lumma | hxxps://roblox[.]com

Analysis

max time kernel
491s
max time network
1060s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://roblox.com

Score

10^/10

lumma bootkit persistence stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

krnl_bootstrapper.exeMEMZ-Destructive.exeMEMZ-Destructive.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	krnl_bootstrapper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	MEMZ-Destructive.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	MEMZ-Destructive.exe

Executes dropped EXE 14 IoCs

Processes:

MEMZ-Clean.exeMEMZ-Clean.exeMEMZ.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exekrnl_bootstrapper.exe7za.exe7za.exekrnlss.exe

pid	process
5876	MEMZ-Clean.exe
5224	MEMZ-Clean.exe
5324	MEMZ.exe
5328	MEMZ-Destructive.exe
2168	MEMZ-Destructive.exe
4828	MEMZ-Destructive.exe
3760	MEMZ-Destructive.exe
5348	MEMZ-Destructive.exe
5668	MEMZ-Destructive.exe
456	MEMZ-Destructive.exe
4176	krnl_bootstrapper.exe
5420	7za.exe
3248	7za.exe
6712	krnlss.exe

Loads dropped DLL 24 IoCs

Processes:

krnlss.exe

pid	process
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe
6712	krnlss.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ-Destructive.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ-Destructive.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid pid_target process target process

10084 9768 WerFault.exe msedge.exe
7176 9892 WerFault.exe msedge.exe
9388 5348 WerFault.exe MEMZ-Destructive.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ-Destructive.exe

pid	pid_target	process	target process
10084	9768	WerFault.exe	msedge.exe
7176	9892	WerFault.exe	msedge.exe
9388	5348	WerFault.exe	MEMZ-Destructive.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Taskmgr.exetaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEIEXPLORE.EXEexplorer.exeiexplore.exeiexplore.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "56"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "21"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31024270"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50d425e78e64d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "56"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3770504612"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3720384425"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3720384425"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31024270"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "21"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "54"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "110"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31024270"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000eb827cf93ddd146af8365c0e3ca1302000000000200000000001066000000010000200000003d36a3a29c3a491654a0a05d5589fcc3461b980c6989c5f06b8e1137021df949000000000e8000000002000020000000e4bd079aebc1a4842cd9b140dafb23a5e20549ec6fe411f6ba750c38b56b789e20000000250aea30e92574d9a7282f2104bb758b2fc0d16ad8b15412fa60701a2feba7bd40000000f41d2bef17597abfbb39e5b6fcb0f676122746566822e01373208486da10425910c170288fc5a79b83c266793c8786d954377bced717f5a1ca5298f2c1d73fef	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "387114222"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "110"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000eb827cf93ddd146af8365c0e3ca13020000000002000000000010660000000100002000000081397aa12fe77f3bd77722415289076f2415d4c3a0cf89618ff6b010eba65bdf000000000e800000000200002000000055da13e6d9238276254ded5f9ac7eae848599924645986b42aa8aebb43f3d344200000003d6ab72a5521be8541813c3c4469eb9a08c35b8b997305e34a27ab99fe575c3b40000000de8dd9f8649d99fbd69f05a87194795aa7c4e190e20511cd9d284b83a8712a55349583f3aeabf712a2a9591ab19a75ff1e81bfa3c8d6977ba2471e48b78dfdaa	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "54"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "54"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a00f13e78e64d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{080A0A2E-D082-11ED-BDA1-5603A1288413} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "110"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "56"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "21"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE

Modifies registry class 64 IoCs

Processes:

krnl_bootstrapper.exeexplorer.execalc.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	krnl_bootstrapper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874385"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Rev = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "6"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:PID = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByDirection = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe

NTFS ADS 2 IoCs

Processes:

firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\MEMZ.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\krnl_bootstrapper.exe:Zone.Identifier	firefox.exe

Runs regedit.exe 1 IoCs

Processes:

regedit.exe

pid process

6236 regedit.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

explorer.exe

pid process

5444 explorer.exe

pid	process
6236	regedit.exe

pid	process
5444	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exe

pid	process
2168	MEMZ-Destructive.exe
2168	MEMZ-Destructive.exe
4828	MEMZ-Destructive.exe
4828	MEMZ-Destructive.exe
2168	MEMZ-Destructive.exe
2168	MEMZ-Destructive.exe
4828	MEMZ-Destructive.exe
4828	MEMZ-Destructive.exe
5348	MEMZ-Destructive.exe
3760	MEMZ-Destructive.exe
5348	MEMZ-Destructive.exe
3760	MEMZ-Destructive.exe
2168	MEMZ-Destructive.exe
2168	MEMZ-Destructive.exe
3760	MEMZ-Destructive.exe
5348	MEMZ-Destructive.exe
3760	MEMZ-Destructive.exe
5348	MEMZ-Destructive.exe
5668	MEMZ-Destructive.exe
4828	MEMZ-Destructive.exe
5668	MEMZ-Destructive.exe
4828	MEMZ-Destructive.exe
2168	MEMZ-Destructive.exe
2168	MEMZ-Destructive.exe
3760	MEMZ-Destructive.exe
3760	MEMZ-Destructive.exe
2168	MEMZ-Destructive.exe
3760	MEMZ-Destructive.exe
2168	MEMZ-Destructive.exe
3760	MEMZ-Destructive.exe
5668	MEMZ-Destructive.exe
4828	MEMZ-Destructive.exe
5668	MEMZ-Destructive.exe
4828	MEMZ-Destructive.exe
5348	MEMZ-Destructive.exe
5348	MEMZ-Destructive.exe
2168	MEMZ-Destructive.exe
3760	MEMZ-Destructive.exe
2168	MEMZ-Destructive.exe
3760	MEMZ-Destructive.exe
2168	MEMZ-Destructive.exe
3760	MEMZ-Destructive.exe
2168	MEMZ-Destructive.exe
3760	MEMZ-Destructive.exe
5348	MEMZ-Destructive.exe
4828	MEMZ-Destructive.exe
5348	MEMZ-Destructive.exe
4828	MEMZ-Destructive.exe
5668	MEMZ-Destructive.exe
5668	MEMZ-Destructive.exe
5668	MEMZ-Destructive.exe
4828	MEMZ-Destructive.exe
5668	MEMZ-Destructive.exe
4828	MEMZ-Destructive.exe
5348	MEMZ-Destructive.exe
5348	MEMZ-Destructive.exe
3760	MEMZ-Destructive.exe
3760	MEMZ-Destructive.exe
2168	MEMZ-Destructive.exe
2168	MEMZ-Destructive.exe
2168	MEMZ-Destructive.exe
3760	MEMZ-Destructive.exe
2168	MEMZ-Destructive.exe
3760	MEMZ-Destructive.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

Taskmgr.exeOpenWith.exe

pid process

2464 Taskmgr.exe
6560 OpenWith.exe

pid	process
2464	Taskmgr.exe
6560	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
6208	msedge.exe
6208	msedge.exe
6208	msedge.exe
5188	msedge.exe
5188	msedge.exe
5188	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe

Suspicious use of AdjustPrivilegeToken 41 IoCs

Processes:

firefox.exeAUDIODG.EXE7zG.exe7zG.exetaskmgr.exeTaskmgr.exekrnl_bootstrapper.exe7za.exe7za.exekrnlss.exeexplorer.exewordpad.exe

description	pid	process
Token: SeDebugPrivilege	2220	firefox.exe
Token: SeDebugPrivilege	2220	firefox.exe
Token: 33	5488	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5488	AUDIODG.EXE
Token: SeDebugPrivilege	2220	firefox.exe
Token: SeRestorePrivilege	2668	7zG.exe
Token: 35	2668	7zG.exe
Token: SeSecurityPrivilege	2668	7zG.exe
Token: SeSecurityPrivilege	2668	7zG.exe
Token: SeRestorePrivilege	1700	7zG.exe
Token: 35	1700	7zG.exe
Token: SeSecurityPrivilege	1700	7zG.exe
Token: SeSecurityPrivilege	1700	7zG.exe
Token: SeDebugPrivilege	2220	firefox.exe
Token: SeDebugPrivilege	2220	firefox.exe
Token: SeDebugPrivilege	2220	firefox.exe
Token: SeDebugPrivilege	1160	taskmgr.exe
Token: SeSystemProfilePrivilege	1160	taskmgr.exe
Token: SeCreateGlobalPrivilege	1160	taskmgr.exe
Token: 33	1160	taskmgr.exe
Token: SeIncBasePriorityPrivilege	1160	taskmgr.exe
Token: SeDebugPrivilege	2464	Taskmgr.exe
Token: SeSystemProfilePrivilege	2464	Taskmgr.exe
Token: SeCreateGlobalPrivilege	2464	Taskmgr.exe
Token: SeDebugPrivilege	2220	firefox.exe
Token: SeDebugPrivilege	4176	krnl_bootstrapper.exe
Token: SeRestorePrivilege	5420	7za.exe
Token: 35	5420	7za.exe
Token: SeSecurityPrivilege	5420	7za.exe
Token: SeSecurityPrivilege	5420	7za.exe
Token: SeRestorePrivilege	3248	7za.exe
Token: 35	3248	7za.exe
Token: SeSecurityPrivilege	3248	7za.exe
Token: SeSecurityPrivilege	3248	7za.exe
Token: SeDebugPrivilege	6712	krnlss.exe
Token: SeShutdownPrivilege	5444	explorer.exe
Token: SeCreatePagefilePrivilege	5444	explorer.exe
Token: SeShutdownPrivilege	5444	explorer.exe
Token: SeCreatePagefilePrivilege	5444	explorer.exe
Token: 33	2464	wordpad.exe
Token: SeIncBasePriorityPrivilege	2464	wordpad.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

iexplore.exefirefox.exe7zG.execscript.exe7zG.exenotepad.exetaskmgr.exeTaskmgr.exe

pid	process
3980	iexplore.exe
2220	firefox.exe
2220	firefox.exe
2220	firefox.exe
2220	firefox.exe
2668	7zG.exe
1096	cscript.exe
1700	7zG.exe
3980	iexplore.exe
712	notepad.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exetaskmgr.exeTaskmgr.exe

pid	process
2220	firefox.exe
2220	firefox.exe
2220	firefox.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
1160	taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe
2464	Taskmgr.exe

Suspicious use of SetWindowsHookEx 39 IoCs

Processes:

iexplore.exeIEXPLORE.EXEfirefox.exeIEXPLORE.EXEMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeOpenWith.exeexplorer.exewordpad.exe

pid	process
3980	iexplore.exe
3980	iexplore.exe
4500	IEXPLORE.EXE
4500	IEXPLORE.EXE
2220	firefox.exe
2220	firefox.exe
2220	firefox.exe
2220	firefox.exe
3980	iexplore.exe
3980	iexplore.exe
3752	IEXPLORE.EXE
3752	IEXPLORE.EXE
5328	MEMZ-Destructive.exe
2168	MEMZ-Destructive.exe
4828	MEMZ-Destructive.exe
3760	MEMZ-Destructive.exe
5348	MEMZ-Destructive.exe
5668	MEMZ-Destructive.exe
456	MEMZ-Destructive.exe
2220	firefox.exe
2220	firefox.exe
2220	firefox.exe
2220	firefox.exe
2220	firefox.exe
2220	firefox.exe
456	MEMZ-Destructive.exe
6560	OpenWith.exe
5444	explorer.exe
456	MEMZ-Destructive.exe
456	MEMZ-Destructive.exe
456	MEMZ-Destructive.exe
456	MEMZ-Destructive.exe
2464	wordpad.exe
2464	wordpad.exe
2464	wordpad.exe
2464	wordpad.exe
2464	wordpad.exe
2464	wordpad.exe
456	MEMZ-Destructive.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exefirefox.exefirefox.exe

description	pid	process	target process
PID 3980 wrote to memory of 4500	3980	iexplore.exe	IEXPLORE.EXE
PID 3980 wrote to memory of 4500	3980	iexplore.exe	IEXPLORE.EXE
PID 3980 wrote to memory of 4500	3980	iexplore.exe	IEXPLORE.EXE
PID 1396 wrote to memory of 2220	1396	firefox.exe	firefox.exe
PID 1396 wrote to memory of 2220	1396	firefox.exe	firefox.exe
PID 1396 wrote to memory of 2220	1396	firefox.exe	firefox.exe
PID 1396 wrote to memory of 2220	1396	firefox.exe	firefox.exe
PID 1396 wrote to memory of 2220	1396	firefox.exe	firefox.exe
PID 1396 wrote to memory of 2220	1396	firefox.exe	firefox.exe
PID 1396 wrote to memory of 2220	1396	firefox.exe	firefox.exe
PID 1396 wrote to memory of 2220	1396	firefox.exe	firefox.exe
PID 1396 wrote to memory of 2220	1396	firefox.exe	firefox.exe
PID 1396 wrote to memory of 2220	1396	firefox.exe	firefox.exe
PID 1396 wrote to memory of 2220	1396	firefox.exe	firefox.exe
PID 2220 wrote to memory of 2808	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 2808	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe
PID 2220 wrote to memory of 4788	2220	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://roblox.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3980

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3980 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4500

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3980 CREDAT:82950 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3752

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1396

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.0.636969867\389644584" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20812 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9d50860-ec65-40d2-a396-6afbfbff868a} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 1924 1f0c81eb458 gpu
3⤵
PID:2808

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.1.137447956\1296491426" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20848 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80c710d1-de31-4f53-801c-b8f173c1610e} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 2316 1f0bb271f58 socket
3⤵
- Checks processor information in registry
PID:4788

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.2.1724621000\1154897607" -childID 1 -isForBrowser -prefsHandle 2824 -prefMapHandle 2804 -prefsLen 20931 -prefMapSize 232645 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8000d7c4-39af-4c30-b0fa-3a7f3717f52a} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 2876 1f0c816a258 tab
3⤵
PID:5108

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.3.759546767\1670500172" -childID 2 -isForBrowser -prefsHandle 1440 -prefMapHandle 2480 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76e39c81-29d3-4d1d-b0e6-00b124899f8b} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 1164 1f0bb272858 tab
3⤵
PID:5072

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.4.61997055\1892850407" -childID 3 -isForBrowser -prefsHandle 3828 -prefMapHandle 3824 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a1cef6d-7b7a-46fc-ab5c-71ba4947dec6} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 3840 1f0cd173d58 tab
3⤵
PID:3888

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.7.137957662\1093013397" -childID 6 -isForBrowser -prefsHandle 5260 -prefMapHandle 5268 -prefsLen 26579 -prefMapSize 232645 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {921c0a63-bc08-413d-8ec0-f7082643928d} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 5164 1f0ce32d958 tab
3⤵
PID:3288

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.6.359863814\1648574328" -childID 5 -isForBrowser -prefsHandle 4904 -prefMapHandle 4864 -prefsLen 26579 -prefMapSize 232645 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc78dfd1-40c1-48ea-8d48-15efb6351bfb} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 4932 1f0cdf6a658 tab
3⤵
PID:4980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.5.481296665\1976043044" -childID 4 -isForBrowser -prefsHandle 4868 -prefMapHandle 2956 -prefsLen 26579 -prefMapSize 232645 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4296c483-520d-4256-81e5-38d83c26c8f3} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 4916 1f0ca7ce258 tab
3⤵
PID:4088

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.8.1632952630\1971366777" -childID 7 -isForBrowser -prefsHandle 5748 -prefMapHandle 5752 -prefsLen 26579 -prefMapSize 232645 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a512252-ded5-43fd-ac61-b55080a234dc} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 5692 1f0ca7cd058 tab
3⤵
PID:5152

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.9.1169856283\1167605381" -childID 8 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 26771 -prefMapSize 232645 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba3b2a2d-0d04-4041-ad78-c8f81719a1cb} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 3560 1f0d027d258 tab
3⤵
PID:5728

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.10.1743685345\1160044128" -parentBuildID 20221007134813 -prefsHandle 3588 -prefMapHandle 3616 -prefsLen 26771 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be5e6cd7-e19c-49a7-9daf-4f04626b6e53} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 3564 1f0cc8ece58 rdd
3⤵
PID:5820

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.12.844229795\880681253" -childID 9 -isForBrowser -prefsHandle 6212 -prefMapHandle 6208 -prefsLen 26771 -prefMapSize 232645 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7035ee8e-9451-4569-a026-f911a2eb19b0} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 3624 1f0d029cf58 tab
3⤵
PID:5748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.11.907106972\1004958642" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6172 -prefMapHandle 4512 -prefsLen 26771 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22130ed5-60b1-4210-8863-4d512f152e38} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 4808 1f0d029c058 utility
3⤵
PID:5736

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.13.246160612\1151892749" -childID 10 -isForBrowser -prefsHandle 6316 -prefMapHandle 3256 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66ad77ce-0223-4167-a16d-4ddad57ddd5b} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 6404 1f0cf56db58 tab
3⤵
PID:5596

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.14.530138535\1481896468" -childID 11 -isForBrowser -prefsHandle 6512 -prefMapHandle 6516 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3964caad-1773-4f52-b00f-65808e9936bd} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 6504 1f0cf56e458 tab
3⤵
PID:2120

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.15.1687593166\1731591825" -childID 12 -isForBrowser -prefsHandle 7804 -prefMapHandle 3472 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e7e6b7e-8b1c-4a06-8c2b-c32a01adb7f4} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 7796 1f0d013db58 tab
3⤵
PID:4060

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.16.2092021948\1032158502" -childID 13 -isForBrowser -prefsHandle 4472 -prefMapHandle 4468 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb35df65-9771-49aa-adb8-078015ea98ce} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 10328 1f0d0aeb658 tab
3⤵
PID:5076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.17.1843123343\1968157309" -childID 14 -isForBrowser -prefsHandle 3508 -prefMapHandle 9876 -prefsLen 27221 -prefMapSize 232645 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {069c00db-4519-4027-af53-1bc3d4ad119a} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 5088 1f0cc8ef258 tab
3⤵
PID:5524

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.18.1709033828\1138154747" -childID 15 -isForBrowser -prefsHandle 6708 -prefMapHandle 6484 -prefsLen 27221 -prefMapSize 232645 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {170e70a0-cd9b-4fc9-90aa-634c198dea35} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 4508 1f0d01df058 tab
3⤵
PID:2012

C:\Users\Admin\Downloads\krnl_bootstrapper.exe
"C:\Users\Admin\Downloads\krnl_bootstrapper.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4176

C:\Users\Admin\Downloads\krnl\7za.exe
"C:\Users\Admin\Downloads\krnl\7za.exe" x "C:\Users\Admin\Downloads\krnl\bin\Monaco.zip" -o"C:\Users\Admin\Downloads\krnl\bin" -aoa -bsp1
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5420

C:\Users\Admin\Downloads\krnl\7za.exe
"C:\Users\Admin\Downloads\krnl\7za.exe" x "C:\Users\Admin\Downloads\krnl\bin\src.7z" -o"C:\Users\Admin\Downloads\krnl\bin" -aoa -bsp1
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3248

C:\Users\Admin\Downloads\krnl\krnlss.exe
"C:\Users\Admin\Downloads\krnl\krnlss.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:6712

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.19.1622383237\37831683" -childID 16 -isForBrowser -prefsHandle 6688 -prefMapHandle 9416 -prefsLen 27230 -prefMapSize 232645 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3359f9d-948b-4a5a-9aec-50c2fbe37caa} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 3608 1f0d0776858 tab
3⤵
PID:6848

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x414 0x2fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5488

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1880

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MEMZ\" -spe -an -ai#7zMap2205:70:7zEvent9785
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2668

C:\Users\Admin\Downloads\MEMZ\MEMZ-Clean.exe
"C:\Users\Admin\Downloads\MEMZ\MEMZ-Clean.exe"
1⤵
- Executes dropped EXE
PID:5876

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\MEMZ\MEMZ-Clean.bat" "
1⤵
PID:4188

C:\Windows\system32\cscript.exe
cscript x.js
2⤵
- Suspicious use of FindShellTrayWindow
PID:1096

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe"
2⤵
- Executes dropped EXE
PID:5324

C:\Users\Admin\Downloads\MEMZ\MEMZ-Clean.exe
"C:\Users\Admin\Downloads\MEMZ\MEMZ-Clean.exe"
1⤵
- Executes dropped EXE
PID:5224

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MEMZ\z\" -spe -an -ai#7zMap31307:74:7zEvent26764
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1700

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
PID:4256

C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe
"C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5328

C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe
"C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe" /watchdog
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2168

C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe
"C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe" /watchdog
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4828

C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe
"C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe" /watchdog
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3760

C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe
"C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe" /watchdog
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 720
3⤵
- Program crash
PID:9388

C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe
"C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe" /watchdog
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5668

C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe
"C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe" /main
2⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:456

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
- Suspicious use of FindShellTrayWindow
PID:712

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
3⤵
PID:1952

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
3⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:1968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,15923353459791410292,15547723006898313583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
4⤵
PID:5344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,15923353459791410292,15547723006898313583,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
4⤵
PID:5496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,15923353459791410292,15547723006898313583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
4⤵
PID:5384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15923353459791410292,15547723006898313583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
4⤵
PID:2164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15923353459791410292,15547723006898313583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
4⤵
PID:2256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15923353459791410292,15547723006898313583,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
4⤵
PID:6312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15923353459791410292,15547723006898313583,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
4⤵
PID:6732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15923353459791410292,15547723006898313583,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
4⤵
PID:7128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15923353459791410292,15547723006898313583,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
4⤵
PID:824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
3⤵
PID:7020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:6208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:1880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,16581704281036118616,8777098481362290564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
4⤵
PID:6468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,16581704281036118616,8777098481362290564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
4⤵
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,16581704281036118616,8777098481362290564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
4⤵
PID:2860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16581704281036118616,8777098481362290564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
4⤵
PID:6628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16581704281036118616,8777098481362290564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
4⤵
PID:6744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16581704281036118616,8777098481362290564,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
4⤵
PID:5260

C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
3⤵
PID:5384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:6192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7529796551000261287,11578839100048066157,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
4⤵
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,7529796551000261287,11578839100048066157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
4⤵
PID:5572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,7529796551000261287,11578839100048066157,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
4⤵
PID:4528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7529796551000261287,11578839100048066157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
4⤵
PID:5888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7529796551000261287,11578839100048066157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
4⤵
PID:3516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7529796551000261287,11578839100048066157,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
4⤵
PID:5436

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7529796551000261287,11578839100048066157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
4⤵
PID:3612

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7529796551000261287,11578839100048066157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
4⤵
PID:5124

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
3⤵
- Modifies registry class
PID:3168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:6376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,7399701344639716521,7365992106216180578,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
4⤵
PID:4136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7399701344639716521,7365992106216180578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:1
4⤵
PID:648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7399701344639716521,7365992106216180578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
4⤵
PID:3048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,7399701344639716521,7365992106216180578,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
4⤵
PID:4476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,7399701344639716521,7365992106216180578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
4⤵
PID:2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7399701344639716521,7365992106216180578,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
4⤵
PID:6008

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,7399701344639716521,7365992106216180578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
4⤵
PID:2276

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,7399701344639716521,7365992106216180578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
4⤵
PID:6592

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
3⤵
PID:852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:6508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=fallback-handler --database="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --exception-pointers=117690696908800 --process=212 /prefetch:7 --thread=5164
5⤵
PID:8884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
4⤵
PID:6716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 /prefetch:2
4⤵
PID:2068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
4⤵
PID:5664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
4⤵
PID:2024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
4⤵
PID:4132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
4⤵
PID:5468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
4⤵
PID:3876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
4⤵
PID:3812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
4⤵
PID:3600

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
4⤵
PID:6880

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
4⤵
PID:4352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
4⤵
PID:4772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
4⤵
PID:5848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
4⤵
PID:1592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
4⤵
PID:6984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
4⤵
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
4⤵
PID:6112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
4⤵
PID:7136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
4⤵
PID:5108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
4⤵
PID:1200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
4⤵
PID:5916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
4⤵
PID:6440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
4⤵
PID:4756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
4⤵
PID:6388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
4⤵
PID:5872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
4⤵
PID:3432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6540 /prefetch:2
4⤵
PID:5588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
4⤵
PID:4932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
4⤵
PID:5460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1
4⤵
PID:1808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1
4⤵
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
4⤵
PID:5808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
4⤵
PID:5360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1
4⤵
PID:1392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
4⤵
PID:4664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
4⤵
PID:2976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
4⤵
PID:4120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
4⤵
PID:2488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
4⤵
PID:6500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:1
4⤵
PID:2524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
4⤵
PID:6316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1
4⤵
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
4⤵
PID:3336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8224 /prefetch:1
4⤵
PID:5232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8380 /prefetch:1
4⤵
PID:3640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
4⤵
PID:5924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
4⤵
PID:6360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8600 /prefetch:1
4⤵
PID:2796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
4⤵
PID:3264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9016 /prefetch:1
4⤵
PID:1684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8352 /prefetch:1
4⤵
PID:5224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8896 /prefetch:1
4⤵
PID:4984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8660 /prefetch:1
4⤵
PID:5792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9020 /prefetch:1
4⤵
PID:6984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9248 /prefetch:1
4⤵
PID:4220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9284 /prefetch:1
4⤵
PID:3112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9408 /prefetch:1
4⤵
PID:3396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9464 /prefetch:1
4⤵
PID:4680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9268 /prefetch:1
4⤵
PID:2140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9060 /prefetch:1
4⤵
PID:2928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
4⤵
PID:6372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9516 /prefetch:1
4⤵
PID:492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9428 /prefetch:1
4⤵
PID:5156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9624 /prefetch:1
4⤵
PID:4756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1
4⤵
PID:4832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10256 /prefetch:1
4⤵
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9956 /prefetch:1
4⤵
PID:6960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8592 /prefetch:1
4⤵
PID:5144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10584 /prefetch:1
4⤵
PID:7752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10860 /prefetch:1
4⤵
PID:7892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9908 /prefetch:1
4⤵
PID:7616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11032 /prefetch:1
4⤵
PID:7880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11128 /prefetch:1
4⤵
PID:7996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9016 /prefetch:1
4⤵
PID:7452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10308 /prefetch:1
4⤵
PID:2280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10504 /prefetch:1
4⤵
PID:3788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9824 /prefetch:1
4⤵
PID:6424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10900 /prefetch:1
4⤵
PID:8028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11576 /prefetch:1
4⤵
PID:7588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11112 /prefetch:1
4⤵
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10348 /prefetch:1
4⤵
PID:6900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10608 /prefetch:1
4⤵
PID:3476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10100 /prefetch:1
4⤵
PID:8340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1
4⤵
PID:9200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12152 /prefetch:1
4⤵
PID:8632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12284 /prefetch:1
4⤵
PID:7276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12532 /prefetch:1
4⤵
PID:8824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9820 /prefetch:1
4⤵
PID:8904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12708 /prefetch:1
4⤵
PID:6984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12368 /prefetch:1
4⤵
PID:8772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12416 /prefetch:1
4⤵
PID:2876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13012 /prefetch:1
4⤵
PID:8960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12100 /prefetch:1
4⤵
PID:9148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13168 /prefetch:1
4⤵
PID:8348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9152 /prefetch:1
4⤵
PID:2572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13276 /prefetch:1
4⤵
PID:7696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11960 /prefetch:1
4⤵
PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12344 /prefetch:1
4⤵
PID:5568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=13700 /prefetch:8
4⤵
PID:9436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13008 /prefetch:1
4⤵
PID:9532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12328 /prefetch:1
4⤵
PID:9448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12120 /prefetch:1
4⤵
PID:9444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13732 /prefetch:1
4⤵
PID:9472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13664 /prefetch:1
4⤵
PID:9452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13756 /prefetch:1
4⤵
PID:9384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13768 /prefetch:1
4⤵
PID:9392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12924 /prefetch:1
4⤵
PID:9628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14228 /prefetch:1
4⤵
PID:9860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13920 /prefetch:1
4⤵
PID:9880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10868 /prefetch:1
4⤵
PID:9892

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 9892 -s 220
5⤵
- Program crash
PID:7176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13892 /prefetch:1
4⤵
PID:9876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13812 /prefetch:1
4⤵
PID:9692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13836 /prefetch:1
4⤵
PID:9840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13880 /prefetch:1
4⤵
PID:9832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10908 /prefetch:1
4⤵
PID:9828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12940 /prefetch:1
4⤵
PID:9736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12868 /prefetch:1
4⤵
PID:9640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13212 /prefetch:1
4⤵
PID:9768

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 9768 -s 228
5⤵
- Program crash
PID:10084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9152 /prefetch:1
4⤵
PID:9772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13844 /prefetch:1
4⤵
PID:9820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
4⤵
PID:9728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2308,4958633130931398014,7964228412084052803,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
4⤵
PID:9720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
3⤵
PID:2300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:6044

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
3⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
4⤵
PID:6812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
3⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
3⤵
PID:4048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:2188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
3⤵
PID:3180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
3⤵
PID:6756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:3984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
3⤵
PID:6504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:1176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
3⤵
PID:7148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:6116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
3⤵
PID:3836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:6576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
3⤵
PID:3716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:6676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
3⤵
PID:5404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0xf8,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:6100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
3⤵
PID:5592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:5360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
3⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:6788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
3⤵
PID:6916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xc4,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:6720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
3⤵
PID:2816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:4396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
3⤵
PID:5432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:5076

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
3⤵
- Runs regedit.exe
PID:6236

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
3⤵
PID:700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
3⤵
PID:1092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:6852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
3⤵
PID:5344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:4584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
3⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:3356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
3⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x80,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:2756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
3⤵
PID:5564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:2508

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
3⤵
PID:6492

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
3⤵
PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
3⤵
PID:3728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:5888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
3⤵
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
3⤵
PID:6800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
3⤵
PID:3380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:4472

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
3⤵
PID:976

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
3⤵
PID:7808

C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
4⤵
PID:7848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
3⤵
PID:7656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:7680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
3⤵
PID:5324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:7612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
3⤵
PID:5308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:8076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
3⤵
PID:5920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:7576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
3⤵
PID:2352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:7252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
3⤵
PID:7228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:5824

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
3⤵
PID:3864

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
3⤵
PID:6768

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
4⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
3⤵
PID:7348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:6908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
3⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:8104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
3⤵
PID:8560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:8572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
3⤵
PID:6040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:8040

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
3⤵
PID:9052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
3⤵
PID:8548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:8628

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
3⤵
PID:9084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
3⤵
PID:8952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:9184

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
3⤵
PID:6344

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
4⤵
PID:9212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
3⤵
PID:5292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:8108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
3⤵
PID:8980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:7304

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
3⤵
PID:9240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
3⤵
PID:10196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
4⤵
PID:10200

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x120,0x124,0x11c,0x128,0x7ffa85c946f8,0x7ffa85c94708,0x7ffa85c94718
1⤵
PID:7040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6616

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5444

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6556

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5972

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:3688

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:7216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7172

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 456 -p 9768 -ip 9768
1⤵
PID:5112

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 452 -p 388 -ip 388
1⤵
PID:64

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 472 -p 9892 -ip 9892
1⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5348 -ip 5348
1⤵
PID:9820

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:572

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
f38abed7c0362f77808f7e0c5aedc8df

SHA1
05a2c55fb82ad1d549eb808aad79afcad8d435e9

SHA256
8f39ee855dfc4b0a19406c5a3109222cf09fe1abf3a56577e8d0eb29fecc9c20

SHA512
61c03bb4556d0232eb0f2311cbe8391958e8cf7b5c7c111851ec30ea883881a4d853536d05a29e2c19bacda9a4f34434279af7548bde15b9cb2850170e9b0b78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
471B

MD5
bdbbd793778777706223b00a4ea24ed0

SHA1
bf09527cebe8906bfe6aa1e885bc9fb1b3ec54e4

SHA256
8b1034038298faf34d3f580c1ded7212f40d146de7e62cff20826c8b53f80c36

SHA512
7397d981e28bee91dd0e08c3a38444d8524204118548e8db810f5a277cbb08c20a64350063cf36ee4a943edba249f1d0ed350d4cfbc0671461cf27c2534c1f13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
8327fb1dd1ac27af8e5a667bc06761ec

SHA1
ad59d14a6c35ca71bd64aed9e67789803347bf20

SHA256
590efcc6032b9c9c3b70cf19e45d4f8f6e90545c7e746dd21e272cf00a3d9bec

SHA512
33f93dc0813949e2aae6cc8e08f53bbd50c44feb917b0315712a2b1576b3ea0a6d6230cad052638a3b89b311172784c5f020a09d9327ed71160e9890ae4c2d74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
404B

MD5
84024ec6fc6e8422d3a60e94bebd65ad

SHA1
3308c522ddf77eff521607623f0a9643f0c23de2

SHA256
76f81d2db9ec4182aa0c3f5fbe074d592982fcd23347ac69004f696e338da13d

SHA512
db487f35b242fd241c2ff17f36961a3dc4d5e25fbaceab1ce544ff9acca0e9cb64f82ce03202b63cb8a2987862b1ca3412c745f33496056f821d56f7d09e5f6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
dcc7e554a12c227b69df3be325a1f3d6

SHA1
642644e68058ef9b44889df586729bde011d7964

SHA256
ff0ea7a325b31cffe60af760a6efb5b6d084f4db1641b17de252a76e1fe5fbbf

SHA512
c4509e4df10ede39690a1411e11ba839c6122ac7f172b98c6ec501853fc8cc21c0fd51451b1942b06238f488b32d2ff86e87b83230c2d1b869e5b150a0ddb9ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
91fa8f2ee8bf3996b6df4639f7ca34f7

SHA1
221b470deb37961c3ebbcc42a1a63e76fb3fe830

SHA256
e8e0588b16d612fa9d9989d16b729c082b4dd9bfca62564050cdb8ed03dd7068

SHA512
5415cd41f2f3bb5d9c7dadc59e347994444321cf8abe346b08e8c5a3fc6a5adae910eda43b4251ba4e317fbb7696c45dba9fd5e7fa61144c9b947206c7b999c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
65621744863bc73bfc8816ca10cf29ba

SHA1
028b975c9b485e74162bd2692c6b5c5a304b2ac7

SHA256
b0d6a73c6c76b2c9f68dcb709d78f20c8337c97eff1ccd2dc45a5b827ab97d2f

SHA512
badba897706c97d897e1e768bc7aa776f7c4824272985bc83aabc75608312363b7035d71654b2463bb25fbc61eb8529fcdf40791ffd2d1834d638d269c6af836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
65621744863bc73bfc8816ca10cf29ba

SHA1
028b975c9b485e74162bd2692c6b5c5a304b2ac7

SHA256
b0d6a73c6c76b2c9f68dcb709d78f20c8337c97eff1ccd2dc45a5b827ab97d2f

SHA512
badba897706c97d897e1e768bc7aa776f7c4824272985bc83aabc75608312363b7035d71654b2463bb25fbc61eb8529fcdf40791ffd2d1834d638d269c6af836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d9fec3c6376ffeb73a7fd67b7749d8b9

SHA1
ca33e8d8bbb748e023fb021f04069c363a7af92e

SHA256
1c580f63d37cd7693f9ecef47487d10a0f9a825ce43571494d44aa36a9e042f7

SHA512
630072015bc797460fd2b6107acb46a89c3521b1b954fb616b606963b9d22e99eee3a51fbacae90a9c9584fdd250914e04a576dfe113faf4ad1e8a813e9bdcb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
66bbdb83ba9d3a224806415a26efb4c8

SHA1
d4b32fa5ae834c1f53e76e0be1f4f322dc2ddf1f

SHA256
ee703b08b5df5ab3b36f44bd555d9dd41ecfdafa2171242f0eff8fdc47bc240f

SHA512
b5a06d17d7e61a5645488029bb546861ab3e61fd1dcc074a39c0f32a3047d2a5392c7d9f0608f4db4b36f10e774a0c3344dee71c6ff7eb872ca07db4b65a1f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1c6b34b7948d810ad6424ec94e088847

SHA1
58ddfb8981b12837ebc66e124383ce8e97e1cd30

SHA256
60a2fda0c0870c760779a3d437fae5d8551f7332f04ded6af69b22f098518ce3

SHA512
cdbb3391a89b7e5ca8fee8aa68572b2d115cb0d47e3b93e13ea730ecec908724902d1be43cd99c7891c2d1e4b85e2999c8330d2d2b15b89d4b5f1cbcbf33c73f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a2ad88a96e0ec4570632a0fdbfa60e8f

SHA1
0fc57326b47a780412fa5f9b940fdf5da198e701

SHA256
30a5c16f53a582f8eed1d766d1b7e175e6a1803beac9680f656dd4bb9258551e

SHA512
d76fd626c1dd20888409c8447361ed51e3e7481d79cbabf0b8a4693fc269aa54f44e69010310a05dc5a75ebf79a63f18f625c443460f0fd61cbfdae46598e150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
743a84d9a4b20bde67923e8247f14802

SHA1
a8403f62f76c505345d9c2c5618feccf08c2420a

SHA256
9a18b8d11d7698c829fde7deaa5cca3e75fdaea901c7918aaeaf2a2c8003ba48

SHA512
e216dc7ed7ddd7b10a9dd138c3ef6dc654f9692a1c86487ae99abbabf56691b802627d7086b1c6049543a957cb82251ba6e4d8fc95bc24785991ee42e2b1cc23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6fb58871-f5ab-4b6a-91fa-19db19c21fa8.tmp
Filesize
12KB

MD5
1c7fe30214b843b44359059188f0cbf5

SHA1
79b1692cbabe3f1de90ca1a8e49ae4248e432186

SHA256
25cdf8523be8ed1b84db53fd7b26a305052ea8255bf5405d4484be24affc9ec6

SHA512
0dba9a77f982074fd9bc4abfcf6a591e92c0e452bcd430a0a42875804877d9b3bbea94c372eedc490ffd4200437c650e072003bc28c3d836957507953c207ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\77491423-3668-4e66-abbe-85f3ec6b2eda.tmp
Filesize
1KB

MD5
65bfd97a76d73ae9ef5745e7a2fd3210

SHA1
3de3d892a4b7b2165ab0f22f6ff22b6eb82b731b

SHA256
9884382232df865d19fbd04406513e5de8b45c8d4b24bb5438b85115859818a4

SHA512
aaf122b1ba6c4d9867b0ec9c3538c14dfea5b43a708279fc3395c7d2439b46f64f4dbb8400e2d7dae885f07b08bd245a5d1152a3010363ad700537950b9f6235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
64KB

MD5
c4f7300442a8f13dddf5c9bd09128727

SHA1
d7c8a30cdfe9027cca42c45f44d569627112ae6c

SHA256
5decc8ac1f3d26152842e44d1aa103c913711168c968c936bb782fb3cac10155

SHA512
3b6ebaff36af22dcc9ae7a7593657b56f99afb242ebeed50d26a33e1e6b0ff31c98ef576b96cf98c277cafc1050fee40b5d4c3fcd730595be756089a980030cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
69KB

MD5
c13fdc6ec077cbeda4a9bcdd88598746

SHA1
b311a8f5a74f471540e040c6c9d14c5033f0be09

SHA256
1e173c1d33d4b4f74b99bd7a044cc9292b641e5a2c0529870aedb01f90f8deef

SHA512
7f2a6dfe51bbbcc49ab2eb59fd95b081773848f381db261af667dd615e3a5f855f34d403acd6609c8d93150b084e9dcfb835f0fdddb72c69aed393d261f2162a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
Filesize
61KB

MD5
a0efa5ed4d2876e063ebceda6a5ee1a2

SHA1
06c14bce0a9dad23ab9a94cb976c1acaea052743

SHA256
ada73543baaa7b64d16deb817b39b984d7cff5cd624948c5106f9cb1c8af21a7

SHA512
f6898665ac8b7e20b6d613d7409d5e819c5a6af123ac512f9fc72ba135666b4fad18eeb8369c7ea6ab4a7e1a8671c67337c30e90166a2219867a4d6cceb8a9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
Filesize
50KB

MD5
40333c9d07daab8ba8a53f73ee3f974e

SHA1
36c2b17a7c48fc28036534f445b79fca9658f0a4

SHA256
998313664fbeab2403238a77e6c50a4541d20805b30533f67de1a12c624fee54

SHA512
4a893bf97a02f88a3ea7830b5f72eb56295566a2c6ceafa33fd80f74f81edadbb4172f71c0e12e4a06b1e927f9d7b0cc62c5ba070cd50f3f25c8b670a1270de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
Filesize
612KB

MD5
a583b39f19252d5e929044138520b689

SHA1
51fc5bbd8694b72756de25fc60f13151d132ef01

SHA256
0123ffed642c61e4754dc6b590a20af667dc7d0b4262335c8b4c46e562ad3823

SHA512
434f70f7361014f9d2f87de0c29a2c2d1cd240333e99a4a61722404534783210575594c4ab996ec60d682157ffd5b2b87278cfdc9a2fbaf08213c42f1f1e1a8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
Filesize
35KB

MD5
fbf149f3cc52c0e994c22360da1fdc3c

SHA1
71c4a5d6a47d01dcb40c659951b5ce38faf1fef0

SHA256
53e46cc83cf44a5dce1b018be9011952eb7714f2949757cfa2e3efde44112dd0

SHA512
9046410e4bc370c68e98c5c00875469bf667cec7bfb14046df5a8547be292153d3621da4f1bc4ed583b044f739a3e56dd9f0fc70bd79196568aca2949501d1e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
Filesize
20KB

MD5
6e84fa41ccacbbd926e8b19acbad2cfa

SHA1
d3a5df60b967517efbd7ecb5dfaff728a72fd775

SHA256
6b1a707db5ac3a353d5c312f76e3660974a807029d42fabc9f6749b540d85931

SHA512
ea192ceb5849c1392ba86e2f2fb5f16a7a468d93c177f3eadb6192a86fc966f5d4c959f9290aa88016186f5bc4f14737fb043e099d9b04e8343234e15537a614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
Filesize
94KB

MD5
0631877a49db1bc91256755f13db74e1

SHA1
3b9691cf991c75eab4d3168ff4983503e0df397b

SHA256
d5053a9fd35c19f7643f4caced31a893c248c584fcaccfd1cbd63866dea84fc7

SHA512
ccacda7b6afacf69295583a018f5394c047fe7750c53a98e6b01550f23760381b736e2c6f29aa914b1c0fa2fc8318de0dcbdf3f978e5fb2f7f999dd632cbc645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
Filesize
130KB

MD5
8fbddfd85061801b7bc0b46d5c66dfa6

SHA1
f8751bb6b67abb4fc809d60cacd2d013a35dff3e

SHA256
0f613764f6db9fa50ea43ec3167d6b9f83c72d207e607583e9ed33c469a824ef

SHA512
66e0d82c05e37cb2e4f2567fd6a3353cfc0d455b1619a674114c51d93a84f1ebe2503b2edf81c4335dbdcd7a32b208faed70259b5abbca25a48cff9038a09756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
Filesize
240KB

MD5
2b4fce64212782ff9d775bcbdcf444d2

SHA1
04b071055fdd5e69004ec7f1a3f1244a897e3a7e

SHA256
271360768e9d7b025bcd853647d744de28a75f779ea911625da2664dd13646a1

SHA512
00f2e27c65e6958e122b310d6ae372ea028aeda0d980cc64e48ee0ed49ee43902d893aea923502432326f02839119b712e102b67a16ad3a1d804f7573a071567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
Filesize
44KB

MD5
54fbabfa7c1fc5f20c621e0fcf3215e4

SHA1
a52ebf4d7fc1cafe084b27abd4548adb83931617

SHA256
5693560769e2692bd5f6100855183cb9e92a62b612f4d8aecadce7caab2be08d

SHA512
29223184d5ef6e228bf95a106a57a033ce20d712d86b27d46329cd1cc82143736e6f4cbe75912a5c60ba83c62ede71227dcc8ab8ef749e2e9e478209478cb6ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062
Filesize
286KB

MD5
57766bfb7317b38e9056e5b28257ba41

SHA1
f4c2d5edba2216eabbace967a7cff07694c294b4

SHA256
ee1e8b69d9ae160739aa9b9425dd90b06e44fab37782e3e387936a1ba6eac739

SHA512
53a2a59d497e6d3efa05014657fa303a94d8c1b729893589ce803a0dd2c9f896ab7daf39f5d6e915bda2edbfd8e547df6c4962dae3be5ad931d0579ab8560dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f
Filesize
168KB

MD5
0c97ea48b66bd01151fbeb07a09729b8

SHA1
0f499f8ab2842beb586d07a3fe6f3a4805b0640f

SHA256
9c8f74b27a00ae8ad737704a3f5a7202d66571c72515ca32fec23f893e704804

SHA512
b4c7ce24288be2f36d0469c5a18176c257207a7fadf13ba5f80474e3e1f087b1f864b5e7736f0182b0b914d15456d62faf44f2943923eddb85aa6a66de1e7f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070
Filesize
69KB

MD5
20424303284d1b56b718c502c00aa94b

SHA1
5615fd415f310b40aa6a85dbf0056d12357fc139

SHA256
04f2ee2e2d356de3976c2c7f223fd2970263a1804336faeef7d775f701d037c0

SHA512
13fb203706f4be1332080abb8bc0ae85d5cbf4a9921126e5da8175e9493d7720d89c61e429d5f012a244b024317e52f83638d49b37ffcc7e45c86dfea3b73cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072
Filesize
255KB

MD5
ea991fd3f669cdf81b56b57522003dfd

SHA1
35c9b34f35f5a532d8a2da8abf6c02a4fc667802

SHA256
caffa47e62f786f92a11564ac6ff17653f8e0df1ffd0a7cedfdc73d395a86224

SHA512
8a180c530fcf125d26fc5d9c743a84e8d78f0fb754e7904e87e4603e782074bbb549a8a2757106b50f6d6e2aae9a8489d4de81b314a4e13eb11a7a03564869d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000085
Filesize
29KB

MD5
16ae281f059c719b7f35b641f0cebc89

SHA1
caaae85ca2f54b7b3c6d5cb23346f5f6fe415543

SHA256
6e971fcc8f5b513333ebf48b157657133ba4badb033bedafac232885ab271a33

SHA512
44b7f08d01eaed9808f2948ee38ba22f2873d6a05606a770c81d35587b163d8afe487e7cea6c9c8f3bc7f2bd820cc11a22c647715dd448be25729af492cf94f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c5
Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2747b49265ce823f_0
Filesize
16KB

MD5
91c73c37bc7d09df2bf3114515658353

SHA1
8e1681b68a6181eb5de77a8644d24427bf7f46d2

SHA256
b797b3c9cc19259f81e8dd36fbffc8e0b0e9f8f8ffb5375ebd8e42cd21f0507c

SHA512
1f0169816a204ad341f8db4eba0d08e066522491752008a68b1d9bfaab01856771639b70dbf4b46f3fffde11043c2003c1022aeb63945366f3fc6a3a22be2513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3895c017d233a997_0
Filesize
105KB

MD5
d7b83d323e9f2951df455e0b22175c83

SHA1
99ead663cb974623e509c3bd75237c1605d92c5f

SHA256
16a14ef98b53f98f7988f9a14501ddbeb9d755ea30723715b31a2853bf01d25f

SHA512
2f629e8c43b82d2e73de033231d09b0f4230a9228e97405cf3d8ee75feb8dc962bab957adbb1abf305406db51a302d0618970679d78716c95bd5000ded38a8d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9cd937239cc78594_0
Filesize
281B

MD5
59d66a433f86b31158d49ebc368fbe89

SHA1
ae984a9b7bfe28af3eece9500747cf5732639f13

SHA256
efe8a401ae873f3b6ea4e266aafccffc759b61cb5f5db100493c7c794366f40c

SHA512
840ec88d46fdd5733cadd92dd73213335c4993914fea272c08e3c05e45ca10ebea304b4a3d458a8290008e193d6df5a3d6216fccdbf00deadb00a6ef6839bc19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dbce0a93d504caf6_0
Filesize
18KB

MD5
125c73033316b5159155db8cf7d21e21

SHA1
63a3991e8a1b2a999491d9eb2a9fe00b6a1856ee

SHA256
4059600a863a01c8590bf2976a9fb30733cad75f1278313fce6eee01d9e65df4

SHA512
ce854c96f84a0051b25b6e6f12fa860eca841899b5278f1d85a53ad0ad396d129157dc4500ab0f5d36467ce6d897405b6105153de5e8613d480b8955789b7809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9545717e6d151d2_0
Filesize
62KB

MD5
0cfa0f0771abd5dd3669e135f8ff69f7

SHA1
7f8ad3e2a13a07cf8ee4a6ea5daa6f179d40cc0f

SHA256
c2da6717cbebdabf2fa6ddd35329b76ac5668df7aae2819200c06ca7f41face1

SHA512
7723c7e55d1cd26a18e420d9e09bf5c9efe7999542ac8dde91cf2ae61febcab385d89dbc6a1c3dfa41e415d5b6e7e397681765b8ac33afc2692711a63556b629

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
766fd430e19884957cee3c2b5882af0a

SHA1
eb141e1adcb48525d711cc1c016bad0c5d8e6fc1

SHA256
528788280d06acb1d0c27344bbc22a6b5884dff273c011e194beb4df59985106

SHA512
b9851ec10d52f7ee892dff4bb3fe45f290ac3bdc24ad12291016d741d541ccde61ef709cf92495beff69de4cf8dbd35eab6f5972c787dd0b7dba68091f53c18b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
816B

MD5
753d03f8f492a499c47042cac67eda58

SHA1
74d095969521998702624e6b07f355836e95a2a6

SHA256
a422a6dbf4307052b047b58de6cce369323eadb8ef3bfd1b848d6f73f854b18b

SHA512
5d3104e32775ee5d162abdad7fba3368545a04362475aae335b03013e2233c0270efa5ce398d88ae30fa469949f229f9ecb9b574f1744e07345df2d23141e6ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
960B

MD5
65caaff2ebaff3940f46eacfead857d6

SHA1
c948319c250f8b4e0ae500b1aebf2f33503c4925

SHA256
195f841ce208cdb86709dcf43208a83c7f6005c24bc1270af767d1e3c76a0138

SHA512
70afcb16131afcd2cd3f8bb607e0672547811f70bdf1349cff553878c1f9ef34f20548464c9a78ee76fb4fae7ec1bbe16a9d72e38f0b8cd3ed8d58c5fe7258b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
44eed166e31b78f17e201040978d79e9

SHA1
ad597e6e9d32da6aeec5b19a587c1b509f35d412

SHA256
a772fb4a381e703c322c5900fe54dfee660cb9384fc9c9be0c5ad0a967e02551

SHA512
511441a735103271568123a92a0d8a666085b991348d868d36a7f5e3f93b970f7a54ede6d9d197f975ab517d715615b93e7dbcec514db74385a5a91293223589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
7232f6bcbacb047c230bec47234e6481

SHA1
d40d6ce8771374d3a37f3881a682fe4be000c793

SHA256
82bcc7645acb20eade75d1fb01c09f48e3c4f0468d3b4744a893391cd994dbbd

SHA512
2ab874c77ab86d5cd8fec4ae961ae78193986bfe4578bdc8bfed36c9c4063723520bee77de7b4f2ce8f7ac053668bcbaa151f4432e182c8bd87e8a992fd1bc03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
173e4250f64b696b87b9256035399c24

SHA1
1d9c4908b44bc9c89e9a5849af14ad7dc17bed19

SHA256
ae48abf32649a040cf5177e813b1b71110c064996ec524057882d9adfda74972

SHA512
76e14c7f8f49e677cdab9f5207180da6676290e6cdd4c6063b869ddcb68c3794f2ab70ec7ff70cf31f9d3b05904d62ec8baf6f8c1005e95b4c314eaf41d8bced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
8f8895320df1d76fe07e490481244e15

SHA1
dfda806883770ede740d5fe5832a5175e8e5479d

SHA256
22c14d3c11314880d575c6d305e6b1ddc31fe235eaab55231402971137b1ee37

SHA512
cadb2527129ccd240097c1d1a2a608d359f0a8229b0bcb716efea2dc9a1670821838c60e8ae6b25758c085e6e91f0f66b7e83d135b08cad25d84860a3d9fe7b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
4b60a53431098ae73195cd805973c99e

SHA1
ebaa66e9bdae1e01a705d496baaad750281f94e4

SHA256
e51e66c7ced964739a891e72314ccc4f86a6fb7660a4bc27615ef77cb6e82bf3

SHA512
e9316e101f20dceecfb55614a3a48137a27b6a36e5f2a7d9e1b934d2612741a2bc180fa930378afb210b1178b023c0dbf4553825f687c88fad0d26e74566b71a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
81KB

MD5
2ea61664781a4cc1c51ef751d248f8ae

SHA1
abba61dbe60a12598236fb0c447cd2c0fdf8d4ef

SHA256
12259556aff037299d1d4f29fb236ac1929a827a55955f9f99d9f2011157e12d

SHA512
4a084becee90ff6f6a2e6da8c991bd98d219e73c87471caed506fc97505c030bbe01cda6895716f6f80fdf259ddbb554631e3de09108b535d15b8b86323b12f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
738f3cea30c2aaaf46b27b8fa67992f5

SHA1
c3eb609dbf530b390542663e430a1b28683da8de

SHA256
169efe9d9049b17036f08f4c85347c10ece3cc3f025f56f24843c29d41130002

SHA512
bb2078736ff8c1d5395bd4b0fe0b1df432e497f64dd34eca4268ac5886d5a78f5b1526a65c409100c9f6433b406232394a7b1a4d1661e1a6fe6c35f4c78b9b6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
7b2b25510794cd84398e405b23c20e1d

SHA1
86ac74d89f30ca1e9d02a11e36452a586bca0862

SHA256
d7a5de53c069f12e4238fb88d618902744a99efc24c3201c33f87dfd3d6ad9e6

SHA512
9c07fc88ec269b8752da4cc6300ab45eeffb405ac5eb8b80ad773e0a63e84b09270acb48851c1c10a2bd8d2ae27ad1151c7af406d7f75eb6c86bea46bdca7a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
d78df6f1e31d92f3af9d389b933a4d0c

SHA1
c0a5eec4033c84188d79f777495648aa4af10285

SHA256
ee200947aed7e8e9912fa3c2428e70e6c5aa74bd82372eacf13c52478ab142e2

SHA512
88a2de8bcb8421e652eaef8dd77edd7db17f91fd1867042c1c1d98d1daad90f0302125309bbee6c4c901cb536031c1d3b46f68346f0faa596897c040a4ca18e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
1efe84365708d82f8a773c6e84293f6a

SHA1
c0587de432733195f37b6188a6a28ffb8e778729

SHA256
76a26d05b6e492206b03c2f62504f5a6354de2f7cf4d81dad28878e07f1d0854

SHA512
d4e7d87150818c5ad37e3eda6bed5f2643af8e63e59096e8d9f58ac6dd9f3d0934daa2ef4ee3c67032ee0afb97e32fb38d9e7bc236510ba855b443081c8da697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
09d46c93d393efb1e4cd80f7f5e97a64

SHA1
e9c14509cc50430b9e88cc4a71ae66cae6d6f300

SHA256
3dc442161531c3771f3f7c30a5a72c38d62a3a2c86cdab55e2b59d498ac29504

SHA512
a08bce3b107211fe528430734b315181a0ce22e0aa623c9e848fcd963f3a0bc42fe4c3a1e05e41823d90b75a99743deaacca209c301d070d8d58450335d76cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
6KB

MD5
8617f0d7308907b03fb9914790bb23c8

SHA1
a996ac1c3896e4ceeb6fc7c779eaa9c8e2ff325d

SHA256
e7f193a392ebc7e49f61d070274509b78c3e60fa4732d1554474f2f78044fd7c

SHA512
c207d517decbae8765a42f3995285ca2537f903676c85184f67a049620a886bc838a5cb6f5c6041954a0c2a285dbc7759aafd0e477879fd94267ae2c39bccbbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
6KB

MD5
d1b7cd010b3113b449fa07e91b1f777c

SHA1
d2d73118b774c6dd50ce5ccec87757d459e6d8fc

SHA256
2d5a24159ec7993f3ec6c33f6ec8250326ec8732a7636d556a1819047dc9e8c1

SHA512
0e3aadedb621738b5ba3176e04a2275dc6312a94f08b2dd1916bdfdf83574c4b1e2eeb5b8f809f74bce212703b68737c298f83c9c3a0d3bc2f3465340a5a4ce9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
15KB

MD5
ca126f06321deb97e65d90b86da34632

SHA1
5e121022ef8f977990a31155531fea4f7e75df02

SHA256
7d867e3ccecd494e41504a11ce42cabf3607d0025c5576583f279f347f7ac146

SHA512
f985b3f85d1128e00655f7c4dbafa94a3ed28ae2cada497a894f8e66ba3aa6d8b31544de57630259f63e352b18ada6a918b9e3551f84cd10f24600890dc4feeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
6KB

MD5
946f156e654a5f1b9cca8591cde7d6ff

SHA1
cab1b263f9dd5a25cd538561c669f75e486d033a

SHA256
a00408b6c2b25a248b594d712953f9454206589e404c8ddc7b9c43cbc9d7c48a

SHA512
8266b886189637b2e0ef03f0ef62dd6d9106316c49ac1800b239fa784a6e6930f13b2057a3f0ecc677ceb818d2265fd8f16c836c3441474e5c74ceddfb0426f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
5c2d6ee4eb243fb22fc26a93a5538a97

SHA1
6e2dfb50998f27cc453b60172ecb370aaa9f1742

SHA256
ef8cf189f295b97908a3c166709a64d899c5788a5fe206bcf67c467b4d9cadea

SHA512
2f28de46accbd585b1922849ffd614f54eb0fa3766082bba36ec5f72724e882f4f54fd002ef43d759ab16130e3eefcaa25ec59b1ec6b08650c945ee6674affd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
80ecc3ff9690f081095880f0f5006a96

SHA1
c612b4a1a33d2f96ebe30b56e2ba6280ccc4904c

SHA256
43b205a3e0cbe48fe4c70f57a00639cfe8fe10c819c93476bd5929354ef76170

SHA512
9a674b5a4e9cfbb9cc7c16d17f55fa882269b8a15adc5826bd15aabc8463e5c4994921cba1f4444dbdd92be8f29a87990f06606042c5bc0571c3880bc78f4a5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
8KB

MD5
d45c541c8d0b6a11515e801160ee15fe

SHA1
cab0eec70f29abb49a3e28d123ab908998912b94

SHA256
dafd83b7d0721fe593c8038889549ee8f7961de5adf10384bde3baddc01ff1e8

SHA512
5eacb565b8caea01983ed1666fe10a6557208847357e1f345ba79df3aa70b18b8e6be8093c90921e333be1c84c7a236be14b81e06628ac918392ff4f0c513b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
6KB

MD5
65889b2066e168629e998f5cbafa108f

SHA1
a8dc634e6ee15b69fbb81e3283b6917d67489a8b

SHA256
aaf315f61047740f1b7d85e7b76824d7f3780e06067561cdf5246ab47cb0e609

SHA512
5de37622e98fad74193fdb1997a8e4d19a424a9ec1703123eee42c5b9c8aa3db17341ca3c2daa766e19a0f73166fb4d1eb6883c458ae15dd19d6bb8e2317e24e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
e2dba317a62705d0a57c2be492fee3e0

SHA1
adbb1e23fcefd6b97546fd9ffb3e307e36a883dc

SHA256
d675aa961ba37b9f3901985509bcfc5d080451efb10d39bad812c80ea2c36f11

SHA512
16e75a71b7269761036dd55a64993e21a629562c73b7870ab30981c7b3112d1d9c60b18c4f80e8a66aba0750e97c0f038b8f999a0eb1932a01031f09e8c341b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
6d6e106a69d3dbfbdacce9695ff2f73b

SHA1
f68e774e5a28bab5396937f9d810060a5a57a728

SHA256
a889e1f5832efc1e6c218deacaf641ce25ebcb29148252c3c9a718a8db1535f8

SHA512
8ee771969970695a31990343a32c59538055806db036704fc7d488c81458f150d596a721eade5b1dd117dcb40209c5aebf7f515dff20b91ff77782f66c5f5e61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
b3467f64c0000632abf089a4c2274b2d

SHA1
6102e11ded56388c5b126393aaf0154721a8db00

SHA256
e0e039adecc0babb4dfe6e66bfd181d9de0d33d2653abbd1f85b62a07f07ebf3

SHA512
32c361a520ae4c0888ed1c6e3738a50abf61608734511948ee8dd56c1c21859c158d0939eebeaf3bbdee145bd9b484d976f6cb31db9b0dbf216b24da4b0d201c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d2477d3750d4471908f75c8990156f1a

SHA1
c777750892e1f3a3fab8a692301c1cd754fb1058

SHA256
b6a828436e3888cd38984d0a7168615a7274200c3fca6fd15f3b3a5f273603d2

SHA512
b8d46e578be347f54182af827c48a238d3a981a628f3e6ed720d24ecc23774e5d9c6508a6346835c3ba0216788c7cec8a43f7cf1a6a1fa9d2333027da6b65f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3b8714d65f51156e160aac6ddc29cb41

SHA1
6c5911ed1a3da3c1c69e8ccdabe8c8e8f21bab07

SHA256
f93d6148ef9128df11d57888d03b126d305130b00bbe1003a74aaf44e88189a6

SHA512
1e35b6724886a68993723152db5144ddb05add9ce7fd9fbd0ca3d75c0b9bd1e97659e5fecf144e53695815c5d92773e90189de744786123beb6341adad9b5bd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
df9d1647442303e982901ddcacf3d95c

SHA1
7b0e9acd1ced9e1c7ce5dbb4f49314b905bc4bff

SHA256
d73dd62cf205eb0ec2ff339cce7dff9feff8e8fcc8b3ac2e7cb90510ae43f90e

SHA512
02612050ae8735a97e67c789640b183da725115d04e230f8afecb9a8130fcf0ad051df45dba185a06ec98fff24a6775cb5b1f6e8b7e5fd52a966d6b232ab43b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
0900cb0c2920f94d1b83f8a0b7471e1d

SHA1
b7fba8a3eb3f5d9baaa6e2dc13274c03c9e3b6c6

SHA256
5ea8b8e3a1403e0c75b864ee98a46c9cfed424bded42e9d3435ce124feb759c6

SHA512
81cc150b84b77df0350bb395d3dfde20420fd40a105492fcbaf12259c1fd850f85c1e3c09e2200538d084ead30027a4b74b0c6919a944a12f83f82525a7b76bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
2cde7a998dcd5b3ffe28f2c7a07524cd

SHA1
49f679df3b07f54a487d25a5410ad50ed69d5b1e

SHA256
b2900eee6979457532f8ab413402c7b2193b8419aaa46ee1485289f1848c97f7

SHA512
f6ea4bbb028c98051819aefc92a02f1fee87809b2e56a501c9025242c95770b30ae08eae86d19af5bcdacf630dda26b5ddcce57c01233e7c550f8fd99012c1e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
47e8d042e3868bf3a2dbcfd1bb61c9a9

SHA1
9259c1c2f6b23774e227f45366ffc21b6448e201

SHA256
93930f7fef625b097846538db40bc040159713bf9f791d0a877263b92d17b861

SHA512
17a28396049bcc58c2b1875b8d9415d9ac1d95454adb2e503a3fe924da67e29eae8856d4080a47af7c675ae6f378d95323bf838769e51aa90d7d8b06af230a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
44e2879affe554a11928e248886e4445

SHA1
6c92c14f3e6b39073a0f4dd92da68f39336a3bc1

SHA256
35ed3e7228a93e0b5d34477e309f896fe42fe838fbc9f3d3199512c6fc853fe3

SHA512
20c5741d6df98b8b335b2b3015dde285763b23ad8cf698efdde813041e91a382945c00c744a946c1f52c3662cc13a3ae90e3e2f488ab15bb315bb4a44bbdb23e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
aaa2163d3181466affeb1c18c5b2dcba

SHA1
9c47a338c543f0b1ebc54df11102a5abbf9390d7

SHA256
c88808d8d00ee37dfcc60c0dfa3d1b507d57981c54fb3f2a53aa280b48a9c499

SHA512
a32f92f941159e939e6b4907d7fb5da1ee1d22535d64527572497548a494f29fb3ae2839f7bc53d0befa8a84845b73b038b7e4136e83c30acf956a5c4ac99ebb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
60dc79a0033b636f770721d288476d9c

SHA1
d97894defd451c613c00d4169529c51b43f3582f

SHA256
7b3f30b589ffd712ea41c776bf91eac19240c7f61e7b51f17ca355664090fc2d

SHA512
be2b3ad4f151c374dccdd6cf525e9e58a804995ecdfc9b71c5b9f7b439c8e0dda18c5ff070ecab18e7bc1d4c8b2bca69d7972fbcd6b68bf861fe4491ecd71747

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
9101fbc724a14c852358b42caab26086

SHA1
d94a65137464f709f74f9b1d94ac5a574b819396

SHA256
8e1c22d092924c71866cf7a047405ef9544fd0018f23e42683a6f979a9a4f846

SHA512
3f2112e10fe23db96fe5bb4fa05f62d660e85e1ebf58d31a6e082b98696f967f92c2a452d73841c1d56d2a558204e0774d1070254f4b62bb7c48adb986294833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
511decf488ef5b6724083e1094d4587a

SHA1
de9c9629f16b6e47adf4d8bf7d7a8e79e3961dcc

SHA256
a50a5f79bda3cf5208a82b4eb30c04196514fb9cded28ad5f8a936aebe8dec29

SHA512
b5ea4a507eb4b93e24f58652484bef52da3ef1147a0a3713b2817deb4f7e9b7ee3fe4789d0105ee1005d41cecf8ebdecbe40086502131a305e3e93539c7d5d5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
df1b09c05ee36003440922788539b441

SHA1
bcd07a9f2599f5d5537358c075eb12144798d2b1

SHA256
ad65eb402b0e0237c159fa5ea676a11b6ce192065565be54bc8a739ed68f331a

SHA512
a904814f9a2884952a947c4112ee39f8f361ff075650c2f0ea51c1535eeffe7df8980a14df5530c5ec79e2d1a487104e301ae0d83a445a915ea1b3cae690f63f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
537fc45ab4a69a0138a6b44ba36794b6

SHA1
3f4e5ea3a2ddccb9872919286009c39889d60681

SHA256
ceb1357e5127b7e46e4c007c473a36d904c33fc765c689dae3d586d00391b7d9

SHA512
885d9d819ccaf605f36eea482aa4770b2f99d49efe6ca5b20628d3b75e33825058e21497fb4e8deefd46fc46869251b848ac99954778e671fd4181d128d191f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
8e74f03577e9ad292955c4a0e9b7447d

SHA1
26b1bba3e8b79301d8bde179b4426a291fa3ea02

SHA256
a386d1dbda948b5a47bafe0e56d22d27fa9fbda6dd8ddef0ebd92a204aa053de

SHA512
4d643a8bfad7322b4b1bd094986ae8b2f6e5c0091b2749d48b9ca50d7711d04521157fbed03d953221358efefb190d2e142094bb87b24606ab8b0144a46a1d54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
29baaf1939ae2b26566d2f6b3d43e824

SHA1
a422d4af046b65721f666c631b42ff01dbc537b6

SHA256
64aef99a0840001724233bbbab4990b193583a0384fc2846ce0de6524bb2eced

SHA512
ffa58b383ea2c408c2b105e8eeb94b0e8b8ab7a1548959fd147aebcfe7bde8be76c3cf431705408d33cce1125e9dd2914fb904427b790b2f89e537ac0fddfcee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
8c0193328b4bf142df4d613cc64e91df

SHA1
3eef2eaa0fb3017f75680ec9e68c4f310e32fd4c

SHA256
4ef32c5f80762f0cc4e3dc4da87c2d2f64f1c8aebc1d736334fc486148c3bba0

SHA512
e39d3b04cf822fcf2d4668651f8ea48b43e8993370ef3c16721e856a0b3076ac20a91236f8d1145a14c3932458f90e61758ed4c2efcd3dbacbeeaf311b55c894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
019b96149594163851c84f014ea9dece

SHA1
75a8661e9a79882874b7d8dac8df681d86253344

SHA256
1532699ec90467271917ad7eef0cf2a44396bd1edc23a06645f48f46b93245f8

SHA512
9dcdd437df533ae5c3fefb27ce6d99fe36aafd56593bfe7c057b70550ed70b5bb535ff6b9a99334a17b1f316a5210607d7db1c743cd16b949dda9a931dd2b511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
12a07cffd27d0fcc070a0c35206ec948

SHA1
9c3149b368a245eb164d34b6f11a28257df161f5

SHA256
b48b22d333978a7addcf8d66b14b7350cd83867dc18e547a233aa31705885fa5

SHA512
ffaae8fa8be21173fe972307be9fc972fb731ef656f81353920333ed5f2bb7e24ededa8439358c288d43dad33a22f6997394e929c86bd84f6a4cdb65dacc692f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
ccc26993289123e07dcd142a3cf0e3b2

SHA1
1b23fda53da0572fc4fe3cc3bf034d41266f6594

SHA256
2ff8aec15aa6052acc7e8694a50f969f43696375ecfe7c48c793ac09ac134504

SHA512
5e3d620f6a620093202392fe56da583f957c4f1664ce0f67f9f3b00af383a648c11b0cce3ac688d7fa322ac8a889d51e0f61163a76ce611b2f542e52703dcb78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
382d169f411625c2ed9d43a7baf9e10e

SHA1
3dd65de5f217db209785b37ab85fea568a34474a

SHA256
deb4014ad96d1028b33439897184ea021a646933eaa93df04e1f34557859100f

SHA512
b419a46251be24b00c4ef69f2af74ee34c345ed491ccb47cde3ab9cb9e65359cc7dbb825c7217151c8ce07aa66770695a7949f03be4dcb1cc5ff917ac311a6e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
0944d29305e86a09804acba1a62acc8c

SHA1
26b4e62364f512ca5829605f3ceef622fac93a66

SHA256
0b7964f2c710d07e53e2b0c014f37f73a241c0181d3e819918abc6dc08c39b73

SHA512
927e5c3200c3eb0cae309062d418380a2e29cebedd1398837fc70e49f8df49b0b75c57ac631933e7de009c190efe12d0d399622a9807e7b2bfb0fce489374861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
93d835c05e2cf336149701abb4e4b917

SHA1
2de824e7419d7df7ec5e51c45d7ad3bf06561d51

SHA256
885544d36947253174f58fc85c1041b3bb6c3cafdbc92fc4eb23c7d21e186107

SHA512
4f5b63daf70ff46cb68b6f2826f67a065916a159c2b67c7b5d6564dfba6059355fc9459cb83de0834b16d5c0c8aea4f59a7b33fdea98140fb388aed33e622973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
7bb6061bc58f2400947fb336f6b254a4

SHA1
58c6dd9011f7f6cd9ee10f00f2fe735836882d7a

SHA256
6d61264308df415bf83e818d204f4c9db08643204f70fe9d58f8f2c302aefd2d

SHA512
8770d23dda26fb61811616ff1156c0fddadb5306e189d07eb73ccd91fb7d8753631dc4465613cec8b428d3fe40691793f823bae5a39548519e0f3a36675cd1b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
7ac1faf5ed938e4395736286347d712d

SHA1
e9621fc7c3fb2ed1dc2cded130fa86412f182559

SHA256
2ad27062bf7cb62c0443bfce1088b0a8980b5e310c6a9e691b24cf9b91b3faff

SHA512
602ff1acdbe03f4f331fcb72b35b078b31147dff2ad9a712bc15df2b9d946a97fb4ea564f7f23346bfc0c4dd1c3de22e2de96fdf609bd15a8ea25a2b8a228cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
a88c19c8cede88c6a4f951f82ac71937

SHA1
b43c03884d62a2ec3e0bd2f0f3e7521406542517

SHA256
862faedf8f6449969a9ba1089351e2cd1a830dfe584cbf21704c2adbe92922d4

SHA512
1f5cb79e2384be1f109f920d27fe8d517aafb164cfdde8799ee3a0c35d7286a6f53e327635e451f1fc8d7f42ce4a3d15557c45a4c92fd818867b4a9063e3ffac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
2e89c48a23892cd190460a51091cc046

SHA1
2ff793c5139900eef698ca6736ae6a5345646701

SHA256
ba1074b2e2f97263bf1ae6e24e69743bd7d0c11aedb830b5aed816db0a8317c2

SHA512
72e31e4915218def4638ba4f6019d457ea44589b821a3eddb36e323236bb81e7f20a2dbfcc567bce75bff5af89a4fa703f90ab26ed33d36ef1aa89fd48a16383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
e7b776b32c1814ce201837909d64961a

SHA1
bbabf5d3330aa34de34857db26464ff5ecca6f9d

SHA256
5638fb81569877520f5d8f36dcf8c0b17f2a56bbb8506368122126a2b0592606

SHA512
094d38bebdf365415775b33e269d7f6057e25de795f22c178340712f55cc7827f015f98634ed860ecfe7239216d372851115094abf92fe6b7d4c85a0bb588efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
7c67162e188fdd15c2ab54969b6feb98

SHA1
69965d4f6ebb3b7c18306f611aec0ffe1ac27aa3

SHA256
e2dc246415c851be2c02c40631812ce03efa3c8da336f677787a6d7db6afa7f2

SHA512
04847b674961c4978ffbdca590d93ebbafac853474b3fffe1a6869608ca59b1b440994b332a0925a85b871a2433e89cfc9120c01f859d2ef54ad7f9b54c8f0c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
09e8891cb813d99f85d2ba80e9cb3624

SHA1
56fa20b4b2c6dffc0068d217766be2b001afeb4f

SHA256
792abdaebb1c783d9039d16c4610605b49de3d1b9e571e3e259a894c7dc9bb18

SHA512
f8e37ff3794aaecb3467927263e8a04b5e2b983d44a1dd5c140b3c23f5d424e418461b2dc88a05e94e2ba243b004d0ddb7c44dbbd3560cb6ebc51d78303c9fdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
8757a2cc0f047a0b99abec908084d4dd

SHA1
e5a9de26558d68106a4121c43b5bc827e67bf97b

SHA256
85fe1dcb9a94498ea7654abfe1c42a220d29618aa27d57ce42b0ca69e99cf991

SHA512
ca174ebf54281514ee9e5c19a5e69c21fe5eec5178991d5db651358ce7a5b0fda45682994e90cef5f1f9254d4aba30dfa7e4345962cca9358f4d29a27fb8227d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
5414e9a017822dfa3b0e7b8332ac26e2

SHA1
aea841a63ec80df6563f8794910e6c59ed10c9a0

SHA256
5bfbac68cbb098c5af4df8d4db975f19641889252c0338ed0498a150b970de01

SHA512
16ab05f43f8ae67b9fcc30cba11c475a53b37c8a8282114fa875f6e27d4810c2c94d8e09929dce7ff66c1b27e2e60cf81b32ef12350307f814c3f00f605711da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
3d37344a7df986a004831be8ad1d85a3

SHA1
16106ad3c7d824b08fa30beca2314ceaded8de92

SHA256
04cf084ad5fe826dbfd8424c8a043e1a314c74f87e242468b313bc784b8d2e67

SHA512
a49b6f6d70664153c41f5d06f211ea7bdbddeecc9036ba41877a913a855df0276340a49f153a3df1895450e0bbc2dd61393a232302df4aea2a30fe1fa1f65e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
59059d4d9c6cc362c9edd96ae78dc2a0

SHA1
d13eba6256f4f039e95699b71c09d5413b36e0bc

SHA256
83bc3e4bae0a1535d5f96c7e09d07f53bba8ef8b01e30eb624ab9a58f3c86f84

SHA512
eb81709558fa563a316848998f91b05af19546e9a523d5a6c126627751a4e96c4f090496f8c76079e8b4457034711701525be4a376be1fce5085981da0943f69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
510c349451cccec11024ddf8bd179537

SHA1
f457a0efbebde654a6792c5c3abd16331a56f0e4

SHA256
3eeea3a9c19ff9c4db049a0f2976dbff8dfb1f619c8a511be12f0854eda8adf3

SHA512
c1917b87fa6d97e246e4267abb0edd31ebedb6f16b002a3290de5bdfb8ea9143c6ba7221b39a26b75e2457e7aa35a09e5dc3a983776ee00d4b8341abe7ee7d7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
6f0051e9adc52a7b322eafe969a16e8e

SHA1
aa14cccf2605f098463c60c2c369333e9b0705f7

SHA256
4026a995f80dd97041866806ec1f86be1d8463543da88902f6c020dcfa7eebfc

SHA512
57b2cb36df56a9e392676d3467e5b8ab623a15785e1fb6dafe44b7f921a414e2ceaaaa9b00e8b3c38df11ece09121d4b5846311a4da4bf007cad7f75a00a5c9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
754dc3e022f7db862616e69296ef830b

SHA1
2d67591e5511e8b01d5dbf9fa7366373a905a35d

SHA256
5cd8153736741dc89644419ede97b39838411304b1b92ba34a12cb261ab99bd6

SHA512
32ac0a4f8da5119c7125984cbcd795464ff70e3b1e4cec248a87cff9d892473465a3fc9cf0221608fc241e6ffe2fb31e3c7d4c195f1e46fd84d067e9c89af7ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
815e81f213d5e469e00c993028f4604b

SHA1
c8bb3339f863a45c882dad4f8a6520f2bcaead37

SHA256
b594944d0affab059cf90fe314bda5e85025f50e7f0a5d6e038fff131c904c85

SHA512
fdd3bc7132de87d5ad7f369118e92437a7622d4e81528488ee1884fbd9b253751b4863033e46ac1c296457bc1b0c51ae66ceb5af00d0abbf470deb1b7d1730c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
47a8e9208b39287208d25b49876d785a

SHA1
399755acc33c0a2ea9569beacd5577416eb1960b

SHA256
7077c4f7c8893d3ac991262d56fbf69c69dd506d89d378fbd2ee99b396880d74

SHA512
3388081cf96c42612d08577fd3e7f18a178381303c957eb263cc2d42a059eae93d902d89b420ba3c60d5796d524dc4f311486f586e464282556bb76f8c08e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2efca34399ae91e68432ec5ed1f31536

SHA1
1f00d82f7a8e6c4aae679571eb3e18e2ab3854d2

SHA256
6eb5a1bce23f9df45ef5074e98505002b94acc0e6e7ef205db603e377c11ac9e

SHA512
e52a6135364f8a68db9980c44051688798347e9d2aa844cbfd4cce03b4ddc0fb7e484a52818c165cf4ac8997cf73ad13986bd32dc75d23cfcdf67ebf011d2094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
77ba1a6f67c1cc7bdf2677049b7fd514

SHA1
2f281203e6df7c06e9abda5dd792bc307dc69952

SHA256
27b4e3455da48e7359ae658c1f492fe5342e85aa9a74a04c0b4b65053a904173

SHA512
99503e26d235566e6329ebe22edf0eb18970a4279515e4a21e6e659870650eea35bbcac30b6a2480136bd1872627e6779e8635d1c05bafb91cdbbbc8523b5da4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
1d9e93b56be4c6a207184ef02090a4a1

SHA1
f82b8c8281de80d3ed3e6f56a1d034d9b6fddf2e

SHA256
ad5323522eda0baf8100a07d944be7e19ccf1267df88e2343da4e8d31206be97

SHA512
4027ef19e309880b6cc9690b75d77793a14bafda41491d2199ee64ffdbe50f6a376eec88dae6af6a3ae91a685fc70e1a58bf81e2791b69b8f623a5921fe8190f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
705c3510da64ceb42fc11ed535b95ef9

SHA1
9cc2cacf5aff9f86f78687ba91ee8b1894edf41e

SHA256
8020d216c7d68f502bf01f708d82c17ab3bffca450028ee89ff4433612e4f862

SHA512
1354fad86a1dbca1c2e9d5dae022d14457a6b44a8c269e4814fe86e95757a6048ea46e0f3110023708c0cb092503e9c37557a5913c14ff1b627d71ac7fb3a411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
05ef7bc88dca8a6a20372270098be420

SHA1
34412606211de8bf8a3c238e5d5597aed56d50e4

SHA256
ce6ad35036b871bb659ac03c5514ce0e47bb0e3e1330f2eb0f5f7a4c7cf0477c

SHA512
c2ad59f09bb820345f296fd5939f842c44baa7ea84ea330ee8bf3d34eb8c2d056e482219b7b7ace638ab80078478fdd1ce1cd8d48646baaeafd1a10c22750e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
b6127a6449b841be36b82cde080de683

SHA1
24096362a1900cdaa60d15f7776be22e033feaa6

SHA256
2972a117c9b9c8d664b0416228267abe76aeea768d03db282d1469abcd35e2bf

SHA512
a592b0ff3e27cecdac1769e660f88fbf2c2be72136c5e8c37d170e7423800ee7f1b0ea4bafc8bcb22ab4aabfc4b67393451ff10c50c9c8beb4804f1703749ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
c1281029320e9e82a114608789b0255f

SHA1
345b60bfcd1ae7d54cdfee63ed1c2e2427c594ef

SHA256
db0036354d5dc041fd3ca5c860b1b40f25ecb28aa57551da671452849adbdf8e

SHA512
7c80cdef00165c005dd64a4be6fda76bc8c8b45ab18005597a36249ba16140449739508e38757fd18248f169f059c4460ec11044de699088cc7d0515caa916cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0ac006d7-022e-4a13-a23f-db5bd6d26560\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
69cc91d81ff5fc08bb30f8f075885b86

SHA1
e16da5508cb6e8903ec1400a1da9556e89edbb91

SHA256
3e66191301a13ca3d047b8ee4d69435539b80d782675927edef90c4e863f265c

SHA512
244499ed3d709e24b326027d0b76884b75709f8220e0d1d27b1dd368505196ba75ee6b68e40fdb80fdf75d7bff3c2dcdddcd6a688511d79957f71246e0cddbc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
f101a2ae919c0f479129f09d4b163ba8

SHA1
bc51f9e3f7468e3317ff638220eebaccdc80779f

SHA256
d1f1e8d2d7b994777fdb60e75c685584c82b14f9613a47f07c22be93cd9e3c5b

SHA512
bbd53d6aec7d5c4518862297bfc75659558a523c8fcfd55099de0ed13b022299834a51e547ac92e820715ddbb78340251fee7720b6a86d13ad8bb9908a656a9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
d733454955ae004882181240c0094de2

SHA1
d047e84063d0b3f5cef4474427e75735d9363f2b

SHA256
6d075d25d90948e3d5d602718c544382c514958fdd72db1a5c711abb46c71579

SHA512
33c04bc5b0d5da9e2d77dcf7a4ce1f725b1cfd3232fbbad1ef32892901a958d247cf9c71c5a99c5784ab0bed59bcf3a09616a94860e493191ba4513cc7f80fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
2c03ff4949f5cc62c1928b996cfb6a3c

SHA1
50018f98451820874a83ca5aaeb9d5861d2f8535

SHA256
3d29c02e4ee7525faa4298f23ce96a4c3563d8497ae7bf6f04907614907587f4

SHA512
b3c9b0d2e82c789ceb923dae7b334f5cbab9096419e85ad2bcb07854cba321e1e6e82ecfb0bd66bb0a37c04a5e8e064ec9224cf90093fc43f685ef50a5504494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
593e031235caef7c377398033f4d79ef

SHA1
00b21b9ade2241a5ff0c3e6624084207201a5ff4

SHA256
0400d692f46111f12b459c575cc4d472d712038e15934ea470757841dad8606c

SHA512
2a19d31abca63858d5aef516f92ec3a70855052b6e26ea7ee838c5ea9ffca06600174c5b3a9d9caf7ebb335d977d603abe7bde4e993debecbb545dfb3ce597a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
52ad4347413281da70d9dfcd8779461d

SHA1
b743c3b77785eccdafaeb3080ff2aa2eaae562e6

SHA256
460b342d383f53dfc256e04d06a7f6bdb1e7c1bc92c23f84d4015d002832d2a1

SHA512
baaa93399cb2e2a07a022ad8afadeca696280e2a535651f97ea3421e66d0cf37fdf6b9506f8e64dbba63bef288caac399bc5217b0bf5434a084d3a7b291c28b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
2f55c443833f5bb7018a8bda2c94d838

SHA1
ae42d6bf8b6e9db2a4765ee6cd1ce0bf6365d1e9

SHA256
4dc7fc4a98589b81c90def14425028689cde1df5a61d17769d87868a24121b28

SHA512
76dc936829d5b601dc2b1aa341c1e71238dcc2a3e1b76f878eec1bccd4d8f103d27cc0484d1838b6cc870ef6d6b0a58b79d6ee64c9600aec1fe96f7a560f2de9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
dc08d7c1769a2e6c2fb88e827a80b0d5

SHA1
663a1485cafd1ed9051c87e19a3517e8f041d625

SHA256
c0b93a025bead5716416e2813c33db851b3a7a70865c5f969bcc54db1fe0f518

SHA512
15fd920a360d5dc42d1e5ae5b092cd4146f3a534f653e10335bbf9360dc11ee79a91af06ed5837c0f4d7983d12e59566b425a53167d240b8484c64460b46f95c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
7ea826d38c9863294416a285ff5151d3

SHA1
fb6bc3834c27704ac8627c7c30beaabc3094755f

SHA256
bc5f30f84a9110bf92c36d4b6aecd8546a83417633cbcce84397bcfbe7daa2d1

SHA512
cbbf36e1dd3f1d7c91914da8c3b64f9b0e9c88e0beb1ed5861a4c61aff49b16c4a6728fdc228d3175b1835b8d45f355e35a54f6efa59073553f558e76ff571d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
fd9f8b2ae8612201e90b4494851d0857

SHA1
b909a32f14006a58568608f93bc7dda97e5321f2

SHA256
7a2d58d190bdbb7675da1af60899eaa439d13f36bf2db97bbd3e27126ab2bcc3

SHA512
94d3184f3a381008964095f696e21ac5d5f7e88e50cacfd84d6eeb28b0f4697400b226f7119d02bd4bdea83071bb2916fd5879f18ba1a6e1118eacfb9ea4ee08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
e4beef186e3292ef124003bd44ffdf61

SHA1
f18b84ec9fe7cbe04f006edd4119713a20fa298d

SHA256
a5b8722f7928aec108e52cec4a2cc66c2029e4003ce40cef968ab0161ca20500

SHA512
54e442293a81b4c8a91445f8f806f0ac56d593b9935fa6201edc0177cbdcee5ab71e84c9ee1818b8f66e162d7f8acb7b3517374cfe5b36369a5011f927f21d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
19a1758c004879d2bdf9155b44ee5448

SHA1
8ecafda4b2c25cd938aa639b346acade6291bf68

SHA256
dec25d36288f7ffd3d84f49327f53fe534a0df597ae7ab5795381d03967d56a0

SHA512
029d36daf5a64c57cf0a303145b4a93d4bf1814dd4d3ae4093b78d780c52a1c3d43ca17d47954ff2692c4ad8d4d2df5abc6f4ad56db728a162807cdb4cb81a72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
2d0135aea253e0152befdbb916f85048

SHA1
aceca182aff65ebdebef03baa10e06918bba7c58

SHA256
9394c0b3a43c7818063509900780055ea9f92de9ef9d928b0f66d51cc8af34ec

SHA512
43bea24d9e3f0101c010bb427e33530ded9f80573eb735bb7a34b160dacd2808f42431a13cb0fcc9aadc7b60d48e97e38cf7f4d02a3c0198da51bf8b72b6e855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
aa51da3a7d6e3ef5e3fa6ed900913c5a

SHA1
76cfe9abbde2087f74591c426920f1252d6186b3

SHA256
a28c85e7322a1ecd232907b5f99fe1098e639d874fe85754f4ea6e2dc2e0b192

SHA512
12466650e68c906ce89617949429274e36a4a3e4517d62f0ed38e16561cac49072201bc0e9a916da84ad230b2b61a9017e7a18b30afb1ec61a8bee8d3de5a3a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
d169025c4b6b05c77755b3c6f32041c8

SHA1
65e2327815d5aded13e67ec082c9bbcc33a1f20b

SHA256
62f4a8f6e5e82f66968967460c96a11f7ac6fea7c111b012bb4e5a5f0aff36d6

SHA512
0b27151d07393b5c488523c3eb61fe10f6a559c5d9cc3331f11d3736a7b860f71ad3c198c17f508aad9a29548d056a6b5d2ff343cfdda5f53b15a4047d77f39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
31ee1fa14afd7c2af2d954a1bea541dd

SHA1
3f5b46089026500483d88155aa97ac7f7d8d9864

SHA256
7a2854966b89e489f274ed142789291eb4d21717bf709ead2f11714afdfcc176

SHA512
f1c825f33e23019141b400528e7b47caa0294b30bc9f5017e037545e9ac1b44a1ad70d6aa4c757f4135a40cfbefbc602b8f1cd8102336cccd7cd4f6ba545a541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
f5b77b142d3bebf623f8d9d1d18f2bf3

SHA1
6a53a6ffe012b46754ef8effe2ae3006471b385b

SHA256
a6c833e879788431c85738abbf9526b410ebd9b8cc2976e2d508b97d6ba5eae3

SHA512
c0424389acea92d7f99207362b567ba2ac5bbc4cee006b923761225c351b3ac63815493e6fe1cddfc247192e991bb75cfd3af801f1992d76493a95e1e5e05b39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
83B

MD5
ad8df5618835c5b9225ffa662ace779a

SHA1
d59b1143f7964c64674ced98dde9863559ce390f

SHA256
0deacb82c73adfc88f9769a0e6d0eaef2a077cd2656b66e86dcddc276b590de0

SHA512
77a335da4a27827b5547234a3765178e4339a5119a55f3f0c0e4ac85a65ea2bb40482741180fdf30232dc3208f4d50f947d75a9499df6946cc67badf7d584422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
4fffb3cbb60be4af9c6121ffe0a72ec4

SHA1
1bea17d193018f9d4d8c522100eb44850062ea88

SHA256
5cba85b06948289186ec5d8a5560b94867a991e2f28aea152072e854ee20921f

SHA512
f1f6e44254110e0e28a2ef5d8d7da3f1aed48895ea85bff988a2122560625cc194e2f55e4ae3fd8eb16703868723d3edf523edc60382c4ec3302394a52f8b190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
9b42d69cf7de3b16db36918c9aebddf2

SHA1
6f4b7c3cadcd4784038a9252e014540c177cc9dd

SHA256
ab74872098d9a54f8ca09d1563f7c0d48c1b5b6793e93eb24038e7d8fb38a507

SHA512
6976952334589fbbdc3faf7d1f9511dcd12106b23d68a08e8dcf147f4dc6f2325ca900fce7576b6a21132bab9baf55befbba7684515f70fed5baddd7b0cf56cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b21dc.TMP
Filesize
90B

MD5
a0c789ecfb206ebc5ad52bd10ee10ac8

SHA1
771467d632795ff13f4dca3d6aeadfd855ea9f91

SHA256
33852248499cb0d46631680fd5bd34d2c003a253ae79683439e72d3af8dca0cc

SHA512
3b9f865641563ff1847ab6f4969ef0baf21c0d5365933fe7ed895191035fe1802ede49b650f12e5d8a332cbda9b2e055f8a374032ad3370ee9e94486de868b92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
517f3512fd7621e0ed32405cfe88f2cd

SHA1
2569fbbf9b5e5f3b5a11dcc7c772340b1d78331b

SHA256
a590654364db8467f3b788e677378efd272eebff9463f27823dc0b1832c29550

SHA512
e4dda0b7df22084a3df0bf86f7002a58bfc22946b4e1f958eb6dcf65380eee4699803f67803e3e5267fad226249d079bea934335683d445f3a9328c15b231576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
d619ea038c8c126b5045052a2b158c0d

SHA1
2103a211570e437040690305af4454d79597248e

SHA256
5899b43f0c37bd99aeb1880099d92ea779b71fd93e6ef6691e69a75479970961

SHA512
465a4e967d04a6b4a0491f6cb4a96bdd2fd86860eb74dd0210756c97a39de56a22113b5869ae8a4bce4bfaf480bd12f8598fad247728346a8d08b1b7b6917507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
f963fdd78be92b8223b032dec7a4b65a

SHA1
bdd494527792705130e3d32cc16b99a9ecd6322b

SHA256
9695ac1666add4f68e074f1a02679bf24965593a9dea8a79f9d5676932514dfc

SHA512
8c7dc878508e71c16a6d2070c2e8c26f609f789b50438c189ed1171ff95c72575763f7fb4e9ef43b3738eca7daeb6ada13f630c0ed3a87ad7bb66f0dafa77423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
fa6f182754e3c5bfda4d63bf0b41ec29

SHA1
4c53a208fded72e5d59c41d8c864e3d725733d28

SHA256
e62f590242e7f64fa28ab37f2b29fd32a8743d1b57396abd7fdb81b413b1bec2

SHA512
e8c89d9713d4e17226dabcbf152f97a0ae074e0c12cc09f4c506536973f609db31feabae26149cefb66da248d9c25e925adaf572546a6367cce75ef4cb937d34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
d939034d2afe3a1e6102ec355764689a

SHA1
5ac09fae43f1ca5b6e66c8fa23c98eec4b984978

SHA256
8738dac3ebd1d94ffd09f6046dec6049a07d99eedfdfaab1667922ec5a5fa755

SHA512
6ea601f7d41a223bf22fbfae5f8745d2fba30f4ec472c353050b82ab77643ee401d02bda0091e1f04af9889d2e7e2f605ec84c005ee0908f59da12714eed8393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
bd9bafddcfcfebe992ed2d9027e08ed1

SHA1
a1700159c6582397e3087796ab51b51d71c51347

SHA256
0d87307c5516482b6e52926942765606afdbf3bfeac6197aac1b2ed92c7c5068

SHA512
b68f6442dcc41f798a27df966f93d13202a10a816b7ffbe764b70fed9a88d1952d5ef28db2fa942567e2294446787bc24c167b4ca7c65c5317f0732cf767fe3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
2a58ae4a4fbec2f7de3759fda5b61d15

SHA1
82ab51477cfba34676b3f9867f2cfe3e0b5a51e4

SHA256
6aff7b9c166207d2c5a6269cd15182160d271c61656baf909b4101fb8a37e407

SHA512
39235316c7069bc39efd1e4a54d1e0148b0c83f93e1bccccd8f657b237d0e5c9619096df44558b49308a295e5e67d3ead822fff25f200e52199840e732c220a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
2845748c075b888fdd1d44564224d2de

SHA1
d68218006911a99639bbf24c03532a5dabfad56d

SHA256
87fb8341503b82fe64e29af8d95359c43b6ebd0c3a2d2df59f637cc3d07f7bb6

SHA512
4322bae08adc64d9130784bbb2840702d02e45417cf12349ca6de68daa46b9ef3862621b6e25059d41988a63ef86783b8a6dfc3452b7c0279101ab0b1dabfb37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
f81f2a7e46fa09ee000dcdd797033538

SHA1
938c93b728d78503ff52aee0ec5a3809992a5cac

SHA256
c4f53e7846e08f937ee35366cf766db7a8feb0f8652270d3bbb86360859db2f6

SHA512
ff0aea7b5ab70cafcdfbd5c486f13e7fbe89498c4fa9aa78d5f5d890af0a335b158f50abeceaed23da90943912a871234bf6ed6f510962f6b1a6e4992781d4fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
eba5452fa6649896c5a56a50c80e26b2

SHA1
25d1452e5f4e05fae405e94b5dba7f0d3f1f2f4c

SHA256
e89c861566f66f7274d4a682b8e5b17cffd09b2541456c13427a470799cd51a2

SHA512
c4881a3bff37aaef5dd3fd4d707ecbd76b2f38ba139910a7b2eb81ab966cce135a3e86cf715202639c30c480f987c25c0d02bed64117253c2605be00a9e12db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
a4acebe9feceeaf0d0899a8b7f0a0171

SHA1
0314d5e6177dda87f8aeec3432c0d5ddfc2470c9

SHA256
7450982b52db3730fe95fadb435ba49ce148ed59b36d26e37cbd482b327558f6

SHA512
ddfa4a97ce52cd4eef7f1788474fbb9c2ad042d5fc2190c78a5d81fca49cc93cd17e04da447333c50ad38e2f34f50c6babd75b63b5dcad58cd975f5b60c4f382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
e1e2b37d8561834b39d959a61fe1e7d3

SHA1
99753e4eb5c84d7fd96053eb15728f5e67e2dded

SHA256
ca1b3c20c618219b9787ba24437491a0d3b534c422173c3da6990f24cc9c4929

SHA512
356c9876df974797dad770e1ec98ca5a32e06076a84f589a1e3694a991b3fa5f9cbeb2feb6dab3d53e154a4871f3c85b375e9fb8a880c89589cf223875b8612b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
e526e88f5ffa826e0ebd3108263c1e9c

SHA1
db8ad62e66f57600d8a19ca23c33e5a86ea53703

SHA256
a95c6f6447169ba4a0610aeae51d9a01cb0e163f9f8fdd862d39f1435a345680

SHA512
25bddf30ddb02b6094004ef194e664838f0542d9fdc6fbc119058c8a39d371d8ed33f8d35a211c9ad31aefaa2cb13ac79812b37daff35240ae58a3900da4696a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
9d6eead9f0370a990dc20ec9cb75859f

SHA1
d92e80ea7b3ba432b3d53a34fe879e333e7333ca

SHA256
bfe9b8414eec5d33f19a5389a7179bfc291287b68396483f448662a0d5d747ec

SHA512
5b228bae9d02ddf3fd0262f7f2f1978ab72427732511cc2915d9d9bf196f2092d194d8b3029edf3362ae2e8776b80ec257a5556802b0b35a684c91a8add3a6e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
afeb13fd9445c91f54d953f46eb04e16

SHA1
e6c429baaad993d9970c3382df75ce906a279717

SHA256
9d2efbfc33617004e3a2db061deb6d9b9eff355bcab165bfe71fdd01f7b1c270

SHA512
b11602487f8158a24961c9181ef3d090ec024701e04ea23df264a8056f2242ecf7bb24daa0527be798958ceb9738b948484f14e3096aba060540f731e8d5cd74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
6ea80279db469e86e5f69cb11b1179fb

SHA1
07fcb808f6349050e8e980c623a9a249ea6b9a9d

SHA256
5d209ba4375141012a093ae78ed7631ad2fdaa0338c4e6e7e4e3039475279536

SHA512
58bf8a8a15b9c5191f1d1dfb8c20308ba95a3466ab5cfdad7672bbb20de932f4c5d9f650c6ca23c4a480d5d939fd642f6af3b0d795c8dbe6ce290bf37fd61328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
e5b29bd1377b0240221ffca3d17cfd59

SHA1
d7a09d3c989b8e9310c21962222866ef8f7d0019

SHA256
071c555a713eeebd0055a6567e488593f09cbf1f8fbd81e139e31d4e08ea5b24

SHA512
6e34ccfb32ed510d079de18c242a5d12a9f89fb2ba1325aa91d256f391106e4ed590343e13f0ecb5581581f91492a0934bf7526e0f6813a540415029518f5966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
7b0bf75754bae1d3dce20aca97a1d57d

SHA1
892b3c9ea786df6cf8b63d1ec0ef32ea3ee0acf5

SHA256
7fdc25f91039008f7aa1e2279c8e0c5cf40473d8ad3b0c2e93640cba230e1480

SHA512
80281d6567eccba961ddc443470ada6675d6bb1b31499b6aa6766cf3666a4007c95ce8c6330d7c37ada2d631db45aee4ad750afcc4ddb46ff40d96061af40486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
c815100bdf19a821d909fdccdb6ce2d0

SHA1
dc9548bad3844eddf7e2eb27bf54d18c3bcac478

SHA256
f6022515fe20e5e6db99456bb56cbccf6aaf353e39c5be0a6cca04e9834d6f75

SHA512
8e5f71d130a76ece424ffa5025a9518931872780c086d96754807b91b5a5f160d355915f4689ff94be3e45dc1263d76f335995d791a213d2322107115a8191c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
85328aaaac8b08dc7f6d45d174737866

SHA1
854facaf16b5371fa871b5fe784303169f39cc17

SHA256
c97f0a6c860b6323150c6ebab3713b18cb503ca3dbd6dfdf7b1b4f49c8455e7a

SHA512
31cdbc3dc6889be3001e3858ae09d352e8058139a55a2b781a83c3224aaa70923c5213488fda9037fa44836ee2db272c08134c02f4b9bb36fa270038d3cf3f0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
c795ca5c9d660807d5caa21abbc9938b

SHA1
18de84267b2424e4ed800cc3f906a692be26e396

SHA256
d4e33d2455c1abfcf591912452a6a397d06e075bfd0210c8782a2c0dfb72c8d6

SHA512
605c3029a5ade00b77301e0a6e498119ac16f26fce514008d951b8c1acee6a08b549b0ad28980949ebb0503b9778fe65abb5d72386d3d86880473815469aad13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
4f4fd0c0bdd020475637ec87dc6661ac

SHA1
456d763fc96762c3af2ad098727c5335cf4d3e9b

SHA256
486a633970de9d3bd695845a9154f9d9be4c562d54fa6d2effe58187a232555d

SHA512
64088270f6e3e14cfe88a5bd93b8d930c11752d8e90c2189a6733079b9e50f362f3a282e6d5a8c68e1be0fdced78a14183d2fa94a30e45a8d1fef507da2987c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
c25a0e0806cfff9184fb57535280e20d

SHA1
ccba22112e70eb1f9054c902213004a9722a45bc

SHA256
aa60e8ee46a5f7eb282b2a8e3a9402f97ab849f0b6ffacdf386d8c744ec277e7

SHA512
06585a1df5124bd36a6bc1a075e197ec52761bf083610fb26e3fe57b1b5ccce1cb8269584118a89d5d4194528a4a447035306006c7081ce40ce2609c2b5df66b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
56f69d441079522efa6cb9cc960fdd4b

SHA1
9a17d095f3f725dbecd87be9914b47f6d073f618

SHA256
e9ae14c9709b1265f71e43b7e6379be78691aa3913cd3c7b2eaba3ae9c0c7e95

SHA512
91722412eb552542e38b675d42a005dca1d5a5c5371857789e32885a9f96d8b10f9d2338d4c29804a6a2ade54f1eeedbc77ae374217e77028aa9a745c064a0da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
dfc9bda9ad720a61b59a4866ccd20505

SHA1
5f411150c4f170a008970ccc61be8ba1a09dfaf6

SHA256
c5d0df32f8019ceb650c3d168eb1769c34bd639a39cf4fd4e19802d1626e1c74

SHA512
0a817290b28a869e47d01658857d0019350d29bb30bf12c1514ddc565b9991897a1b7517d6a12ff1c3d40b96ccd401c96a6f6fae501781fc1e75d577ec3738f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
f396e0d27d2be5654f52ecf26e14394b

SHA1
78ca6efd097abb991473db5d838b6361ffa59592

SHA256
100c0437b1a6fb8332056fec3fd3c23f980241de666c27e7162f63dd8a623298

SHA512
a1824fb06fb9c0f545e55b0543c875b822c51d53e48380f5adb4e9701e31196e4b0b6c0f0304ff1c9c9ee80dfcbd70d37861a244dd7103347373d8d31c11b27e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
609eba2eae120282cc00f0b65013933e

SHA1
feda282e171eff842db7800f62dc7b6a5efc44d6

SHA256
ae07c5d6c73255269479680cf45a8ed6b00c4ee51f5c48ab3c8ea60e18e9dcf0

SHA512
16a91d052b83ea29db86672c74a56e7bbb68f4b78170abe218ed244b4cf2151f8fe856ea2e856c08a281333129464da7a4759202b795ed0964ae6847faf54597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
e7cead5b0848c657184547e3da69a025

SHA1
97da10573397ebb23167dbd7b5fb5812ef52e6b2

SHA256
959818dc6c3a441daccde83fd914d880fdc824820a84da507dd1e14641d51fb3

SHA512
572d01e8cb55123b8ac754eafe36dc4ccd17e0f1e8bd03bcbcb6a959bbb5ed8d8f788558330c4efe1134e97d043de3cdd34252fc465d7a5507c07028066d4922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
a47621df5233d55620f546ce8e01db78

SHA1
431013fdf0c9f27547e60861acc207d74aad6b23

SHA256
5b72c677700f010ccf6a3f31a3265ac939ac3b5df3480d14315d694bf3810966

SHA512
7a055eec4aba47d883e992f95db3ad6fe952cc10947e45e12bbf48445b1536ee356a9316048224ac0adfe220bf0dc98455687aef404e824ef8e0260394eceb42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
e99f990f406d023b8f52dc539829243b

SHA1
6d310f9c87c22bf16af1be07f0cf7f01cf977be9

SHA256
28532d7d821bb61986dde2beb97b8d27e31cc3fc3e5254922d8ea0d4002b6b1b

SHA512
edb695919d1f9c42ae025e8b525caf5e993e1af4e8cad31466f3d431beea23cee5f69929b7994f4ef85d28322d69566f093debe5cb5bb61cf06ef14e1fcde2c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
3efeaa96c1652dfe91af3185bb083d42

SHA1
df8caed920323931c1ea5fd1f3844763ce51019f

SHA256
7df9d02e0b869a697599637b37ff3f2b8262001be2e6b05f94218b5c27b2ae45

SHA512
d6d3f0943afd8cfca7a4345dda89b2569ae0e7305b88cb2ac9baf1709ada3b1cb360aa08f5a6b99e853065dbc16ba97109de1d73e6eb4329e93a53126a07cdff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
2c323287d7288d1bb49e3025a7c00295

SHA1
92e3029c5d46a579121545fa68a7097cfd61d747

SHA256
cf1e331df7cfe64e07b449e338a7030a5f4f09e188c2497c5aadcdf0f4dce4a6

SHA512
9c6acd7b770c5f5595cd9a7e361642124324933e7dbdcf4a0801a0e5715cc97993e273f01bcbd854f3fd3457a89c892cd0d4a278d1b0de52f78967d7c87002c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
ab5130c589942bbf9023d8df3dc0a6f7

SHA1
359cf06e0650df4d05f50b54af02839b62b9dce1

SHA256
b625f4f45354400c50a81e8ca272592c1de5cd57bf2413738f25ce0358f6018c

SHA512
a9d1755ae7ad27eec60d649c1a6c3a63da84c6a76c70f6f8e0dc445f6410f73523c0dc35a14f118b7f4d4758a344a0264930291cc0cb910458718ee695409ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
a0ab7d404a2a99880193be5330a1addb

SHA1
a561dc3d511414954426839b6d89524a8bc66a41

SHA256
0be6bdc7070512791b794e36a0667c44d7bc15532055ae2dfc5cc69a65197286

SHA512
fd11a6c114aa3ccbead4f3e6562f4a315a65c404102aa76ebafd174392f9be290061ce269eee1ab959fe11c326f02baba04c668a7c0f42c39842dc08d4f09953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
1c58cb34835cc8cf91e50937cc5ae7ce

SHA1
19e8a7dfe2c553312d10521bbf12b25fd03a6844

SHA256
f7b2e7aa9371c4ed14d8f5589aedd32b2f5a853bf3452ee445d5fec0463bf350

SHA512
a998a57afa7fab5495cfcf221abe7c7c81d4cc627413dc08c52454fc1b8dc4560ebe43588b62de762ccec2f7fafd2e337542911f1aff35aa6d4b176820ee3a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
7b6259449b54f9e03a04e414aec0ad05

SHA1
21b4e6f26333ae1c43845a3a29c21a2280f40be9

SHA256
950c586357dda32f75057e6c97202f4e01ca3fcc0a7dfb9655fa1b80499c54d0

SHA512
b2a31277eb1ee7a15e0b595c2bed7be57d5807b449e354a6d766419a7588b344eff3ebaa784292b6423dea02e18f0e0941d204e2f972fa2de5bcb02229ad4328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
c0fc49e9260050b2e65e26e5529d19b2

SHA1
c36785388a80102e0d4d22abeb650b25b1836402

SHA256
a81714b385d2115257563ddffc3117fa5dcf6cc4a6a91c5e82fe62557964b582

SHA512
88cef7ac3a6986048d881475712626002a2219f420c16d31d066e39b7552cf985605b03c950f0b132546a43152872c21766be9ddb2ba04faba35725ef45bf394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
55275cab73dd99bc3f0ee7145d1cd666

SHA1
4a01126ca3a9cdfc6c7dd31c9207ea1e24123285

SHA256
214c746c1f19d43a48112bda1a1b8f697b769172d895b7dc4d22e209960b66e0

SHA512
e8aa4cdd2ccc4c0a695b3d321c0216e94f6a368dcfbd1c9244deea53fe94281da376d7a77e9e858c9d63b797de3ff0a5824ed4929e0768e0d894ca77687bf1f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b00f6.TMP
Filesize
372B

MD5
f1d4ce30f15d61a6506e7909094f32ab

SHA1
674ed6598ae777300494ad583985196b89110d89

SHA256
dbb211fd1bda407b8fa55b2661bf426ec6d492f653b248a6527d09d7a6ddd691

SHA512
9cd8d1153d528f96baf43c427aca5330d604823550790a5975986c98f15a8b155cff29882ae5dd11e66b42acbbfce552e6d239927e170da608f028386319a44b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\eb49da25-2fa9-40e4-9f00-18dd69b5e6b6.tmp
Filesize
15KB

MD5
877a215ebcf4fee2810a634fa77c7965

SHA1
e45eb5c6c88a6ec8e3fc45b3425a53271b3faf34

SHA256
063ee3385e81baf8756466a215000f595fa0ab87816382a01b4a31f924b9f7bc

SHA512
b79ffb35483985f13358ea36e163c22b5ef8ce054a71b8a3b33c02a266acd28ff667799c7dff2957bfdd03fad0db9290cfacab5bb6f7dc8c3773d6de7d26388b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f65eb6d1-f10d-4d61-afc3-7e125d566dbf.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
5baf6a44c9a108937249f4f54dd3e07d

SHA1
865ba9ab981561626cc476b32264357db110bc2a

SHA256
86b69bccd14c949611695afd5c1ebfa376c47d4272894ae42d91d2b65f84764f

SHA512
c27c5009f3dc825548cb606c86cb4165997839a2d5306d5f9df18817a19d22e4a4acf5e8a74412bd22714894163c4616a5436e7605695f80906a293df29a771b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
17ff3d07bbbf1148bf682f630a131bc6

SHA1
8021bfc2749d1e6c64dc3cba5d536d5352ee6f3b

SHA256
8b0bfce09f11e14b27f7079977f85d697e6a855792131bad19e1fed66aea367f

SHA512
9996051e862947a02ff2d5485a99139e35324037c6ef798e524b1367ac08e7d9e5eb5176636a9108b652664eeac97a70fba0b247048ba59eaee661a78b8517f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
9ef72d08f4a9e8ec2d54cdf914980b93

SHA1
8d7dfb1abf05db6d2fa7748f735b9a7af01392e6

SHA256
2a782803e191912e03f651edfb02f1553f8047760f3fe6a479d3eb6e6c11f9e4

SHA512
199e5bc1ddc9626817d3580423a67448a338566984f32feeaf4bbfa47c43fc6f1c47147864bec1a72ba25ae6566bf5d989ad1496223f8c5252d6a3a260c99976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
a8fe7179bb7ceb11d6b2dbce051a74fa

SHA1
2554fd917d54bd72d943a5b3bb6ea77379c0615e

SHA256
b6a0ec318da97e51587df1912d4e78fb24b3b9ab5e70d91d96d5b06e2483bbde

SHA512
f0bde70a01e7e2f507e0cab2a6e74d464f1d1fa1e98d69d47d4cecf969365e53bcde4b56a69050a22f80514952fee63fc1373829ac1d9200cf6f85bd76ffb286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
c0b523523544c6351a6667add69bd055

SHA1
f8632ddfec05bad17b12ee01a84986735db7223c

SHA256
ad05d38a268cd8076e68ae7cd3cec2fe3dec8a2a0bbb088958cfcd3be7f83d36

SHA512
c74db60d4b67445970cd554e78eb0701c255805b61553df4aee555e0f336d5c7a8e55b292f4ba2adaa825d7a8a4d7f516e849677e981788bf96c2793df4855f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
3a9e25de9005f4dc8febe0276388f03b

SHA1
822b33d10ee326ee62c8022cfbf0bf2d4282f356

SHA256
4a0303ceb3bdfa9dcab119e84b0f3bdc88ba11c4a0704bc88d7f3e58892a411d

SHA512
721a2eeef85444086c34e4095c4c1ec50ab6c15fe12bd4667759ef748aeb7966b74e95cb97079a1d14c36162616e2b3e09ecb76a5fb2798ec9da79744b416158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
edd94c1ba63ff55753dac53fa5f70967

SHA1
19f0cc62f3d2e26834349fa27619d3467bd9cf7c

SHA256
d2a32bcf7d51de6b28c68b5cc2df7d98305fb473e7c16283fb9a8e02d970b2e8

SHA512
79f9eaa3b2d21a35d49e10b2702954c12a8ffbf98d5815595b371e33a3b56f10816f949a1790a952a080b600f6d6520f6b00644ac2011e38acb4726e42a16ae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
15c6fdf5725398ceda46d268bad1b738

SHA1
ba519efc6477b92f5a6270e7b455eebfd5c331bf

SHA256
2c262a92bfa3b9c6cb6ef3aa2027fc761fd9259ab36f8bcb72ffa751a3215b66

SHA512
a237551862796bcc5e9b5664b6d3cb4def4decbd2299c363822f7dce7ec63b7a26393f096926036cca9d2168ab280bfca7602dece6d75e788a05e49830c4421e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
ab3d1e5a76872b7feca5483c283e5f53

SHA1
2a1b3b522a9d238c318e837303045a6ca46b3a48

SHA256
bf7dd0fccddfe2753c8775ccc26b51c2889a1a9384c9e6779d83314ecfd03f34

SHA512
af8c215b860f2b264b72c4f87b7aa7f61cfef80264f654c0f604647e6e2671bda23b072856e14635e67dac1c7b79e91688056c5da95cd8a439e88c797d70f11d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
9cf4f7bd12cee0368302422295a49b58

SHA1
d97b8daf4f3689b11b2508d738fcd6f9afaf8886

SHA256
5e03823fd3bce8b44e81e24c237a6a83d0e5891a68c6f8a383cfaaad1a0411f9

SHA512
5b8369aaf49f26a5ad971bbcaafece7b7506197cbd2e803362f07bbb2a199b7018028a214343fd1dc5d5b56288f75687f1b282ae5adfb6cb2c9778a64711226d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
ca5dc77847147796fed4dec60bf4b357

SHA1
088a743a0d24289b07316c72d38cf60592b68451

SHA256
3a481bc0ef9cda71a69a809cbcf99ceb65da1760fa236c44da96730d3b2414fc

SHA512
ddba1300d3790248d9ed2ea6dfe43f941cfc877ae63057ea41c0a367b0d7b853d07ecc528fa1040133880d3c41410dabf36c0769667dd5353a2c40e205300902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
87f357dd6e55ed048f00c79bf4886741

SHA1
fb8193871c3bc5b5e0c0acbdaf157a36cdee9ff1

SHA256
bc74bebbcc068a3a90ed8492ab2202228672e8f91358ce982eafa55c6250a88e

SHA512
a906a2dd63cefbc2ff6d9d1d7ca6f399040da37201c8e7da75340bec1f857b2b255c70e0811fe8e19617c66b0a0977086441a6fb650c47589da4c428e7fa736c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
4f82844be6f770b4f5393f31b1481941

SHA1
3c8cad5f2a5e9fcfa6cd381390a3f750e1cb0bbb

SHA256
f271d498305557d9f6c130a356fa824070e2057ec7ef6a7e887420015e6273d5

SHA512
b03b5fad83af9541c1d131b79a6654e5a354942e5ee27dd999498e775d113cdb01a0fb0ab10a07a101859b4f23ec9c98fb18cc1f75c1500cb9d1c59c559ca3fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
d87b7be38bc904bcc9961dfc079d233d

SHA1
75d4f39eee39fc2ce47693cc8cd2490167862fd3

SHA256
0feefa8940b787c51170102429b15aac484ec16adb554aa487dfb12c0083b97c

SHA512
19a646ba3032813209b8dd8235effc9095d18ffc7a8c811b195539e35af5aa964b80e2cd577f21ccad489243b8e752fabae4ad611ad347dbd3cfa58e3cd484b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
faa7ae63280f525e70da653f9ffbcb19

SHA1
c1fc0253c575494a1748553d461bb08cd31fa7dc

SHA256
09bbe724cc44c99cc3d5b7cb894a69fe39b09487f3948aa45a4a0779557b93c3

SHA512
639558264fe02d4a22ce3cead1a1bbb5cde595db1f8f699de85176510913314eea4201e2d54a10677a6c28a8ef583bb74524e221577968c369b317ef7761b79f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
ef04c0849e47da2e7785d3e6d19acc80

SHA1
44256d8b4eb9ec512a35afcf67460c0c88169f88

SHA256
f39a1fe05ee4f6f85a448b62c5f2ae50bf2eda750b8f5ff631c61902a018752c

SHA512
86fd8dac8657dda5e448fcfdcc1db1b50a4830e2d6f4899a4bca6412294a97ba58b2d0070ebbec87cf4813c829b0fd623d47adb65c6b0239705f5dc2651515e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
08c072795357d2e66b9dcc26cd262461

SHA1
98454669731453187626c7f6e9faf90ad3fd924c

SHA256
9a77ac0057713e4e7f7f069acdee05b7d2de4724e37e26e95f0169dc00507002

SHA512
904c1c92f40a2b0c5f172999e58be41f252a58be2f07d4acedce0b4e4a65dbd7541da8d0eadded4444fd5704020d3858f54fe21e1bf101d7a9025082512bebdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
94fe6437cb5ef7de104b46f931799277

SHA1
359b5987caf7d07793b8685dc9eb16eece83a1d4

SHA256
4c0761a0b3011c8d0763a9f3a30a0658c659e433d2631a559e45a33b52c032df

SHA512
cc160e68d19ff17b5a8a6230887134af2db65d31cb0cf95f12584cbaf8ac248d0fff4f01e57e0af4a7845423f055fb8d4b7769fc21966856c1e022f844fdd7e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
e65bb9917483da6a7fced6c08a4f9b5c

SHA1
16b49ff6611f8c1162246b7a92a80bea66a7fc0c

SHA256
e3acd77d00b6d164f2e1db01c7c15165246c069a9035be0c8c409555ddaee124

SHA512
7a33b68a11d09960e0e5dbc31bb6989b62874778a867ac35b061bf09cd7cf4e7b4f1aa699aacfea95d1cf6565ab9873bec1a6a45abe3f3576a8ae3fb434f91d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
5aed681fa749b6ab1152e6b6b7443d52

SHA1
9552987931faa137ff862dea62e7a18bb84d773e

SHA256
841a3399f1899ad332876eac01ac4f2c3f21f44004745d447fbfb004bfaf2915

SHA512
2673d14b51a4c7075679f80d174df7bd264742e54ef9c69ce159701376ec75fdd1f86e8246f8dd8846a668d0532b9a98567719f17c330e572ac29cd61f49310f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
2bfe8522f66bbe42eee682f21a7d0926

SHA1
fb11f347e58e9cc1e88de3327697d0aa3eb1452f

SHA256
061bcf34ed10df20c7deef02f867ab754bc40bdd2cf0cb304542f52431096a7b

SHA512
e88c11179c6468bcba2f94688412a3f3f9880b1900f07237917d11db7983c99dac0d14f715269ffaf5833458c2269bed7d57ad3fbfd3a72f10ce08f751feba05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c2d0f4a4-31f6-4eb5-afa0-4153623cfd6d.tmp
Filesize
13KB

MD5
b1e684818e0cbc757bd38cc54d18cff3

SHA1
df76c0ac2239077f3b72091f31206c0bdbc19c51

SHA256
d17ad4a2bfd873212a49c9472d6004330bced688bdf02976c356dc1c8a5ee39e

SHA512
80250195f490ffee16f0506c70c52bf572818caa0e5cfba593854633d572f6c842f6fca0c2c700dd2b4f3234b1a2888e36e89b26dc7127863296d12a5d68810d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\IRXL1AVP\www.roblox[1].xml
Filesize
209B

MD5
203086257ce91038b01cac93499842b5

SHA1
6152b928c49e8084e5d753052720be5418510551

SHA256
5ba956e16746f96eab68c575852e9b6793687dd7749b54fa112a1960c84de612

SHA512
4fdf6464d3f95b9e049e10c7ec965137809122f8a19c5be98d0e79d94b7060f87cd2d49a874be87d68c359c8ede7e1a83f95f9f27356e50c8c43cda17759e61a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\IRXL1AVP\www.roblox[1].xml
Filesize
209B

MD5
203086257ce91038b01cac93499842b5

SHA1
6152b928c49e8084e5d753052720be5418510551

SHA256
5ba956e16746f96eab68c575852e9b6793687dd7749b54fa112a1960c84de612

SHA512
4fdf6464d3f95b9e049e10c7ec965137809122f8a19c5be98d0e79d94b7060f87cd2d49a874be87d68c359c8ede7e1a83f95f9f27356e50c8c43cda17759e61a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\IRXL1AVP\www.roblox[1].xml
Filesize
209B

MD5
8b50690b2c686ff40e20711ba99e4f06

SHA1
a7ed7fe8bb62ab2955a7c348a3b222afed0f8b3b

SHA256
743056b2977ba515bb2716648f01ead80c1011b4bc27e3de0a8fa6f77b3d90d9

SHA512
0ac68aad23cb40299f78367fb4fee3e2c39d27202883848823258101400c7d0771ab4bc7f1a57c7ca5b6da8d85ab387586424dfdfa0128b1cbb60f64af9efdd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\IRXL1AVP\www.roblox[1].xml
Filesize
209B

MD5
cccad8159335ed24ae72753582ffd305

SHA1
0b0273b670433a13f0ceacd0ca187f431c1e0b2e

SHA256
678507b268c04568458bf2e4c63f17b3abd3f5acd3b103ef27a98c008472d985

SHA512
e790fe020e704a8ca328256f8a6a4eeaf982098ad7851215677081fbbf5bb979ff96b37b499b94d44331b100682b9dbac80db8424a1f6f03b8a89b856941ceb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q7s3h6i\imagestore.dat
Filesize
4KB

MD5
732f2d0ef1abd437272a9428b8c0df24

SHA1
20a203a402498baf45b3c66440656a90ad0ae606

SHA256
09351ee1301ded4478690dcf33a7430adb58512a2c49020056018d8781ea4500

SHA512
0103aa9d6a781a1d8dd703bd62599ff40a2351712eaabfaab4a524adb52dd28c12c90eb34909ca0bc45ab0ae62bcd935488d0ac660b53777762272abc46830e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V6GB5GU8\7bba321f4d8328683d6e59487ce514eb[1].ico
Filesize
4KB

MD5
7bba321f4d8328683d6e59487ce514eb

SHA1
ae0edd3d76e39c564740b30e4fe605b4cd50ad48

SHA256
68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54

SHA512
ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\activity-stream.discovery_stream.json.tmp
Filesize
156KB

MD5
2a4f1d53eea10d8dbf46ba2a9a5cef44

SHA1
c0a10f0a61dc826e15e3344167c8754510aea54a

SHA256
d246bb264bbcb65cdcc05f58c759b589f9dfe95aa9492430abe9ebb34b5afa55

SHA512
6f9ac5e2a2669c3b893d7644ddf482661e9c73a6b8e47c68f1a50f68796a2f5e39a83f586416423157fe52b788f06d4d0c211fb7406c9dd4ee2795f4e76448d0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\11334
Filesize
14KB

MD5
aa5b38e084372b82178652c51ea88baf

SHA1
63e8a5940678511602f374e1c0127749e6b07375

SHA256
fe8869ba46060ca1e23745664f464d902188daf89d97d866c12dce521b3f9ab4

SHA512
9cf62705d653e71dedfcffbe2a11a9299cebbac4a2274bf4133ad835b3d66eb3171cace5045805b14ceda91fe6225ba761bb6a738cfbd0f61c4dbc3af3a2935d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\13768
Filesize
15KB

MD5
1e7c3c6fb96e86e59387c8989af1b6c3

SHA1
4570edd70254fe193a59343049a59afb670448bb

SHA256
80db724b91664e47344f4407ad014bd6dded4b5d24ed46545855ad3407294034

SHA512
78b2a4fe2047424585db60da3c6ac4bf560d5a1673f8d441e5ff669049db087ecb5e5487837bc2e6776c9f1db1b25e264e40b5823c35daac1ef7846b3b74eba8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\19221
Filesize
15KB

MD5
6d9683e3eb4f419a79d47413ed58d232

SHA1
decc0fdc00e225142e347d1b338c2e4aaaf9c0bf

SHA256
df2880bafb18532cce23e72ce83d21e5b26fdd2bccfc53c31aad687160fd2af6

SHA512
236114ad2ea8e7f67b8778924f35efca336d446b154280b364f63de491e8954faf9eca1e5094bf45b3184a536aa2980966baff8095e0bb6b15da8edcaabc3a25

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\21938
Filesize
16KB

MD5
66698f048a9e7794cb33c486e3408b6c

SHA1
284fc4194c7247db528abfbec6a764f49dfca8ed

SHA256
dafdaef753537c4276fddc195c51aaffde8e4bf5ff0d91003a14922fd802aa8b

SHA512
d218b115989755b40357d4cb6aba68879603cffeae8e59b8c9ec0c1bbb4e7b2d14d4a4f3061c3b341abe2aefc0a3bbbf613a3e92d369cabc4da1bcebe8e1c721

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\23077
Filesize
14KB

MD5
3161c156a09e0bac34a197897a5b2bf5

SHA1
e58ae916880b6df56fc096cd02e87590181e3784

SHA256
3e2e6e338f9002d5dcbbb9d68f5fbe21b8bfbef8b1787cce3f2e3f16150e2291

SHA512
f34f4ba72b0d2022f8793bdc2d560a01a3e1daf035a28cd062dac007760311b8796c25cdfac1181134a00b10c7386cd293ed46084c50ef0b640e35087a1c8f10

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\30563
Filesize
17KB

MD5
dc0ddcc7e4b8c5d0d397b6923a4e7930

SHA1
9868e1d28e2ab3e8ea858eb967f55fac847453b5

SHA256
9c87f6232b19ddc112c50982416c0c830f80fe75beacba6321f1fc08e66a79c4

SHA512
a8435bfc4cc943572310e705c60143579ea5816052ad5d4ccdbcf2e48321453eb20dc55a5eb3db27d8aac786195d9f51af0d53db0a2b3993bd7fc9e009785275

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\31462
Filesize
9KB

MD5
724f8c66950dca9ab1d020771ccba65a

SHA1
dd60791cf1a327467de78a8ec980bb6fba6a3cd8

SHA256
42dd1ddd2273df5c4750654bc9c7a68669eb53bda01917e94249f16273c52a4a

SHA512
6bfa0ff71d950265c1be8ee8b9f68de1fc53463811b90eae39a71022d7eae3da96e4536a36cfe6b90e937dd9f0df9bca003d0964bbfb93b9ad199a2de4d56575

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\6805
Filesize
8KB

MD5
437ff87e94140585a55152805510301e

SHA1
ed605cdd261026ee1add9cab711c59bb3c73bddf

SHA256
93351c4d86d6c82179dec56b740e10000f1f48f0a3f1517df58bd5582c8e1c89

SHA512
2df0f7c1626c3c791f67abae31ad0f42ed6329edd19d07932beea083e7796042666bb66719aff24bb33d5f5492ce7f264cc021a1baed175242d58e1378bbf3b0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\936
Filesize
7KB

MD5
7eb0778875c54f0e1edff69e57310a76

SHA1
8854ea02e2618af9ff9dc862d8197882ec61459f

SHA256
4fb31eeb3dedcafef7996e1e914790b29f36783e54a9967932c1e20b0e013b25

SHA512
cd2da392976bb414af01008dec831e9c7ab2b963ed6b084d8740135325999d9c433f234376f75f8df6eef7bb72ceca3b001ce03512b785912494c6a13d7760e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\6FF55B71F6E7441ECF228BE6E8ED5ECCF7421662
Filesize
4.6MB

MD5
ca18d692704eac879e404eca62c8dc32

SHA1
1817ce58c87bab58cd741c0a4a4553da73c5f8fc

SHA256
0d39c76cb4bbd1be80ce9f416c6d43d5e5ca089c7f1c6308c3470a2c48a9ff49

SHA512
60fd1abce40a01b3bc5cf39bae5c4e6f4591bc10561764094f62bd03e5b4f72588ed7075352098c3907b26661b5b37500001310736166449358dd03c260a51af

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF2BAA1F50E53820DD.TMP
Filesize
16KB

MD5
b1f8364bcc6fdfd40b749d2b3ba779ef

SHA1
15d04f3fad63828ad6da774ed2d2029e88364fd9

SHA256
fa8878d1c541904a2925de9e6c62a3dd95d182684c60d86a7cc6dfdcac677d87

SHA512
9a4e80f0d99d7e9e3e82703f1d3d66b7191e16168006f47a11773221d1e6058a07084136dced1370c45a2f2cf58508543193600097bf84d3da9b692292809b51

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
9c642c5b111ee85a6bccffc7af896a51

SHA1
eca8571b994fd40e2018f48c214fab6472a98bab

SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
9c642c5b111ee85a6bccffc7af896a51

SHA1
eca8571b994fd40e2018f48c214fab6472a98bab

SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
9c642c5b111ee85a6bccffc7af896a51

SHA1
eca8571b994fd40e2018f48c214fab6472a98bab

SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
20KB

MD5
92bde37637a6fe1b214870cac2060f11

SHA1
631a6a911cb4a4d7b7cebdda05c15c3d35685009

SHA256
9550c72c14526bbc94d819d946159509fa69f159614c4595a3bd6c4c724fa4b7

SHA512
6bfc4d4cd49a7066fa37c922e6105ded0e1da4ace0b75db0ef8c5a1968c5eaad3b9bd7b2b3b926be687d28ec82a4dcba0526897318657e146f07ed55417e1988

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
19KB

MD5
fe4164140c4d9ed9b7ddbc1ee4620a37

SHA1
4d7e0766344165e9f4c675085f004aa649c1c3f6

SHA256
8e059b7d557bbdf091af69f7e0e76b636d1bc95935ce84287c4c87bf352bd889

SHA512
b9704a0724bb1b5de19e3fe272e5035c185ea78e4567546376a65d966f16973522322b53c8b872d9dc0fda5bbee878c0b5ef0b82dd5d1f335c689864d2f8b859

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
6KB

MD5
035f994bd99355a4394fb9db6e86893c

SHA1
67011ae9a1f147dedb85c324898a9f361bae3136

SHA256
572384b612b93a22eb9590e7e4f07e672723d1923d8b67ea6dbb78d9b57ac188

SHA512
5303df05c5943c413a5137d03085a37712d72acd663102487c670025aac6df222821b20e001365757a5fdfa600fb8d3f8fd3d4afe6de0db0bfb13369c5c059df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
6KB

MD5
5f5bf1b43d45ff1c760bba8569a7886a

SHA1
e6711f807914a74a06e5d89d9fb4c7595aaa773c

SHA256
f87ffa3a6a2dd616db40f5dbd56359596a36f33053519c8596729df42cf1b655

SHA512
9f55db26fe63bafb65cc9b1c135d37ab4afa54ee4dd8d19e6b24faee65792f4debbabeaa31140b769abc8752ea90282645ac682d3d35734ce7426448ba72234f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
6KB

MD5
4b5b115513ff9666d982e17f33c1550c

SHA1
451ee0d806e3ce1c0a495cbf2f56157833106b96

SHA256
f6a1f5ee7d43f5a90e3c4a4ad0d8a4ee6931a09c7198513d33c94fb34c0d7e22

SHA512
e4b4ec10504cd550b3de2d6eb38591f3e3588beb33d4429bb517944c311e442c13e586af3189002806e880a1716c123a8d99ba4bbbaaf930ab0e5d81fc4d0f43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
6KB

MD5
253d20c727119c446e07097377c99698

SHA1
a406e742c32b47ed87896068f2c50fde41b6a285

SHA256
cf6659454e18216f317745210fc0072b5771d05919448287f65afc01370e11e9

SHA512
d30cb1d1e2e161906a051bee7baca2731f57f54631367a9e5c0b734fde72467a30049a4392799587a4a8457374808ea9ca4f7fb44e43c53fc88a2c9039ef56ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
7KB

MD5
ee9c6abe01f49b388733a448b6b367b3

SHA1
22492993d1fca241fcd41935378463780d4cffca

SHA256
b464ba553aaf5264764b0a5fe54ecf9233535fd386bcd77677fa9386aca5bb3f

SHA512
7070ac61e0ea67191e5702f92d5f8cc13cfd2a04be9fa98ddfcf2e6e961bd2eb5601c607876ca90c77c755312673427d482b4838fdeb3f1f165a69f76ef6294f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
7KB

MD5
d769d4d976cc034643f606492c1a21e3

SHA1
6c8e9d0ceb192538f39f4406aeee50783c280e6e

SHA256
4415b2d71c90a9a95b70e922ffe9107087e30d19730c0071f29997cbe238a8cc

SHA512
95a0983947fa49867cfb7d66f1623fd02c2b780d26ab65bcd02244873487db93dfbde75aa1b3fa96242b4e099e3c9d21d9c387203df10444361dc0441b984cc5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
7KB

MD5
80150f92d56e5db7bdf8fc31877f5333

SHA1
75db3b4fec79147cf90e9bfa2230bff655deec5c

SHA256
74746b0a2f8af56dfd36697e77dfdd82b41b948608dc967a3c9061198b04f738

SHA512
027a936a85da0fa5036cdfb43e4637729c9cdce3c991c961b697022d59523adb0f118dd311aea7fa2f342d5aafeabf63360d68ea56c8add2be31eae14a9b4328

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
7KB

MD5
c471d41f4d4c54c0695c4d6e634ca286

SHA1
9286d18b88dfa77e0deadbf3f7c0b105484de122

SHA256
d4dbcf81ab21e307321442f1c3a866d97bee5614e43c331351679880dfd0af62

SHA512
cc56421f776e95fcd52d899a1611b64c6739808c487573c10f384005bbe8e67efb40f993cd4a0c6c2ab1f51d1cf8e79620d4b6ea9c746d124a42b65108d15b7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs.js
Filesize
6KB

MD5
9971fa8fa89a208685d3e30835832fb5

SHA1
5d9972a3bdbd4c18b3648597d2fd9f9fd6e30300

SHA256
13417a67a65fecc73ad5acc94d17d8a6fac3b0a343daf12d1cd2d126b9198084

SHA512
02b107e0d9449fa2d4d3655a880fbdeea4477205fa6c21aaf641c3d358353aa437cf040ec842107f973253bef767e48b9a0267dea5ed2d331aa192ef540e3b1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionCheckpoints.json.tmp
Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
5879d7cb90aef891051cdd03489ede81

SHA1
6ad450f9576f12aaf57b7a7a73c95e4fb82d426d

SHA256
6dd020baecd393fd705fb39131e28afd8a5e565e5d648d91e3d658ef0a681a0f

SHA512
44b07d8a99538481eb68ebdce78e1555bf2c8ed6f73b8f9f0a7188fb2334b5c166902b74f03b21280db6142861aa45cf01b361c488dc30fe751aa65267bba3d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
8KB

MD5
77a2350bc1d64061035f477f2c7f2165

SHA1
58bd92ab031cba3ab3ef4d714037e89c2df1902b

SHA256
694fa547149c195cd53588da9a69bbc281c77ec0c98b78e8bbda855181c58a0a

SHA512
dfcc87ed1fa466ac7621bdef97233aba46db6bbf1a479d6767d03af1c0b0298a47125c8b147b6f72fe7401d871c182189d7cf380448b4c3472164b98b5db14e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore.jsonlz4
Filesize
21KB

MD5
e7da0614e5590ee6567ed5faa8841cdd

SHA1
f422fc39d19c788ee10cff84b1df92e9230fef28

SHA256
60b0d9305e1a0532fdc7ddb486496227faa59b2b5f0f5b8ba1262e4c03a9664b

SHA512
abfdc7a0869b942f61ffd4eb8d3594b173a1f91bd7d76a4d2cc87dbbc45bb3278384f7b72d946e89fbb71c1652bc6dd285d4e351f11372a29882381411fe2c79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\storage\default\https+++www.youtube.com\cache\morgue\143\{9b101ac9-bfcb-47a4-8823-64da3bb1708f}.final
Filesize
3KB

MD5
8b549a0a7bba93d1f02b3cfd2da416ac

SHA1
8b2ceade753be9581131544a527367a3f37f5ab7

SHA256
f5b2e34c54523501e4e84147a09f1d3b385bcf45a84e5c22d6b4452c43ff9e4b

SHA512
14a979c9110405d0f38ee00267b5c1dceb384526f3cfab93ad303aaf8b12fc88c125f2d666f707fccd4f64c55758565af94e251ff9ba216a145c4c5e938e525e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\storage\default\https+++www.youtube.com\cache\morgue\163\{af8618d2-fa09-481b-9277-83663d9f2da3}.final
Filesize
64KB

MD5
e1f93f9cc564b5a227aa41b797261cb3

SHA1
98d500996d18d5d63ae3a35a2e81fb78176d691f

SHA256
54cdae72539f281a758826b0d190ad34eaad2829d339e1a2389337d369b1043a

SHA512
ae570fc5a69a7e3bc2f0ec194b3599a07acedf2ed5230581188c7bd7311c7b5a4793b93eaa936e1df3c17d0526efffedf4f5e97098a5cb372c53afa687d04e0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal
Filesize
40KB

MD5
d68847bc086b0b53e08cca3cda26ad8e

SHA1
745696d06d075133213ec88fd4f9a5776f9f3a11

SHA256
529db9e3bde0da0bf9ed3ab8b04cb85293c17337dc0a4cdc19baa30d894c9b5d

SHA512
68ca38c35b2a55bc770858de2a01da8472f72621346e75b6248eb19046ffe4dc8a1ad55faa032dead03d7d0002caa819ab493b870fc980e2746184704a37e6d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2171031483YattIedMb.sqlite
Filesize
48KB

MD5
a83fe9e90726429fb19b1b50adaed534

SHA1
bfbce7691f8d1340542dae514896657c760b64be

SHA256
699e1beea02129d0beaa700497c2cf7a09c52b910d4e4667fa875d5f1436c732

SHA512
c26c9683cdd25e62a293423c1c6e5fc8fb578375540a2a8c2b8d35376d2d55c2a1b71fa675bd64204583d9d953d98bcaa44310f5f4d61e1d263b47185db63c11

Download Submit
C:\Users\Admin\Downloads\MEMZ.zip
Filesize
50KB

MD5
750828ca6e24f61408685e5ec5d49ca4

SHA1
77e4ba9a0893a6dbe21d3e0a3e4e19a33aa354bb

SHA256
d6a186bd73f8ca38bef4fc39ff164f6a7b9f5e50f3ad920516482454c0887d37

SHA512
3ccd0e4a0ed8e76d94470e23363894c46ceca980039cc275373cf1505dd3d1d175034cc41fc48dbd105464aa02332a1ad87f70e01cb99d59e149a51903a3f3b4

Download Submit
C:\Users\Admin\Downloads\MEMZ\MEMZ-Clean.bat
Filesize
9KB

MD5
bbae81b88416d8fba76dd3145a831d19

SHA1
42fa0e1b90ad49f66d4ab96c8cca02f81248da8b

SHA256
5c3fde60c178ed0306dd3e396032acdc9bc55c690e27a926923dd18238bbd64c

SHA512
f03ac63bbb504cb53dc896c2bec8666257034b1c4a5827a4ad75c434af05f1cd631a814cc8689e60210e4ca757e61390db8d222f05bf9f3a0fa7026bdf8c4368

Download Submit
C:\Users\Admin\Downloads\MEMZ\MEMZ-Clean.exe
Filesize
12KB

MD5
9c642c5b111ee85a6bccffc7af896a51

SHA1
eca8571b994fd40e2018f48c214fab6472a98bab

SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

Download Submit
C:\Users\Admin\Downloads\MEMZ\MEMZ-Clean.exe
Filesize
12KB

MD5
9c642c5b111ee85a6bccffc7af896a51

SHA1
eca8571b994fd40e2018f48c214fab6472a98bab

SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

Download Submit
C:\Users\Admin\Downloads\MEMZ\MEMZ-Clean.exe
Filesize
12KB

MD5
9c642c5b111ee85a6bccffc7af896a51

SHA1
eca8571b994fd40e2018f48c214fab6472a98bab

SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

Download Submit
C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe
Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe
Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe
Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe
Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe
Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe
Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe
Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ\MEMZ-Destructive.exe
Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ\x
Filesize
4KB

MD5
47025922e91d4acf4a171f01a35215aa

SHA1
729054a8014d3ede226817e258b61a1c8f69db57

SHA256
b9375e245e62d5ec657c2e62853833eef48a245482e3dc4461a2fb9c4f210e9f

SHA512
1982b90933aa5dcd7f7b5d79e520247f54cdd48e5b517d60f819e30a8813d992f654708d51cd5c53289f10015798baa7fd1a902c5ec3fa8c203259c54dd923be

Download Submit
C:\Users\Admin\Downloads\MEMZ\x
Filesize
8KB

MD5
5ce1a2162bf5e16485f5e263b3cc5cf5

SHA1
e9ec3e06bef08fcf29be35c6a4b2217a8328133c

SHA256
0557ea4c5e309b16458ca32ac617b76d1a55f5f0103e368d05c0f0386b7a0a43

SHA512
ceb5e270bdbcab5be645e50705e3111a5c4751a7a865580d53fa86580025201264a49dd0ea9135b10cff28d7bb21b767ac5d4aff40e880a866ab35df273b5de1

Download Submit
C:\Users\Admin\Downloads\MEMZ\x.js
Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\Downloads\MEMZ\z.zip
Filesize
5KB

MD5
d2ea024b943caa1361833885b832d20b

SHA1
1e17c27a3260862645bdaff5cf82c44172d4df9a

SHA256
39df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76

SHA512
7b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb

Download Submit
C:\Users\Admin\Downloads\MEMZ\z.zip
Filesize
5KB

MD5
d2ea024b943caa1361833885b832d20b

SHA1
1e17c27a3260862645bdaff5cf82c44172d4df9a

SHA256
39df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76

SHA512
7b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb

Download Submit
C:\Users\Admin\Downloads\YKA8iwp2.zip.part
Filesize
50KB

MD5
750828ca6e24f61408685e5ec5d49ca4

SHA1
77e4ba9a0893a6dbe21d3e0a3e4e19a33aa354bb

SHA256
d6a186bd73f8ca38bef4fc39ff164f6a7b9f5e50f3ad920516482454c0887d37

SHA512
3ccd0e4a0ed8e76d94470e23363894c46ceca980039cc275373cf1505dd3d1d175034cc41fc48dbd105464aa02332a1ad87f70e01cb99d59e149a51903a3f3b4

Download Submit
C:\Users\Admin\Downloads\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Downloads\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Downloads\krnl\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\Downloads\krnl\bin\Monaco.zip
Filesize
641KB

MD5
1a19fd7c42169c76e75e685dca02c190

SHA1
f16b4697bcd348d44965bf9ded731523db9bd606

SHA256
d686209afbbe718dc0506356e934ff190c1259a174aba12ef40a2fe7a014a331

SHA512
93d27188aab662ffffd78cfc31d100f161656ef37fe4f420a2cc2d514c935bce85b1e9b54eb374c94ba0ac75d0624e24676f8e359c32c9d3485aa5d7bbb14dd4

Download Submit
C:\Users\Admin\Downloads\krnl\bin\src.7z
Filesize
52.5MB

MD5
7c380ecd5bc2cd51511d0ee5b58df745

SHA1
615749979477621579dd9b04ada8d4dcd9430f1e

SHA256
38e1b82e4c9a2a8159c1c60afe7668855351a6e9b52fb13f6dcc633202abaf07

SHA512
110836411f3b44f1df8ecc5890f59d7b5b10d6175f627cc160f0fa5bbc72408c1463ac7067d9787ff9a18e50b9460edf2e2f0b3a418532cc9a273965da1cc1de

Download Submit
C:\Users\Admin\Downloads\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Downloads\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Downloads\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Downloads\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Downloads\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Downloads\krnl\bin\src\CefSharp.Core.dll
Filesize
1.3MB

MD5
c7430597fb837d6bc7549b988bdc78a5

SHA1
447d90f6cad3afe3d2c47fd45f730c68d3201990

SHA256
531585fb2ae180dab6c32b577a964279d8c26a517271f05c3a22940594568f88

SHA512
41567ff616ed0b8fd37f0095c71326fa16c23b33e390b9f224c03eaa5bb33ce06f4e0b60e1ea7ce552f1f47ea38b749a50e16a8e2fcf69f364c8f210a3ad0ae1

Download Submit
C:\Users\Admin\Downloads\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Downloads\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Downloads\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Downloads\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Downloads\krnl\bin\src\CefSharp.dll
Filesize
218KB

MD5
5f79e7737e5e8be2cf8711374c114e85

SHA1
86eabaa284074dd2f86f856cea043061091897ef

SHA256
5b6ca21a1bc2c31640cf7bd270f8d69df7ca547d26828cabc25656b06a9f3f72

SHA512
41ea9a9a4f666a152b17f05a01571ba1c27b07051489660e923a94366bc66225530eabd8f1e3bef3da65feaa98ede44f0105092c86d526ab30b604b88c494f95

Download Submit
C:\Users\Admin\Downloads\krnl\bin\src\chrome_elf.dll
Filesize
788KB

MD5
6499ea6b92ab4971886bd06c12625819

SHA1
5ebb75eeca7625b9511233158a02f50a92867a39

SHA256
6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b

SHA512
e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

Download Submit
C:\Users\Admin\Downloads\krnl\bin\src\chrome_elf.dll
Filesize
788KB

MD5
6499ea6b92ab4971886bd06c12625819

SHA1
5ebb75eeca7625b9511233158a02f50a92867a39

SHA256
6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b

SHA512
e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d

Download Submit
C:\Users\Admin\Downloads\krnl\bin\src\libcef.dll
Filesize
96.9MB

MD5
8c51876f1b5dfbf4964732a65c1f2724

SHA1
ed5653a3a5655ba65d6221285da93799bd2517f9

SHA256
5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e

SHA512
a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

Download Submit
C:\Users\Admin\Downloads\krnl\bin\src\libcef.dll
Filesize
96.9MB

MD5
8c51876f1b5dfbf4964732a65c1f2724

SHA1
ed5653a3a5655ba65d6221285da93799bd2517f9

SHA256
5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e

SHA512
a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884

Download Submit
C:\Users\Admin\Downloads\krnl\krnlss.exe
Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Downloads\krnl\krnlss.exe
Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Downloads\krnl\krnlss.exe
Filesize
1.5MB

MD5
4d7c519cc2127f785d13694d7a281f33

SHA1
6d5d49494ca03fb99f7124197296d43c68d0c027

SHA256
6da486f47b7cdc5f54bad208ae48a25e3f1827fed64d1455c9d986b68d37f7b5

SHA512
50ec05f9cf9b6c4309be0b18f40124b703700672fe784bf3d12c470e647409cb5824dce79f7a4db2e5be83b3be8879f248c1549e37e6633cb7369909527e99a5

Download Submit
C:\Users\Admin\Downloads\krnl\krnlss.exe.config
Filesize
202B

MD5
0ed4b3831ff5e91dff636145f68aac4c

SHA1
2d1140812945dc1b9e400a88c911803639cb2e49

SHA256
03962ae5a55dfc70e2717771a9a7aa37b956b2c5b4c62e3cff9fe24360250347

SHA512
4039d0272678777ba6fa496baf875050bd4c29352fffd37af8c3c07fb2abeedc54ba04a3dd085b491d848e951ccfcbd67ec7ba50a10ec0c624df45e98c18bf1c

Download Submit
C:\Users\Admin\Downloads\krnl_bootstrapper.Kvg0_30f.exe.part
Filesize
1.2MB

MD5
f14153bbd95fc26d9ccea77c49cf09b9

SHA1
cb59f900711ea751c4322b4dab50fa2c0ee70b33

SHA256
27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54

SHA512
7f7618cf6f15d85e82cbfff07ca6e1df0aa763d64d6a37fb659f1612b950d16a15b723ec053765e991485e74a7301617019b166dcaa759ed6f1a281a9ebc4ed0

Download Submit
C:\Users\Admin\Downloads\krnl_bootstrapper.exe
Filesize
1.2MB

MD5
f14153bbd95fc26d9ccea77c49cf09b9

SHA1
cb59f900711ea751c4322b4dab50fa2c0ee70b33

SHA256
27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54

SHA512
7f7618cf6f15d85e82cbfff07ca6e1df0aa763d64d6a37fb659f1612b950d16a15b723ec053765e991485e74a7301617019b166dcaa759ed6f1a281a9ebc4ed0

Download Submit
C:\Users\Admin\Downloads\krnl_bootstrapper.exe
Filesize
1.2MB

MD5
f14153bbd95fc26d9ccea77c49cf09b9

SHA1
cb59f900711ea751c4322b4dab50fa2c0ee70b33

SHA256
27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54

SHA512
7f7618cf6f15d85e82cbfff07ca6e1df0aa763d64d6a37fb659f1612b950d16a15b723ec053765e991485e74a7301617019b166dcaa759ed6f1a281a9ebc4ed0

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_4112_ITYXAOJUXHEWPJVC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1160-3351-0x0000026720340000-0x0000026720341000-memory.dmp

Filesize
4KB

Download
memory/1160-3354-0x0000026720340000-0x0000026720341000-memory.dmp

Filesize
4KB

Download
memory/1160-3355-0x0000026720340000-0x0000026720341000-memory.dmp

Filesize
4KB

Download
memory/1160-3356-0x0000026720340000-0x0000026720341000-memory.dmp

Filesize
4KB

Download
memory/1160-3357-0x0000026720340000-0x0000026720341000-memory.dmp

Filesize
4KB

Download
memory/1160-3353-0x0000026720340000-0x0000026720341000-memory.dmp

Filesize
4KB

Download
memory/1160-3352-0x0000026720340000-0x0000026720341000-memory.dmp

Filesize
4KB

Download
memory/1160-3340-0x0000026720340000-0x0000026720341000-memory.dmp

Filesize
4KB

Download
memory/1160-3342-0x0000026720340000-0x0000026720341000-memory.dmp

Filesize
4KB

Download
memory/1160-3341-0x0000026720340000-0x0000026720341000-memory.dmp

Filesize
4KB

Download
memory/2464-3731-0x0000000005350000-0x0000000005351000-memory.dmp

Filesize
4KB

Download
memory/2464-3732-0x0000000005350000-0x0000000005351000-memory.dmp

Filesize
4KB

Download
memory/2464-3737-0x0000000005350000-0x0000000005351000-memory.dmp

Filesize
4KB

Download
memory/2464-3745-0x0000000005350000-0x0000000005351000-memory.dmp

Filesize
4KB

Download
memory/2464-3744-0x0000000005350000-0x0000000005351000-memory.dmp

Filesize
4KB

Download
memory/2464-3746-0x0000000005350000-0x0000000005351000-memory.dmp

Filesize
4KB

Download
memory/2464-3752-0x0000000005350000-0x0000000005351000-memory.dmp

Filesize
4KB

Download
memory/2464-3755-0x0000000005350000-0x0000000005351000-memory.dmp

Filesize
4KB

Download
memory/2464-3756-0x0000000005350000-0x0000000005351000-memory.dmp

Filesize
4KB

Download
memory/3864-9234-0x0000000005A00000-0x0000000005A01000-memory.dmp

Filesize
4KB

Download
memory/3864-9233-0x0000000005A00000-0x0000000005A01000-memory.dmp

Filesize
4KB

Download
memory/3864-9231-0x0000000005A00000-0x0000000005A01000-memory.dmp

Filesize
4KB

Download
memory/3864-9230-0x0000000005A00000-0x0000000005A01000-memory.dmp

Filesize
4KB

Download
memory/3864-9229-0x0000000005A00000-0x0000000005A01000-memory.dmp

Filesize
4KB

Download
memory/3864-9235-0x0000000005A00000-0x0000000005A01000-memory.dmp

Filesize
4KB

Download
memory/3864-9236-0x0000000005A00000-0x0000000005A01000-memory.dmp

Filesize
4KB

Download
memory/3864-9237-0x0000000005A00000-0x0000000005A01000-memory.dmp

Filesize
4KB

Download
memory/3864-9238-0x0000000005A00000-0x0000000005A01000-memory.dmp

Filesize
4KB

Download
memory/4176-4428-0x0000000005BA0000-0x0000000005BB0000-memory.dmp

Filesize
64KB

Download
memory/4176-4449-0x0000000005BA0000-0x0000000005BB0000-memory.dmp

Filesize
64KB

Download
memory/4176-4222-0x000000000A2B0000-0x000000000A2BE000-memory.dmp

Filesize
56KB

Download
memory/4176-4221-0x000000000A2D0000-0x000000000A308000-memory.dmp

Filesize
224KB

Download
memory/4176-4215-0x0000000005BA0000-0x0000000005BB0000-memory.dmp

Filesize
64KB

Download
memory/4176-4209-0x000000000A250000-0x000000000A258000-memory.dmp

Filesize
32KB

Download
memory/4176-4196-0x0000000000EA0000-0x0000000000FCA000-memory.dmp

Filesize
1.2MB

Download
memory/4176-4202-0x0000000005BA0000-0x0000000005BB0000-memory.dmp

Filesize
64KB

Download
memory/6712-5379-0x0000000005D80000-0x0000000005DA4000-memory.dmp

Filesize
144KB

Download
memory/6712-5369-0x0000000007E70000-0x0000000007F3E000-memory.dmp

Filesize
824KB

Download
memory/6712-5454-0x000000000C650000-0x000000000C6C6000-memory.dmp

Filesize
472KB

Download
memory/6712-5450-0x000000000C210000-0x000000000C310000-memory.dmp

Filesize
1024KB

Download
memory/6712-5444-0x000000000C470000-0x000000000C5C4000-memory.dmp

Filesize
1.3MB

Download
memory/6712-5438-0x0000000004FE0000-0x0000000004FF0000-memory.dmp

Filesize
64KB

Download
memory/6712-5425-0x0000000004FE0000-0x0000000004FF0000-memory.dmp

Filesize
64KB

Download
memory/6712-5393-0x0000000008EF0000-0x0000000008FAA000-memory.dmp

Filesize
744KB

Download
memory/6712-5414-0x00000000099C0000-0x0000000009A02000-memory.dmp

Filesize
264KB

Download
memory/6712-5411-0x0000000009410000-0x000000000945A000-memory.dmp

Filesize
296KB

Download
memory/6712-5413-0x00000000093D0000-0x00000000093DE000-memory.dmp

Filesize
56KB

Download
memory/6712-5412-0x00000000093C0000-0x00000000093CE000-memory.dmp

Filesize
56KB

Download
memory/6712-5395-0x0000000007FF0000-0x0000000007FFC000-memory.dmp

Filesize
48KB

Download
memory/6712-5394-0x0000000008020000-0x0000000008042000-memory.dmp

Filesize
136KB

Download
memory/6712-5392-0x0000000008860000-0x00000000088C6000-memory.dmp

Filesize
408KB

Download
memory/6712-5391-0x0000000008FC0000-0x0000000009146000-memory.dmp

Filesize
1.5MB

Download
memory/6712-5385-0x0000000008900000-0x000000000899C000-memory.dmp

Filesize
624KB

Download
memory/6712-5384-0x00000000089E0000-0x0000000008B56000-memory.dmp

Filesize
1.5MB

Download
memory/6712-5372-0x0000000008070000-0x0000000008192000-memory.dmp

Filesize
1.1MB

Download
memory/6712-5383-0x00000000086D0000-0x000000000875C000-memory.dmp

Filesize
560KB

Download
memory/6712-5382-0x0000000007F40000-0x0000000007F72000-memory.dmp

Filesize
200KB

Download
memory/6712-5381-0x0000000007E40000-0x0000000007E6A000-memory.dmp

Filesize
168KB

Download
memory/6712-5380-0x0000000007DA0000-0x0000000007DE4000-memory.dmp

Filesize
272KB

Download
memory/6712-5651-0x0000000004FE0000-0x0000000004FF0000-memory.dmp

Filesize
64KB

Download
memory/6712-5373-0x0000000005D20000-0x0000000005D80000-memory.dmp

Filesize
384KB

Download
memory/6712-5371-0x0000000005CA0000-0x0000000005CBA000-memory.dmp

Filesize
104KB

Download
memory/6712-5370-0x0000000007DF0000-0x0000000007E34000-memory.dmp

Filesize
272KB

Download
memory/6712-5460-0x000000000C710000-0x000000000C72E000-memory.dmp

Filesize
120KB

Download
memory/6712-5363-0x00000000077C0000-0x00000000077DA000-memory.dmp

Filesize
104KB

Download
memory/6712-5362-0x0000000007D70000-0x0000000007D92000-memory.dmp

Filesize
136KB

Download
memory/6712-5361-0x0000000007D30000-0x0000000007D62000-memory.dmp

Filesize
200KB

Download
memory/6712-5360-0x0000000007760000-0x0000000007780000-memory.dmp

Filesize
128KB

Download
memory/6712-5359-0x0000000007790000-0x00000000077B2000-memory.dmp

Filesize
136KB

Download
memory/6712-5358-0x0000000007740000-0x0000000007760000-memory.dmp

Filesize
128KB

Download
memory/6712-5357-0x0000000007710000-0x000000000771A000-memory.dmp

Filesize
40KB

Download
memory/6712-5356-0x0000000008200000-0x00000000086CC000-memory.dmp

Filesize
4.8MB

Download
memory/6712-5341-0x0000000007650000-0x000000000766C000-memory.dmp

Filesize
112KB

Download
memory/6712-5340-0x0000000007630000-0x000000000764E000-memory.dmp

Filesize
120KB

Download
memory/6712-5339-0x0000000006C80000-0x0000000006CA2000-memory.dmp

Filesize
136KB

Download
memory/6712-5324-0x0000000007800000-0x0000000007D2C000-memory.dmp

Filesize
5.2MB

Download
memory/6712-5323-0x0000000006BE0000-0x0000000006C36000-memory.dmp

Filesize
344KB

Download
memory/6712-5322-0x0000000006BA0000-0x0000000006BDC000-memory.dmp

Filesize
240KB

Download
memory/6712-5321-0x0000000006B30000-0x0000000006B96000-memory.dmp

Filesize
408KB

Download
memory/6712-5319-0x0000000006A70000-0x0000000006AC0000-memory.dmp

Filesize
320KB

Download
memory/6712-5320-0x0000000004FE0000-0x0000000004FF0000-memory.dmp

Filesize
64KB

Download
memory/6712-5315-0x0000000006A00000-0x0000000006A12000-memory.dmp

Filesize
72KB

Download
memory/6712-5312-0x00000000067F0000-0x00000000068FA000-memory.dmp

Filesize
1.0MB

Download
memory/6712-5311-0x0000000006CB0000-0x00000000072C8000-memory.dmp

Filesize
6.1MB

Download
memory/6712-5309-0x0000000006650000-0x000000000668C000-memory.dmp

Filesize
240KB

Download
memory/6712-5697-0x0000000004FE0000-0x0000000004FF0000-memory.dmp

Filesize
64KB

Download
memory/6712-5710-0x0000000004FE0000-0x0000000004FF0000-memory.dmp

Filesize
64KB

Download
memory/6712-5310-0x00000000065F0000-0x0000000006602000-memory.dmp

Filesize
72KB

Download
memory/6712-5306-0x0000000006610000-0x000000000664E000-memory.dmp

Filesize
248KB

Download
memory/6712-5091-0x0000000005020000-0x00000000050B2000-memory.dmp

Filesize
584KB

Download
memory/6712-5085-0x00000000055D0000-0x0000000005B74000-memory.dmp

Filesize
5.6MB

Download
memory/6712-5083-0x00000000005A0000-0x0000000000724000-memory.dmp

Filesize
1.5MB

Download