Malware Analysis Report

2025-08-11 07:37

Sample ID 241015-2vkeja1fja
Target MEMZ.zip
SHA256 61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc
Tags
bootkit discovery persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc

Threat Level: Shows suspicious behavior

The file MEMZ.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit discovery persistence

Writes to the Master Boot Record (MBR)

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-15 22:54

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-15 22:54

Reported

2024-10-15 22:55

Platform

win11-20241007-en

Max time kernel

79s

Max time network

75s

Command Line

"C:\Users\Admin\AppData\Local\Temp\[email protected]"

Signatures

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\[email protected] N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\System32\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\System32\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\System32\Taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US\CachedLanguageName = "@Winlangdb.dll,-1121" C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\ASSEMBLYITEM\0X00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Keyboard Layout\Preload C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\ASSEMBLYITEM\0X00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31} C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\LANGUAGE C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31} C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US\0409:00000409 = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\CLSID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "183" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\Language C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\ShowShiftLock = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Keyboard Layout\Substitutes C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\KeyboardLayout = "67699721" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\ShowCasing = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000 C:\Windows\system32\LogonUI.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Keyboard Layout\Preload\1 = "00000409" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31} C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\HiddenDummyLayouts C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\Languages = 65006e002d005500530000000000 C:\Windows\system32\LogonUI.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\Language\00000000 = "00000409" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\TIP C:\Windows\system32\LogonUI.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\Profile = "{00000000-0000-0000-0000-000000000000}" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\BackgroundTransferHost.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\LogonUI.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\LogonUI.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\Taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\[email protected] N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1876 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Users\Admin\AppData\Local\Temp\[email protected]
PID 1876 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Users\Admin\AppData\Local\Temp\[email protected]
PID 1876 wrote to memory of 3996 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Users\Admin\AppData\Local\Temp\[email protected]
PID 1876 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Users\Admin\AppData\Local\Temp\[email protected]
PID 1876 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Users\Admin\AppData\Local\Temp\[email protected]
PID 1876 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Users\Admin\AppData\Local\Temp\[email protected]
PID 1876 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Users\Admin\AppData\Local\Temp\[email protected]
PID 1876 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Users\Admin\AppData\Local\Temp\[email protected]
PID 1876 wrote to memory of 924 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Users\Admin\AppData\Local\Temp\[email protected]
PID 1876 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Users\Admin\AppData\Local\Temp\[email protected]
PID 1876 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Users\Admin\AppData\Local\Temp\[email protected]
PID 1876 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Users\Admin\AppData\Local\Temp\[email protected]
PID 1876 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Users\Admin\AppData\Local\Temp\[email protected]
PID 1876 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Users\Admin\AppData\Local\Temp\[email protected]
PID 1876 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Users\Admin\AppData\Local\Temp\[email protected]
PID 1876 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Users\Admin\AppData\Local\Temp\[email protected]
PID 1876 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Users\Admin\AppData\Local\Temp\[email protected]
PID 1876 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Users\Admin\AppData\Local\Temp\[email protected]
PID 112 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Windows\SysWOW64\notepad.exe
PID 112 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Windows\SysWOW64\notepad.exe
PID 112 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Windows\SysWOW64\notepad.exe
PID 112 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 112 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\[email protected] C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 3552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2528 wrote to memory of 4648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\[email protected]

"C:\Users\Admin\AppData\Local\Temp\[email protected]"

C:\Users\Admin\AppData\Local\Temp\[email protected]

"C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\[email protected]

"C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\[email protected]

"C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\[email protected]

"C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\[email protected]

"C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\[email protected]

"C:\Users\Admin\AppData\Local\Temp\[email protected]" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8910f3cb8,0x7ff8910f3cc8,0x7ff8910f3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,14586805025239987156,9996680355496083710,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,14586805025239987156,9996680355496083710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,14586805025239987156,9996680355496083710,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,14586805025239987156,9996680355496083710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,14586805025239987156,9996680355496083710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,14586805025239987156,9996680355496083710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,14586805025239987156,9996680355496083710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0 /state0:0xa39b9855 /state1:0x41c64e6d

C:\Windows\system32\launchtm.exe

launchtm.exe /3

C:\Windows\System32\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe" /3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8910f3cb8,0x7ff8910f3cc8,0x7ff8910f3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8558321436937294442,3881230867982857254,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,8558321436937294442,3881230867982857254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,8558321436937294442,3881230867982857254,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8558321436937294442,3881230867982857254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8558321436937294442,3881230867982857254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8558321436937294442,3881230867982857254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8558321436937294442,3881230867982857254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8558321436937294442,3881230867982857254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
GB 2.18.66.43:443 tcp
GB 104.86.110.129:443 www.bing.com tcp
GB 104.86.110.129:443 www.bing.com tcp
GB 104.86.110.129:443 www.bing.com tcp
GB 104.86.110.129:443 www.bing.com tcp
GB 104.86.110.129:443 www.bing.com tcp
GB 104.86.110.129:443 www.bing.com tcp
FR 40.79.150.121:443 browser.pipe.aria.microsoft.com tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
GB 2.18.66.59:443 www.bing.com tcp
GB 172.217.16.228:80 google.co.ck tcp
GB 172.217.16.228:80 google.co.ck tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.200.36:443 www.google.com udp
GB 172.217.16.228:80 google.co.ck tcp
GB 172.217.16.228:80 google.co.ck tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
N/A 224.0.0.251:5353 udp

Files

C:\note.txt

MD5 afa6955439b8d516721231029fb9ca1b
SHA1 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA256 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA512 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\7bba5e0f-cc76-4657-bcc0-0094f0bd8d35.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 46e6ad711a84b5dc7b30b75297d64875
SHA1 8ca343bfab1e2c04e67b9b16b8e06ba463b4f485
SHA256 77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f
SHA512 8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

\??\pipe\LOCAL\crashpad_2528_FBFNNQRYHVIJTBDN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fdee96b970080ef7f5bfa5964075575e
SHA1 2c821998dc2674d291bfa83a4df46814f0c29ab4
SHA256 a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0
SHA512 20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e04a758d2855cb9549098f16c05753ef
SHA1 d1e04417c612813744a04e800c2898f0018bf15b
SHA256 2b9b33137283d1d244eef1db26ad19c676f504abb096993f283c985e8840dc21
SHA512 bac0c323414c74ee0f1f24273870fb5c1df1c0ef142ebb26cd8804dee644ae54a54f7219cf98f05a47c82effdd9637766d3101520d451e59be755dd1872a1ff8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 1585c4c0ffdb55b2a4fdc0b0f5c317be
SHA1 aac0e0f12332063c75c690458b2cfe5acb800d0a
SHA256 18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5
SHA512 7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ec89f3b84272aba8cd47e957f204e4d5
SHA1 996abda65c9afa47890e396f7882e8c0c0fd44d3
SHA256 d15ec94fbc4b48e1b312114a7fa03e7e809a29b16547684f2cfc6872e0c80bbc
SHA512 37468b3b426c11929714bc33487a4dd15b211051661a9f9e467547bd131586e0bba3bb200a1a034bf90b30adcdf3bc18029ab618f73adb995aa693442dc368b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 24d898729506d0f79053a698c0972763
SHA1 c895c2fda7dd1e558f0eb0ff578a47243dc1dace
SHA256 4483036fae16e0b2977b7ffd8086a8b06c8bb0e37415beb691706358b0cacfc2
SHA512 a3d1e674779ad55666492575c74a785c089ba327b9574eecfad8b4d3af2d987848de8c0f761d76c4d3c97f0743297fa03da323dba70c8b923257ea3d1c1691ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 99b343a37501e6b44fa635592e50fec2
SHA1 203b8636a839484f718ceea60ebbf0e2cd1c4cbc
SHA256 6ab70569ff6817b753c7216d43fab35bac8b3868dc53c4f3a29509e40664c20a
SHA512 aa1c4964baac70fbda853d5c74668d9c5ebcde3c26aba66c8532f483952797b4ed50139d35adbe1beefda37ec74afad776afe830719ae1e79712558d8342eb15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7588ac7e042a1304ad302fd6d96687a1
SHA1 0597695e12a2a7e2d32b084bd7e64c8f88f6fe37
SHA256 4139aec76ef2abf2f4eece6e28126c3eea3e47e7f2ae5216bce176130c947f55
SHA512 518a1819e563149be71da5c2dde3e7d04a3150a40b30dfe9b161ddcf3d636204d7b51942209aec72e17d66649a3b2d3c4c514c6bf432d1b5081be58e954b2830

memory/4980-133-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

memory/4980-132-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

memory/4980-131-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

memory/4980-137-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

memory/4980-143-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

memory/4980-142-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

memory/4980-141-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

memory/4980-140-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

memory/4980-139-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

memory/4980-138-0x0000027CF84D0000-0x0000027CF84D1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5c1372c54d7a6cfc74312e9dd0790b70
SHA1 dd92040739060b16dedd16d8ca50462642faa991
SHA256 4c2294a25dd14d9f7a64abef14b144d06d0ab2ad7d84352547d85fc9edaa0952
SHA512 6d6c276960bdc45a6cadd41eb19f9e60842f4035c5ed56982775f04f5c521296f5a742ea8f3f49daf76efed0b8a5b4751ef759003ea73a659567a6536c47e66a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 b29bcf9cd0e55f93000b4bb265a9810b
SHA1 e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256 f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512 e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 de387c117670d3fb2cf581e55a786738
SHA1 b7b91b44b494d25a1978ce5e82ea0f6fee6cdfa9
SHA256 4e956983955268d7d50ebdff3382f821ec5fd7ef31b56137b5100886f8853765
SHA512 7697c46cc477cdd08f858b9818194f8e1fad96b90d1c1cc39d67d355c1498e0120a9866e727784b85633600bacfbaae244fd5dc84cccb8aabb54cc7ac160583d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13373506501357112

MD5 0259baa143d0461f809bb048453868ee
SHA1 d72e01a34cae357ca8d3e11696273e9eaf12506a
SHA256 fadab36da4a6db11b7b013546ee0d75425c82c448bcdfee84274fb4a33e5cee5
SHA512 cdae5c8443ac2d3570d11a9a7f5ba2c09ca9aa9ed5b7129997037c29c36fb3a7e9fa86c768be2ab9fd63cad236ad48b58e8e7511030515f114f083c3b94fc294

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 5c4e8f4b4bf6f9b70cff21ec62d18e75
SHA1 1d0c31ef95eb593dd19e5bfe8b40d874c012c794
SHA256 eec510bd1c3854f0c5d668983ad88517877b0085206335ee29f94b169b91b372
SHA512 db55092995c74614ac576e6e3ac16a549d2085b07a6c033c50a24cb7091170e26adc9e7cc7a13daed47d876d5654d5ed125244939649a41b9e28812964439eb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5289e12035c785291b20fcaad2594454
SHA1 f6db22b959513ae1863125236c7d498d84e8e564
SHA256 972369405de9a5581b146b1890e6eaf591466052ff0e17d158715ab3dc4cbbd6
SHA512 5606fc9e0c02c3c42f404cbe2bedaf5cdaa8ff8bc9b38a938f97fd7e02aa541519b1f2efee00886c1574bed5d514539018e0c332af4eee62584055bb8f0bbf62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 a9851aa4c3c8af2d1bd8834201b2ba51
SHA1 fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256 e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA512 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 5c69fcb7daf55aa0644880f9b1c0821d
SHA1 d234f0a137a1eb4a724261279bbfa9b322c184d4
SHA256 fb4eae4c6945f38bdefa2a37e13fecc1d91d567098c245b2c50217e7307650e9
SHA512 b239a48afa469d777a0561af74e3119f8de71f0f127b36af6e873c50c650f7fabc9c1d282c68590d3d35772a1ccd003e457e70209cea0807d4f51624fdbf69e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 318e0eb31669b74085909898b5e01ff9
SHA1 9576cdc7782647d6d69d69c4fa12e44bc9f2b516
SHA256 024b352715f4b6006ce9c75e9ca866b0976619ef42f564ddac0a33298b0dfd94
SHA512 da3abfcc62ca186b0979798d2fd24e60911fc633eac255f8e078785ff83b93aaf55ce21231e8fdb0b1de192b3849b6849e1d5e89aa354593074030fdf4ba8bd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 96077a25f5419814fe3dbd426298ea72
SHA1 57c7cf854030a28a01264e1dca4db02f634c7402
SHA256 3b903ff39f00e7b1a7675e4e7f4628dabc63b64936dc450b0c93a4399489bd3f
SHA512 282845c35dffa144c83517d9caf0fa5ecc5c2f02a728cb9728350fbff4c46e05e20071fb6d78812687b994576a9e33c53b2ceec5059b2843daa230df21a70f9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 7bfcb1803cbbf0307eb6e6bf0cdfc383
SHA1 07b4c07cd7834d4411b0155d58170ffeb963a7a1
SHA256 e8081110415f02ec3df80d14e70503dc47e0eeb6231ab020a3a825330ef070c8
SHA512 b05388d6894cf07b94b7e46cab474df4cad0b9f6bf5ab94702bc7871b22dd2f5122dbd21b6316cb22920ba52e788064dd342b635c9b0b071a4c85665ff3f54dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 d49f8f9b36cf3b5db7a70d648ab83017
SHA1 91c1e7797a68d2e94fbcddd686ad77c537aa2503
SHA256 e9f6355b02940568b1a6bba848bda350f6b12fb337b5401ef19868addad9ddbb
SHA512 5ad72b8fe46a4b2c22fe25f66f93a4bca8649e56638b1b4b2be6c446f1e641a61c9446cc6d7a7acf78b0219f038973e814a5767e6c70167436e9fd70a4d302e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 86293f0fea78ca5bdbb525fbb671729b
SHA1 af1ba876bd5bf0ac40ffd93d05ec5ba4b1440c4b
SHA256 609e05dcda59728077832b390499571b39bb3b3eafc8a80411bd173e5514add5
SHA512 9d602593d6091f53e730acc5a37f69729433cb87f2925a04c792e9bd00571706a6e31b5bf9ccbba4a30e25629cd5a4bd69e92baebdc4f9465a38f76290696e7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 a8f537899152da20d9fd70d3f3d02a97
SHA1 1091259d5e005ddd5d9e89ab0962a2945a737415
SHA256 fe7c3f5fd3e940f09caf329c06d02d0a3cc0b5e8e3dcd67c437e5476a32173d1
SHA512 803e41b9823253d2fea2915d058e094512775218bb84112d4d0096d9b390d8bc742764f06a57044adff582f09d0a9a9079925b1acdf8d4a90f2bac44499cb389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 20f6d2ca6f57c998b9ea83335ad8efb8
SHA1 dcf1e5ee7ff5ddff2d75021944e40adfd48a6395
SHA256 efab165460397baee1ca930d8f81b85ef25ce2cc69ccb94f01bc9b0fb7a224d1
SHA512 e0e67971a561f81bbb2a1bdd9dfd746e0b7ea54faced9c6c58b719112f7ccc4aef492ee986b7aa14f03b6e1f477af6b2ac74b896ab50f641eb7cd8d307c85ce6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 e41d0f357a5a3ecd847cc9ed01b32f15
SHA1 6a5974b7310c986ba89a8902a3eb572b8ee42ec6
SHA256 ff1399c731a93ade468ccc837b0d736188f7b8cdd8d2ed53566ed27f946e6566
SHA512 3d2b24a0a966bc957e07c4e80199bd264fc2f780068d6048c3d147198115c20ea10413510b9e94559ed13715a44f796eb4d4e670c860c7276a0c239145c0010e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 c8102409c73eccd46f2ad0cced47ad9e
SHA1 ff8e2d84cbd9d2d38adcb877e2cbb94799d267ea
SHA256 67ff921835fcc0354cbb5d5e26c5fa9bf69214906f0af41e700b71e5e0c41ee5
SHA512 dcf92db02506ac69fc6f59553556d35217214d59dbeba1366e4ec0ca563d1897cbd308f90ba0aaf09eb1eec7cdf4a6edfd07a45a97e74e21d5ed41b3c3dd3a61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 fdaf49035d5ba7bbe7fb426fb40ff3dc
SHA1 b8e99a3ba70e45e12626c43f6b043cd359e2ef51
SHA256 44efc38580dfab4c83f83f259b42b5248fb4e79d00d6e5297a7d3198eda09910
SHA512 bc93c6d31e48099c587ffd11a2e881277ea0f13712405f68d5ed70feae448aeb1ce9c333d01ccd324cf2b9e8b74b6e53903a7f0d21945e86df6c5017d6af1b48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 54a5bcc45f2b8a77fa12362fc1507b56
SHA1 ac6248686d419b652e14449dcd563d7eb5d78273
SHA256 9c32b508bb0bdbab038c4a86dfd4bc452ea644e711bdea9cce628d0ba2d1339c
SHA512 959cc0158ad937eb106c15ce47ec43740dd9d75229adcad966a54952b2488747c123f64623579244cfc22e67f057570dc3a4e927b461ff4873e4a6402a178d61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 1d7ccee29ac1ec31cd1dddef85250ac8
SHA1 1f339444d658351ed14fd1c96a1d21192a2f9f5d
SHA256 8a9444db2f1f550eca25a2fabc152deeb03f8be15b34fbc8c94275ac3931917b
SHA512 5c007bb8dcf3d0614b5873e65623228df75192445df4689dac9299a21caeb85d048e78795a9cdf5df170d154c00f1d7af667a54eb11181751ba13e1597c538a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 487b9df50d2ef58eae67bce3e5f66b8c
SHA1 de762175d2c9a61b4f1ad673849474bcca25178c
SHA256 c23e318b854a543f0222069b01f5a13b0a2f9a2094421d9d892151312f7e9996
SHA512 03d2ad97a2b68051b01b6544e3351027b6cfaeffc2a699fd82f6a79ae1d9f5be229a77c1cc82b4bd06a0c9f5c85f2d73486e857f064d39698ee718ad34345c58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 03d688d7aee88f80e816267ff056b431
SHA1 10d60bde7f5214ceb308df4e4585de7017046bc2
SHA256 cebd4a9eca33c5c6eff06ab80356ac7dbaf87ddabf8f85e1374a08b5d3c56824
SHA512 1890c79b0b278b21f4163af9a82256f7ea2df51d42113178b08a617fe3ab344f33e7c628bdf26c46b8770b0d63300fa0997728e67338c1c65f23fa43f40e39fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 7c3bbc6de690f3d7f6e1361ebc6b8d38
SHA1 9b6fa2478f14a80b98f98c6ebe545a90b1eefbce
SHA256 446f06889122199be2f303b21b2e14f0dcf7ff8add5323183afe4009ec26a717
SHA512 c7c010fcbf4f65171f48c5ad179d0ad287a00ee6f8933f9cb2be3c3ce0d1363ecd5641bf12130d3d9506230a0ccf5503eab6b731cc603dd267226af520f95f60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 6409b89cf75e99bb74a8493ab7889e7c
SHA1 d736f067c5de25cbf96d6ad15e455213f7f72155
SHA256 7b887118c1c4d68f64b60c2d59082bd0d00aeab529c5b9a372b845c92897c54e
SHA512 3c81348c4541472fbb989cecaa0852cc9291e2c494cec4799e4682688edee38f7f0b00190c36568b1f03c443d864e207cf69ba9626a232dc85a731c4509250b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

MD5 6b74c93f4ea220cea0cf8b5b1ef7f8b6
SHA1 da12a86185836a8b45d67a4c7d7e045d537a55cb
SHA256 5b5de14e80f353faec2c6584ee44015f61855521e55eecf4388bb2e5b96533d2
SHA512 e07449dfe9117657527d7bde1bc46a9377b28391425c35e8e16a54ae553630495fe990a80f9fb0251ed5c062f3def2efc94ce2f7c754398cacb0cb262fee5881

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d64d644df228024_0

MD5 6ce48eba6f8c33dee1d08369a877c740
SHA1 d2ef41fd24723923fdaeee02bee9c78c9e6bbc8e
SHA256 06890dc9f4b6cce3cdb5a78927194ca3621cdd0dfdc56f51d265ef94f3002914
SHA512 5639093c258fa7878924e5b2e691eee778ab19fd085639108a38fd692d96e37b208993fc18453adc7ce03f269bd3cd0a2de58cf292d9146fab37ac7bbf60d537

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

MD5 d3461746c42bb5b0c150fdc01d5caafb
SHA1 c349f6f8864223f018b10760df1841a6c6f188de
SHA256 a9ce8518bb56e5a79aced37f39da6158349da3bd9f7abbd6c1255c7912a574be
SHA512 c8c628b76a6b205e26e1a1a6afc6da6254fbe61aa1335a72bcd4c0ed20ea5f2cf323e7901e216a423270fc0ffa1332361c6b5b1be943165c1259483b4cc3e9a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e639946c1617e192_0

MD5 1ad2b343b0e8284b1797fa7125542fe8
SHA1 1c89112049033f5be2e75d0477bbab7010bdbc7f
SHA256 3b95c720b98088ba2a6178ad0b3e560c10f9712068c4620d04c9ad82a08eb56a
SHA512 63a115bdb6109a1cc0205c8a8a43e7eb10b57730fa1787cf37405110b3b659b162835cb3201a0bfdbf85e14bc293baf3830c7259bd21c05d257e3e5d21278655

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 ad084ae94f2a62341c8a94c326acae69
SHA1 12a3d4b5b0224b69c252e6de42f9c2d38221e2d0
SHA256 be5a10dd2bb7d409794492a1c6aab8ac0aa7f6f8ffb487d2eac22c10e556afed
SHA512 c95be5871884c93e3f5d857f7065fa749d78573ef136577f3dcac7855ecd32231a990986be3b206b75b7ae31d88e2c55fffaf05da6bb4e41eb836f2a8d36d9ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb2f1892c7d0050_0

MD5 2f689d358c4fb4e6d320f24105b563d7
SHA1 b690243b6abb02fed0de52c3bfaaba4780cd2570
SHA256 343df5f8db8f98852bf3f6d310070e061b2c639ec814233e0b8a672100e8c46e
SHA512 f91413ef2c30c3485b052102507e61b478241511a13d96c1eb5df5fc71307b970a034046e1502713e7df9289c5aeeb46ab937723820588d0711115e6c52d7ff0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

MD5 c67aca171f989bdbd5bbec4f3362aad4
SHA1 70cafa292b4336443301006f8c52e4d601b690d1
SHA256 2ccb531bffd651a1e09825677ff8850d6b1e2377ee7952ead4ff0f44436e4b46
SHA512 c53b4504987d8a4e56e6719a8836ff491466a15cea6f7dc59ea95eece8ec391280083816fd63c75356bc0727d4d4599394afae7ffdf10730f5feaef137d887db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13373506501350112

MD5 14afd3c4073140796a4fa0c6c900c83a
SHA1 03abb975c9a5df18f5b92da6ee4a4d289889a222
SHA256 58f79a5e484ad72c60411860c4b49d096e4cad1367dfa434992241ae58814a6b
SHA512 4903f2ddd8c7e19e326b52ecba0e7da5db6fdcf1593e72c476a90c3a65d5c30c2009979cc9787248f325b38add0e4d6ffc55142ee914f848e9f0c30da97d3a5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 095bf5784184747e9875652ab850763f
SHA1 f97f5adbb001f5a74f4b579f80f9bb7a6efa9627
SHA256 eae53284b3b823b76a0b8cf9ca47967f1615ae8337c7293485f6ee1d895005c8
SHA512 8e1573f6477ce70f5f0573378cebfc7b73d1e8c6d56a3e4f40e67a7d759e2035cfe4bb19aaccff0269ebd1d051a6402b58cd94015e902d151b12bfbf511dc262

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c90d9447432b275b1492d84090480ed7
SHA1 5d9b34fa029328d56a963fc42db070a986fbf4f1
SHA256 3fa5f9c1f643292ca94ea3bf17bd1b69e85f00b9d78ce7ae4790f32eaf4ae543
SHA512 8484a897543fdaf1cb1d01f0a14be34947bd310d95277a284f0f598beb9c43ea5575a7358f28e698be1aac0a52e4fe132bdc1f2a965c5e5445c4eb1d2beada38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7d5712d220eeb7128a6befc22d1ea424
SHA1 847f92805d63f2304cb3cf8f6ae776b6c9481f13
SHA256 160683cda3b2bccd7c453c339616a1642573373626f1957b6b6078a6e176cde7
SHA512 034ec0a2ab587d761f0ff0bb4ad2d2764ffb3e009815f0589945c41d14c9946d100760f7a367eec5b92c683cd512dc32f3815b73e07d5d5d6f874589251f0441

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4536148e67a41e334ca7c2abadfb0c48
SHA1 45a935cb92eca439a6fe4f4ecb93bbd278598fc7
SHA256 aba4a5156d375bc8d60e987de6feaa2feb97f21d6f83d705fc0f8c8814593418
SHA512 ee7c6770fb198b68a92f72ff9e3bfba08833ed1a121212ebb025454b1306834e6e347f7e2fd7a2f00ed6b75aeb3023a2ec9d8042790ee33583411bb944372030