bbdeefe1361 |
| SHA512 | c1b5f845c005a1a586080e9da9744e30c7f3eda1e3aaba9c351768f7dea802e9f39d0227772413756ab63914ae4a2514e6ce52c494a91e92c3a1f08badb40264 |
C:\Users\Admin\AppData\Local\Temp\9D3E.tmp\MicrosoftWindowsServicesEtc\breakrule.exe
| MD5 | bcb0ac4822de8aeb86ea8a83cd74d7ca |
| SHA1 | 8e2b702450f91dde3c085d902c09dd265368112e |
| SHA256 | 5eafebd52fbf6d0e8abd0cc9bf42d36e5b6e4d85b8ebe59f61c9f2d6dccc65e4 |
| SHA512 | b73647a59eeb92f95c4d7519432ce40ce9014b292b9eb1ed6a809cca30864527c2c827fe49c285bb69984f33469704424edca526f9dff05a6244b33424df01d1 |
C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe
| MD5 | 57f3795953dafa8b5e2b24ba5bfad87f |
| SHA1 | 47719bd600e7527c355dbdb053e3936379d1b405 |
| SHA256 | 5319958efc38ea81f61854eb9f6c8aee32394d4389e52fe5c1f7f7ef6b261725 |
| SHA512 | 172006e8deed2766e7fa71e34182b5539309ec8c2ac5f63285724ef8f59864e1159c618c0914eb05692df721794eb4726757b2ccf576f0c78a6567d807cbfb98 |
C:\Program Files\MicrosoftWindowsServicesEtc\example.txt
| MD5 | 8837818893ce61b6730dd8a83d625890 |
| SHA1 | a9d71d6d6d0c262d41a60b6733fb23cd7b8c7614 |
| SHA256 | cc6d0f847fde710096b01abf905c037594ff4afae6e68a8b6af0cc59543e29bb |
| SHA512 | 6f17d46098e3c56070ced4171d4c3a0785463d92db5f703b56b250ab8615bcb6e504d4c5a74d05308a62ea36ae31bc29850187943b54add2b50422fb03125516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 95a061ba99297596c933d764428e3811 |
| SHA1 | 7e80bcb645fbeacf86beb39a0867b5b10542fef5 |
| SHA256 | bedb264c1945a845706853973386e80ced077352defe61a83ee0fb50f9234389 |
| SHA512 | f2dc975e1abf2fe1523fd02d619feafcd4a369117be783132c439d4bd0f848c814916d52f6b13953a0c69a261bc5b94040eb779c9fc64977c429699b99285148 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9310b77ae4b3d4f92363254499a2c16c |
| SHA1 | a0540fd89a0950775a68ac322c7eb08d1ecc4717 |
| SHA256 | e588be3dc63db4e0a1159b26e93b521529f7104d8f9b91b1cba0db495b7d8afc |
| SHA512 | fb3aa52076e6c202ad9bf20097c5847aaaaa1383c335e657b244d972b793677a336410779d3e150fd6671ca55b68d52243cf64554fc70a9756f65bb015e9b756 |
C:\Users\Admin\AppData\Local\Temp\eula32.exe
| MD5 | cbc127fb8db087485068044b966c76e8 |
| SHA1 | d02451bd20b77664ce27d39313e218ab9a9fdbf9 |
| SHA256 | c5704419b3eec34fb133cf2509d12492febdcb8831efa1ab014edeac83f538d9 |
| SHA512 | 200ee39287f056b504cc23beb1b301a88b183a3806b023d936a2d44a31bbfd08854f6776082d4f7e2232c3d2f606cd5d8229591ecdc86a2bbcfd970a1ee33d41 |
C:\Users\Admin\AppData\Local\Temp\xRun.vbs
| MD5 | 26ec8d73e3f6c1e196cc6e3713b9a89f |
| SHA1 | cb2266f3ecfef4d59bd12d7f117c2327eb9c55fa |
| SHA256 | ed588fa361979f7f9c6dbb4e6a1ae6e075f2db8d79ea6ca2007ba8e3423671b0 |
| SHA512 | 2b3ad279f1cdc2a5b05073116c71d79e190bfa407da09d8268d56ac2a0c4cc0c31161a251686ac67468d0ba329c302a301c542c22744d9e3a3f5e7ffd2b51195 |
C:\Users\Admin\AppData\Local\Temp\runner32s.exe
| MD5 | 87815289b110cf33af8af1decf9ff2e9 |
| SHA1 | 09024f9ec9464f56b7e6c61bdd31d7044bdf4795 |
| SHA256 | a97ea879e2b51972aa0ba46a19ad4363d876ac035502a2ed2df27db522bc6ac4 |
| SHA512 | 8d9024507fa83f578b375c86f38970177313ec3dd9fae794b6e7f739e84fa047a9ef56bf190f6f131d0c7c5e280e729208848b152b3ca492a54af2b18e70f5dc |
C:\Users\Admin\AppData\Local\Temp\thetruth.jpg
| MD5 | 7907845316bdbd32200b82944d752d9c |
| SHA1 | 1e5c37db25964c5dd05f4dce392533a838a722a9 |
| SHA256 | 4e3baea3d98c479951f9ea02e588a3b98b1975055c1dfdf67af4de6e7b41e476 |
| SHA512 | 72a64fab025928d60174d067990c35caa3bb6dadacf9c66e5629ee466016bc8495e71bed218e502f6bde61623e0819485459f25f3f82836e632a52727335c0a0 |
memory/3128-1308-0x0000000000790000-0x00000000008CC000-memory.dmp
memory/3128-1309-0x0000000005910000-0x0000000005EB6000-memory.dmp
memory/3128-1310-0x0000000005400000-0x0000000005492000-memory.dmp
memory/3128-1311-0x0000000005390000-0x000000000539A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5246f2e6dcb004da15dccefcea9c19bc |
| SHA1 | 095c70bea9c65ae85d9c115e222a74f93eb39b38 |
| SHA256 | 3d8d7f74d5a34301628fee575bc01a3dcb24d86169785c949c5072669795c969 |
| SHA512 | d2633343cdf6c9692054d6e2229031ec95c744d7888e321d2bec0d01c00bd58493a79549b11b819fa2d4c79ea580d4067670a21a7c3c23e2ff14dbfc59f24e22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a0271f7bba01596216657746321dda89 |
| SHA1 | 156a2586634b223518cd5bc9d048c3fd6127595f |
| SHA256 | c8876fff922941c0a2d160e55d675f378266f4898469e8d10ff4b97608123837 |
| SHA512 | 4f49130c16460d9b49c2509e8f2594f5a045d89c67129d0b6886bf4200f63ab28261cde265a18046c6d47c3723b8e471a8fdd16eedebfd5de8654a0b4d9be3a9 |
C:\Program Files\MicrosoftWindowsServicesEtc\NotMuch.exe
| MD5 | 87a43b15969dc083a0d7e2ef73ee4dd1 |
| SHA1 | 657c7ff7e3f325bcbc88db9499b12c636d564a5f |
| SHA256 | cf830a2d66d3ffe51341de9e62c939b2bb68583afbc926ddc7818c3a71e80ebb |
| SHA512 | 8a02d24f5dab33cdaf768bca0d7a1e3ea75ad515747ccca8ee9f7ffc6f93e8f392ab377f7c2efa5d79cc0b599750fd591358a557f074f3ce9170283ab5b786a1 |
memory/4732-1363-0x0000000000DD0000-0x0000000000DF4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9eec6d9a5e5b4c22bf185dad15007f9a |
| SHA1 | 447f59a4f400c4c343d9fd318e0600766a72a994 |
| SHA256 | 2ebb4c41b086be836abe531b344214b42718b9f77f7c775bd80287011e963854 |
| SHA512 | 6d0e50abf5a888d5013555c2d960e057e9c6b542f1106e8b4cdd7887ead96e7b77286e5f22c8d29357cd2327272a27edab56c4870592774c263a0f3968a5a731 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e7f79445482bfd51ed8a66cfb9256e36 |
| SHA1 | 50eeaacc2f66ecdbd8f675e2486e3200db80d902 |
| SHA256 | ffb89270d24dda1b2b38909cfd05fd098b3f4058e52c06d2a36923a55d36b30e |
| SHA512 | f91c8395e15678353a67b791f38205c3aeaaf13be5f4239484d303ae48b110e36cc026cb2c60876468f52ba2aa00dc57aa03aabece365dee64891e790ac9bb6f |