Malware Analysis Report

2025-08-06 01:38

Sample ID 241016-1xtwbayenr
Target https://github.com/Dfmaaa/MEMZ-virus
Tags
bootkit discovery persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

Threat Level: Shows suspicious behavior

The file https://github.com/Dfmaaa/MEMZ-virus was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit discovery persistence

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Checks SCSI registry key(s)

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 22:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 22:02

Reported

2024-10-16 22:08

Platform

win10v2004-20241007-en

Max time kernel

390s

Max time network

388s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Dfmaaa/MEMZ-virus

Signatures

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\devmgmt.msc C:\Windows\system32\mmc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\INF\c_display.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsencryption.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_barcodescanner.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\wsdprint.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_holographic.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsphysicalquotamgmt.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsvirtualization.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_sslaccel.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsreplication.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_diskdrive.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_media.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_scmdisk.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\rawsilo.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_linedisplay.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_swcomponent.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsundelete.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsinfrastructure.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fssystemrecovery.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_monitor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_receiptprinter.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fshsm.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\remoteposdrv.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\digitalmediadevice.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_smrdisk.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\ts_generic.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File created C:\Windows\INF\c_fscfsmetadataserver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_extension.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_magneticstripereader.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_proximity.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscopyprotection.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\rdcameradriver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_ucm.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_firmware.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\oposdrv.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsactivitymonitor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_camera.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\xusb22.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_cashdrawer.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsopenfilebackup.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\PerceptionSimulationSixDof.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscompression.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fssystem.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_volume.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsquotamgmt.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsantivirus.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscontentscreener.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_mcx.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_processor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_scmvolume.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_smrvolume.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\dc1-controller.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_netdriver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fssecurityenhancer.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\miradisp.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_apo.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscontinuousbackup.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_computeaccelerator.PNF C:\Windows\system32\mmc.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\calc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mspaint.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\mmc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133735897545283276" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings C:\Windows\SysWOW64\calc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1652 wrote to memory of 3592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 3592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 2068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 3416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 3416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1652 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Dfmaaa/MEMZ-virus

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe67f2cc40,0x7ffe67f2cc4c,0x7ffe67f2cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1864,i,1060556533867979570,481124200544050155,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1860 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,1060556533867979570,481124200544050155,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,1060556533867979570,481124200544050155,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1220 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,1060556533867979570,481124200544050155,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,1060556533867979570,481124200544050155,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4816,i,1060556533867979570,481124200544050155,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4832 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4984,i,1060556533867979570,481124200544050155,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe

MEMZ.exe

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe"

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe58df46f8,0x7ffe58df4708,0x7ffe58df4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5131619268170891981,9302489720565291512,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5131619268170891981,9302489720565291512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5131619268170891981,9302489720565291512,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5131619268170891981,9302489720565291512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5131619268170891981,9302489720565291512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5131619268170891981,9302489720565291512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5131619268170891981,9302489720565291512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5131619268170891981,9302489720565291512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5131619268170891981,9302489720565291512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5131619268170891981,9302489720565291512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5131619268170891981,9302489720565291512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5131619268170891981,9302489720565291512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5131619268170891981,9302489720565291512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe58df46f8,0x7ffe58df4708,0x7ffe58df4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe58df46f8,0x7ffe58df4708,0x7ffe58df4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe58df46f8,0x7ffe58df4708,0x7ffe58df4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2c8 0x494

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe58df46f8,0x7ffe58df4708,0x7ffe58df4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6460 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe58df46f8,0x7ffe58df4708,0x7ffe58df4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7944 /prefetch:8

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffe58df46f8,0x7ffe58df4708,0x7ffe58df4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe58df46f8,0x7ffe58df4708,0x7ffe58df4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe58df46f8,0x7ffe58df4708,0x7ffe58df4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe58df46f8,0x7ffe58df4708,0x7ffe58df4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8544 /prefetch:1

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe58df46f8,0x7ffe58df4708,0x7ffe58df4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5713956536869955463,3605844567232442255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8316 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 27.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 google.co.ck udp
GB 172.217.16.228:80 google.co.ck tcp
GB 172.217.16.228:80 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:443 www.google.com tcp
US 8.8.8.8:53 support.google.com udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 172.217.16.228:80 google.co.ck tcp
GB 172.217.16.228:80 google.co.ck tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 motherboard.vice.com udp
US 151.101.194.133:80 motherboard.vice.com tcp
US 151.101.194.133:80 motherboard.vice.com tcp
US 151.101.194.133:443 motherboard.vice.com tcp
US 8.8.8.8:53 www.vice.com udp
US 8.8.8.8:53 133.194.101.151.in-addr.arpa udp
US 192.0.66.177:443 www.vice.com tcp
US 8.8.8.8:53 177.66.0.192.in-addr.arpa udp
US 8.8.8.8:53 s.skimresources.com udp
US 8.8.8.8:53 embeds.beehiiv.com udp
US 8.8.8.8:53 cdn.parsely.com udp
US 8.8.8.8:53 htlbid.com udp
US 8.8.8.8:53 stats.wp.com udp
CZ 65.9.95.9:443 htlbid.com tcp
CZ 65.9.95.9:443 htlbid.com tcp
US 8.8.8.8:53 9.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 53.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 live.primis.tech udp
US 8.8.8.8:53 www.youtube.com udp
CZ 65.9.97.61:443 cdn.parsely.com tcp
US 151.101.1.91:443 s.skimresources.com tcp
US 192.0.76.3:443 stats.wp.com tcp
US 104.18.68.40:443 embeds.beehiiv.com tcp
US 8.8.8.8:53 silo50.p7cloud.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 cmp.inmobi.com udp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
US 8.8.8.8:53 launchpad-wrapper.privacymanager.io udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 scdn.cxense.com udp
CZ 65.9.95.68:443 launchpad-wrapper.privacymanager.io tcp
US 104.18.43.90:443 cdn.confiant-integrations.net tcp
CZ 65.9.95.50:443 cmp.inmobi.com tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net tcp
US 104.18.43.90:443 cdn.confiant-integrations.net tcp
CZ 65.9.95.68:443 launchpad-wrapper.privacymanager.io tcp
CZ 65.9.95.50:443 cmp.inmobi.com tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
CZ 65.9.98.75:443 c.amazon-adsystem.com tcp
CZ 65.9.95.62:443 live.primis.tech tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 8.8.8.8:53 232.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 61.97.9.65.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 68.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 90.43.18.104.in-addr.arpa udp
US 8.8.8.8:53 50.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 40.68.18.104.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 75.98.9.65.in-addr.arpa udp
US 8.8.8.8:53 62.95.9.65.in-addr.arpa udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 cdn.pbxai.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
GB 172.217.16.238:443 www.youtube.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 79.127.237.132:443 cdn.pbxai.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.201.118:443 i.ytimg.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 132.237.127.79.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
CZ 65.9.95.96:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 172.217.169.78:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 96.95.9.65.in-addr.arpa udp
GB 172.217.169.78:443 fundingchoicesmessages.google.com udp
CZ 65.9.95.62:443 live.primis.tech udp
US 8.8.8.8:53 api.parsely.com udp
US 8.8.8.8:53 p1.parsely.com udp
US 8.8.8.8:53 launchpad.privacymanager.io udp
US 3.221.157.232:443 api.parsely.com tcp
IE 54.155.18.159:443 p1.parsely.com tcp
CZ 65.9.95.9:443 launchpad.privacymanager.io tcp
US 3.221.157.232:443 api.parsely.com tcp
IE 54.155.18.159:443 p1.parsely.com tcp
US 8.8.8.8:53 geo.privacymanager.io udp
CZ 65.9.95.107:443 geo.privacymanager.io tcp
US 8.8.8.8:53 159.18.155.54.in-addr.arpa udp
US 8.8.8.8:53 232.157.221.3.in-addr.arpa udp
GB 184.87.178.55:443 scdn.cxense.com tcp
GB 184.87.178.55:443 scdn.cxense.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 34.98.64.218:443 u.openx.net tcp
US 18.209.76.112:443 cs-server-s2s.yellowblue.io tcp
GB 23.219.196.188:443 ads.pubmatic.com tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 pixel.quantserve.com udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 client.px-cloud.net udp
NL 35.214.136.108:443 x.bidswitch.net tcp
NL 35.214.198.78:443 csync.loopme.me tcp
GB 2.23.210.32:443 client.px-cloud.net tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 104.18.36.155:443 ssum-sec.casalemedia.com tcp
DE 91.228.74.200:443 pixel.quantserve.com tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
GB 2.23.210.32:443 client.px-cloud.net tcp
GB 142.250.200.34:443 pubads.g.doubleclick.net tcp
GB 87.248.114.11:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 rtb.primis.tech udp
NL 35.214.198.78:443 csync.loopme.me tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
NL 35.214.136.108:443 x.bidswitch.net udp
DE 37.252.173.215:443 ib.adnxs.com tcp
US 104.18.36.155:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 mb9eo.publishers.tremorhub.com udp
US 104.18.43.90:443 cdn.confiant-integrations.net udp
GB 142.250.200.34:443 pubads.g.doubleclick.net udp
US 8.8.8.8:53 cs.media.net udp
GB 2.23.220.28:443 cs.media.net tcp
US 52.21.129.120:443 mb9eo.publishers.tremorhub.com tcp
US 8.8.8.8:53 stk.px-cloud.net udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 107.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 55.178.87.184.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 188.196.219.23.in-addr.arpa udp
US 8.8.8.8:53 112.76.209.18.in-addr.arpa udp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
US 8.8.8.8:53 32.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 11.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 215.173.252.37.in-addr.arpa udp
US 34.107.199.61:443 stk.px-cloud.net tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 8.8.8.8:53 collector-pxebumdlwe.px-cloud.net udp
IE 52.49.54.14:443 ap.lijit.com tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
US 8.8.8.8:53 sync-gdpr.intentiq.com udp
US 34.120.53.196:443 collector-pxebumdlwe.px-cloud.net tcp
CZ 65.9.95.115:443 sync-gdpr.intentiq.com tcp
US 34.120.53.196:443 collector-pxebumdlwe.px-cloud.net tcp
US 34.107.199.61:443 stk.px-cloud.net tcp
IE 52.49.54.14:443 ap.lijit.com tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
US 34.120.53.196:443 collector-pxebumdlwe.px-cloud.net tcp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 cm.adform.net udp
NL 89.149.192.75:443 ssbsync-global.smartadserver.com tcp
DK 37.157.6.254:443 cm.adform.net tcp
US 8.8.8.8:53 r.skimresources.com udp
US 35.190.59.101:443 r.skimresources.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
US 35.71.131.137:443 match.adsrvr.org tcp
DE 18.184.119.72:443 match.sharethrough.com tcp
US 8.8.8.8:53 sync.1rx.io udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 t.skimresources.com udp
US 35.201.67.47:443 t.skimresources.com tcp
US 8.8.8.8:53 sync.kueezrtb.com udp
US 8.8.8.8:53 video.primis.tech udp
US 8.8.8.8:53 28.220.23.2.in-addr.arpa udp
US 8.8.8.8:53 61.199.107.34.in-addr.arpa udp
US 8.8.8.8:53 120.129.21.52.in-addr.arpa udp
US 8.8.8.8:53 162.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 115.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 116.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 14.54.49.52.in-addr.arpa udp
US 8.8.8.8:53 196.53.120.34.in-addr.arpa udp
US 8.8.8.8:53 75.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 254.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 118.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 101.59.190.35.in-addr.arpa udp
US 8.8.8.8:53 137.131.71.35.in-addr.arpa udp
US 8.8.8.8:53 72.119.184.18.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 67.205.171.186:443 sync.kueezrtb.com tcp
US 3.165.148.106:443 video.primis.tech tcp
US 67.205.171.186:443 sync.kueezrtb.com tcp
US 8.8.8.8:53 sync.intentiq.com udp
CZ 65.9.95.90:443 sync.intentiq.com tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
DE 141.95.33.120:443 id5-sync.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 8.8.8.8:53 api.cxense.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 35.201.67.47:443 t.skimresources.com udp
US 8.8.8.8:53 p.skimresources.com udp
US 8.8.8.8:53 pixel.wp.com udp
IE 34.255.22.73:443 id.crwdcntrl.net tcp
US 34.120.53.196:443 collector-pxebumdlwe.px-cloud.net udp
US 35.190.91.160:443 p.skimresources.com tcp
US 35.190.91.160:443 p.skimresources.com tcp
DE 167.235.124.24:443 api.cxense.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
CZ 65.9.95.90:443 sync.intentiq.com tcp
US 8.8.8.8:53 ams-pageview-public.s3.amazonaws.com udp
US 16.182.108.25:443 ams-pageview-public.s3.amazonaws.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 47.67.201.35.in-addr.arpa udp
US 8.8.8.8:53 106.148.165.3.in-addr.arpa udp
US 8.8.8.8:53 186.171.205.67.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 16.182.108.25:443 ams-pageview-public.s3.amazonaws.com tcp
US 8.8.8.8:53 120.33.95.141.in-addr.arpa udp
US 8.8.8.8:53 73.22.255.34.in-addr.arpa udp
US 8.8.8.8:53 160.91.190.35.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 24.124.235.167.in-addr.arpa udp
US 8.8.8.8:53 90.95.9.65.in-addr.arpa udp
IE 54.155.18.159:443 p1.parsely.com tcp
US 8.8.8.8:53 comcluster.cxense.com udp
DE 167.235.124.61:443 comcluster.cxense.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 silo50.p7cloud.net udp
US 8.8.8.8:53 25.108.182.16.in-addr.arpa udp
US 8.8.8.8:53 61.124.235.167.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 35.190.59.101:443 r.skimresources.com udp
US 35.190.91.160:443 p.skimresources.com udp
US 192.0.76.3:443 pixel.wp.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.200.6:443 static.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.1:443 yt3.ggpht.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 34.98.64.218:443 u.openx.net udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
DE 18.184.119.72:443 match.sharethrough.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 3.122.43.61:443 api.cmp.inmobi.com tcp
DE 3.122.43.61:443 api.cmp.inmobi.com tcp
US 3.165.148.106:443 video.primis.tech udp
US 8.8.8.8:53 61.43.122.3.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
NL 35.214.155.242:443 csync.loopme.me tcp
NL 35.214.155.242:443 csync.loopme.me tcp
US 8.8.8.8:53 242.155.214.35.in-addr.arpa udp
DE 37.252.173.215:443 ib.adnxs.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 softonic.com udp
US 151.101.65.91:80 softonic.com tcp
US 151.101.65.91:80 softonic.com tcp
IE 54.155.18.159:443 p1.parsely.com tcp
US 151.101.65.91:443 softonic.com tcp
DE 167.235.124.61:443 comcluster.cxense.com tcp
US 8.8.8.8:53 91.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 www.softonic.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 assets.sftcdn.net udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 images.sftcdn.net udp
GB 18.165.160.104:443 sdk.privacy-center.org tcp
US 151.101.193.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.65.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net tcp
US 151.101.193.91:443 images.sftcdn.net tcp
US 8.8.8.8:53 articles-img.sftcdn.net udp
GB 18.165.160.104:443 sdk.privacy-center.org udp
US 151.101.65.91:443 articles-img.sftcdn.net udp
US 151.101.193.91:443 articles-img.sftcdn.net udp
US 8.8.8.8:53 91.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 104.160.165.18.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
BE 74.125.206.155:443 stats.g.doubleclick.net tcp
GB 142.250.180.3:443 www.google.co.uk tcp
US 8.8.8.8:53 notix.io udp
NL 139.45.197.227:443 notix.io tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 155.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 227.197.45.139.in-addr.arpa udp
GB 172.217.16.228:80 google.co.ck tcp
GB 142.250.200.36:443 www.google.com udp
US 34.120.53.196:443 collector-pxebumdlwe.px-cloud.net udp
US 8.8.8.8:53 246.197.219.23.in-addr.arpa udp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 172.217.16.228:80 google.co.ck tcp
GB 142.250.200.36:443 www.google.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 142.250.180.3:443 www.google.co.uk udp

Files

\??\pipe\crashpad_1652_QYCSGYIPBHQWNPBE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3517221a6cc66427e60020af32522028
SHA1 751de533b984a73264803f5690b1ee81115b7ff9
SHA256 862c90e33916f525d0ed31128c4af958e007fd543e6c5445b61c53b1b5b73dd8
SHA512 afdf757eb0db4745cd1ab1efd4beb8ee81b72b00e6ad192e860bc13cda1242cdc45afe07f8480bc77bbd6035e8ad48b8ad7373e3043ab59cef8e17324c231ff9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 056d640d08d181d03bf8229e2a2a90cb
SHA1 669e6c057bb4b1954b27ab53b29699de3cd6e8dd
SHA256 524e6b070f257babe260b95cd9565e95e87ef3cfc391b19128a903ebf39f4031
SHA512 9f85381b4897a37d78cf622d5437bd0d296f4cfd1c85e8586bf7e68a8f1141b912ba8937830bd1227215744c3f3d4ada8b6e4934660cd3d3ba3f3f9968346ee3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 0cc75d7a5b89e46c3fa16865355201f7
SHA1 d4c35d09460b9fbfd511875aef8d4f137d110797
SHA256 77c8c3888f6624b37ab7f8c7a55dc0df536500c8edf7dd784678632e3cdc69b7
SHA512 5808f765cdb5a8b02b3091cb9b41d3088b0ef25738c5f9a069ef71dcb595a43a3ea856023ecb690b463901008c21a4ad985e6fb6475c43850625aeeb007ae201

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5ef76573d17f5b57dc994fa70a89dc59
SHA1 938ab66aa8ff00d30abd4914f772444b0bc29ac3
SHA256 9b71f8802da940091fb7d77a32f2d1e6131b8cdbfa307bae029aab3752e716bd
SHA512 578279f52316b544300afaebaa3bc3c8142338342ec9549b6742d69d41e53b58c17d88ace746037383d533623ad9573f9662411bd908e3fcaf0d46387dbe0a74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 594d42ce2ce34fbc133ba30888a6bf37
SHA1 77ddf41c0c564cb06f1cc89fd080012a518f31b1
SHA256 eedfb26596fb94ddb08bbf1eaf299b960da88e41e5ba2ab40b02e5c1e8e00385
SHA512 35d9afe73b5bd5ce281edf7337a6f52595295e6fe7a2bed41e64d11619605559409c5d94f27b623c70d14bdeca1283636ebfc4a779a6396944a88e4093c24dac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 31be86321af38274b3562d89b15a367a
SHA1 329b730dd732f381f31081976657a4f8ec5aed81
SHA256 bfb3ab850d850e13a13d3a3e51c1ed884768e63d420f04215d48caaf16226cf3
SHA512 5b6de8473e045a446fb288c262dab2a1e4591667a960fb42ec88f1d72514ec4f321926776a3d73a7666f0a83bec801f83545696e3c5907627bc859338690911b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 821a461171bbfeffb7754b73a7eeefee
SHA1 25a8f55017e1bc41621d0e036e4c399bd935a636
SHA256 c9d52614aad1eea6de2029447bad800eb871bf339ac0d72a79fabe691a9c7a1b
SHA512 9bacc4b985b4f59b712724f795a21fb45dc813ce61527ef01a35aeeb4cbeca0a6a6ec841c436935f3550da9c98382c6a19503d921f6ec03817cdc183c34c8a22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 11552c8da0e7db368fabb790d414613c
SHA1 0d2c8120332ab385b12f541033898c1dc7c36b2a
SHA256 5c081b871d5ef3ef7641d2c68cdd2b47da436dc36f404c959a0b7194f84615fc
SHA512 f039ebfd6f14a6dba72cdfc21033c708bb812dd653ca7f8db5e0a0dc7fed5b91eb7ca2812852d5737cd86ee1b13edbd0178414cc373f717e9ba27aa50e6c3cba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f0b280a3fe4ecb8e822105cc9ee626ea
SHA1 e310d55dd390988510b0a5e4d58e75a7053cb3c5
SHA256 be603550ee805e64bf1ddf834ed5f83c759a7058f28a606bf3c83418b2e4a3a6
SHA512 1cbb6d3041dc3b3e5a38ce5888c9fff1e1b97a6455f9947d6b9c8ff80b7cfd5012884140df329770d441750aba9068dc5335f1b8cb1c607195c748feca35e623

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1cc2a7988feb9d7f6964f5a734451a50
SHA1 fb5610a73f2b70fef6a27d6ff0661bcc81d114cd
SHA256 9eacc5a6dfcff8bd76ac85b9331c0edf02399b5dfc0dd71f33d0c8cb518fbb02
SHA512 206a9a8511f0524f72e46522572b1c6b4c68aa7b35a0c4a6cd26d92b74c0885d20de8bafcf295f469efb650cd60f490277ed69573b50d09fd3215ac2ab90a065

C:\note.txt

MD5 afa6955439b8d516721231029fb9ca1b
SHA1 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA256 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA512 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

memory/4952-227-0x000001C56D490000-0x000001C56D491000-memory.dmp

memory/4952-228-0x000001C56D490000-0x000001C56D491000-memory.dmp

memory/4952-226-0x000001C56D490000-0x000001C56D491000-memory.dmp

memory/4952-238-0x000001C56D490000-0x000001C56D491000-memory.dmp

memory/4952-237-0x000001C56D490000-0x000001C56D491000-memory.dmp

memory/4952-236-0x000001C56D490000-0x000001C56D491000-memory.dmp

memory/4952-235-0x000001C56D490000-0x000001C56D491000-memory.dmp

memory/4952-234-0x000001C56D490000-0x000001C56D491000-memory.dmp

memory/4952-233-0x000001C56D490000-0x000001C56D491000-memory.dmp

memory/4952-232-0x000001C56D490000-0x000001C56D491000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e8a6569c85cdf2bd40cda7e08fea6b7e
SHA1 63e5dc17073ebdbd428b7647e911beda8aea0243
SHA256 6510f120202b030046641293139de35bfd5a720a24573cca1d59fb2e9d2caade
SHA512 f6689664de39d0e5402c68d10651f99712854c24772db459889aadcf6fe6bc6f8472742a1151340fe18706325b7026c97f5c1ebaafbc4d7e5b50a374bbb9cd86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c573ce4796ecb9a2b66de09f20a7ca49
SHA1 2912e8c54ebd5a5238a53bbe3bd15bd5eeeab452
SHA256 8f3b59aff21587234670c98325b2634a664231cba8082688b56fcc5edbc397e4
SHA512 b7ca89bfbf8494cfe42a9c2505522d2ecab12340dc280f9170321dba4fecd5df0ae59d93c2610b94ce7b189541b4042db8e68f1bd39e3f19490942c516a47c54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 40e2cc8c1b143921ed5ef7c7582b5e06
SHA1 414f0fe9ffa6e9460474648b19918704663ae2df
SHA256 d1847470ab2b38ecffae518cec385e4e9730aa0c9542f12ce54afae7d24cb85a
SHA512 bb5aa7c3c32a3c7e3d8f0c8b9ace2b6da5da189fbac26a91cd29c3bd2483a211f243bcaada5ee95592bc204156bc624295dcced74ca6687d170dccab9bc8f7e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b9edaac74e8a948427db1cdab5a460cb
SHA1 39fe462bc0c91e7e37652dc518418e43b8e45d2a
SHA256 3240fe3bff72d3b42331a7d751b12e8cc78829fb3c3943a40a6a7f3171498efc
SHA512 6eece8c4905dad92db4cb0bd6583c48257be8cda1835599d19c34cd6ba95b9aa473b4055f22ffa901a2ca4c6ee53497f71cca179622d7a3aa01278713f67c220

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 3f76b3652296a704a065ac49ffebbe81
SHA1 83572232e5b41713e3313bbf9e35be5b3fcb9378
SHA256 312f1aa9b3c9ce70b9734d9ccadac0807e0994df253240b94ae39b69eb8fde36
SHA512 94fe372248730863163747302f3806251f907bfb80322a9d052eae54ba1c9ca50ef5766c71e4412eac5444dbdbe299dcf8bbc6f54b5d4fd1ab1d0a12702efec1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a0486d6f8406d852dd805b66ff467692
SHA1 77ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256 c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ca34c2bc9a62881f0790ee88c61f7dee
SHA1 0d63a4eb26bd7caa4fd11ce631dbb088549d3da7
SHA256 e84af14147150afea6bb3b9731c26e72aae0350d05a2c398e99403ce7059179a
SHA512 47a44e4704407bccfd2e740ac281cdb51d4a8ab30cba21118b319ce66302cb69ea29c380f5c14a5e1a2d5720d5586be07fbe1c7dcc4d121179d6ada53f5d919c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 1585c4c0ffdb55b2a4fdc0b0f5c317be
SHA1 aac0e0f12332063c75c690458b2cfe5acb800d0a
SHA256 18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5
SHA512 7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 90cef0b89d2ea90a56589188bfd75501
SHA1 75157b100a9955535d002e5dbfccb823152e6c6a
SHA256 93bad71dede30dc3513df1794825d3c605a84dac3ed12a03e0dba2e76dd7bc78
SHA512 2297766b1c489b422f30c0b03dca3bd57536effc476378ed7f6c1951d359ff1c0395f65391b6e89c2824c3e64e5440dd97e6d29c666a0ab22887ba554e98505f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6831dd1861e0e0a6423f7ecc9ab37bc1
SHA1 ea3f730fa08e5949d22ba75c6fe6397676c32a47
SHA256 2d85c497a79b775a3d822f63c8f0271ba97e973d803cdb9742afe9dff6eb71ea
SHA512 78da599de12c5f4b53fa112d304491cfc1b26798bfefb7fc205f5f7a1562141c0646453b0f86b07af9a50c08c7bc1c60909e3aa58ca3c7854abca5667c28624e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cdfa36b52638cfbc54387b2c903fc63a
SHA1 a17e5661cbbbb5423ce7868fdea91cd9f73613c8
SHA256 68f18a027280670fd2f670da4268b38717d7651987392fbc97954f13f077d8b4
SHA512 75fbc3f318b6f74df0bb022de46cd464b1b0a4c505e873fe4136dcdc037b1f2a2ac0a0b686febbabcfa0bdc4c57d8b485eef88b479b8ea52b9ccf434e4a8f7a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dc058ebc0f8181946a312f0be99ed79c
SHA1 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA512 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4a22b74ef582c40abea2369cd837e33e
SHA1 f2ade52d2f128d3b802345325836e958d187a227
SHA256 5de75e2338a219bd73c916b1bc8ed7189cf72fde26a82db03f7aaf5ec4962e56
SHA512 5104479a314bfcbf258c19bbdbf508444b15685b8fd634ce92dba20c9f617a06f1fd01670600a2724c5775ca71abbd956e931b6f3f75fd64aca94c538dabcead

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 66067447598ad23c1a20e21a931a7954
SHA1 1ed1c61ebb67ae02cb97c465339bac0fd0a565bd
SHA256 14cd126f853ceb6234fa34fe99a752fa4edca4af325aad8895d25f2ec3fd2151
SHA512 55ad58980e30164b9ac0fc9b604f1c14631798259cc06a4d67fe067497abc723539d0a6b3aac244d470ad16da4a6c0094a52a085560bef28e416ec625d1afd8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 22fd096121e15d291c0b357a38c15167
SHA1 eb7a392b64d149c152b4c5b49218a18f9a22e547
SHA256 62357faed65a87d055629d2655ee91621bc6b90bde0002e0a640768615f4685a
SHA512 14f5d1a1d339848d8b0ee4d3703824445988c534dcd9460ab18086414bf2827d55fa9164b2d9371a4b405cfacf65e8841377f1b71d1cc0ed3f7f072e4abee1d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3926723650c90eba55a49584940dcdd3
SHA1 ee7cfcb23ce9adf2324b0e1ce2c99da4289f4376
SHA256 97e6ef4981bf38f249834fe4868e0de05eb4c421de0ec313dffa41fa20e660aa
SHA512 a86ed7907a0f33b41d7242d79bdb6055775f77d08f75cd070df218e4e037a25191c0ab7503674ea11c2fa0d13a2763bf887df3f135dc1b5c5dd30b6e753420a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 dc335a3a02387683d187fb400c933a45
SHA1 313f8dede8f161fb91a747e2899aa5ac34d2e151
SHA256 6bc8a88efef4acb3f7d2b716df563ed53b7e4a638e36e96002f663a167716c6a
SHA512 490d6932c7899faa3d5f30f30d1754fac4aec5e4ee19f39b0f7e00e04bd98b46150e7cddf19c8cf36e6f7ffc10dd964f44af195b6e10d99b8787a6de9be4a424

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13373589820611432

MD5 7c9607bb6a2fb0f5852eaf70ab7f24fd
SHA1 06fa7fc7109d04ff53272515d68f0b64ae361052
SHA256 12093ec7f60c9f46be99d9b0c4f1a8b9ffd5c6a25abc7ec989578de732c95106
SHA512 ff1537b68fdf22e6d1212087ef14b276bf48e23189ec77de387b3d6737ccca79d959f0142c0b36e944523b456c416e5962b9cfdd8f93a7355b438c845cafc0d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 415f79a1bec58810f8e26f82358d8380
SHA1 0da6350fb8aea40bf45c49313faaa9f6112d0897
SHA256 52620f2ac165735acae22808d2a17f15a6423af03f22aaefe9086d618234e872
SHA512 2eb9395a6810287f5075ddaceac1eed1773d641611169a98c649c176766f740f860e5bd0fa40d3e8c243c211cc33703c1e92988f8d0db04e4187eca2faaf7693

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6c1cf179-c586-4a6a-8b1f-7419ae3cd916.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 a533679ce416d3957769435713fa5ade
SHA1 018423d8e1741ba85865b54de8251a23f109e006
SHA256 793b60f68d34af294a65296a606a73b368092f741caebd41e8886d34b9831bd7
SHA512 25e0fb2a8dcf963e6e26af36dc5b00741981701e57a77830286e6e697da1b1b29c056017de4a2882445e713ca51b88d1843c46520ce35021891d3c062cb9be4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 a64147475b7711d88c01e0b7b5445e78
SHA1 198964684a51f04e723c9c27d5a8854fc9b86ddb
SHA256 eeebbeb990b9558d159a7ee614ff38a1267cce2d9ac574d349461484c9ba24ce
SHA512 989214392458433346d6d980132de4af3d87e371e7359e3e892dae2fd700cbb2831ce9723f0ae0b63aca2b72502ac54ce7659241e112b8b8cffec6f450089bd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 0bb50e72eb9755d5951a325a6a435caa
SHA1 0d7c714bdae8b8aaf05e54978b27bb1dc6595e55
SHA256 adad1ce51ae20ff48c0fafd80bc1fa44a7fb49ca314019e7ebd3e49e5365474b
SHA512 21c23482f6e3f40562c94e019cb16c835cc9064d9123b48fb1880bc413ec584fdb33539bb124d5a19587e38cf1995b9b3996ca736c44d25d9967fb2e2f20ec37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 a98fa404f4c44f8b3418b03a1023bd76
SHA1 b0cc6dc7a37050df096731b2f1b47c47067ddc69
SHA256 039825f19ba9a712543af11868e1f106b5c01cd188a962c2742e84f775d06582
SHA512 051653aa911ff3c4bf3e21aa5705067c9d642c7ce5d2a92838fdad968bb2c8534da5fbf92cc7944ca2e5a0ef3c5a02d79de0ce540f11261acdda9a52d2ee11a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 2e5f84eb8b6d8c43ad567a5db6603f36
SHA1 59ea9694c4fd231c2390be58807669e51c18d275
SHA256 16bda80160471d45e6bb4b38cb1944364e242e3942d55d1214004da505e16c03
SHA512 cef00fe60f7885050aeb45ed8938dec4314b3436fa271b73ff1c06a92012331c668ab7ede35ea0a418362f1b9634b3feae696f112cc981e6368f992bc4dc4ca2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 86b9bb6c4b1bf31d75a2b36aae4fd2e2
SHA1 a5ac100b04cd017635b1cd1dd727fcf77e7688e4
SHA256 85b7b939f7eb346e4d15d48483aef2a5e1787d1aea24493b681315f7e38d8375
SHA512 805cf2e58ba8ca28db258d4bd4f16be58a288d79f29a34585771d32a52afc6773fb9811b6fe456a6787583d31d531f12e97de9a7b2139a3dd3558e38a6d7b0bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 309fa5b60ad173dfd424b9ef834525cc
SHA1 9c0f241078e7f69b170d6bbd9293b795e4c23be7
SHA256 0506c7dcd75bbf75251608362155c6f81a8f34d8e63cc9a078ac561e17a8a6e7
SHA512 bbbec43db8bd399810f7dc92c65be8cabd27ad7e4eb0d5c1edd9ee18cdcce38cb1a21a9a36ed81488bff555721b5cedc07032bcb292fa569492367104f16a0bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 e18e850a4b4bfee126b5d73514cdbb6b
SHA1 b95394ff0ef330c14e45cf1b3c31590ad1b14b12
SHA256 e7af423934ee8ddc286ff1e5d2842e71486a2c6a030ac77fda318993e49862a9
SHA512 5306fb8eace8941879cb95f9ac3efc19a972006ac7249ba151e3f5303dd4a3b1bc407d4a8e53827de47bfbbfbb86e75380426805e12955978d169f486bef6444

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 bfc748595bae7744909e490f1530b27c
SHA1 5a64920a25c31a27646014f97171198bcc9e9aad
SHA256 f262e529ea583b0784ade934bf0ab22def9093a904d156227b8219d9c5ade8a1
SHA512 fa83712640c2d898583bcc4ad1250bd0b6033a81764eb0b00c02b5c67af7dd9ba8365ff24ed8aae2d183b33b057c9fa9b4f76c26d5ea70e5729ab39f69c84042

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 bf20a344b6cdffc6ad8b1c8f29a623e5
SHA1 1448f358f4536a6cd3cf6a5df6179ca28cea5ac8
SHA256 97009a75d0b4766224a65a92bdfe93315fe06ef1001339fe7f61b691df2650f9
SHA512 c6a38b7bb06bcd0764e412ce33e2c40741bcde6cb89d1574117671fb9a4e3b219f281d047756434ca55c255379ad7af3c33da877fbfe0d31fbe32360b80c1df4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 c1f5737d016bca53d60d33af14cfab7e
SHA1 64cfdc56acca1a5fc557e4124ee26cb3ad43990b
SHA256 fcfbfeedaba21fec014cf3f650c76e0c77554938c4b3e33daf282c19eee6b591
SHA512 d350dad81eb0eaf0dea1c911668544b4c00e22cdb00a276c3c71d67d714dac258715c219afaed126cd19ab8b5809df48773a538019095218987df9f649c12a2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 55c1dd8240457c56907255cd086a7bf3
SHA1 4cec7f24361ac554e8a521bb3b067973c68986f0
SHA256 f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617
SHA512 9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e01e2d3169a40e7220316fbe82dbd0a
SHA1 6cff20ab329443385b22e27c2902ada6954217fd
SHA256 6ad1e117dba09ebbeb03e5aa1a1409880279ffa46cf0c840132ab47aa2e83034
SHA512 1e19734693699c2ec4a0dcf8edb89af5d6dc8c8617e1e249e548640c167318c24ec5456d6e6534939b809a4281fc07f0be399593e61c828751242e551d1306e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 83f931832b553e627b5be8c8b6972548
SHA1 995569c94e710e242f30588e86d98d75777a6fc2
SHA256 7751089b810c10e9062968241ecbfcf49186cb7f5dc8a7cda279b651f7a7bfd1
SHA512 df2e64b6d5bd099e7322b723411efd039e424ef4e3eb16c1ae2f34cbd883a6dc75803fcb97a5f88e5be020a9e75df835779bb1224e507ffef2d298cf52cfc09f

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

MD5 3e0de92472a6bacbaf16d338d746ea73
SHA1 a3869d0338d1fd01a4db92dba29464860f676e56
SHA256 102da61eacecfe1894d2571d3c002c1d33a18ce6c018681342ee5b5fbb73cb33
SHA512 2d195a6831d0d7b123df4f37c0b10639bc22afa4363d6079fae3fb04d2b49af5f2ad75fee4f0c15b19973d41fd9566b38e25950cf6c8d646e4086f5456c0317d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 604baacdc61766d93c36719d220a7979
SHA1 50449e17dcf03454128dbaf8213f516c66797759
SHA256 80131f4c038799e2e55fd88be9c5e04eaa90175f96d19a192a434ab7ebe5e13c
SHA512 f81c4218bbae40fc7734e7a0d024e0aadd486e7de7a3c61754ebf5e04e5d5fa962842720c942442543ec13709aa1d582387b5025c7f55c6e2d21fdc7385d3e13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 93c351a178a95a8be0ae15906b5f29ed
SHA1 e99edc0d12c89318744ac7211e378040fa5e5730
SHA256 6bbcdb6fdb920093cde0f97b0956e2d326a121e76acce5eb780ab2af18ca2d00
SHA512 e3929f5fe2a185f0a2a5743ec82133dd6d58ebe7d42443c3c03193c0de2556d401e8486f0f48377ea80abd7445596982a2616ca571215f0845444c18b5e274da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 72ce7cffde8bd4d2d72ce218ad3b409c
SHA1 b5c34ac52547569a044201adfc4b674ba9a77cfc
SHA256 5db3c4d92c833286c7bf062e70e23747842d05e6cbc631f6b5a4af8645ed6a63
SHA512 5c0f896d0de808821efb01381463dc93d681d632480a00437f593dd6b9e2cd7b914677dbe7d3ff316bc83f7274630fb5bbd5fbd4df409b56f09adb341c5c7d8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 7cdd3669a9ff8d00ba38796652e3dfd6
SHA1 d432ba6d4c32361d43bc6b6dce1f665b759a7079
SHA256 16d92f0c44b1ca5ae046f24bed2a70a60ee9215970f3a5e31712d799e7de2156
SHA512 4e24f1e09b13c6651316f9efcd1301868890912174d5563b6f075297bd15bbdc461251d718bd5e39e59d46b5c893254d1c9a9588bc525eec23e94c7f87e8f16c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 8ad5b708c1d861490e24de3b6bb2a7db
SHA1 691cc5801a58a73957560f6bababbd63ffdc2e95
SHA256 44819c19d150096d4f6b2849f054a0bbf0feb96129e122f4f35d3f4dc676f590
SHA512 f87b583aa8c997c6fd2640c8259f958946626d25e5a7d5955cc7e5927ee815243842063a45ed578b7c8967d81c33c06852cdeee29375c45e11813bc621c878e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 4055771ceb30cb855743737c11949fb2
SHA1 6f3dd2bd33b990ff27fed5570f3376eace5364cd
SHA256 f82bdf33ea398d51b9fddd21ec01d21afb615dc0604bd613d47b8923f0c9596a
SHA512 577056a9174a7e7d18ebf20071b36bcb5ef272963dfcbc0845cfacf5512453f4dff6a2a9838841ff520e51537fa110a32e5a945fa0cd809d3d5eb30b95028921

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 54963b4606246704efd335d7bfc49eee
SHA1 98f1280e9bd36eaca92c477c7ae1bc9a33b6bccd
SHA256 34580f40ba3a9b9b253977cb257c63d27b8990e8b189c751c91eb0168fe193c3
SHA512 e8badf72307323f9ec47b95b936a1d376f4ea272e55e525bfa4aa94554c230e87dcbe109d8b009b5e9e44ab71c057b534802c65618317466240ff9c877780553

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 a9851aa4c3c8af2d1bd8834201b2ba51
SHA1 fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256 e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA512 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 8f2f84582064985d87efcd8a00cd7326
SHA1 a65a69b5d715db7ba8510fbf5f39c1a999543f03
SHA256 98d51a093b284d106e6135b5f9d911de729df8cc5b487dcec567f4ee9eaa685c
SHA512 2a9fdc7dec2f4f5d7e8dfdef02c4bca572a50a3d338e358da8d424be695d1424b4bda7b944b7a4349232aadca696b0b55698485ebdb9d4ea21d3e666b7037b7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 7e048840d59555b914009ae3dcfd8bf4
SHA1 cc308bf94814d9fe16afed144f4869eb77058472
SHA256 9eac5a6e424e5da82c67cbdff368597b7c2f8d99fb5e4672c404584b70479243
SHA512 d548e1845fc8e584cf354be123987cdb43d5c553818687f007814e2e5caf832d28b00c76b8e5956e53205ca815c74cb1e6a82719f39809a3b5b6790edb1fc750

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 b90b03bef1e6dc5a2a6d0f9e068ddadd
SHA1 fcb78f89172b56be95a6bde6c3dfa89b7244e21b
SHA256 f3e91cbad4683b7f9d5359797b24f2424d0e155520ddcfeaa8f59109d5ddd539
SHA512 e34d39fa7702447bea8f27a16e885aad8effec40756085f1830acbd2e36b9933ce79b0e6d710ca0b5c764a5341c5b610fa123daf5c4de0d4ed2345e425693a7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

MD5 b8932fc8124287764f6c0221b2a3b3c5
SHA1 8f4ec5c2e92db9b51556cf3718028c268f132fc8
SHA256 1fa3a818eb03e88e0384b2f70783db68e71a204c8bb45c972b6fac8b64bf8ab0
SHA512 8161b7cb94648543dd1b01b3b57016c82cc907c06510309c39500c9448065541df8e4e9efd0f6bb7fe54c765ec08e04bfa4576e6fed35713969fcb8a6f87b713

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d64d644df228024_0

MD5 b471e9473ade6773547a14858beb11e1
SHA1 f02e2b9bd3c859759e1ea10254288c4ff887e89c
SHA256 67817f7a28803467291002b8bacea1c10c2134bda4d3430b2670add092916602
SHA512 7263880ade59f5474d888fa4e038f4592e17948b87247e6b0f3b5aea5324d4c083002fb432d9ed2b22aa26d647c3363a3a877485d15e2a2c387e86955d20db26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 df5d12f1976b0bbbf9410b3d6d0c2900
SHA1 52403792e08961c3968a8105e5f92c94f3e166ff
SHA256 4abe6131dedfbc5184eab60893b4fc3bef994ddda92cecb560661dfed9d7c4c6
SHA512 59a40806304479abe327ba40222861e18ef0d29f7854adce0cefb9b4dac2c0cc65226b5d6bb714bf435139e85c43a2fe28c84429f3605a114889b1104ebe9675

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9a39a53b3309210ca99c5ada4bc3b38c
SHA1 9c21627f2d558250adbcbfe69700ca0db71ec516
SHA256 532e5c06e06b766cc2c9e5c5571db924cdb3ce28a1802f17ec4f688b18e49f85
SHA512 52e662a5edcae17f607165b2050ac48976e965adb172846e0bf33395a6b1ea0dba8ebd8ca22eb9026d49636277d5ae1cfeda2c0146c87f8f59c0b01dc5ed71df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 30628cad44f34b61463c1322b06fe8f8
SHA1 10f6fa8bc118b26389b66fd66e864e4677de0ebf
SHA256 2fd103a11703d55afa41fb4aba7b707ead31d0b1754c3ee8ed605f07ef34e365
SHA512 267e5caaffb46f694011a518d1a672afd9a6fc8ce7b62a670632db970280a272d241c15119672610ede16bba87ed78bd45ad77a0bf2591c3caee009c4a326d31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e7ee4ce595b58062096a02331513dced
SHA1 3a2014093064e82e6e747f2dff4139d92d0f740f
SHA256 95ea95c7794ef8c8a87ae7b7a273793a595b5627190ac55461579f8216911652
SHA512 1b62e785c438085a62a9deb7cd72aa35697e8dec33b366eafa7c6fb4e7d146d190eb35ade01c1a8bfe7a17090984b84a47a36ef32adb9740fd243e1bf04b9285

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b5a64335345104f17e0aa1e966c7781e
SHA1 c99d7fafebcb9dc44bec31ab73f7a5336b61e366
SHA256 8021db173ad3ff270704f6bbc7e5fca25185893932052c89de68c26b703e7f81
SHA512 7b1c99ab240cbaa4c4752c09d7328c8b5429cfe0d607f32b8bf0e2d27b475eb2eca89668fab33d25bd9e0c7789a8ad5aa9b28c4b617fd045c6efef69ef9ba03e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d811977aded867e67c48efc967e56264
SHA1 6d0fc4e4ac75f74114ee1e0a682d035a02ab3fc3
SHA256 9e896a904520c152e84bb3213847cb3665969956fca2dff13c895194469dc121
SHA512 a06c5bdf36ee034f13410ad4bf151db58aca561ab0d4d3eac4ff63c04521e97c06d0e3671e79f1e5d5371329d4986b9fbf6f5a5bfba3aade12ed053370c1fc91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4fc357e175a7332a63ccb2eb6e940d44
SHA1 52b180004baf331bf0c5c761e405f45706d550ee
SHA256 7a85d7d35c61f86fdd0f7c01f77ddaacb4b487a70dd266cc8148891e2f203ca9
SHA512 a5efcf8ea378007c31147db6d38808b2fc7c3334cb5823d204ecf2740203426248aa09db4cf9066d1207e0fb6ed4adb59fe42bcda8b13fee86964eaaf6f16ffd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 f62b411b8c3a987138f0a1593cb542d6
SHA1 11c1ebad6de9276e704be9932cd2031ab79f1917
SHA256 e8a6ed43df878e1a5fb75cc351f585193cd51626b5c6076c16e380cc0a0a2f82
SHA512 092ff5656f66ec5fc1a9a0a85cd21124fa9746022ee3315420937058d60a304d97eabe31cd644756ba230fd6eaabe23addccccef1d4907c21fc548fabcc4fdba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2bd66b851eeaa34c0a8ae606f1ad8d14
SHA1 0b4d29794c633b6da938c84e1d86b787b4dc2988
SHA256 b635ad22fbc6950fa69958d537cb5a2a6cce6492d80507a344095d3e17735482
SHA512 8fa40c35b852dbfa515556196724f886c88651d6f19a6c2ffd21ed622449f412b41e19315494d5e0a0aae1e3205983dd976a0cdd065dadedb7689993f2683934

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 a75f6cea391ac1d1f6fded2ea83e0390
SHA1 c8a2c89feeb233366183107970bb4adc46b2680d
SHA256 207cfc725a4392af15785d04f7660a4dd3941b969a999c65e926bedc8ea03c5f
SHA512 e666b7a77b4ea5b4c5fc3acad9f673ca7523b30fbef39c82203846ff173038b48778570121227299a594ca41b843a4f215e47051a81302362225842aa739a2c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2892eee3e20e19a9ba77be6913508a54
SHA1 7c4ef82faa28393c739c517d706ac6919a8ffc49
SHA256 4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512 b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b03f4.TMP

MD5 c140c63af0c56e3e70e322cf639dc3de
SHA1 7f95a02f3f1dc025c2b480bc1126b4c51f5804bb
SHA256 d787b0c6eff914e3eb64b73716b393b2d30f7a070c4f7368fb421b28fb77e033
SHA512 204aa1583f89bebc129e23a4a5f3fcaba6c38e434a91610c1e6d91d75499648a1df55027267fd26c03d1545f878209d3986ca4a12fd58adad3cfe38fc0ae30a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5cddccdeb9d9b89ec3268f2dbd06bed8
SHA1 1cab0080a49efb47a82b07f7ff651046a779d5df
SHA256 8c0ae20a29da9f632be103ffe21849adce95f1cbdbf9981bdb23938ff028ca60
SHA512 50b0f29857153b6675552f841d03b23e467ad52d8d6f7a4187c07fe1e9f54e7f27c56dd5325fa39a54b9adf0000a8221d89c933010486ee70628f283c0b63628

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b0aba.TMP

MD5 5bbda8e96980bc2cbc1f0515c3526eb5
SHA1 d97354327682c7825907681f8c72616da9a80be8
SHA256 4a199ad406e8c0b931eb30bc0eb160fbf33a25570c9872a5e519a667951e141e
SHA512 7e9eb71b9b4c19df52486a1c9ead99a9b82ff5df97478b1f186cc2a205fa0f556ab19e599df290b032d174343e0580626c713f75a3bd841775d65eeecc7d1212

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f84865ea4316b8414048ef405c38fbb2
SHA1 9a3391cc8fd10ec971b1e09da3ba16a4ca29b34f
SHA256 405b27486627f703c14b9bf6d2585b910f4ab65ba88a3dfa8ac195fed5af953c
SHA512 9ecf1d1f2d7b7627948fb505220e7cd695a77f681df7924e6883dfd8424f846b10dbb60c4d6c1b247e892e16ebfa679b08baccf9438bf479a9aa795465123740

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dde39c57ebd7a68bd1de74a62db9170b
SHA1 ac8e6e2fd06b07e5f68658a0736cd527ab5b523d
SHA256 11d90d76c7ed4e10db2b70d98e1b6414dad22e6195458917befa21a5f0aaee6a
SHA512 b8a3259a840d06466578929dc3eda0687d3b8f9617207609787df707680a636168a75432682654283cb6274afafcbdd0d01fd56af85001d2661376662c1b7c7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 74df677f5b356b1d884faec5fbccabfc
SHA1 27398df293d558e33abddd91ecc857d06a09cea7
SHA256 445080ceb9978ce5f71333e75c48e974f91ddbbb29c71e2e638bd005ecf71905
SHA512 28c95e94fb419a6feaf3648f78cd2c491489c64737c3b2fa2570a5760d0d7c90506f3519cb57a0c9bd957d9f37ab15c3788802e1cfb97147494c4936c3904097

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dd4435c0fb473fb77c31dad6ba50d61e
SHA1 360d58018283f4fe4368eefb3f2199888becacfe
SHA256 c89c39fca81515fb4f200f6117319b007130cf1f2a4059f8531b206ea9c73568
SHA512 d89137f7ba8356ea26e53b36b40fed7f910be6156a6fe87fc31e2ac17fe95fab5a3d404130dda937f7fe641b7bdcf54e6012ae29d574806d56a7805e729fb194

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 16b3cb842953f504bcb2b4b1df187f9f
SHA1 df6a4b3ce745a661620f05eb299fd7165cb47933
SHA256 639d1657e0a83e4445a053812af8819d461674a9a0222e1c37491f7747d914b2
SHA512 92f8235368eef4159e5801bbca54075d220d428c524baed3ce25e901a793afdd410438aaa46096bbdcc6ae122805e23bf5d688e2f3ef6386b34aa931c34d9503

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5ab0b346d967055f901199d4fdb12611
SHA1 27caca2b766974616b7752016fe88b184e8ac615
SHA256 db6ed99ece28a82a2af3f5e56831032f2e703d8d3e21946dc890715649f5f5a9
SHA512 ba91f060b83318a6dbb4bf0aad2b15c9b90c27129d21c1b51b0718f16e2d9d003b86d3c7d17321350edd25effd3906c2b9175eb393d03465e736e951fc9aa105

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2fd04331f511dc0285a63474719fe708
SHA1 3247f0c58be355ba1c31620376a7ca509bbdfe6a
SHA256 ea3b064fab996a3eb6a0e0610df10fb17b6029d70f93463df9092ed2a1a84186
SHA512 ca25400c54a6cd8e2d6fbd135e637f01068a8b795e752094d77bd6163fac30282bbfeae804350bf919d7ebc4fe300d6959cb57572148aed337a2b78e859969ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8389761572ecc85776a54bfd5fcea19e
SHA1 1b78926ec837c965abcc22a2ae2ff393ea3c742e
SHA256 3a3f6fd93a638f9502bfb2d7b98790df80a095d896976ec393f9121924451435
SHA512 41b2fb1d0207ea6f0f582a2c4acb07fe6dc7b5d81646f0e5bb64f86658866fdd0bba37770ac6f43fc5c8118c500055fbb5d1eb8aee4a9d19f08dd0556a7baef5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dda4f1996d1758cdaf24a05e576b6b0f
SHA1 407f4eb095ed360a15cba4b5fae210d7226f62ed
SHA256 06389ac11338d8222c92f24b6857f5737f9deb0137e12bd5709878bc1e1d9805
SHA512 1bb4122aa04471e0f0ec033334fd7fad8a09d14a0ab2351deae42f0cfa63ce3246646bc52612f83708a1ad1a27574d293ddec904507a9a07ef33b5ad626829b3

memory/3440-1417-0x00000000055F0000-0x00000000055F1000-memory.dmp

memory/3440-1419-0x00000000055F0000-0x00000000055F1000-memory.dmp

memory/3440-1418-0x00000000055F0000-0x00000000055F1000-memory.dmp

memory/3440-1428-0x00000000055F0000-0x00000000055F1000-memory.dmp

memory/3440-1427-0x00000000055F0000-0x00000000055F1000-memory.dmp

memory/3440-1426-0x00000000055F0000-0x00000000055F1000-memory.dmp

memory/3440-1425-0x00000000055F0000-0x00000000055F1000-memory.dmp

memory/3440-1424-0x00000000055F0000-0x00000000055F1000-memory.dmp

memory/3440-1423-0x00000000055F0000-0x00000000055F1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 73d49b128441c492a0e4e72ae6d7e48a
SHA1 0aa1b1137c6e616131cee39e170c85bcdd57be62
SHA256 9e77e62b79f4d2d3c0bd4dac351ba12edfeb4717a42763a79bedd4a89ded9086
SHA512 701abd8c5cdd95002de9e17fae511dcc08c55147984ddf8230f837be7ea7aea022a33c07f0853bb41a4fbd1f12465c8ec984ab36d3064eaf055576e93fb7fff6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7e0e46d5c06944df46ecdbe50ea47099
SHA1 27be11c0af7eee80e4debcc91761c58db2ed9ad4
SHA256 a31bbb906673c58d2b02389a839b50fb6eb96ba23100dbf66e6211b5e99223cb
SHA512 18aa6fd46aa9b51c6305c2d1c53580b0b24e9c47a946c0f2fe6a3ffaa35efa001cc5351d9b7c82f08cb601d27d0d707f6e74d0d9dcec14db57cc339fa8f70e68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\353b37b298cb6040_0

MD5 32a6015afd2d9ff98a49511a724ee62e
SHA1 f6e91eb455971e34c08b04a1ae7495a67232a971
SHA256 18327eb4e765b4f1140d724ce956b611aa721afa7ee2d5cddd11a8b5cc7f350e
SHA512 3f1cf07c57d72a61b06f13e1fa8ce1a44379bf5e95a098a0165b390e3c62c7492538e958e21fc61e26ceabce854f27f906c80a718d61615b9814d950c7a02629

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d64d644df228024_0

MD5 f2cc0039b201ac8f8f034f37d597bae9
SHA1 758de2868067751e988d0c09ae1b80e12b1901de
SHA256 e520bb63b5cb23e0234ea662be9b53a7031c78cfc48c08e25015479780c5f7e1
SHA512 917eefd2a4695618dfecc9b47b5bdae0d71461d11a7ede52269c816ff0f750342e1f70b2a4e7ddf24edef1d2b556e7cd70da8f95e75bbe84933218fa07ea4ff0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 12e5e8b409a714e6a1f19b8487ad68f6
SHA1 dc2796275dfbe5a7d9c42ed055ee0307484d47dd
SHA256 546b31e0e9d61f9903984528d86109ca39b30e30594bcb96647b566137869d24
SHA512 28d4c2ea45b1b338c6b30e0ac19aa0d5ac0ea9ffe753f71f3638a2d94138b102c7331cfe388d47c0cd832300f838d65117e0206d18f07cdaff3cfcb935900244

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ecfdd58a477d0f5c17f8dd7a3cf661e9
SHA1 7462a1bf2bd1024f52788e99e6bf94b4eb2a2b52
SHA256 5b5006c86eba4214620cf401d2b6a4af65fa5c5656e28c60888e08a7634089d9
SHA512 26010d29b0ef8e2c8dae0fdaaf4514ddfb8723b7e857deab1a14f506dfe3286fbce1f7758c921b0f540245f9af19da7a3f37751eb6467157faea157233b9ed94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b67285cc6d91bad93285acd73969ee10
SHA1 ecdfd3814e4c26b37c810c8bfc669d5fc6fac99e
SHA256 47341f70fcb4357ce7d5c40cd6434a412dfc4546a468eaec86ed4d430c944886
SHA512 9e7941f1879779758baaccb6a2525e165a34fa3aba537c12b2cd1676ffd761720cb5152e187f87ca593042c65bb6fcdd1aab81a51cb3c53e87604b3b40d504ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d9e05c951fc577fab2cdbc5fc100efda
SHA1 fb0d698151f2d929ba2d148c1001262f38af8ecf
SHA256 b555a08161885fea6375c55934075f9db6bffeb0bcc4dab3c8ad459e4941cc2e
SHA512 a2dee08038b112d521c80a82a5c02090ab7ae045982afdf2c56e6fb73fb8799b52fcdc5193be16260f507b41c16d644860a087cddfe2fc45cf48acdb10ede5b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1cc7c3bf1dfaeb658f8f64e9add5b294
SHA1 69252a4e60587b658cbc0b8c3ab7ecb796ce8f0d
SHA256 f2f85898162a2f770c6693ff0b7dfff0a97e0dce5666e091b735bc829c21bc84
SHA512 0bedf4d363d750baf701a3011d36c23e1aaba14b9363a4ae93bd794f6871cdaed637b3b5d3706949bf1ff98c819fcbf1213dde5ff7e0635e0ef0bd714241c502

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d40002a027b04d6896b2ea2f796d6d91
SHA1 3c3084b93c804eda4ab27137fd88e4963a2b49b1
SHA256 d2c262636b92aea19ee1903ed1cf50877068f251564b290e0fb7a7796194ca4a
SHA512 37bcd479b03b5586a832f08be4b28138ec58fc02d12f8ed238deb86f7107f640da228b764a08702d70df00752f5ea25c5afa49441f3b5ae6801492dbcaa352f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3258f13dce38533f7fefb0e28d504197
SHA1 f73944345da4e02f14978f8f8e9a058c87bab9c1
SHA256 0ea6ed7b144f5d5a173237dee05dfca5aea57718f00c587fe36ce01abdaf3cc8
SHA512 0c3f30aecb335a8e226d71b6eca46d19f5f84b83a049cd7fc82fef4fa2449663d6854af22ccf5efd24b29dc121477bc0674531819405c2fec7eb2a8210a6718c