Malware Analysis Report

2025-06-16 00:41

Sample ID 241110-z7fk1avmcz
Target MEMZ-Clean.bat
SHA256 5c3fde60c178ed0306dd3e396032acdc9bc55c690e27a926923dd18238bbd64c
Tags
discovery execution
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5c3fde60c178ed0306dd3e396032acdc9bc55c690e27a926923dd18238bbd64c

Threat Level: Shows suspicious behavior

The file MEMZ-Clean.bat was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery execution

Checks computer location settings

Executes dropped EXE

Browser Information Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Command and Scripting Interpreter: JavaScript

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Uses Volume Shadow Copy WMI provider

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy service COM API

Uses Task Scheduler COM API

Modifies Internet Explorer settings

Suspicious behavior: CmdExeWriteProcessMemorySpam

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 21:21

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 21:21

Reported

2024-11-10 21:24

Platform

win7-20241010-en

Max time kernel

149s

Max time network

148s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\MEMZ-Clean.bat"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A

Command and Scripting Interpreter: JavaScript

execution

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000208684c29764fb6fd0d807a21c5d0cf18f59db80c343f495c3c478d1cd891b8c000000000e8000000002000020000000031f991b02c6a17d996aa5c3f7b45370aba5a01a203f6924372918d05fb9aaf7900000004f61ee81b4ff22e15ca30f6b87c35c4df0829c0d0e7c161f0e79e1344492d2a3a1c30b46af2683375075fd169b98ee5026979d6ea21bd6696876a95d4ab7d0dee8728f0f73a37288a09d71f96c65bed9850a6e46aedc6b66d7aeec9f8bd01d746149440a2203506f581e09da71ad516b76880d7dd258e29de1cc06913e7fd3cf72ddc22c569ec58eeb1fab282a2773904000000047b34029489a0415d8bfeb62cde8f58beea10d00f8c962c7eab27d5cff850204f3ca38161136c550744b4ce281652979f46f43f324d55efee8cc4c0c0526ff76 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437435580" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 808d40a4b633db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b1319000000000200000000001066000000010000200000009a430ae8752ea169eb952850d74da07375338f7d15101017d7969164218e2467000000000e8000000002000020000000348c2fd17d36c4b10ca0b90eb1dc3beea83838180676fbec1425d2c1c1101794200000009be190d428d74cae24d720d55b8aab413c8ba4214966b32318d53e5a2b22657e400000000451646a7092525d6d9bdbc8af3ffe5375eee274a053c7667834c38398626eb833c42c79648a7558d67056234cd927e40518f7096c217903551fd49fad09a1a7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CD8270F1-9FA9-11EF-A276-7E6174361434} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: CmdExeWriteProcessMemorySpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\cscript.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2380 wrote to memory of 2040 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cscript.exe
PID 2380 wrote to memory of 2040 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cscript.exe
PID 2380 wrote to memory of 2040 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cscript.exe
PID 2380 wrote to memory of 2428 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 2380 wrote to memory of 2428 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 2380 wrote to memory of 2428 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 2380 wrote to memory of 2428 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 2428 wrote to memory of 688 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2428 wrote to memory of 688 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2428 wrote to memory of 688 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2428 wrote to memory of 688 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 688 wrote to memory of 2028 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 688 wrote to memory of 2028 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 688 wrote to memory of 2028 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 688 wrote to memory of 2028 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 688 wrote to memory of 2256 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 688 wrote to memory of 2256 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 688 wrote to memory of 2256 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 688 wrote to memory of 2256 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\MEMZ-Clean.bat"

C:\Windows\system32\cscript.exe

cscript x.js

C:\Users\Admin\AppData\Roaming\MEMZ.exe

"C:\Users\Admin\AppData\Roaming\MEMZ.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=half+life+3+release+date

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:688 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:688 CREDAT:209935 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 google.co.ck udp
GB 142.250.187.196:80 google.co.ck tcp
GB 142.250.187.196:80 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 www.gstatic.com tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.187.196:80 google.co.ck tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 142.250.180.4:443 www.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\x

MD5 4b3df13992e0396b7c177e92f1681d51
SHA1 c83ab930eddb5ba3ce11e6639f78c7ce2ae90644
SHA256 9b724672ccbf94154d18a0a1101ae6665166c420d9f373bd22c2f3fea41f043d
SHA512 58024fc8bfaa93b9b58c6ef86e8056658d62dcfe74e914e177a3c25901ba8b2a094457b05a860cb52f741d2df77858998d0e06f6c83e1666b9d158b2dce1921a

C:\Users\Admin\AppData\Local\Temp\x

MD5 aa1d15cdd2b9ae486690eb7b8218cc7b
SHA1 6ba3de524342345ed398fcfb046375f904321b61
SHA256 1be0d3e2c6f054d1fa6e78b683fec21ab938f48c8b9e8ff02eaa42d76dd2d047
SHA512 11d3de7820cbc86ebcf75abb8d0703a192b9592af4b02badfa90275a4618d0862b7f7628bcfaa85087a63523882f4b324afbdd711218219de3ebb207c279c210

C:\Users\Admin\AppData\Local\Temp\x

MD5 20e335859ff991575cf1ddf538e5817c
SHA1 1e81b804d67d6c0e22c0cef7e1cb9f86ce0ef5ee
SHA256 88339750431112ed60cdf9bdb7697434ba9b38e2d15ad604c4462705bc1bdfcf
SHA512 012251b342722cf35ebec2c7d071db505a992d81fc4b3492cd87640b5c955dc084825fc5e72edc821f4c481867183f21d26cd904fe7f0373d1156332f87b031d

C:\Users\Admin\AppData\Local\Temp\x.js

MD5 8eec8704d2a7bc80b95b7460c06f4854
SHA1 1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326
SHA256 aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596
SHA512 e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

C:\Users\Admin\AppData\Local\Temp\x

MD5 5ce1a2162bf5e16485f5e263b3cc5cf5
SHA1 e9ec3e06bef08fcf29be35c6a4b2217a8328133c
SHA256 0557ea4c5e309b16458ca32ac617b76d1a55f5f0103e368d05c0f0386b7a0a43
SHA512 ceb5e270bdbcab5be645e50705e3111a5c4751a7a865580d53fa86580025201264a49dd0ea9135b10cff28d7bb21b767ac5d4aff40e880a866ab35df273b5de1

C:\Users\Admin\AppData\Local\Temp\z.zip

MD5 d2ea024b943caa1361833885b832d20b
SHA1 1e17c27a3260862645bdaff5cf82c44172d4df9a
SHA256 39df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76
SHA512 7b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb

memory/2040-120-0x00000000036E0000-0x00000000036E1000-memory.dmp

C:\Users\Admin\AppData\Roaming\MEMZ.exe

MD5 9c642c5b111ee85a6bccffc7af896a51
SHA1 eca8571b994fd40e2018f48c214fab6472a98bab
SHA256 4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5
SHA512 23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\melo7gx\imagestore.dat

MD5 2632819a588986123080c28d5704f626
SHA1 fdab4ef77eedf82c3fcbe037da2431d80d5d525b
SHA256 4baaaa7f23765a5eb51dc20ab37af0985d946a428c322372973b0874d8f6ad8a
SHA512 f10024b893744e2bce2b3c728b255ca1c17ad1bb151c284151dc73631b2096b305e58a2b1f356cbe4af700dad7267afd0788db7e0a45a1a8e92f26e6d16dbe17

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\recaptcha__en[1].js

MD5 88a5fed5c87b1d3704ab225cfbe7a130
SHA1 d64243c18fbaa356e4abae8414ccc4772d64060b
SHA256 f8e5f5ce9ff44073cff24bcd3d2b8aa4e67b67891b14ff929fe4743880fdf82e
SHA512 8b8d1c9f4c36fd2383c96d0d484a6692f70422934bccd3db1f0787e1b753f7d5a8f0c91934805c4d865aed3d4673ff478f0ae23746d0c0e005e60848543b3d33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5bf0ebff71007eda13441f1d148ed042
SHA1 67016eacbc1699763c7d12994d16fde2ee2117b6
SHA256 46b1486f61212bc691ec21ad01f16e61587d1132036f8545b5611fc48348a4ff
SHA512 b056c80fbc14f6ebd731f42309685ebe7b61b884e1ab9470a98155a2d96edf8a9769209674446089109aa177e93c75b43a0710158c847283107c5820447ef82c

C:\Users\Admin\AppData\Local\Temp\TarEED4.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\CabEED5.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 434f46b58862ef7570007a456911635a
SHA1 3f918d7b0c3d4a02e44ad5e03f7db4ebd93bd172
SHA256 ff4dc123331a5af12c83a963c05c18092fcb552637731c9761e44712f29581e7
SHA512 1a3f0e3d0b43923e723ada1d67d2666a7630ff5d2cf1d38840a5e925a2f93e647b7891a5ea79d1c38a6a49c957a339f6f21a0c0b8aec01eeeadebc2bd18e703f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f25f998f051d658da19900f328e66993
SHA1 9570f7267730984137ff2119498e890cef14d128
SHA256 8c4588775902023dad98b330ded6574bed67e7c874c8ce35efab0f86b342d577
SHA512 f4982f00a41fe4c9a65fdd064b543ed2fc698c0e597386b24623c112484e9d48425f93a441f6d36a5748953d4f8da4e03465ef507d1ab9066f1e709a65e5337a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd01926946186517784db7c0b1797c49
SHA1 46fc67fe49957ab35e229bd4c851264e9e7f75cc
SHA256 12caf873bd18e789d4e7553669d9dadc8b8efb20188ce7266343e2c15f718bb9
SHA512 7be2cfd90baeabdf4003edd098545c9a236d9cb77892ddcb5150033f6d044792eff2bde4ebcfcddaddb0cff0f5766cb670cfc64ba0d521ff995057cb4710973b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c54fc16ed9f1a2e6d79459e6642341c7
SHA1 737dddba8abb79e978dc27c52c752bc629c1bb9c
SHA256 085a7a2687917f5033631a11aea7cdb0de12ed4aa4483d243434638831d518e3
SHA512 ae0bfea049edc266f79caace837f16cdd81d330bbdff59e81ebbcc029dc54c90fac77766e54c54c85da4d08c2cb2a60bec2822d042bd8bc10daa819cfd7091fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc77d875340b658f29a474e86b917f05
SHA1 e9c3500c54ecae045f967e8515e12b32d7527cc1
SHA256 cb83eac7a521cb8455f3b8a8e340c74161290534b4a941e2f9335aa6078a3744
SHA512 31c58c3c1b264ec12a1fd010d9107411e41016965291accc82cce0d48eec2b04d79bac7fcdee458b380f0febb45d086db8588759d6b50db995f912468752a3c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f2349a39104d84c1da4ae24aba99e1f
SHA1 004e9a1a324be4c94c066ba0f5c652e194575be2
SHA256 734ed0d5f5e4d2ddd55767d76dcbf4891c8589099b40b58649c3177b81106815
SHA512 2684e75d856d98c6251de30bd67c25d9fbc5229b5be669e6b8c9af6a41bbad7b2b6d2ec6237c550195410b841fd691d2f2592165231a38a5905bd0a494fceee3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75e3954a00542fc694ecc42f073af90b
SHA1 f4d63eb3abb1e5c6f4e20ca1a50f40be5df628d8
SHA256 ae67950bf6b73ac499d92e17eda504b6b879ba51a9a734e859c89512fd498d77
SHA512 2ca2b9273af913447ecd7a4cacf84cfa34be15b5df455d4b9c8e3ec77446344be23094d93c581620ce27a30c61576ca3604ddaa83d4fb50585e07869bce11b56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b11a78db75bc5b87de35ac0a912a3dd
SHA1 6df24297d2661014c0d34ba3c666821c2686d1a7
SHA256 3d34517a951679ef6a86b981839f6386b2538488cc426dff64a38f0145b654ab
SHA512 f92a1908791861d55943536ea6848c7454343014c2dfbfc3bb34c381a082eb8424bcfcfd0048a1803e3ed173d826a4354d668647a913953b3424bcb6d7e893f0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\styles__ltr[1].css

MD5 47bea70318b724b1a99a1d571ff58807
SHA1 b66ffe704ad2fe84da8211d6351727568fd68b78
SHA256 11a188a204934185ab5649a1f838fe771c3d84c928bc8286ef999fb5b8deda69
SHA512 7995460ab00a68e3433ea72f19fcb1bcd8485bf4caf978ff5c47193f110899aa824ac4a697285e908a5f66c693604a0227e60b3d3d948115c4c3490022b82e3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52a048ec67cb7b3824cf07dff0e5e427
SHA1 3786c2c407d37653001ed4cfd1261bc2eee88c5b
SHA256 caeaf9eca94531d1fc13fe7065d389fd3e57710d202044e088eaec22a2d060a1
SHA512 b1e0f69c8a8566edbaebf550300197ffefafbb6a4600573723d8280ef15b6f32f2b9417d2c9a8e939d9c1be9cc684153b35775aa6cec06375d5d0eeec160083d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OD8BU519.txt

MD5 181e7a451ec90ddacda88402a1547505
SHA1 75ff7251ca469f9084f09f6cd571d07cffee4913
SHA256 4721d1ffbdb203b2593a469d0ee241f4c86df1a4d7bebfae46d3c99eeb1386e4
SHA512 36a53fd5de13ffaa094494220c0e9aea29bc50187e1d88d835645107148b955b1d9ebdd90f6020c7aed7f4dfe3258f9ebe4b2fd8bd5f9a839fe30f37ead37c64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_D9127F9BB4C9955D58AD28496EF9AD71

MD5 9e9a4efdcac0d83d19492dac793ad890
SHA1 65b0d5e69df52f3c63dd8a0b14f25492e3e6fc0c
SHA256 0b938696e8ee6b7f6c2b6e1576061ce4529ade40aea2bab365fc3b5b24861fad
SHA512 232c5b3b07cb9604c709dc44d1911034f9a33b0177b17ed290d0b9b97c11efc6cb35f24fb34d6d87376ad67e6ff9d9bf54c4fc58e52f7d266384e30a33183e18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_D9127F9BB4C9955D58AD28496EF9AD71

MD5 8df15da357aa19949750cabd37d520f0
SHA1 65a58323831f9aa9504ceae1c2479bafbd284035
SHA256 c9c51fe09932d3417d9af6e931547f1ba8bd513bf333608fef19d5059ae7a5eb
SHA512 59b19ec0df7b9b0c607c54711c1cc1e0a9f392cc8094e3b8c58e50ed735433a28fc2eeb3f212f07d2ad4f1edd4949555eb6fe06dbb77383eef6ed8fcb5426ca5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 19f2029a99b84b13e8d193d05b99fe08
SHA1 b36e280f7bc6a0a3ecdf6bb76de7969bbaa40444
SHA256 af8997f45eb23beadf72f1a7ec65778ff6d2f1e2c505d5662fa6789e0e375e49
SHA512 274d0ae5dc10da01ba6c57266bc15c75493495da665472134fc7a9c57fb4a733539dd8248ffc6c8890d50334f872a535b313cad4f1d166ef8bd845296483e83f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0f09f5935e00cac1f54f247ab7e1361b
SHA1 776db8b9360603fbfa4a8036586452b4db5049b6
SHA256 6787648fc9fa5588add4a42c59f0948e7383696e669945772c34d933c7ff6d6a
SHA512 be77f47baa9320afce65dbc618ab5872644281c69ee2b8bb4051e45dbca114c24a51f4957e7b0c6cbfd67c53066e770dac4e39304ae9177c67b063597bba13d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 57b3b3fda3ac18f783e69bf5eb51ae1c
SHA1 e44c2dae81ae955015679fb4023c35dda2722f92
SHA256 46e1da5fa564672cf506cdce5533d73ade9563957f4897969f1915edc0752430
SHA512 d318dcc0cc6fe8d316cc5f80ec945cd5bc168a3e62ca536b80476c3cabb41ef2277d2b44c4ef6abda74fb33fadf0c7d53ddaa37fd00f3ae59506aa606842faed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5076edf3dadba2dd564f6803e1d3e9cb
SHA1 ed72b40ef89e0686fb8c66eba5718612c7e27fad
SHA256 2cd7ec4044459c1796445015f44bc2f73d9aed471b401b2d271941a1fe13b215
SHA512 6af28e9572602c20198dee12284259f2f43b83f1171ede64ca11524d3271bddbb84c513cc4e61057153ec4a8ece3fe39cfc899e15cc8a827c41244f44e22c419

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\api[1].js

MD5 8ac1c2471617deff8206bba27f33b074
SHA1 ec00bac5a85a330265321158435458374a1b3e2f
SHA256 ad88bf4bd30c2da821ad99ccb27a53e789175b8626df2ea3b0e5815f64b9b39e
SHA512 68e648000a4c0cd30b77ab12cb4f1fc56eefa810c655e24009aeec7b606be353ba0d0313e0d038fe0ff371e13db2b6c245998d8800c804974b4b4b828dc19f1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_6C4EDE6B4E04AD6FDB8E61232C576EF9

MD5 c41e2d87c7482e62d1d4b2d9985beeb5
SHA1 b30bfcc0c4d286aeec4df9bdbccc2ea58bc9610f
SHA256 7d8fcd6eb76ea6e08b8c1395bc0207dfb2979e7486c72f5bd163d0f65e3d0183
SHA512 a375ceccf03f9439c09c86c771054f01dbb4eb9eb17f793bce5ef2b90915ec53f13f0c096fe28416c034a5e93b2f3032ccaba11e2f952554e09cc51486b06f73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_6C4EDE6B4E04AD6FDB8E61232C576EF9

MD5 6bdaedc49f31f8d20c952b0d2cb93896
SHA1 9d5519109d32b55543b7a02f572222ce7b959429
SHA256 42a222270a12c6c3d9a7d9e2b4a4466046d1d42bf05054da88f6fdabb60aa9d1
SHA512 a893df80012d561a3e7ad2aa91c3893edfe8f52e1a712ec13857349d96ec157902492c59ab66bdb0150ed1640e4bd9180df0f60817cbb38a7933c63e7332fe51

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\KFOmCnqEu92Fr1Mu4mxP[1].ttf

MD5 372d0cc3288fe8e97df49742baefce90
SHA1 754d9eaa4a009c42e8d6d40c632a1dad6d44ec21
SHA256 466989fd178ca6ed13641893b7003e5d6ec36e42c2a816dee71f87b775ea097f
SHA512 8447bc59795b16877974cd77c52729f6ff08a1e741f68ff445c087ecc09c8c4822b83e8907d156a00be81cb2c0259081926e758c12b3aea023ac574e4a6c9885

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf

MD5 4d88404f733741eaacfda2e318840a98
SHA1 49e0f3d32666ac36205f84ac7457030ca0a9d95f
SHA256 b464107219af95400af44c949574d9617de760e100712d4dec8f51a76c50dda1
SHA512 2e5d3280d5f7e70ca3ea29e7c01f47feb57fe93fc55fd0ea63641e99e5d699bb4b1f1f686da25c91ba4f64833f9946070f7546558cbd68249b0d853949ff85c5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf

MD5 4d99b85fa964307056c1410f78f51439
SHA1 f8e30a1a61011f1ee42435d7e18ba7e21d4ee894
SHA256 01027695832f4a3850663c9e798eb03eadfd1462d0b76e7c5ac6465d2d77dbd0
SHA512 13d93544b16453fe9ac9fc025c3d4320c1c83a2eca4cd01132ce5c68b12e150bc7d96341f10cbaa2777526cf72b2ca0cd64458b3df1875a184bbb907c5e3d731

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\2vtLQqDb0X1LzFM1CIqWo_gNeMh6R6IfoRLxoUU2_jU[1].js

MD5 8f995846e3aa2752d542e787c7a64667
SHA1 217024f811bc6ea2d08d557ae4127bb720d1a23d
SHA256 dafb4b42a0dbd17d4bcc5335088a96a3f80d78c87a47a21fa112f1a14536fe35
SHA512 5d6e26d3687b244f44d7c367d9a6692bf8fd64e06df9330d2d5b133965e99d7bee3890df110cfca5a79c102537559935d6036fb8a22d8b4efa876242844d5857

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0KOG7LQ6\www.google[1].xml

MD5 b11b43de11275703a6342ae4240b7be0
SHA1 97fcd5f6b3bc2904a27f7d2d5122bccfe683be30
SHA256 15f376c6918c108bb66c24cbd176d4f795cbf65fa16c15233ec3f94dc72e8fdf
SHA512 a4edc44cc831219731e1997dc3996f09a87dd993a3e4db01d1eb41d64f5ef2e0256d4bffbe1d7065739b75275f5642c1871c16f6bf459507b5d6c6c45ebc375a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\logo_48[1].png

MD5 ef9941290c50cd3866e2ba6b793f010d
SHA1 4736508c795667dcea21f8d864233031223b7832
SHA256 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
SHA512 a0c69c70117c5713caf8b12f3b6e8bbb9cdaf72768e5db9db5831a3c37541b87613c6b020dd2f9b8760064a8c7337f175e7234bfe776eee5e3588dc5662419d9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\webworker[1].js

MD5 9afb0d35bb088b3036561313bf7ce1f4
SHA1 c7f3fde34c537242969fbbd736b5b129611f1694
SHA256 6e4501ce6f65a1b8671a9d31a8f5ab56dfa4e30aa7a4a971daa1544ab2eb53c1
SHA512 c08fab7dd122743f8f942ac5f0f1a05a2a44befd7da677074cc3d2d464a106ce88047c1396f4c99dabbf99541230ca37b05158f448e7014b36e1e9fe38c572af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 1c6568fcb5b68d6232e66fb3992739e1
SHA1 2722e98a2d9916588e5cd4e9f9a6c3907553d804
SHA256 42b678f561e387a53e2bd1a44fbfc193de4e7e9c4448fac9fa11fd11b4017f09
SHA512 778bdf092771f10afe3c251a5e3113cf36b2beba6eef5d11eef7ab6de00d81290b6985ce96ef589afb0997fae7144321d62bdf41e4a7875fdead186fa76e588c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6aaeb729cef599380253d88cceffcfe
SHA1 0d8407c60569e8a5ddce73a13dd418e11a7e3e29
SHA256 41c2f3aa923621bc6444d362a781ed00e7207e7f14119f727c44a523e5a32918
SHA512 83781b386709045351d348ee5c17e7104e1551ce215e0db99ef2292a4e65214f0c06f421b463f8247101ce1456828f78630d842523a1bf109f15173efb39654d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 166569b0a41910f27be998e841242116
SHA1 d82a75079eecbc29b443e69996dea92d2245a9b1
SHA256 918afe2ae3e78dff2f740320bb8ff092eb9e16cc08b940326c884476b3ddde2e
SHA512 87c0657ffecf2a3ac4f82f1f338baedead493a558bd96cf48cbd5f43159b62b49bb03131ab03a9735814bc2c5c9821cca1a61decc9323735a32c76c3586a951b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43df17ffcf21a2fc87ac1fab9ca96ba5
SHA1 90819937493bee7b942cc67757459eabcf811f9d
SHA256 15b76c8ff8631f90c66faab8828a7f8382cb0ecb6ec86c4aee8881880080a9f0
SHA512 2cfacb24a50c368764152b5beaf6dcb6b52f9e8fe326307ca1855eaa96e1be1213d768cccc9cd7e9b4c69cbb5bc662356f20934b57a2f29d8b5d4139a5101158

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52d59bd50ec23b3caaac4a46b8d20fc7
SHA1 85a59a4334dde0bb066b9e03007d26291a382fad
SHA256 a42c94515143cfd59b33f1744acff7391f7527fbdf38738f9b7267f7924211c9
SHA512 c8894176cbb22b20374fd6e7c0a7e0eb7056285407ba7908c4b660e6fdbc082ecb510a5d3069f5221927375b127dbc48f515b175e923365d66e9203e72831b9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89b7192574a66af18ece5ced8cb0d1ed
SHA1 3b5ea955f7f54831f8e5e650cc409562b6ccdd82
SHA256 e4ad264d85f6f8b860f2433640a9fc4748f9be490274b8101973807c015b7dfd
SHA512 cdc5733b8025cfbf29a43a0153182e559f7770096e6b5e16140bd76e90e4f531c43c01187c5019a0abf17f8cd67dafd766d0f05a246b05a0a084309483df8491

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb67290edbe7ffcd3615415467b05ce4
SHA1 fefb9c1c512b28e6444108fc0fe09fa6fa95309d
SHA256 904e63de53142f69519c765af709919b7a953d29d1da907320eb44e01f5a3d8b
SHA512 a606b21889938b8c343e64f7706fcc331c48443647d8cb8c8a2412ed95be5feb2dbc2488ffdaacc7bc9fd1c598d8b52005c234dca4f424001fc8d356ad744134

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 36f63c06214a543a1d91f274afb3fd83
SHA1 182ef9e4447d69ea8015eed3fc92672cc8ede4f7
SHA256 035483f851e13757467a247c68fa0d911f3630a741dd0ee67d9d4f9ebca371d2
SHA512 bf5354d1018757062c5ca6a9cc05786a73a848c26003921b1affc29c8e09357ecf6026537d6d4970a3a90ba05f72ec707287fb6189552ad75d08c9adb6921a58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40124ac46247b39b8785a71933ea1af4
SHA1 0e1307c459890fa44d477f86101269bae6d0b8ae
SHA256 92d6132f57ca6b5e9965d5b8e584f95becda97de49c0808873f8dd3fbbdf3874
SHA512 d73063710e5a073bb3a8b9274b6885a67e6218874a776af05a68e9c49b038a6e6de85681a0285c927ab99eb1be9a0e669294c8bd4c56e1b3b6c921ff777b3d3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb309af9c4bef5df0d415ab4470cf8aa
SHA1 3b1c00504ff9bd5f92a3d2acf0e2214753157ca5
SHA256 33741dd1c8471dc18c387a3028bdbdcb71c1eb61c65272f4d3f5045b403727cc
SHA512 469b4a21175863702e675124f933899ca1915a0f06b892990e8d1f53f702b87a27f4ecca784fc303f1518593e708145b3f67237cc37a621c26e6a9e43d27988b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42809b908d5b0de17cb8bb62145c8415
SHA1 56a6676bdd3d6265081d8082cf68e90634e87d79
SHA256 0b12d34a18b1089cab3067ff4592e7d09dbf29d100ec60122f62a0e91e9fb0df
SHA512 dbab1389bb2d96dad712a00fbf7e789d812fd335b946f26a5449ff50d3e813b06e071982d9a3aee852a3e954208677501d7b07cd4e6bb83a65b749ed3a67c013

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b44bc7212d2eb4aac3a4e8196b517b4
SHA1 d50deb77a7a17237434d813f9fed73fe99f2ca45
SHA256 71602d2b342a0212063b7cb250bc600de9b846b54805caf47ff51db61eca6730
SHA512 ecf971f9cd95705956216f68ba666e07f1f9eefc6451a6450654cf6ed634f13cca07ff9192c8fd34cf00faed8ee14eca3f00f411a4d887cd862f87d4d408b9fd

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-10 21:21

Reported

2024-11-10 21:24

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

145s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\MEMZ-Clean.bat"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A

Browser Information Discovery

discovery

Command and Scripting Interpreter: JavaScript

execution

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1956 wrote to memory of 2260 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cscript.exe
PID 1956 wrote to memory of 2260 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cscript.exe
PID 1956 wrote to memory of 4644 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 1956 wrote to memory of 4644 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 1956 wrote to memory of 4644 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe
PID 4644 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4644 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\MEMZ-Clean.bat"

C:\Windows\system32\cscript.exe

cscript x.js

C:\Users\Admin\AppData\Roaming\MEMZ.exe

"C:\Users\Admin\AppData\Roaming\MEMZ.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6df646f8,0x7ffc6df64708,0x7ffc6df64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,4679311752478976524,8584687084257026538,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,4679311752478976524,8584687084257026538,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,4679311752478976524,8584687084257026538,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,4679311752478976524,8584687084257026538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,4679311752478976524,8584687084257026538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,4679311752478976524,8584687084257026538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,4679311752478976524,8584687084257026538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,4679311752478976524,8584687084257026538,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,4679311752478976524,8584687084257026538,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6df646f8,0x7ffc6df64708,0x7ffc6df64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,13247290998226985603,6219063570839935735,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,13247290998226985603,6219063570839935735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,13247290998226985603,6219063570839935735,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13247290998226985603,6219063570839935735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13247290998226985603,6219063570839935735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13247290998226985603,6219063570839935735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13247290998226985603,6219063570839935735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,13247290998226985603,6219063570839935735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,13247290998226985603,6219063570839935735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3f8 0x464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6df646f8,0x7ffc6df64708,0x7ffc6df64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,17499921034922022632,16442053227157566549,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,17499921034922022632,16442053227157566549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,17499921034922022632,16442053227157566549,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17499921034922022632,16442053227157566549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17499921034922022632,16442053227157566549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17499921034922022632,16442053227157566549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17499921034922022632,16442053227157566549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,17499921034922022632,16442053227157566549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,17499921034922022632,16442053227157566549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6df646f8,0x7ffc6df64708,0x7ffc6df64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 google.co.ck udp
GB 142.250.187.196:80 google.co.ck tcp
GB 142.250.187.196:80 google.co.ck tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 support.google.com udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
GB 142.250.187.196:80 google.co.ck tcp
GB 142.250.187.196:80 google.co.ck tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
GB 142.250.187.196:80 google.co.ck tcp
GB 142.250.187.196:80 google.co.ck tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
GB 142.250.187.196:80 google.co.ck tcp
GB 142.250.187.196:80 google.co.ck tcp
GB 142.250.180.4:80 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\x

MD5 20e335859ff991575cf1ddf538e5817c
SHA1 1e81b804d67d6c0e22c0cef7e1cb9f86ce0ef5ee
SHA256 88339750431112ed60cdf9bdb7697434ba9b38e2d15ad604c4462705bc1bdfcf
SHA512 012251b342722cf35ebec2c7d071db505a992d81fc4b3492cd87640b5c955dc084825fc5e72edc821f4c481867183f21d26cd904fe7f0373d1156332f87b031d

C:\Users\Admin\AppData\Local\Temp\x.js

MD5 8eec8704d2a7bc80b95b7460c06f4854
SHA1 1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326
SHA256 aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596
SHA512 e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

C:\Users\Admin\AppData\Local\Temp\x

MD5 5ce1a2162bf5e16485f5e263b3cc5cf5
SHA1 e9ec3e06bef08fcf29be35c6a4b2217a8328133c
SHA256 0557ea4c5e309b16458ca32ac617b76d1a55f5f0103e368d05c0f0386b7a0a43
SHA512 ceb5e270bdbcab5be645e50705e3111a5c4751a7a865580d53fa86580025201264a49dd0ea9135b10cff28d7bb21b767ac5d4aff40e880a866ab35df273b5de1

C:\Users\Admin\AppData\Local\Temp\z.zip

MD5 d2ea024b943caa1361833885b832d20b
SHA1 1e17c27a3260862645bdaff5cf82c44172d4df9a
SHA256 39df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76
SHA512 7b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb

C:\Users\Admin\AppData\Roaming\MEMZ.exe

MD5 9c642c5b111ee85a6bccffc7af896a51
SHA1 eca8571b994fd40e2018f48c214fab6472a98bab
SHA256 4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5
SHA512 23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 34d2c4f40f47672ecdf6f66fea242f4a
SHA1 4bcad62542aeb44cae38a907d8b5a8604115ada2
SHA256 b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33
SHA512 50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

\??\pipe\LOCAL\crashpad_2968_MZSPPAZXGREHAMWX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8749e21d9d0a17dac32d5aa2027f7a75
SHA1 a5d555f8b035c7938a4a864e89218c0402ab7cde
SHA256 915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304
SHA512 c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3eb419745ff4f124dd3e9d7e16c29a16
SHA1 6ba6eb198a37527363bfaaa41c7d8277274a247a
SHA256 63cff540a2819687d06ac91b9821aa4e261373f516efce6950e949881732de67
SHA512 1f30ce03f156ac401dbc74d5905358b8001252922e65f64a5e55b3975727c2d243e7c3d205c25a8ef8865863ee61daeef2d66afbd6c36a9209119a249d2ee7a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 87f47db02465faa03fd916792e141e29
SHA1 fb2d5b41fcc7c2c5cef06256d6e8d3b05531cc0d
SHA256 c1ef0abca722a98519d4de5af65e4e336a6beda6577a1510386703a9e029e2a6
SHA512 7557bce1376403ab4fd265702d2e55c78c7fc835242726c66aa6035ab292b16697acf6b5879f62081b8dc447186bd72b315ef683682abada8e5709ae1baa7e93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1e7872814a4e32425a235cefcfdbe3ad
SHA1 26eaecbbe75040cf9eaa53d2242279ed3b3619bc
SHA256 e3f15c121d098353b166cda8409ab8bd35348656b17fe77c64e7b6a8aeda8f66
SHA512 ee6c8e5a96318aaf68229ab11fb5c9d2105b083dc46c4aee57143b8ee0d3f0d786bad855fa28c1e31dfb5185fbd54ae275e727a74b2942194a66f17719f656c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d667547268cc587fc005bd6a7434fd8f
SHA1 3e240c2a503e869e0900d5f97cfb7e0c16e10e2a
SHA256 0dfe492e1f3c69f6d5c88a8203eb1987f274669594851c98930f001b17ab33f5
SHA512 d9ed999ea4cef6b219d2e1da4c0b2cfef20afd29542b326566223eda96050b0a81e6aa3ee0d56c17a7d0d47f34f44343645bb5348b767f2bb5c77087c1ab1003

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b000cdfb4d12e4b7ada39f8f78118a73
SHA1 2aec39363fc9080ab22bc895bdb828264ab6c21e
SHA256 4766974012159d4f3f0ed8a6b2f383baff9a864560c9827c91df213f7e33ac1d
SHA512 a905b6063af97b45301ece03e0be7128c8464e28019002dff41544f5ebec5293eb02ccc9d9f5212f0982f06b96e4ff0e9c169fc3d511e8045f664374777742bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 5a24b106054cb2a3430cea0821a3d6ee
SHA1 ea0947ec533efc4966157002f2623e17ecf9579c
SHA256 cda4d5a9238164eb681060d73631a04f4bc2e6e194808140d0e2abdab15a258a
SHA512 3510402c46a9f4e231f146fbf41624a7cb64ffc26300ab8dbe213f5eedc13ca5d61fc28231e720be7c7c274e5e93b682da2fb397b91533a0c3b64a3b1162016b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 63d4d6caf3d6da6f3bbd26234785997f
SHA1 b4f91c09f8566f008edacb0bfadc8646182bb27a
SHA256 cee6c5db768523076719dcc8145495ad8c918872e85cac6ad09ddd1a565fa5ba
SHA512 b507c763e0bbcb953f5124b59077aa3424999feb8146fe8809e7f3c4b0c5d52af36faac7137a48e2475ba1933132a3b4dc71db1a10f76caa93fc4fcc979bf44e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 4b04ee510adc7a0e13b98d7dd097ddbd
SHA1 a56999a5777239c90bdf4e95701609cc1e2b33aa
SHA256 1a4f5206329bfcb7b5ea681827dd0fbba2587c0315fb82e25ec88da84f149f35
SHA512 6fb92565c75b5eae1128de97e7d5670d4cbbb03305ce7374c60f5cc7cc234fe77d325f249d415ab63e6fc9c6ab6dbee99cafb5f282f4cddfca1c4b3cd13e58c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13375747315063986

MD5 9c6c1bff318c09b0102487747ba5d6b5
SHA1 1eb8e4f3f4c6ed8eb4d273d7751afe3e15c7276d
SHA256 d3692cae05722a42fb7c3f7811f85b461f35df49032360ed66bd5abd689aefab
SHA512 26a112217206b95dc6d148e5ea3b598b5153174a04ce119e7cd6160353d6e8dceca1081c0c5c28ea2fe218db0e98135085ce90c7ad4e6b43079832724a3e6a45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 aad869228523ed1f10662141ffe6db89
SHA1 f1f8553d4576d33d4127eb3ddba0ee16a37c78c9
SHA256 b96016b6726fd04325f0186a6234e8c168f44ab5b306a02533858f4cc6a27799
SHA512 246b258812825a7d8e2173b88124446093084b27924016dc2e4029499a10a361b78739bb78d9dc32b9835cbc5df65a1d6e53839149c6b62cf50a7cc39190a642

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 a9851aa4c3c8af2d1bd8834201b2ba51
SHA1 fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256 e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA512 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 abf8b69f2fa3b95a14d09425a734c3e1
SHA1 3cd3e4569b7ca050563d044dd5b53c82abce8411
SHA256 d5dcd746dea884e984844f662dc4c8302d619e6c02f57a47e8114c2af6c9d8b6
SHA512 6bbafad83d7ea4dc6a7e0ede1d9e386981b641c515e917bdef75a367ef8779e0db0a8a21dd9c83c47ba88803e95c266d8b8edb564e55d23b6f38db0de728a0ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f7efc6992499d246d2a5aeec7fd72d0d
SHA1 7f5cfb0fdf9a6842002fd99c180fd89037f6909c
SHA256 49878b6da135f7e56923f9df275b0caa9b90dc8af6118137db403f416103bcca
SHA512 aeb70df17783d3a5bdbae1cc479f36b9059534cf5ede571fea614bcea832a984b417af065e60e3d886dcf16a2c593acc148d259a08dd5750df2a8046b6d1c2ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 f0cfe05a9c686922a437824091a00345
SHA1 84c20c358918fe84b27cfed40a19ae4e5799b9c0
SHA256 eeefd34125224e5b9c574edbb036773ef559b62f4ecafb3031bc0385ea318c20
SHA512 a013b5442689c7d147e3aa59a4a140b20dd47d10803c3203b016f2d9ceeac95255ebd17b59e364ab42006250e4f93110bb5a5970765322e31b3076faa9426190

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 6450eec35c0cb934fc740b5a15e170d6
SHA1 0d60bfe754da345fe1dae3ebd652447f93ce36d2
SHA256 ac9daf4c057d1bc63d8a6cd1571d353dbb19b1bfb77d5066dccb64c2ee89cef3
SHA512 23fc0c75841330fbe5f1bfa938d5a4051a9ddda9ea3d4e8c8c3468eb3be789c1386c52546b00598808d9eb01e9ab64c70db1616d093c80b5b4725337debf5faf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 c13d129c573ab1967b904b09e12ed58b
SHA1 a1446c22adbadab49f44ab4194ff3dd5b728a51e
SHA256 2cd31fd9a1c6833c3595bec70e0596d792deda86d0397723c6d8e198b71eef19
SHA512 9d856f32da267b9a40b98c04be160ea6bca73a8c68bbecdb30ff5a8f21131e449a793986feb0ed6545ebbb9e084c810f76910337095479c62b984afffdba0cf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 8c6407186ce35fcf229fd88545ace798
SHA1 0ca03ddc4a6dbc5c97534bea0e1951b807e1ba7f
SHA256 46729f3a89730a019a2232801491ec7dd5cf4fddcfd68415dae8491d1d606d1f
SHA512 2233daa2b179beae157d798ab9354a21fad5d6265456724f8d64f9248cb2dca08e046cad05e9f77e23581727837fe0c33038eb4be3498770299d59e7c4272ca8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 f24f842b6457a8a38317b896329a7c42
SHA1 242287d5134610c607cd4f24d9852acdd305d8ab
SHA256 61daf950e038f4d15be9cef8ff61c2557e2b6e0baf8844ef834860732e9e1826
SHA512 e575ca9692833ba9a7add44e031065980b1a309a266eadc2255bb347df2980040679741c2cd08e6ad0e2ae603f2f0f9da010783c5fd9a47f23a76b1b96afc9c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 dc7002c5f44315b4c21e99f61a5706b9
SHA1 aad85a217ad637fdb0d02cf203d992df72802bc3
SHA256 2c62e8ed03fb2c530ae95fb6f54aa977653ebc025929c7a400b36a572d4cdf9b
SHA512 dce8aa4370de6c20a2756033f1fa37f16d9e0f02735d95b453dbe791c5604f1d72815e2183f9377fcf427cc177fd0e5a04e4b718fc63a716631ddd4540d46e3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 94e555d191e00eb0b53eada8b5181689
SHA1 a72d0cd6a8a2346a07cc036e7fa873246f71f0ba
SHA256 b6e64ed87aab24e0c0297c97df236b00e2dc137a15907a6db356a38a88122a05
SHA512 114efcb91a7278bba10c731e6ea9bfe8577bd2840330efd34312fe56d4c0c9f4236682a090c7b76b629bd4141d5d5656c3e84b7c1efae5df55ba8b9ed44abb5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 c528a081318207cb69789b529bed853b
SHA1 e5ef2fbe78dc05718c6539c4ed2374ff35fec2aa
SHA256 f78fe16e4655c4e0791485673052b333b1faf2919a0b0773dec9b8ff4f37205d
SHA512 ca54d0be92515a1408162172516006f6d7ac496787c2b4c1aedf2f362de06edce212b9274770a47cf8b9908d34daefe82363d43fd6cd5a101e14dcd72b425c26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b9823aa5a6ec2d598ea085302d391423
SHA1 534bc389bb95b94db343ee05d04aedc8bd71ca8c
SHA256 1cb4cfc50a793bc40339e3a8fbbe35b11f49b1bdee1465ea22956176c8dde565
SHA512 4de6d9c50b9a8b4820c18953fb135016b0f9a8ff602c6703844023fc3fe1b4b643e1b1bc814f3e3fa60ee2eee36d0932915ffa1fd893ddb06bda10c52c0761a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 bdbe9e376e983f66a494804c6809e4ec
SHA1 d45d0d7a9e1e0c3929e7c9d47cf7cba965a88654
SHA256 46e64c8824dcd34859dedf4dd4eb1bd54596a10a782c4b1ac52ac5c02db251dc
SHA512 5ff4f973e1b0e06856e47434a25991be0ebb3b424c0959943d29e54ba31c503d8b28100639d3a1c5b0d2e67d1cfb3dbd2a9699e05887e9e713bf95736a6d0f52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 639afffe77850d090959e0ddacbcae67
SHA1 7f5c0cd0a339ac4be57f6c867552692fe40bde28
SHA256 c19d79ab23c8a5d8f4c722ffa503e0ecc64563c5b9c034212ea443a556020f10
SHA512 6a82558ecef63d00180687990b7591de8ec3668bc92e9f920b2999d5354174639e3661fb4ebcb8495ffeb3f3e34a1184cc2cf69ec34c6c37dcb86d911489705b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 b8e80a98412d45a1a5cacc66c8461228
SHA1 6f7fd5f26268f991cd745acca57811533c6bb769
SHA256 661d0bff90c04cd3475b128585194c03ceb67af579f314f4671bf78dd125ee88
SHA512 b2a28f6391817256a2d58bc58a46870ca0f729cbf3db6cc13875874dee68a9d064388baad89b11e6943186d994811cc2cc6e02f9f1ea58d4f53ffb5f7f66a7d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 a4b56b59060a86acc553a4bd84ad7e3b
SHA1 063ce072eb68b065f768732655ef84af3feb9dea
SHA256 1d08639bed5e45aca6147c02806791a4e80ffd266b8ce17761c927f67fba52ac
SHA512 7a497bb5f194f5f45ab7e8a411a8fb1cd7f6a900647e648211daf0bd61e999bda088fd7282258256f764fa6f031e914327f58d21ebdfb75beb4c6d2f6dca923b

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

MD5 446695216dc8938598442a2820303919
SHA1 44d9356dbae0e6b491ff3fa2c3d423a1267dbee0
SHA256 b44d5ad2715ba9080bb35afbe7103dc70e298e198f2ae8a3b77a385022a2788d
SHA512 7da7508f0f906e78ede9a2e2a120b4ea2954917f746da63930294120a25bea7bb42b4b5aeead6f7f6053943a3852873598cb63fc2b230a576505cb7274933056

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 155c584840c9fb5dfc5c057afb6b2eea
SHA1 b3bf1f1e1876d4b3c13f7890acd95bba6b7d7072
SHA256 761642f088db076495b94a86b921658682c18889d3f3ccb1b0b6bbd3570609bb
SHA512 7b82aea2e5d5ea2fd526d8f263290cab3560a4e4b1e101fcb51a76769757bf4936f2e99b284196fd94dba06d7db37cf0e0369219ecd3aa838b6d39ba834b5751

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 55c1dd8240457c56907255cd086a7bf3
SHA1 4cec7f24361ac554e8a521bb3b067973c68986f0
SHA256 f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617
SHA512 9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 5a89bdbefbf39caaf58abf9c835e546d
SHA1 05fe80e8da9dade8828413d10ea6f5d56a20be7d
SHA256 ecb55fc6744a0ce4f0d94d6286655f9706d2364cc6fd2eef1aeff8ed79825ca6
SHA512 d795dd0a8991e902fadb573274f57669286548c80d04c60243e2afdb94c18afceff3c2ab70b831c918c19e6116c0e5229b13dec8d7313ce3c3258d9a93e99033

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 df9693d8e9a9b2f91a9be5749c409660
SHA1 be254e8b3c910359335e557c161b470002a90026
SHA256 f79d57c29ffbefbe3539e6535563e9e2f0596575627f1e3bc7c5c62607d31393
SHA512 ac5d2c38ab0b3672a31d1797a8cca2ef1a91faf5d09a42b2615b8293c33f7f9d146370cbd2d54deaeab8e7f2302f8e9822edb38f371bd17b06bb0a7d82fbb0fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 2ae6b1b518915013bd61b6b2b3746e9a
SHA1 820b4f625dd13adf9fd4f09f26cb381eb9362130
SHA256 91369f08e64465c349525cfdef8db5a2e7306260856e3ecd74b4143c0f2903d3
SHA512 a1de35a689d5a79ca5ff406e2529920250692c220347904cc428f57ede4b66c3e4eb5a3dd454e566e1350d8df15050b37075165ca0c06f67b2711feb97297b6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 85f4a86eebd0f0a8b2b57d8e681749cc
SHA1 d48149557315a3d92a12f01a3199b26aa1502b1b
SHA256 6973ba75c0a3f7ee4d1a0f1a290ee77cb1e56e2f82d9914cad9162b28f45ae93
SHA512 f7998a73fdb5ac759e588d8b690e83508a943a44422acad7ceea684ec0195d10cba7385ad805dedf10a88d632013a54735c34b46db090ec08d4f96b6b131c574

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

MD5 2e05ee68fffda9f8df8db56570e65048
SHA1 b9d5b5ca3ade1c888fff96e420db609d0bb2141d
SHA256 f1d9843ab88bf21d2eab8530949d488c033427cd6c149b58f33a47e8140c5d40
SHA512 24d7c4ddcdc2df215edc05c83dc2892ed79eef415e650c99519a86e6a2aa0c85899ad94a928fd972452d8a79a08ed673a4de74af744b4e9383f81f8c05574b2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a3ee6758c6e4d1c_0

MD5 d48a7449289cf77a827cbefd915eb474
SHA1 fbf0640bd82e06f6713b6e9dd7af4e45062ef7b0
SHA256 3cd5b66767ed96ee83ee89781bbc355b370e205a83c751cd6d0093311e1e25e4
SHA512 3c83e1b5baffd53ee9d2e3a93eb7e06d47696f5d5dc87a2e1bb58bb855ea00ea31ca80926635b5e40b29bcfe56abbbb71a50377119e498a42d1523ead571e483

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

MD5 124d3fdc675fef197771d159fb445cdc
SHA1 5fa6a655588b779bb491e8fb853e1f7b6d211dbc
SHA256 2f5f4468f9cd09f393272eb8b05b69d1fbeefecaa34940d4c4441bab7cbb7ed1
SHA512 db482dee661159dacb3c6b66ed028661f4711c17e6fcd73bbbbd008b42c544de5aaa12057650dffe5f7b0f6c4670e15639ea82a0c6f4aed846da8231db0a6bae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47939f49e4ecfd5c_0

MD5 06371ea217199a668e9930b03b05c0a8
SHA1 93bc2be85c21938d48cad253d706f4338e397182
SHA256 9e63fba74d9701be782e2166844eba69ec9461be4bece9e73da9272207938598
SHA512 d9ef5fed89a1068ea1dd9e0611aafe6f6fcdc338e4a0bca39c4f57dc202c22abadf8e6612e786d1423d638042a9ede41572a501ed6c5a883947827054c29e022

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4b4bfcdbca80cfd9_0

MD5 e066b9823616052b9b86a24791c59837
SHA1 c0cab462078755afd177a7b629c451be4a20b4db
SHA256 55a2b5c43125de541d6a5f7b793c0a50b102b8d16929fb6e0041a55078b23a8d
SHA512 dd3bf53597d0dcc3644573d5de977958fbbe1f16de2b550f4d2095c701229a33e48b6c16af51004dd3e831f4779be2ddd8e12742e357422e63f8235b5cd5e485

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 503766d5e5838b4fcadf8c3f72e43605
SHA1 6c8b2fa17150d77929b7dc183d8363f12ff81f59
SHA256 c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9
SHA512 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\29ae35ae15b4ded6_0

MD5 1b9695d487debf7e771115be1e30472f
SHA1 91bc9c1a94fa3451847321708c858ea47095405e
SHA256 a9393909d5a84f738adbd146d4368d2e148c30d34af5a7be10d04ca35c11219c
SHA512 a8663eb7be4304ed4efc0c46ccc5c001627faa2861fb5564007bcfe6735c7ee8e0af59a33f994812f9f9f040b94b125a7abfce5e7aa2169d9e7444b6007a667e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

MD5 0d973c57a4035d9c37dffc41e2a1526c
SHA1 6efeaa9be8284502ac42408992e511913cdacca4
SHA256 b285c5af3a58d2ab9822d3370053aad37bf428b18f73f82823aa5d7bbcedd30a
SHA512 8d768add7db3f06d9cd6295310b19f05a6661cac06f0f085c5bd13008fb609f1eccc79e60053a2a6bfe311ae33ae026a14c5c04bcb458b690ac1d5f35d50c8b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 57974d6c97f89bfb625e27a6971f01a8
SHA1 03ece331c406d4084f9a8ad3a42cac1ca8e4d9dc
SHA256 ef8053f15354ceb0c6b498d15391dc2dfe6b647936af29ebfd87be2aef1150d0
SHA512 74e22222b1c00e4afc83c2609a2751624f25f7956a3f5cf01a609b0a11f3fcb0411cd9bd0bd8224f2fca7a9270c867694a3981b04a981dbf18e670359e0e80b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 acb7f365304d64c4ab4e8ec48a4ca7e5
SHA1 93af99ce4b79aed59b07448be8926ac4e770964c
SHA256 06e7b37f61d0397ec3b4f6f3e4132af0eb4bf2a5494c55cabee5852303ca3ade
SHA512 6d45f2bc3dd517ab388e316dc0356aa10bc029fabbfbebb0d61aea21ccc36c3bc3efd8b70fdf405ce4407bdc21d4443bf212f77b3f5829eaae535f59569b9084

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b270cb8a13057c00cdc3c92d19dce08f
SHA1 1e2d620f3376ae132d45354bdc6c602e3f781fd2
SHA256 39a2e605abb79c556d5538b3fc5331912739fe976cd1b7ea3df328177a5a0e5b
SHA512 611933297deda73c68fcd78e2a6c7e3069452f8d262b336e46c0d7ecae67b99f38e8e73f2415851d57e9bedcb036e864c3768e29e07f93ebec3ee6d42067dcbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 49bd7a8dec4cbd59027618f9e8f0679a
SHA1 b8089ebc352c480368bdf11d1b0e5939ccc4a4a3
SHA256 7bb67061777dfb68ab31449620506a11c8e05d1916c778b191b775a785c5188e
SHA512 f93d05721c80047452d8e407e76f729d173b5b330f20ed4d5faeacddc0947758bbce85edacaa2225d4f52d1da13e8fabe492ae5b23d1b13b2ce0bf0f6e158350

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\07a42ab3-27e1-4b52-936f-fcd06ea958e5.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0bdd16dc65203c1a3ba78272624f5ec9
SHA1 ab97922b9b11bb6c135220cc6f25268ad4df5e98
SHA256 bf3ce938badde45eef6bfa33dd35e767dc53748f47e53679ab3c0872928bd6bd
SHA512 d639e62a5a8465f75bea180eb28643372bf4e1dcda4a23a52ae9babc008c4a44f5a7338716535471bd0485a19b49a63a385d07ed0d067c750c73b93e1c76034d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9a6c071bc05a2098b1ba14ded40f191d
SHA1 03fc0285947fbf4e788643945814c6df6ea76676
SHA256 48395be0da321defe3a99ef96eb4efa5902d48a39a8f29b37a0e313f937076fa
SHA512 3aab43c123089512ce4b0eeaf5d1af6ee4a0cfd7860cda70822bcddbb571849e77b402e6cd4d70b512628137ba06911c8a6b1faa0af07fd56d075e24e2b053fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4d55ca0473246094c005f78dac587adf
SHA1 2e652513819f80d816723fe3af8792a675cc2d41
SHA256 c9e338eaced43963427bb55e1a2a5fa81af4c42ad8f25ed03b469b6d7d06f6e2
SHA512 e121270d58f986f9e379fd20a14b1519e712fa6a5dff9ecc9c397c7bececb62cfca4d8bbc57cd8b7e81f99acd0ece7695e89be52cb54667b878fee68e073ec4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bd5d1e8ce08802f91cea0ef4c5f306f9
SHA1 c82ab1ad43247cfed8f239b5358ada37f5e940b5
SHA256 75af1ef07393dd2a945d5591b48b8232f75b4a66e4d23a52d2252f250df16901
SHA512 53247c5128d1ce764a16f78bdccf74af90b0cfc4764dfcb557712bdbd0c3086c7a6db2ef7f192872f0f5dff16c398079400fece488df7aad9ac71f39902abdd5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2391834fcb3ae0b262d6f8d71b1c4fa5
SHA1 3489cf74601d0beddf645597334def69235b9be1
SHA256 3daa2cdd195de1b60b62784f1594b24022c1835529f1f48b25c27243d939e857
SHA512 f3ed04d8b3d26e6c26683d7ad855be3a272a2faba149aacd2435cba1a44cbbbbce4d2410998eb0d55aa88add48289e2f3d059a9e8a9ba3663052400227d16053

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1337f64171284be5c3745351e85083eb
SHA1 4457eb86baa61cd8d1aace140377ac514853bb0e
SHA256 3be4854a77bbfc3e7ac3bac646ae2ee94f2513463dc09bbae3405b69eb805966
SHA512 0550a2a2a6d5b02700dce3873ea3ce0f358c39b3e524cce819f64ef2a367ad70baa688bcb07cec9ffcd2ebd36df63c46d82deb2c3e8fba1f6c36dfa275db9260

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 9441685a8711303e478939320357f20f
SHA1 85d36dc420b4950dde0869998955aa11958d1e95
SHA256 b94c505f875b895acb5d1f05b12b776079e10a38d32c27d09bb40a07eb213c38
SHA512 6735578e68f8f4902deb85edba8aba7dfb07cd53884bc545cb96ceac27b3ea5d0faafcfdd03068c582b739f450fd400bbfbb5837840e25e06d6744bb9b72f49e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c01c08bc7678c5bbf194e33d70fe72fa
SHA1 23b5641400fdf43536c6840812e6ded70622b27e
SHA256 b21363a6c12ee2d31f64691d0f50fa6d1e1a98fddc3605fd3c73e8316eeac4fc
SHA512 c5b1e5e0462272d53d7ccfb60b7c61628f85add4e6b9df681ebf50f8e8ad377bc7093361cd8213664249419a8c56a7ae6cffc7b3d434231756209e33fe9d8b36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b9eff21228adf28bd15c90199220f056
SHA1 26da63f19a58aa87fa209b17d3223c036a30d326
SHA256 879e8a4f990a48af444f5863e168a18266d19904f7ee13ccefc89831762f07b0
SHA512 8fd117a46a72b6d93e79501543713ea030d7d6677895e6c78ab2e20f32412e0dd4f8b230204c94bf3ef53fdb2f12d1c3b417b2c3b988045d3dfbd874d403e80f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 abad955dcfd160449e3e1b325f788d80
SHA1 51e034e447f30aaf58789b3e84234570149d808e
SHA256 6c8f9e3389c65e1dbdda792ee3bc0dd52ece28551721480b95cf87470da51267
SHA512 13dc9187168b6a28843f1257ddfdbcabb3eba1352904a12a9b30fa1266bad64bf240bee6c18e8ac53fdc84617f0bd6508c94816d2fe03a09883590989e29ac58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fcb7d7f3c6b4f0f1e4120333b801f9d0
SHA1 e7aad8a38206cb86273ed15cd5be3b07068f97dc
SHA256 9512a0ff6d3c41570e535e0490bda9ed435dbaa160c93fc046a7537a3961eda8
SHA512 234754ef399b25023a4daa0c353ee75f82666f270b74c92113bc6f658e45c2b25c7f0cc4186c034d6f765d1172ee07533ad3980d746c800e18f9a4258acc6c64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6c490f9d1b63719a994de82ee0a0e6c1
SHA1 7fe472e33d37050d05a0f546d3022f47ca677811
SHA256 f8415a86b04cd7eab8e48d53a5908506ab98754e916c38e8c1ea984ac79eb85c
SHA512 4001df77b1f3f60794f25c73fd3d8b23d1bcced19811136dbafb15396747de3f113c7e241a0acf03fde5de870b62c41b1bfa02869bea68d70d56961f02b0b448

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8b1f44eb5f19ab5b948b5064ef724df5
SHA1 9fd3b380da21612cef1232c794c60f282c4df985
SHA256 4c9fee3099f9978b9369aab01aeac140fcad496190a67ba15114e728898fc4c2
SHA512 61025f5fe1f8b404c399db390dae94bc7ae7c7c028eadd06c9f1f76a7d9c8d5ce5b7a39ba48bce52ed3658b27e2895d00c7abb76e3343bb3badc0fd833273b63