hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbnBVdzRETTJKWjRwaENfM1ZYMFBUdFI1N0tXUXxBQ3Jtc0trTk9pTl9FbmhCVDU3alJlNEQ2a1dvOHBnUzVBaFk0YVJvdTFIWGwzRzFmTE03X2d4bm5iRUZRXy1aaVVEOUhpUVN2TklJTEt6MHNBbDN0VFQyU2VzTkpiSVF0RmV3X3k4N0Z2RGRHYzhSbjBZRlMwMA&q=https%3A%2F%2Fdrive[.]google[.]com%2Fu%2F0%2Fuc%3Fid%3D18aAJa7SkqCwzUkpe3707IOYmCDkZmif6%26export%3Ddownload&v=whEfx2WmDRE

Analysis

max time kernel
563s
max time network
596s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnBVdzRETTJKWjRwaENfM1ZYMFBUdFI1N0tXUXxBQ3Jtc0trTk9pTl9FbmhCVDU3alJlNEQ2a1dvOHBnUzVBaFk0YVJvdTFIWGwzRzFmTE03X2d4bm5iRUZRXy1aaVVEOUhpUVN2TklJTEt6MHNBbDN0VFQyU2VzTkpiSVF0RmV3X3k4N0Z2RGRHYzhSbjBZRlMwMA&q=https%3A%2F%2Fdrive.google.com%2Fu%2F0%2Fuc%3Fid%3D18aAJa7SkqCwzUkpe3707IOYmCDkZmif6%26export%3Ddownload&v=whEfx2WmDRE

Score

6^/10

bootkit persistence

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\dfb71292-93d1-491b-a90b-99f1f58c4b33.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230401155530.pma	setup.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Taskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe

Enumerates system info in registry 2 TTPs 24 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

Processes:

iexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 2c9ba0669e45d901	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 46 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeexplorer.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31024306"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b07adc38b264d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\RepId	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000675316f82fdac74aa8f3bd7995064a970000000002000000000010660000000100002000000067f6ce2a8821dd758fc90eaceed19989e2f2aff268c51065d0ea1f5e2bba728c000000000e8000000002000020000000ab87993f16354865ee30a651ea38eb27a3f622cc9f380b84460c05c3a9bae88320000000e1cd8693b0dcab6b5d98a0e8d1749171471d5b2d18f563334d87b888e9abadfb40000000b68146ab34be89103a27af3b306c57167eff8276e27eeed0e56d7997edc4c71d53ccdfd5600b091b00685eb18e311d2fd2db88414f11ef0c12d7a8026b9452e0	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "908511729"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31024306"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\RepId\PublicId = "{F6837DBC-09E1-4F08-A96E-1F5C27E1F908}"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "908511729"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31024306"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f03bc238b264d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "923199630"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000675316f82fdac74aa8f3bd7995064a9700000000020000000000106600000001000020000000ad486ff155d21b43052e57dc1c010483dd866a363bbf241f9ac94211f50e2dd2000000000e8000000002000020000000190033db4c0a9936df210bd98a1e2ab36f9d23f7eaa1887135038ab5bf277b972000000082a2494350ccbaa8f0aa5acd20139eb1bd0eb9c29b4acc7b08c333b528426f5a40000000584e26c30869224454a67c433043089316ee267018d600a3996d0076e3b4a05a5e636006aba4232368d6f8ad3616f686d2d109a6b2309e302a8b25626a4d636c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{61416CC8-D0A5-11ED-ABF7-5E272E2E2FB8} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "387129400"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe

Modifies registry class 64 IoCs

Processes:

explorer.exeiexplore.exeexplorer.exeexplorer.exeexplorer.exemsedge.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe

Runs regedit.exe 2 IoCs

Processes:

regedit.exeregedit.exe

pid process

744 regedit.exe
3884 regedit.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

explorer.exe

pid process

4424 explorer.exe

pid	process
744	regedit.exe
3884	regedit.exe

pid	process
4424	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
1896	MEMZ.exe
1896	MEMZ.exe
1896	MEMZ.exe
1896	MEMZ.exe
4616	MEMZ.exe
4616	MEMZ.exe
4180	MEMZ.exe
4180	MEMZ.exe
1896	MEMZ.exe
1896	MEMZ.exe
2888	MEMZ.exe
2888	MEMZ.exe
4180	MEMZ.exe
4788	MEMZ.exe
4180	MEMZ.exe
4788	MEMZ.exe
4616	MEMZ.exe
4616	MEMZ.exe
1896	MEMZ.exe
1896	MEMZ.exe
4616	MEMZ.exe
4616	MEMZ.exe
4180	MEMZ.exe
4180	MEMZ.exe
4788	MEMZ.exe
4788	MEMZ.exe
2888	MEMZ.exe
2888	MEMZ.exe
4616	MEMZ.exe
4616	MEMZ.exe
4616	MEMZ.exe
4616	MEMZ.exe
2888	MEMZ.exe
2888	MEMZ.exe
4788	MEMZ.exe
4788	MEMZ.exe
4180	MEMZ.exe
4180	MEMZ.exe
1896	MEMZ.exe
1896	MEMZ.exe
4180	MEMZ.exe
4180	MEMZ.exe
4788	MEMZ.exe
4788	MEMZ.exe
2888	MEMZ.exe
2888	MEMZ.exe
4616	MEMZ.exe
4616	MEMZ.exe
1896	MEMZ.exe
4180	MEMZ.exe
1896	MEMZ.exe
4180	MEMZ.exe
4180	MEMZ.exe
4180	MEMZ.exe
1896	MEMZ.exe
4616	MEMZ.exe
1896	MEMZ.exe
4616	MEMZ.exe
2888	MEMZ.exe
2888	MEMZ.exe
4788	MEMZ.exe
4788	MEMZ.exe
4788	MEMZ.exe
2888	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Taskmgr.exe

pid process

5332 Taskmgr.exe

pid	process
5332	Taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
5164	msedge.exe
5164	msedge.exe
5164	msedge.exe
5164	msedge.exe
5164	msedge.exe
5164	msedge.exe
5164	msedge.exe
5164	msedge.exe
5164	msedge.exe
5164	msedge.exe
5300	msedge.exe
5300	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

Processes:

AUDIODG.EXEexplorer.exeTaskmgr.exemmc.exe

description	pid	process
Token: 33	4436	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4436	AUDIODG.EXE
Token: SeShutdownPrivilege	4424	explorer.exe
Token: SeCreatePagefilePrivilege	4424	explorer.exe
Token: SeDebugPrivilege	5332	Taskmgr.exe
Token: SeSystemProfilePrivilege	5332	Taskmgr.exe
Token: SeCreateGlobalPrivilege	5332	Taskmgr.exe
Token: 33	3276	mmc.exe
Token: SeIncBasePriorityPrivilege	3276	mmc.exe
Token: 33	3276	mmc.exe
Token: SeIncBasePriorityPrivilege	3276	mmc.exe
Token: 33	3276	mmc.exe
Token: SeIncBasePriorityPrivilege	3276	mmc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

iexplore.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeexplorer.exeMEMZ.exemsedge.exeTaskmgr.exe

pid	process
4624	iexplore.exe
4624	iexplore.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
4100	msedge.exe
4100	msedge.exe
1548	msedge.exe
1548	msedge.exe
4948	msedge.exe
4948	msedge.exe
460	msedge.exe
4424	explorer.exe
460	msedge.exe
4860	MEMZ.exe
5164	msedge.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5164	msedge.exe
5332	Taskmgr.exe
5332	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

MEMZ.exeTaskmgr.exe

pid	process
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
4860	MEMZ.exe
4860	MEMZ.exe
5332	Taskmgr.exe
5332	Taskmgr.exe
4860	MEMZ.exe
4860	MEMZ.exe

Suspicious use of SetWindowsHookEx 34 IoCs

Processes:

iexplore.exeIEXPLORE.EXEMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exemmc.exemmc.exe

pid	process
4624	iexplore.exe
4624	iexplore.exe
3320	IEXPLORE.EXE
3320	IEXPLORE.EXE
4400	MEMZ.exe
1896	MEMZ.exe
4616	MEMZ.exe
4180	MEMZ.exe
4788	MEMZ.exe
2888	MEMZ.exe
4860	MEMZ.exe
3320	IEXPLORE.EXE
3320	IEXPLORE.EXE
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
5672	mmc.exe
3276	mmc.exe
3276	mmc.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exeMEMZ.exeMEMZ.exemsedge.exe

description	pid	process	target process
PID 4624 wrote to memory of 3320	4624	iexplore.exe	IEXPLORE.EXE
PID 4624 wrote to memory of 3320	4624	iexplore.exe	IEXPLORE.EXE
PID 4624 wrote to memory of 3320	4624	iexplore.exe	IEXPLORE.EXE
PID 4400 wrote to memory of 1896	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 1896	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 1896	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 4616	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 4616	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 4616	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 4180	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 4180	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 4180	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 4788	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 4788	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 4788	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 2888	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 2888	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 2888	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 4860	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 4860	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 4860	4400	MEMZ.exe	MEMZ.exe
PID 4860 wrote to memory of 5012	4860	MEMZ.exe	notepad.exe
PID 4860 wrote to memory of 5012	4860	MEMZ.exe	notepad.exe
PID 4860 wrote to memory of 5012	4860	MEMZ.exe	notepad.exe
PID 4860 wrote to memory of 5020	4860	MEMZ.exe	msedge.exe
PID 4860 wrote to memory of 5020	4860	MEMZ.exe	msedge.exe
PID 5020 wrote to memory of 1204	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 1204	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 2184	5020	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbnBVdzRETTJKWjRwaENfM1ZYMFBUdFI1N0tXUXxBQ3Jtc0trTk9pTl9FbmhCVDU3alJlNEQ2a1dvOHBnUzVBaFk0YVJvdTFIWGwzRzFmTE03X2d4bm5iRUZRXy1aaVVEOUhpUVN2TklJTEt6MHNBbDN0VFQyU2VzTkpiSVF0RmV3X3k4N0Z2RGRHYzhSbjBZRlMwMA&q=https%3A%2F%2Fdrive.google.com%2Fu%2F0%2Fuc%3Fid%3D18aAJa7SkqCwzUkpe3707IOYmCDkZmif6%26export%3Ddownload&v=whEfx2WmDRE
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4624

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4624 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3320

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0.zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0.zip\MEMZ 3.0\MEMZ.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4400

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0.zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0.zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1896

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0.zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0.zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4616

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0.zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0.zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4180

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0.zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0.zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4788

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0.zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0.zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0.zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0.zip\MEMZ 3.0\MEMZ.exe" /main
2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4860

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:5012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=batch+virus+download
3⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x114,0x124,0x7ffb8fd246f8,0x7ffb8fd24708,0x7ffb8fd24718
4⤵
PID:1204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16248474532340692479,13443858409720505253,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
4⤵
PID:2184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,16248474532340692479,13443858409720505253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
4⤵
PID:1476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,16248474532340692479,13443858409720505253,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
4⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16248474532340692479,13443858409720505253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
4⤵
PID:32

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16248474532340692479,13443858409720505253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
4⤵
PID:2084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16248474532340692479,13443858409720505253,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
4⤵
PID:3056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16248474532340692479,13443858409720505253,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
4⤵
PID:960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16248474532340692479,13443858409720505253,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
4⤵
PID:952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16248474532340692479,13443858409720505253,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
4⤵
PID:4048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16248474532340692479,13443858409720505253,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
4⤵
PID:4360

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16248474532340692479,13443858409720505253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
4⤵
PID:4304

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
4⤵
- Drops file in Program Files directory
PID:4756

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7bfd65460,0x7ff7bfd65470,0x7ff7bfd65480
5⤵
PID:404

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16248474532340692479,13443858409720505253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
4⤵
PID:1496

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
3⤵
- Runs regedit.exe
PID:744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb8fd246f8,0x7ffb8fd24708,0x7ffb8fd24718
4⤵
PID:4724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,5725364159669235880,17211204286172570705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
4⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5725364159669235880,17211204286172570705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
4⤵
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5725364159669235880,17211204286172570705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
4⤵
PID:1520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5725364159669235880,17211204286172570705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
4⤵
PID:1148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,5725364159669235880,17211204286172570705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
4⤵
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5725364159669235880,17211204286172570705,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
4⤵
PID:3676

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5725364159669235880,17211204286172570705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
4⤵
PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5725364159669235880,17211204286172570705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
4⤵
PID:2796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5725364159669235880,17211204286172570705,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
4⤵
PID:1688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5725364159669235880,17211204286172570705,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
4⤵
PID:976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5725364159669235880,17211204286172570705,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
4⤵
PID:2404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5725364159669235880,17211204286172570705,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
4⤵
PID:3252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=what+happens+if+you+delete+system32
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:1548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb8fd246f8,0x7ffb8fd24708,0x7ffb8fd24718
4⤵
PID:3752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,13915683127522902316,7051171070218084307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
4⤵
PID:4292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13915683127522902316,7051171070218084307,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
4⤵
PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,13915683127522902316,7051171070218084307,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
4⤵
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13915683127522902316,7051171070218084307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
4⤵
PID:900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13915683127522902316,7051171070218084307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
4⤵
PID:4256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13915683127522902316,7051171070218084307,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
4⤵
PID:1820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13915683127522902316,7051171070218084307,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
4⤵
PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb8fd246f8,0x7ffb8fd24708,0x7ffb8fd24718
4⤵
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2268,1857475304616994806,2629941133107788808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
4⤵
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,1857475304616994806,2629941133107788808,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
4⤵
PID:2664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2268,1857475304616994806,2629941133107788808,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8
4⤵
PID:1572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,1857475304616994806,2629941133107788808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
4⤵
PID:4072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,1857475304616994806,2629941133107788808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
4⤵
PID:560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,1857475304616994806,2629941133107788808,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
4⤵
PID:1932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,1857475304616994806,2629941133107788808,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
4⤵
PID:2404

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,1857475304616994806,2629941133107788808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
4⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,1857475304616994806,2629941133107788808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
4⤵
PID:4328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,1857475304616994806,2629941133107788808,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
4⤵
PID:2484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,1857475304616994806,2629941133107788808,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
4⤵
PID:4716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,1857475304616994806,2629941133107788808,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
4⤵
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,1857475304616994806,2629941133107788808,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
4⤵
PID:1904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,1857475304616994806,2629941133107788808,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
4⤵
PID:3452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,1857475304616994806,2629941133107788808,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
4⤵
PID:960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=g3t+r3kt
3⤵
PID:4464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x98,0x7ffb8fd246f8,0x7ffb8fd24708,0x7ffb8fd24718
4⤵
PID:4240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb8fd246f8,0x7ffb8fd24708,0x7ffb8fd24718
4⤵
PID:2236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
4⤵
PID:900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
4⤵
PID:4336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
4⤵
PID:32

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
4⤵
PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
4⤵
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
4⤵
PID:1460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
4⤵
PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
4⤵
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
4⤵
PID:2044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
4⤵
PID:1148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
4⤵
PID:828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
4⤵
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
4⤵
PID:3976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
4⤵
PID:3232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
4⤵
PID:3260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
4⤵
PID:4052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
4⤵
PID:4220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
4⤵
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
4⤵
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
4⤵
PID:4056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
4⤵
PID:2464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6204 /prefetch:2
4⤵
PID:5696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
4⤵
PID:5908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
4⤵
PID:5960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
4⤵
PID:5804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17714317427590872335,6650629406382984761,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
4⤵
PID:5852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus.exe
3⤵
PID:3600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb8fd246f8,0x7ffb8fd24708,0x7ffb8fd24718
4⤵
PID:3164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
3⤵
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb8fd246f8,0x7ffb8fd24708,0x7ffb8fd24718
4⤵
PID:3676

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
3⤵
- Modifies registry class
PID:3044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money
3⤵
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffb8fd246f8,0x7ffb8fd24708,0x7ffb8fd24718
4⤵
PID:4556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
3⤵
PID:396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb8fd246f8,0x7ffb8fd24708,0x7ffb8fd24718
4⤵
PID:1468

C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
3⤵
PID:4780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
3⤵
PID:5840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb8fd246f8,0x7ffb8fd24708,0x7ffb8fd24718
4⤵
PID:5856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=g3t+r3kt
3⤵
PID:3452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb8fd246f8,0x7ffb8fd24708,0x7ffb8fd24718
4⤵
PID:5760

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
3⤵
- Modifies registry class
PID:4904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:5164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb8fd246f8,0x7ffb8fd24708,0x7ffb8fd24718
4⤵
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,15537786827026580373,5708071048372108660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
4⤵
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,15537786827026580373,5708071048372108660,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
4⤵
PID:5488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,15537786827026580373,5708071048372108660,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
4⤵
PID:5536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,15537786827026580373,5708071048372108660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
4⤵
PID:1088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,15537786827026580373,5708071048372108660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
4⤵
PID:5696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,15537786827026580373,5708071048372108660,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
4⤵
PID:3816

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,15537786827026580373,5708071048372108660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
4⤵
PID:2036

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,15537786827026580373,5708071048372108660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
4⤵
PID:4188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,15537786827026580373,5708071048372108660,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
4⤵
PID:6068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,15537786827026580373,5708071048372108660,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
4⤵
PID:5192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,15537786827026580373,5708071048372108660,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
4⤵
PID:5496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,15537786827026580373,5708071048372108660,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
4⤵
PID:3848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,15537786827026580373,5708071048372108660,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
4⤵
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,15537786827026580373,5708071048372108660,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
4⤵
PID:4216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,15537786827026580373,5708071048372108660,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
4⤵
PID:1820

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
3⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
3⤵
PID:3024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb8fd246f8,0x7ffb8fd24708,0x7ffb8fd24718
4⤵
PID:5316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,15064114604547610171,4851029559779786782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
4⤵
PID:1368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,15064114604547610171,4851029559779786782,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
4⤵
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,15064114604547610171,4851029559779786782,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
4⤵
PID:5828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15064114604547610171,4851029559779786782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
4⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15064114604547610171,4851029559779786782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
4⤵
PID:3424

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
3⤵
- Suspicious use of SetWindowsHookEx
PID:5672

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
4⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:1904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb8fd246f8,0x7ffb8fd24708,0x7ffb8fd24718
4⤵
PID:5472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
4⤵
PID:1460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1880 /prefetch:2
4⤵
PID:3480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
4⤵
PID:5548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
4⤵
PID:2524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
4⤵
PID:1992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
4⤵
PID:3536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
4⤵
PID:6016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
4⤵
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
4⤵
PID:5452

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
4⤵
PID:5212

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
4⤵
PID:5420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
4⤵
PID:5708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
4⤵
PID:4624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
4⤵
PID:708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
4⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
4⤵
PID:5736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
4⤵
PID:6072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
4⤵
PID:5616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
4⤵
PID:3392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
4⤵
PID:2100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
4⤵
PID:4172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
4⤵
PID:5664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
4⤵
PID:5276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
4⤵
PID:4748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
4⤵
PID:2092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
4⤵
PID:5484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
4⤵
PID:7000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,990951595013708463,11264150251325351642,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
4⤵
PID:7020

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
3⤵
- Modifies registry class
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
3⤵
PID:4060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb8fd246f8,0x7ffb8fd24708,0x7ffb8fd24718
4⤵
PID:2704

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
3⤵
- Runs regedit.exe
PID:3884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
3⤵
PID:3264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb8fd246f8,0x7ffb8fd24708,0x7ffb8fd24718
4⤵
PID:2572

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
3⤵
PID:4020

C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
4⤵
PID:3316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+buy+weed
3⤵
PID:6936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb8fd246f8,0x7ffb8fd24708,0x7ffb8fd24718
4⤵
PID:6948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:444

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x4ac
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4424

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4424

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb8fd246f8,0x7ffb8fd24708,0x7ffb8fd24718
1⤵
PID:5804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5640

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
f38abed7c0362f77808f7e0c5aedc8df

SHA1
05a2c55fb82ad1d549eb808aad79afcad8d435e9

SHA256
8f39ee855dfc4b0a19406c5a3109222cf09fe1abf3a56577e8d0eb29fecc9c20

SHA512
61c03bb4556d0232eb0f2311cbe8391958e8cf7b5c7c111851ec30ea883881a4d853536d05a29e2c19bacda9a4f34434279af7548bde15b9cb2850170e9b0b78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_1CB3B26D4404CE9B58DF976169FD358E
Filesize
471B

MD5
ff36ec2657d8ee3b0f78d0a8b2bc9c96

SHA1
7ce770b27771a2417292364a24af2d65bb9085a5

SHA256
7c6a6029f3d8b5c88c0d52cfa1d8a6d79fe57080cbd88951ce40456d1ae214e0

SHA512
5bc01c258cad0037aa128b8a65813c25e136862c4a1d257040f374412cf711fe877f46ebf6ba16574e0a459230ee99bb92b691b465af7584384f0bcf136bdeef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_F21BF538BAEA56C2FC86EE4A4D9AD2BF
Filesize
471B

MD5
02ddc021542aadb090aa31099f7b9267

SHA1
cb2091bff4ad6c225faa4c0c02182217bcdc502c

SHA256
dcca0f6c051c27f611b9e51981fb34bd0c82a317c2e3ae3412ec6de80c596d24

SHA512
4ecb4bbc4922d5353a8cb386aa68578a04c654cbdf55ab8804b30a02353f6370be23724453c29619b021c0c6c1eb280cf1251d661b80d5e15169d7a8761235b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
7777b14d2a8827cb4f1174ebb6cad40a

SHA1
7e0665cb8b33fe9ecb12804e97f6515bbd4c5a5e

SHA256
3a2cb33e1f9bd1d5bfcef9c8d4172eaa59aee520a86a431efa0c6b771f9749eb

SHA512
f18c49665b5d24141afcfce72978833ed54c970ebb9b2ab7a60ea409b218468768b04fd328063e517cc3e7483d5d81951beb03ffac17adac9bdc5c2a5ed223cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
56a75679b48b9ff3181bbeb6171784c9

SHA1
3bcd90dad9ccbd63bcf7efc0ed98f156640669f9

SHA256
12204ad7b1108ff17ec7a9746c5422eb8945a2da08f167c8aa9faad4f12bd99e

SHA512
d83ef4754162dac07afa4a2129a3b68531c15ba0c82b6ae0a9e2b09f0fe7f91cd4843ecd5c0095a754f25a622daa921c47c4154ca351858e30610f88a0d22ba7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1CB3B26D4404CE9B58DF976169FD358E
Filesize
410B

MD5
1dc1c5ea661efb73a0e469b121ef4f39

SHA1
97c2d31859c0757f3c4720297dc36f06d08f4c30

SHA256
05bd79d61be2eee3122d3c57fe94ebb5512520925bfe8742c126472efc899a03

SHA512
1ff3e26e6b4f77bf0a7ae8867146442f1ebc6623ff9f6a859788df7ed1e51d7c6fbe2dbe387ac2190bcd5e8d764d148b80ccdbcd355a6bd727816417e04930c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_F21BF538BAEA56C2FC86EE4A4D9AD2BF
Filesize
406B

MD5
e03c935cf2acdcac710c8a6a83cbd085

SHA1
20b3958b2b1fb061f1522edd7ec49d524155937f

SHA256
39a7d30ce017e094c78bff53c8e6411d551de7b7de6b0683b19f9cd5ab3c35a4

SHA512
fa133e86bf6a72e621f3a430df1a76790f0c0b60414f9bc89ac2b189076791ed0f60e15e0466f98b7c5400cf298d83c9fa84b173e4eddf750e5f91b0155f7a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8e462231-2c2f-4dcc-81dc-2c4c263fd0a4.tmp
Filesize
13KB

MD5
d733652e4875a1426b9a7e4e647e585a

SHA1
3b3302c4602ec895fa753bad231e6667c1b168b7

SHA256
c873ebbc213b3dc95e4b662b60f72993d11ffd2fafe23987e0f9805e9661918a

SHA512
1f4b39bd6516d36e1410c5d76562624ebe40f0e21da9eb04958925e8dddada29dcd4f7add99e8f46b9f4b331d01453e968c4d54451693184b49966fead8fd0c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4bfc05dd29bd1fe2ddd084ea50b8e9d6

SHA1
6fe4cfce9e2d0fe4d5602aaa519eeb1ae2b3cf02

SHA256
9cb28fc0afdf95459f2a3a4763574bce9431b95897bf695f673289511bb0f66e

SHA512
7f157de18950387fcaa2a22056ce36f22a22ff2545c02e86709cd94dc6d2ecac0a8b19a7bbf163af00eba4eed127e2fe81f1f1c3b93dec64cd0f14ae1718b89f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
191dab9d81e147939363d29465b1d75c

SHA1
7036cf8fca8402d6069c259445667764da4ffaed

SHA256
9c16fd50684ae9ece6842a3416b165c06bf2b0a959298abd7ab5f4c0e7181334

SHA512
ed68293475aed49e25f3c47291c91adadace2e19993a9bd8fcde4cfb50de1734196bfc8274d6eb8a7618f45569c41dcf82066741ebc9a644a8e928fd691473af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0820611471c1bb55fa7be7430c7c6329

SHA1
5ce7a9712722684223aced2522764c1e3a43fbb9

SHA256
f00d04749a374843bd118b41f669f8b0a20d76526c34b554c3ccac5ebd2f4f75

SHA512
77ea022b4265f3962f5e07a0a790f428c885da0cc11be0975285ce0eee4a2eec0a7cda9ea8f366dc2a946679b5dd927c5f94b527de6515856b68b8d08e435148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ca2d2da64bd83d845dfb98efd4ee8b29

SHA1
82aced9884bd4582e61dda9e2b2f349c6cbf34d0

SHA256
c935b3bd4ffdc234e19eef3b998e681b64502622936cf421bcce2fd56015d284

SHA512
7af23b93fe30b49c8d179da98b388055f0b45f3cbe3125078413f62c6dea32ce8659db907552fb63203fd93f0266355a6affcd04a10bd16994c1719944fc1940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
425e83cc5a7b1f8edfbec7d986058b01

SHA1
432a90a25e714c618ff30631d9fdbe3606b0d0df

SHA256
060a2e5f65b8f3b79a8d4a0c54b877cfe032f558beb0888d6f810aaeef8579bd

SHA512
4bf074de60e7849ade26119ef778fe67ea47691efff45f3d5e0b25de2d06fcc6f95a2cfcdbed85759a5c078bb371fe57de725babda2f44290b4dc42d7b6001af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f80a77de8d93731f8c9266b48a37823b

SHA1
77260ffcaae1077690c6634ce2445b2c611450f1

SHA256
eee10173405f4c0d93dce360b526d30cabf25ae7f95c07478d1f67e3fae547e7

SHA512
0557dd55829220e144d826125e3755e44e9b4a570ff4a400172a06a116a5b1ee71f7671ce65352f9b39a50260cea3c5c0d0cffd2bf618763a83425fa838f9d4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
163202a097983b20ce2bc01b538ac220

SHA1
d6687b7a0da5b733e677f7f9bc909527e97ff748

SHA256
031eb7b5db01a3ac72cce6caa1b26a3abd390d0bb06ae09af624088979c9330e

SHA512
dd1323e23848cfc3bc9d025e856bb2e48c94dac3093110356ca9c1fdac2ebd5ea304d0c79424197e6153126d29189c07a2993ce03873392023aaa967e5345a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
163202a097983b20ce2bc01b538ac220

SHA1
d6687b7a0da5b733e677f7f9bc909527e97ff748

SHA256
031eb7b5db01a3ac72cce6caa1b26a3abd390d0bb06ae09af624088979c9330e

SHA512
dd1323e23848cfc3bc9d025e856bb2e48c94dac3093110356ca9c1fdac2ebd5ea304d0c79424197e6153126d29189c07a2993ce03873392023aaa967e5345a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e52493c495a76ce758c7ed39bcee2ddd

SHA1
32b9bb4d38611af20c46628fbcd99c4cefd831d5

SHA256
50db5e5d29008645c7fdbd2cb99df88bd2e8df74cc47e4e90d93be3dabc022a4

SHA512
bf929a59f42691d8e62badbfb669914af23deb9f5e5f98f77648c1fd7821cb5f119c7067282f4f98c76c727277592bac09061c776ced46e3e32f1ae994ed25b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5e4b59151b6c45ee7367e0afe36321a4

SHA1
35ccc64c7d370d8b23e6285c44c841286406ff3a

SHA256
58c2b84fdcce571bb25cd3670a391ee672fddb7bdc13b03803873e03423102ad

SHA512
ed5ccde478686133467e5a603fa2b4f53dd386d8cc6c3e01bdf83b4a3861762357a5adde9c97f3c9077863d6793b1e014b04ba752069efd8dadf5981e347b9fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
51553f19d66c3777492a19cc41b7d7d6

SHA1
d2997ebee5032c0eb54d308dcfca5f0b70658b03

SHA256
fd5decdd63082dcaf5b3d0a17f4a87006b15ccf762e906b8966905c4f241bd52

SHA512
8fadbb6e0bb6bf9f58b7eda2cd2a39280015254aa0cf57a135570b64bf88f5a168aad18bbd77051b05ad15851dd5354dedc84fd43d0a87a9c6c5cb0021d51d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0524b314c3fe58329e47420de4dcc040

SHA1
25aef3f14642903998f989e2a34415e248095973

SHA256
da916b9c10752e6c02e78eb2efa7738f764f483a3e7523229d508472c4c404d0

SHA512
8acf9a2541343e550916bfabb2062cd2bb5cf8708d29a5a8069b9a97631cf379dca624e94501b4ec859335cc2f7c782f74095b1742bc5e0609ec37ec5d0f0a93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\01a9db0b-c125-41ca-9bb3-e6f194d8b904.tmp
Filesize
1KB

MD5
0b05f12dd40884ccd86460589a241d28

SHA1
9ade4481e05284f8d8ea11a4cba44b4186176f1e

SHA256
16b3fc7b8cc22460059dbb8baced26cb6f4bf7c06fe09be604ff41c038233e20

SHA512
71f2511677e4e866d3148d853e5c275016fc5d59dec04dae442db9cf8a29ece0edc80b1fa2fea5aad9107c927fa63704d79b2d0a3b695e629cfcf25361eab7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\833f6828-0481-4373-a073-a7eb0d3557b8.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
Filesize
97KB

MD5
69414fd7d9efaab24df497b2d7efb1a6

SHA1
9e17ffd37e2f458c47211a8c27ac0bbf4b8fd8c6

SHA256
bcc975a57ebc7a1abbbf44689746f6de8fd5e821f76d2b73a11dcdf1d6f70544

SHA512
5fb21b3ac10c3deda0ac7d2d6b31b768394f2d7a14af415061313db4b6137206967a2db07da7b9a0b5b3fb9a45e44a5f6dd76563e51d926b4d6a05b117aaad3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
Filesize
55KB

MD5
69a2805c018379526f270e405d5607c9

SHA1
480df8f0be214989fc669c582f4c32169cf82876

SHA256
1fcaa84dcbdf0b421c42f91bb29e40c90af5219c3aa4c0dc0e4971e0abf71622

SHA512
528c3b00481e80b9bab8ef0a5ad8cdc2ffc4e88dcc7175eba311f389accd34386d239c667ce4612e300516eea73105aae1f0599cc8b0b655d43166cc31865011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
570be9ece36231e6697cb54c786f2033

SHA1
c8823659156a5afa0d2f619943ff505135005ea2

SHA256
c19f017c7a6f49c6cf59e8e298250b3d3ee1424e2d26a6afe062eb636e76dd34

SHA512
d5c064780c3ced02ce7f96cb4cd81e58a5936aa1ff9e1e94dae1a945351575683668cb3235c5039b614dd2e51a4ed31fb36bdd111e6e1815a873c44585fd103f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
552B

MD5
6673f4fe0db0b3700387736d43204a35

SHA1
b5171fb7d5d698d401c3a31d8504eb5d7e955bb3

SHA256
229f6b52a580ddc3fd1f89f70e73535724fc8c5f9ce905d01c83e327f8f5ba16

SHA512
0437663544c727fb9641d52dd65d8ddd6c46f016dfdf925d9c5095ce622307f2703c353d293a136badcf22e6ab13b84ee7713b0932e71052bf656a087cbe07ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
864B

MD5
6869af7975bd8c92cb92209a790e895e

SHA1
a43f3b5d1c4d8b69ef64f665da9c6df2fa9ddc8b

SHA256
996fd950dbaf74d697a1a3cd7fb2c1173c80f9e03733f1ac49d1b65679dc3fae

SHA512
90ad26abd28c2ff5dce21fe8724810cc3b56d769842ef804f5223435b8c4fa6d518eaabb76153ea2f8fe8f339c42742aef36cbf55630353b6d6e0c4c2f8a7c17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
6407f897d3e3b5a47f88307d82e39d0a

SHA1
d06e1a1fb0bc568ecc0e8fb10718167e1047b849

SHA256
b47e71dd7078b27d94cab97c7a68da66d146cef5d1a926949fce460ac750d569

SHA512
6fb0eb61a9788311511ebee2ccdfbc1f20ccf69b32cf54813b094f3d3241c37c0e075fa12e320a2ec9070188fbae61c6c19814b79b3028c8da8a1cbdfc6467c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
73b7a4de83cc27b4b8abbcd66bd13b88

SHA1
61c8198b3df35c85349d9fff4dce1af21f779a12

SHA256
97fca2e2cc59f97f73abe47ccc9c3eb3e5e4b22553f70e3653dd5cd5e9eb5a23

SHA512
8cc956a3a9357f90ae846c1a4eb6b0f70688d11a38ab1b84d6fb584c46d6c6b0817ccc28e222fc3cf12155b87faafbe9447b618dc380a2f0909683cebaef5946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
2ff71f9e950920240d8e9006fcfdcede

SHA1
0459e2fb95dce9a7fe08403e9980ec6e2d851231

SHA256
34aa4c62820fa945a32752d4c5c09242841640c8a36a5838a06571047c4e4d72

SHA512
c4628929bf0af6d41749d50bdcdb18a1fe0e009d6f476dd85ec7588bf4085a5272ee1cbf478b436706ca58e01acbce8b043bc1f790e6a87d6e8af37ba2d3bb11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
eb02eb15bf717a0282065ceb9b170e95

SHA1
d9f651c00e58210d541867b71a701a05496dc6d4

SHA256
8897f578d1fd1f4166b6b2e5e7f3d6939e945e11a80499e4cb0e0d0a33c478bc

SHA512
506ffacf20953251a21f025958634c3eada4a12b35d01b19dc0ad55cb331ec22dc1c2f85d59c5d0e7daafabc342d94855d902c4b96d796feab4382f8339d491c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
b981c2fe4572370015346d7e6cd3509b

SHA1
6505a4aa229e5b641ae910aac3a639331299fb1e

SHA256
97ebdddbb1f149d8743ca5535da338ebded0701d389f1f6ce5ccc94ed113a2d4

SHA512
5843ba9c0d9d01d3c98c83fca10b1b1df1bf907515a30d15248d945331d3954ac035937dcfa5ccf7b11191b872610e6a83b33fa3e3a884868ed58f6453c0c95b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
27b2de163812c6c4bca2c0ed39294cc6

SHA1
7addf0e64e24f5a5c43e3178ac5fb2d6245ceefc

SHA256
0a7b9b1e25597000635203ccea9e724aaf753979214dd2db146b1cdfdc02c061

SHA512
9c36181db099c5f9a70c438c177d7955bb98267b984de13aed8021375ba0c0c904c2cbd2fb63fc622f8eb4b02469a1b6c5a5d758d4f9c63e734bbad1fb11b69d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
6d902bc17ed587a4acf0d3589edcc2bb

SHA1
7e8215ce208a0b036fe548a74f3ed084158b3370

SHA256
8a42d0881366d5db70d87e0fdc5edb88a4163992ac7693b93e3c642b2c3244bb

SHA512
c313e85331ab121181183545fba04e903197096acfee0904b358f4d7ae02c61aa712e984d2a14e645b5d2715e5b41815dbace13bfb6e43dab612f8219cd17fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
2beaff4446d45325d259458731f82f9a

SHA1
76bb25f01f8e7f2c204aed6392ffc148a96f4735

SHA256
ff5b883a3ef1bd2a375aa26a097843eedf2a54dd760e238db7d47769d3df2a4c

SHA512
dcfd11bc1732aa5d62ae7eaed4aa36052ef41d7f5c516c231bcb5aa2c8f675d24d0f653e8a4acc1c2ebb9fc47fafb2f8d8315d5311790e835e2f7de22e13addc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
8c06791823f1da83d6f3bb043fdae32c

SHA1
dc37a21d06b2f549e50c28b73ee884c87f6e2328

SHA256
815c8b5a6ae5db757885744ba7225b26f2d032b06405aab43b0a1a6b902159f0

SHA512
a1f2f86f2565a344a039e53ebddea7117f0ec749b93e8f063668b07f6ba3902bc19c588450de48826b2519c4d80313b9bce61f67c2f61298450c4a0c8a36413f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
556e0830d33abddf161ffcd49f2f8732

SHA1
552600131542230ccd2c50dcba7de82cd28a7939

SHA256
1977fa7bcc96649b91ded37ba61993f22cd8a1c2a6055ce9f2729acb299e105b

SHA512
a24097f67347e2c901e9cbcd8241f29792ff3a2997f4973cdaed2ac451a14b8a75b5c9566d2e1516bf1cadf014a47348da5c22729eaeaa5b413ac46feec4e68d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
556e0830d33abddf161ffcd49f2f8732

SHA1
552600131542230ccd2c50dcba7de82cd28a7939

SHA256
1977fa7bcc96649b91ded37ba61993f22cd8a1c2a6055ce9f2729acb299e105b

SHA512
a24097f67347e2c901e9cbcd8241f29792ff3a2997f4973cdaed2ac451a14b8a75b5c9566d2e1516bf1cadf014a47348da5c22729eaeaa5b413ac46feec4e68d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
570be9ece36231e6697cb54c786f2033

SHA1
c8823659156a5afa0d2f619943ff505135005ea2

SHA256
c19f017c7a6f49c6cf59e8e298250b3d3ee1424e2d26a6afe062eb636e76dd34

SHA512
d5c064780c3ced02ce7f96cb4cd81e58a5936aa1ff9e1e94dae1a945351575683668cb3235c5039b614dd2e51a4ed31fb36bdd111e6e1815a873c44585fd103f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
d31608f29913697d3dd548cd4d1427bc

SHA1
76f53964d9604edcc18914a3fcf5fcdb1260186d

SHA256
4a84cadbe9ae2a98becd7674247f63333adafcf77128b1637596ca15fb8266b9

SHA512
81165a131a88a3d6cb6ea724a206f6a449590ccd83db33fbf59eb5d04215d714d563d35a35532b3d583b57676094e998cb993bf4ce58311a3a16bf29408ee6d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
7a592e17e1f754a83f80fbf94c4ad3ea

SHA1
784f4b4bbeea1dc4380ea8505e6bb23784c044e0

SHA256
1ad27135a61825a2e0c5f27ecd8822eae1a7292ee2d5e66ee22fea94b792b5a1

SHA512
976e33716bc4966c8c7b1cc2547428638229becb559c34eddabddc804071870ef1aec9da36961f2da501cd02b5be37e28b6d8c83108909226af0616d9e3f61c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
Filesize
256KB

MD5
52325b5c74a44cd59150b3121e9d9fcf

SHA1
adc774cc68ff661d16d9375dabcf5726e0fd6c56

SHA256
900f33fef370738fe752d5d5bf0a1db83d2892e05b69dba4014a3bae2819a362

SHA512
1d5a085ce9af9a46702325810ec93b41e901a448f4daaf60ca30af7cd39d2342a50442a6cc880d634579e8ee494051b9315768853bceab55d7d9dd7894be02c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
9e4bbc95a42527dc2b363253ce76edb9

SHA1
63e6b8912a5bcb0c4d4439e9c5a141d49011456f

SHA256
31115a3a2793ce792aabd13cb6b5b5f87aadfc2c220352774cc5770c68fc308d

SHA512
ff702c9648fea0bfed7a705eb21bcee331dc16f9d8de32ccf1f57e8fbee202696ce416595daae1734f1796ce8931eecfcfb49b65a2796a163775db13a585df92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
813B

MD5
1f4cda97b4558c67c2322e63180b0cc1

SHA1
7792f52c0aec5874f78a6e30d405b5513e199c52

SHA256
e2d6b25ae9ae0115c2d16331684f05a58a2c1abd960bb662333109d696022833

SHA512
e612ef62275d771a2992e7acc40a6e701de1df568527da877eb0df66e4962316befed97bd27448b4030ddb463cc40ca418155a6dff18f2fabbc0ea166de63a98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
72KB

MD5
28f3cb1677f0e50ea4c9fbb64a21fdd9

SHA1
9901f1eebc3e81837a38e9358da9273437b1d47a

SHA256
06cc5ca3cf61de54bc1d0c76c735db44be803a83fcd9c822e0a68584b64d5fa9

SHA512
e9234cdc125c1f029bdcb358a748c14d9479226b00366d49cc601bcce07584a5364168a8e0ebf1d9c1c840c1690d44a4d5524ff9ab41ee744580675dd7487a9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
7KB

MD5
128998e4353d00a2e4cd8085380beeb1

SHA1
c005f1be4c1989d19e5eada140dccfdec491cfa0

SHA256
f6825eeae13b3b5c0b0ebb3a1d5db3c8ac5f196a3d8fcd2cbaba043164107331

SHA512
dd6abb1da7ec59f8047933bbfa5d09870e35397251a9a0d5cc17df60a9e7d519b99ac0c078855f6a7a4a21689358e16d9fa0653a16bca196d7b165098db7d408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
4e87a6278cba156773f559b236a94e37

SHA1
a30b883a4c8aa6412dbe60ebd96e03843eb5d33c

SHA256
e869566c232a5fcd2e7b3ee2daed0e64c0cee6bf05a78495d8c75a0a197b4a4c

SHA512
012ad35652c1ecbe473902e45e54e6f6867a025a79be429ffb054b504979bcbfc9271fe9f491c269799eaa552f1ebb26510dc31e193315c898e7b5806b759376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
c3259ccef46ef91be5a4c27c59aacbfe

SHA1
63131f690d670ae71b3bae797ecd3c2cd340edaa

SHA256
d0db68de0ff2a71087f6f4f2bf8f200e0d7c8dca42963a1b8d614cc0b47aa14c

SHA512
7a07b3ecf282192e9da2408d821cd4fc95c76c62afc1566cd2e1c22df8f5ed560cecca0e428bb5fb35a759b3650b65c377fc817e0299c21086c5786ade5180d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
941d0b10b9b60b4e58961f8c6ea202e8

SHA1
fb8b449ba4bd49636d9fe598fcac3f4467947a68

SHA256
9ba00591a5d1f35a852cec03e62b97a590f9e3cc962fdebe34bb951f8210f9b3

SHA512
1ba0cb5173679649caea3f2330c83d777c0e7190bed3c47e7f472168c171d763e02276ff847498d7dd570c88058c7feba705e8196036ef1b167570082dd3ad00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
7KB

MD5
0827941bb7a94dd1198e59d23906d6d7

SHA1
be6ac8bf7bd0ee16cd672730057f96c1ab23450b

SHA256
499ea7d2a3327960b73782c0b2ac28f6b50466f46207af3e9980ac12889100a7

SHA512
98d34ded39334949ef95ea06ea997433c8b06893ee06d1ab558786a28b9ca4e50f71e83ac2dd6c76511572b9abfcead12f69acf2ef5c6b34419b527f1c73a9c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
dc78a62a7810c9523adbcf4c6cf0ad63

SHA1
835edaeed34a7a0d8b6d52071a1557edfc71b61e

SHA256
969771b9d410f20523e91eeb5909a18f3c4d44a9b0736aedac0e3378963ad32c

SHA512
21e4dbb51e2bbdb014c387f75347eaa43a2817abdbcd4b6df84899bb7dc9ebe6618522d25c4b0aa1cbe6f95cac38519736a1883253409e4aeede8f5951016a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
7KB

MD5
dc2dbeb4f4911df6580f277aa33b3307

SHA1
ad78b32bed6356c9e94e6d2c3b4d29cc42dd34e2

SHA256
61a9f73aae0257f5956db8f6f4583e5a317df72ba8b032817524c3fa14c17c37

SHA512
7d739bba7755fc9ea20f84d83dcbb75f1cf9619deb86fdd1499b10cb761fabec4e6e0ec48a9360402e6dc9d22ead0d325f039477f390365f962a6e74af4760cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
7KB

MD5
df34e346d2385fbb9e9e08721fd8bf92

SHA1
0a480c5e3f66ed133504de51e1c94fae9df98f93

SHA256
a24ed553c5e2f2ca2eb0cd3e14d224e6ca424b08c5bc5e296bf36035c763ab1e

SHA512
37f9a9e81a7950cfec90a231ed3ce2a776d3049630b18097fa886cb212444229f406e78e2b209418c07f2727e7813497b979edf94d01ee2a0e9e4b0461f0539e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
15KB

MD5
fbc07600c1c07fe4493ee53c209c844a

SHA1
be0bb50d515e5fb8d1d813ed6cc4c55b768bd3cf

SHA256
3b0ae81c106d7eb77dbef6fc0ffcb8f42702e8d781742b16bea606153e6517b2

SHA512
79d0d3491c17a6644496991bc930cca844b408041abde77409f60bca78005168c6ec4ad058c0715d804f078a9af72f7f904fa93d00ba38cdf57a0a4b545e5089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
7bd3869070fab82959401aa3a02a066b

SHA1
344f7086ce33df3c5a719e9ab1635eb1c0f6ebfe

SHA256
f58c09f1fa53f49d53fdc78df9bff967baf6665ad3bf45278a683ab2c9278703

SHA512
be5acf97dc058fad0b888a5288224f131a82be6508439df0d07b42ab3778be8f4f8340344ec0957a499862135e26688dcd348c735dc1c84506982a43d9d51951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
7KB

MD5
d0c81201391bb955e7a0da02838bfa7b

SHA1
171c654a80a42a4ec5d405cf951f974521f06517

SHA256
02a07cf8f0066e3f5650b2ff85a10823d79a2cee418dfe1f1f805beb7fa51d23

SHA512
450d77c4691f12693a5a3c9ddd1548f88170675954d02079c6763aded9ddbbfde61efb7eab35ce1898336bae050918a6758834d4f09546422352154cae361c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
3c108b2d728c30028dd3baa3088ad28a

SHA1
4d2b6210527b998089b045915ab8cbf5a946eb6c

SHA256
c1ee4e6c054309a4f39a654c43a48c1048cca027115f636462fbd086ae90b4ae

SHA512
46e45b0af708f057694150f8837afa4ba3477306d4926ffe1af2a2fc33108235e8457eac6634781112fc99ee54012a9ba0f35f87bce25c9fc77d232f3e802a27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
7KB

MD5
9ba7b1c18cb3f9f3590c85a45d2cc308

SHA1
97385b58baa969e26b575a59de966faff2ecdb76

SHA256
8c2ac19c3bd787146677245356d8abedd248e0451635f1792cd4f94ee1edeab0

SHA512
274e214b9225762179f289587f27dfbd36efd60869ffd992735db3d6f37aa95a15b5e6dfddc105ea0431e4be52ad7133a43542a9c6dc34f531bf65cda691f691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
7KB

MD5
23f02636765bd5d784c3410a272a6479

SHA1
1c4289aa8d7e4f0281be7945751f53a35baf3577

SHA256
454ca37d06bdeeac286729517c3d96b9f61343f007759ebdce52ea5e44a727be

SHA512
aa8aaecf6727b794ae51b0df946172a83d25f2dd12840f5d822265163a00d5e0c57eb7f6266f7a7acf32224d9fbca7da1ca9aed99e9e8da918c5a90931573777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
83618ec1569931e2745116b728d75908

SHA1
a1999cc9894870c3dc0489a6d1f3ae4b179e2817

SHA256
553bf8e26cade620c141659916f8ff0ea307e979fe19e0247f498afc707ce58d

SHA512
98ba25effb7a347a02ae5cb0cff2e1ce671cd582b1e0ad0afc07389639eeac410843c737807f3a05ed4bc94b511f3363585165eefe185ecc7361e4b3696bb889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
8aec27c0567081592a4a0a966c9d107d

SHA1
ac77d6a17f8cfddaece290a686b6adad83e9db95

SHA256
2b051cb7dde45ef2b3834eee0b5972a068a83a92b7a22d05d4f3f44803ec0c16

SHA512
e3d8fd7b7acdf861db77460fe139722c0d235cb3489d761581526df26ee1504ecbe6cd789b267a1ed172ead18b4e701677028372dab46e1bd96553643988fc88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ad7045c347b041c90a0b85324145f507

SHA1
097c7be605ef64065b9384b7bd03a9dc4c513231

SHA256
0a67ff7cf1fcacfe16a78ad2915cfca83d6afab831ba966a3d5f0054ba3c6323

SHA512
2421b40300231e63cf25f96bbb515ff9e9de5cde2bbb975eeae5ac5433bac5ddc3b940f8082693b024ddf82ebbeef8d2e386c6fe3587cfe104ce0f6e9395e67a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
3f85249783d76a67cdea9e30e43545c1

SHA1
af020241ca4382cef2adc75529d36883ef63f866

SHA256
17ecf4dd84581e19d5267adbb8cf6bb62a2fa9eb308db360be5da8a0676a17e0

SHA512
5bc2ab8cbdd00d571aa40a88b367d144c21f2daa05675fd19f9532df09ca2401a0ea48b5a61fc9b3b05fa2f81e21b809912b825bc7a15fc5a47b13cb68c3bb65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
79ed557b76c0699aa8af8eca6512b71b

SHA1
1e05cc802aa7f1756a8939bc376da55d955189bc

SHA256
e8eb14a1718cbf77399d4550ac083daecce654b42031c1ea7d7426b90d1d6878

SHA512
66c75d2c48b060895f287b7c88ce1e0e52f52a8c02926488f747b20e2f30abf9a3e2872d82f94d049d76052de904d3e5b5bcb858d2971b837021853617e30574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
6ec60c6276ec926d7b2e2e11ec84c5bf

SHA1
f337090eedf993819c8df10e6444e9d69b212a39

SHA256
09b121b22bb10d8f79260c5e1f90aa8d7d090e262762a36de8869c0ded8f02e4

SHA512
3db85312007cfcaaeb407660ea370a35480e7368acc21ac5e545dfc134d40f8c0c2a6e6de2be7af3d1981fcefee3735dc75021b641b9924191fa4ff1e65f83a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
bff7fba07c3d38e2c66eeb2a29067355

SHA1
4a87a0fe06cfbe2881b7224c3987bdcab4c0bce3

SHA256
9dc95007251d942e6e054eaf76e72b28b0fd16605b5bb5646b72b749490792f6

SHA512
17c5e249548f46f28f6ce26f23c7e74ac79eb56e7e9f1055a8b25009b12e20055c6d717e55fdf3e85c0e73862d9903e69d29c656a427f36df5b8fba77b73fcd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
25a01d44626055afeedf1e903e461547

SHA1
0bb12f6b44d11863aceb3c1c05894f2b5c3d69ec

SHA256
064d4162bf23c7f526bc5ed9caffeb2fd790d0fefac86344ce2a8ae66f70196e

SHA512
570a7ed46676f67578c5e2295b30e34ff2287f5358f103aafefd904223d32342e9259cef1067e7f85cb1c20302fabf5fbeaedbc4287cd70ca5b6885fe369179b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
c770b9c6bdd64614e79ba10fba165333

SHA1
63aa0e22742e536ef2c571a16c7159847caccc5c

SHA256
a711077d0f56768787527a7057092871d06650e8c74161806f8b822cf8cc676b

SHA512
e6beb6b8e9d9680b9dc12077bba7096296d9af27fc169af138e322b2cfecb328462580c5658f4db34e3d94305f31ee514935b989fffc7cc66062beb6284b6a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
4d6ecdf158734ed4ebfd51805b1e124c

SHA1
d10f2d8c1e591e53e1a60dc7b4f85827c19e026a

SHA256
8c361e0f376d0c166e7e3bb849fa7acdbe07de99014727cafc964b6e9ac38cd7

SHA512
c7c78098082608e40a71d0c467d67c15ebcd3c2637b1c6391f5d2e242fbd55877c0d9431c1dd3a7bc3fb469cf7ae5db5a230c975d6c4d6c6cb743ad2d76fe21f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
ed0e4a5d21f1c7e0dd631c205d615793

SHA1
d8f03f30e0709d3c0ea5ac4794748f48cd9a12a8

SHA256
1e6fc5f6d00d31bfbdc407856f07ad6941a52d76927db1b1b23917f490ee11e4

SHA512
4dff740fff250ce9198cfe00ac2d88a0bb86bf1b9a9e9b22196af02e99bba3f87382fb2e2711ebc90ac1c49a091c5be44d5687d6edd4817e1a071d911b58ebde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
2ed678e9b42420ddcffd51ebb5a50d26

SHA1
e090c67d6bce028642439adf8878b0b9971295a7

SHA256
9cbdaca6af354b5fe20efad4d5172cecd9f0a76af0c310535feb92c5d9017e33

SHA512
a3349b267c3d260b05e50d250d596ef7c73759bf7ec7086f7da3be6d2cccf601a5b611da2f1277144432843fc0d298f5ae607458fadc62a345b9ed89a6f3c240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
030a776e15394dee4d190163d97b4690

SHA1
25100c082c2aba78bc253a48c9c371a5acf53a0b

SHA256
534138f4367f4cab8be7deeb22046500950e0bbb98932a227f6319a6eaf4f91f

SHA512
122b76cb0d846432f6613a1c1620e836e7229949851bc25e11cd091199c2098685fcd04778ced5d13880108bad2cb4e263db2d272efb9979f06646ea4921ec32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
ad5143c8f883ad52d5e8a02dd24c4f97

SHA1
ead3b58bf85c08dd53acb8dd55787ae40298125d

SHA256
c6e1b38b8a8a2843b60f517329d7f83ad54f595ae55d80badf2253a4de380138

SHA512
0288570543a252fe5137fccc8448bc58caa1f34d00616671d601e5a8444d8c0dbaafdbc010d12226ed8a1104a217d0bbfa27e9cd9d624bae0842351b0daf9701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
a92dfc3c74a3df67b7691682a8544de5

SHA1
865a70b1db6ff28e9a1d39480b558150313cbe39

SHA256
a2e4ceafe844dc5d46c05bd12cfe4153859495ceb2864ea17d970017ef388f5a

SHA512
12e6502cf280f250825d9ca7cb1d45d2009f597127b21a922651de452aeadea77897423adb546ec0fb1c6ee0ed629f271a7f12b061848507bad5625284e0a9c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
16KB

MD5
cec27648b924e905bdc1881e0247e38d

SHA1
04c496f7ef1c4644ce0664d7452007c03a81d197

SHA256
eae59bbedc8acc5653a43f3eeda86426c6ef7219e20a7d8b0e8855235515f5fb

SHA512
36aef6eb807118646217f445c91f364fe4dcf4cb417ec8133fafbd5756780c5b49863e50fdd301837794b6ebbfe80436379f214ccb7430cf23017f7c58717a4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
17KB

MD5
21300711a1d18f1eb60328306c2429b0

SHA1
bd9faf0cbc32d75984d621d7c0ef3af0359e4adc

SHA256
ffe2dcd498992aae72e60f42a09cb675ce92efab0eca35fa939db812f8e3c16a

SHA512
832b88dd1bc5c0ae21bd90e64cd9c9eb1bc84e5510e458e18a7e178540886e2a8f3eca79d31f3dbbb02dd75873f871b9c5db771ad52cbab3a37fcab3ea146a0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
cea16149b6b52e5b9cf32c6bf7be44d1

SHA1
e71a1e2c936006d2bbe6f1eba2c84649bc388651

SHA256
3c8c4556982cda2acabe4f60024b6a9fe889df8094fee93dbfaeca4ee45d4770

SHA512
61ce90558628b354a0944016253e10633caa7f8fe589001512cb173dd8b5433ca0df4fc48db725d238368040630b2cb5b91e6ddd4388ed0d8ad0808e002bdc51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
48385e7f0e62966b6760dded42f107d9

SHA1
5332aeffdb7f9a566244b007b374eda89619109a

SHA256
cb3add90bccd30e98a747173bcd4fe5ee84c742d94a144f9a0b72b8db978277d

SHA512
e7900385d58395254300727dd97494341ed4f6a045ef317aa1fd600fce4b9f9a377630c87cf8695f030f99f0fc500475e91fc2b1e033ca0c4530a60b230ecfa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
71e1bd6852e0f063bce7b9c491f213f4

SHA1
6ffa1f8002a72ed82cf4693a2192e058f6261ed6

SHA256
6f5ee0ca472e855c026ad7c8f327d1e3aa87f4438e00c37eb971a01aa93d6ac1

SHA512
9026f4471e572d14d4a84aba1c0b8db9a3b9bd3e588e266fb30c67fd53dad88bbe29c84f7e634e1d172b51d034a43671fb7a0832f0eadd99291a0589714a5a86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
bd62d5a7fb6d9670c63c711430054a7b

SHA1
7564b0998001284a56441fab9e292e246505df31

SHA256
f5831627e5c24c2237b700042b44daf7deadf67e68a5fce11a311abe49983301

SHA512
cafcaacf97fba3c22c2f926a8afb7332321c0fc40a2a60069f4dfc113e2e94f0f8d3f6279aec1cffe2f0ca98e21e9be7626e9c584b974280694c6e728f12a6e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
38f79586c102cc59d9bf20825544ac08

SHA1
8a154e33ae6fe89a5c81ff848dd8a44cce61cf5d

SHA256
317bb6c7151f20d2c04d34f3f141d9c057699ad34b7ee35f0409f7f01a287f54

SHA512
07a5ef40025390264584f9fa5112281c285af1df6cef9e116fbcd2a9e34989afe517a1b0b0eb2a9333cc13ef1e1322ada200a3ac033f03b5de9953addfd3150c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4e3a90e3d61c3d46c96146838d5cc289

SHA1
b6596940426d077b9567fbeb37acbf8f0f1c7573

SHA256
d3915da50b4d8125cf6b5f389ca9e26dede15c42d607167fc0b2c67defc9787e

SHA512
a6f34e8912a4cbad981cfaaf4ba3f3f7a95db9fce3292e3a59190bf50c9e3b502b628f0e79320d58a929262790d592043a66c77df58152bebac7ac3c18c74863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4e3a90e3d61c3d46c96146838d5cc289

SHA1
b6596940426d077b9567fbeb37acbf8f0f1c7573

SHA256
d3915da50b4d8125cf6b5f389ca9e26dede15c42d607167fc0b2c67defc9787e

SHA512
a6f34e8912a4cbad981cfaaf4ba3f3f7a95db9fce3292e3a59190bf50c9e3b502b628f0e79320d58a929262790d592043a66c77df58152bebac7ac3c18c74863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
e7aeed063935e0175d7a64351e415362

SHA1
c42ad13c9d7dc0ac7751e9d9313a4f1f474e6f00

SHA256
ce7fa117b55a23bb505236ba0ff9011bf7a0735b60b733be3b38e7bfa21a9941

SHA512
3c602437d53a125372c463fe9cb653f529fca8254c6a786425e9f8dc3d3198188111d8733917d66b005fc3e1beeba91d3c1b68ff2feff74d631260041371af9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
971dd1d8c3768b07971afc8d97c480b3

SHA1
019400208bbdbfc7490151f116bee1ce392f57d9

SHA256
09a6feb4c002243d86da37fadb3d024858721e2ee420f42360e4486ded3ba256

SHA512
9217426354878a83e16db6b44344bfca6d1136f52e5b9b718c4c0eb5b5d0832c342451aaa5e8c1bd189cdf246fffcbf326059190461e64b8bb953ff780960033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
829d5ac75f344434c8721cc8c8e001f3

SHA1
396fa549753e4042d6c0a9f8dc77c7a53734eb37

SHA256
78a6bf7305eabd927814b73526c167e91ecfa46a9771f068071623e4e13d3c52

SHA512
58df1509e78bd987546d4a0a7cddbaca4e46a2c73a583cca30af02084a6424224bd3fb8eb29ec6558f9e7dfb2ace1b3222b04a5268ccc7f36f6a19b55e450a06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
5d2dfaeaf7c1e725d630d72b35561229

SHA1
0dc194522560dd0ce181fa254c7ee7df54607b78

SHA256
94c595a9628b4984058f4edf97561f79ef1bf6e120eac752bf20fcf6f2d84701

SHA512
93b1d7f511aabcd8df187637d331c7f66354a40d7c45d9cf0d39c2747526dd07b090b13d2e99842397a6bbe4ced4a98a4afe3f483e1f99b243c72aa65d319657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
95ccf44237a7a9919859a56277b76a9a

SHA1
6ce11bd31d0c4feaeb4d553936f6a94a0a7a90c7

SHA256
44576b3221ec97e02ab91e23390d431728fee3206580ddfc6724a73609ceaba4

SHA512
703b26e24fdc89d9c0dcd4b2e1f66973ab015fe68de2d3426bb9c750c1b5079fb375eaeae262a0e357a48ae0502b47a7c8f1d449acb047fc5f62c8768e90d559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
d53ac35ab3976e67caeed75c4d44ffc1

SHA1
c139ab66d75dc06f98ada34b5baf4d5693266176

SHA256
647867c7236bcb78b7d585b476d82a101a077fac43c78dc59e612253fbf69437

SHA512
391355c71734ded913239a6db10a3202087e756bccc8e29411108f21b3f2460d9a9c606619aadd785285be70eddcf61ef9519441cd387cd3823c1399a6967cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
8d7ee92369af9a61cce705c5a8b901a9

SHA1
8e58ab896d740ccc90d71d10474eae15c052a566

SHA256
b4912d40980b666264a31ef06e7722d44881e8acf92df8a3338bf74519cf353b

SHA512
0c0c12b521a3a5780a1428c3166c04ed028adb266c250dd80c4ff2cad62c97793f9f09c910d0cf2615d70cd99104f091429f57d25978ca7822560cc67ddeb423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e9a910d0-c77f-41df-9e61-14f66da4fb74\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
c8598c96a693251ce1c7f84a53f02c8c

SHA1
50f2da836ba2420aa4649dcd26227817974519ba

SHA256
ff0ba73a98f1eea0c4fb1a76f286c4fb0158edec35b4ed6670dbde04e11fefa7

SHA512
d55a843bd54f3732c6759655badfdf5605ec2c9f4b498ce63c1d753d17e0666f2321979cb4360cb053ed4d7ebaa6e51887aca3188401c2284d8143f137a46982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
83B

MD5
ed6a7238b950834bd6e368bcb55ab038

SHA1
26b3cba0224cb7f2db0c5046e350cd54c13a9be0

SHA256
16762b4e4f9b88a7c35731a13ab1e8dfcd6464bb14a5d8c10c7287fa7eb2aa35

SHA512
b28230b7c578d2aded61b9a76822c23c153622394c607a5a7f5d86844ad70d35ffaa984b682cd7dee041ddb25f8044c8c38c26657d666bde8395a4968a243f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
d4dc36ad194b6608810903b2bf921a74

SHA1
caf5b5148a960d192910a2d45ff588d8e20b7715

SHA256
98a2015a186150338f50d828bb236bce2447dceb759e1c116c6d07486dad3964

SHA512
069caa11af615e61021ff6afc7005203753c65e0d59cd108c408d118740bb94ead2674d345eed4de7b9738dc0177f28dc43c4ee09dffbb122a24606cf4415e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
ca6fbb09d7ede2fc0b1920a493eb1950

SHA1
c034f68bad69fb0dd11328ad3c0e31d57cefb2a6

SHA256
2d6437078a4fe6ff957c88a67f0f55a0c010e43ac05f9cb25e0c7e2cafa61f95

SHA512
5af14bec07c9a0c38456130e88522a3637a7bdb3b1c9df05f7334ec8a8b7246057a8409b0ce63360583cc9ae45a30f7b527aa45c0bb129ec086c8c0823ec8999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
42b9ce3cd3edef227e9ab92cb2382b98

SHA1
283ae280d74e0a86b930829512e0fa27094cf1e9

SHA256
3a7b56effc68f695706cc5efcd9c92b9e57211c8042ed55464d574cf17e40281

SHA512
2e05ca9471ca604824889867b33b6e9a6e77996024476e0cc1cdc68f491e957cafb4709a59ea22c0c8fb9b9640b530ee99c98f04cfdd6583818fa7e96fae322d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
2b36528befefc35632524dfe0307118c

SHA1
dec8a832a825b1e6db917e5d21d76670503a1e41

SHA256
725248f7691bf786f94ddb4690f60f97be857ab2468b55e00f089bb4cf8161d5

SHA512
0e399390d4395e39a8091df2c98f27a734971727d71eb60c480fa55cca7903217023671d38f737f920ad8d90964c8b23356af80a79fb2356439c0860a598f7e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
6ae316a1c9092a7ecfc7359900081f10

SHA1
76ccd8c69b0c6dd170586246e84694468af4ad61

SHA256
bc0cb8a06601bdbe506cfeb2e610b3946e72a16093752867084028ba1797c951

SHA512
7283479f4977c15a5848eaa772c065440a1055eae7e6502d30ebf8cadb5b2f0a323f03649c127115a4c529c3ca01fbd015969b9db2b211cb9c21e726c5e8abf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
a69573d80b53ac054747cde925887846

SHA1
912258a2462868f3b3b3a0afa7491d7dcae96b7f

SHA256
a081a8f3442c0c3bf5a3f0f20ef00bf76dcecd3c1b78228c3d8664281f53ebe1

SHA512
199bb81d877b347a4afa7395b38b5dd074820f3a67a90ed925564d666c4d41fbc84112de64bed27b4cf234fb7f8c9c98fcd4fb88bfd7a7b955c5b4a9cb60d458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13324838138378242
Filesize
1KB

MD5
392189d8c63db82045db85adb82a1347

SHA1
ae969ed856712f026d00d4573465ec181488dccf

SHA256
6ad5ac0912f96ab137661b0f66d9cb3fca66c1aaec5dc532a06fa50da69cb9ae

SHA512
a37a224505a753bb2e844af08faa993d3f8825f60bebe174c2fc8b24e8153ccd902b5ad0ce383278f541d75100a517a11b8b780e634c781cdf15d0faec08ecff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
f147120bbc7e578109e48b3a7039a4c5

SHA1
37b32e756e4424e7ed02824c5b696f2f280651d4

SHA256
07708bc4b55b6b1a4130d9e2db6cc7e15b5955bee7f8d207516fad918067cbd8

SHA512
e9ba166e78bf274318a0143277f1e92862e19fbe00130551c31ac4ba17060092be48a9a9fe803708da6939b1aa611d551d583e35549e925ca45f7d84f7fb25fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
1bb565eb566b10b55b0728288623e048

SHA1
79da13c961974b332eddd72d3fe1d472fb0dbfbd

SHA256
7826887258e33b8164cb969fe39c8c7f0d9e4f527924e2c4a456a02f71248ee7

SHA512
5654a7ee93eed5fc6427b19d20ccf925c7f7cd91e285554afc7dc3cc865026431c49193f43ea51e31ff9fe9ae9116e17045df5f2138f6cb59afd19967deeb8f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
8f87bb9af017b18fbb456f4775727d9a

SHA1
88d9c882bc96663f5f9123668131b2eadc1533bd

SHA256
26da29ae87b128844257c0ee92a3926467aa486ef0dcf051e4ed490dcde11cb8

SHA512
619f59a70940da1b928b4cddb6655b49c9a2f7d6c72724213e5049c91fe922a1c7ef21654378d2d96c7cc9c80bb42dfd8d5cce3870a111b5a9e9ce83f368c50e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
4f00e3e728ef490a5ed581d6464a5b5d

SHA1
97555ff3ce6933772011f449276ad6475f6ca35e

SHA256
b8e97596e3f6cf91ab3b5c91936e9d3bdaca3d4b0daa48254bd2038ebcde0fc3

SHA512
aed76a34ab17fa18ab96f726b11504e65ba59d4565a4db088c28fc5eebbd695884907e42624149f29b9b0d194ec053237a4352ce747e8062d92385d0330ec56d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
2bde82011bb8d3975924e85285405757

SHA1
1349ee124242d2f9ef9103149348a8c84d3ff670

SHA256
5e26f185e71fa977653ad848fd8033cb743c67dca93cdecf9f21e20b7370db36

SHA512
9276902b6377e927275bb4ce753318470d410115ceeab7e0e380ebc5fc65b2006b295b3f64d7108de2ec4c66d0faa0e62e1ab176b1d9dcbe58dc18d58fff308d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
aae117b5a2dfcd9690f8ed39565c0bb0

SHA1
fd561b487f314417b781131c642d41597f65fd1c

SHA256
6367955c066d960854fd2317446ebd4e109142fd1e07fb55e51e9da8a5d0b466

SHA512
4d041da0a60ffd2c351fc0829303fd99d0d1640b4b1976df1ab9a9be2f7c80382f6c50f15b8c7c917c3279bb31e6693241f1d0fb93f882d0239b22b96ed9b7ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
1a28e1cbbccb5a3c9310af27a02d7b1c

SHA1
128e8b1b0e685cf05869aeeddcad07a761acc3dc

SHA256
fb95a58472e053ddbe079ab58072112ffdc97e3942b0ef29700464d5faa01489

SHA512
b09debb6eeab251f3d1d9061590bacebeb46dbb957ffa97a23adaadadad8ecd7016c6ab6e7bef16e6cc91343a3c17f87baaffcb4ce96c89a6a5dc0688876a9dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
92d3185dfccf630e6674a9d394e7dd2e

SHA1
a80cd87e26415986236d935d234942547016b561

SHA256
1ab6cd81f1b2a8e1ad2c018f54e1da116bd8a47c81ea22c54e31c11c50a34ba4

SHA512
82905fc6c700a8b513bd5118fcc15b831488ea8e76d4425a1c3480f21c9bd341e05b574cbbff83d7093b6b3b3faabc7e0dbbf7fc584faef3e20205e97db31fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
133809992e8860fa1b8d5648780917bf

SHA1
17596443f59d8c1e327419bce7eea0d74f1a2181

SHA256
083c31043d4ff00525a34fbcc4ed21f9ea6505f5d0e2bdfade7dac396816f8a8

SHA512
49266ed132a454fbabddb337f38e3e2550fbbeacd9454b0c3e5052cea4f93537df6e593797ba479f97fe663e0800a08eae8d0ea1e8a0d9835a8ed65e7ada500f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
7546958403e088e93b7f8b273de0144a

SHA1
ee0cfe93b142aa54b31df16bd0dc319929b47988

SHA256
62e0b0bd4d5f9321f232a3293258bc951913595414d5aba9f873fb2cb718a171

SHA512
3a49978db0e6e9411e10dab8739f68b3e4ee1396e514e68003a8397a9f93a9f2f8d2dcde203f9e91766d8203d0ca83c9af7f34d4855050b045d7215181ab1fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
f09c8a50e6804215b42ddbf1435ad817

SHA1
4a97b43631ce1dbd8bbf35989868bb6cba3080e4

SHA256
c88a0a0973b9a36d2e014fc5ecc37ad2b6ed0dd367899a00b51e7b63b57827a4

SHA512
ad1471db56ac274301d38f6ed6d82c835a1b12f6fc413069db1a46a8607127d26575f778ace4c0939ffcb2ad331376cfee8d1a0ac23cd485e9a7e762a956ab50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
5d955d3e6f009dd7fe2430280943b09f

SHA1
8afe2170c702b6a6cd133f6d66347e7b3d1ac5eb

SHA256
1c91c5e68fbb1604e9f6123594c862c2497669f15f3d5eb711838290e9690218

SHA512
cda41dae9ed5b8b0de5a501615caf172285cba3978f00302fbe09adba38cb6a6ec2b1fb7982b0261b21e783683c02c460d88e6e07a4953383aebea445954179f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
839e186f5842536b74bd612090f4cc7d

SHA1
e935cc738b8f7081437d7369b3743dcee80aa084

SHA256
2cb7e5be1ac2f97fd593cc9267822411d4b84d31bcaff69cb5173b29de47b960

SHA512
60f6bb7ef6b49b97b022bbb4dc2664870aefb575ca18f1c0fe2ead1ff4334bcf5fd6f1695cdc195942a0208dbe3eec070388f262d8e4a4673c36fec8fcf718b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
97fc2f29db0d5a7bee2369aa36534973

SHA1
940a7ab701685423a85ed95113763370833317a0

SHA256
3e126daf5565cfb7ac5c790d74a5d3a05d8353d9d7289839d773151f7dcce2ea

SHA512
ab62aa3e17960dafaa3bfb4786fa4a8b82250c69cf2f895d46c78606ebdc21f74d9ba6b0d52be25808021abd5d63bfc06c4ee093d5f3f9bca780dae63bcd1fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
ccfb03dfa554bdfc34266301b1b06f71

SHA1
bf9cbb4871c8b8566da4a7a8990e5b22bb6e7be3

SHA256
d238310d7368ba598c2a51b72f493ece0333340946c8db8aa309de6ed85a86d7

SHA512
c7d52ce2cd4d67919ddcd58e5b45511ab6150e6832ad0e5256459f84aec462cc781a0560cae0d2f3ff0cd49db3ce2e2b55d1d393d8fa4a91039f7127cedbcd55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
1bf5b42c82423bb7c94edbd5f01a5e95

SHA1
7515dc09d672673833dba4fab99bc51d4dd6f9ff

SHA256
1e0397a68b7ddf4a4daefc9ca3c88cf9b9a085540dd2d544d2a31eb3b141bc0e

SHA512
feab522282879357cfdcda7d483a88d8f3e159fa5e142e2a3217c038f922f5219f14ce9cf900a8c08ad6456d3db1debe0f8bdcb844a390fa644aa9ae20f87ed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
0f238b2348cf2402fc5bee724c4ccc69

SHA1
acf5efc346039655aebde7d575d777b84bd3524d

SHA256
2d6b3c4fd6d1ecd57fc0ab1f0a72acdbae686515ecc2ad4c654495cba8186cf1

SHA512
0cfd77b78e50b3a8bf705051e23f3df722546b2c7162ca12fdf40ca7d7d54a9c872cb7818e574cc35ad274103267422f5b6b62f13a8cc93a9b7a392d37cf43a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
59f1637b169815da13db868f69ddbad1

SHA1
02cd8ae1e33d1e621a361dd7804a87a86611ac1c

SHA256
36a3f171310ce7e7938a52e14b9d8dff92932fa7d20900f507614c181302f9aa

SHA512
fc0e015295f7a420d24405153d82388687c17ae639790bd8bb0e3829c6731ee09ddd7b51c675d6da34e28311d0502c6d21832eb5a71d327ea5632107e674b374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
25b5011be07f136bcdae644612ebbc2b

SHA1
e62e56ea989e3dd7839efdfd3bad6f4d0f77c039

SHA256
9731a8e57f5b096c291a41f726bceffa307b00733cf1e0c03afc0d21bc83e61b

SHA512
851bedb2c29d4d4a5649576286a660b67ceeebcbf9add3a9d59fb519dad6288846a345ed5c503f7874a7d33b04d950841c1b4e6732778652f9282bf5e7eab18f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ab7e4221-df5e-4e60-bb66-96a234bcec90.tmp
Filesize
8KB

MD5
f01ae0642be6343270255d73187dfaca

SHA1
fad99544da3780978898bc6f2085da9b411be647

SHA256
457e78be5db0cde5e87e3ec8634e5b59d6f0501129c5ab60642fc1f2466ecb1c

SHA512
98119743e34a563badb31c6a0a2692850bb4a774b3264e61b0f5b2ed403a0cc61ae5ad2d6a57f499d75e72d5d78f79559bb77212c5eaa14e45363eb6d8a32e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d2f254f6-dcfc-423b-a46c-9ec31c6b2f08.tmp
Filesize
8KB

MD5
7269ec3156b4f4d4a48be01e9a7bd3d1

SHA1
98300a9fd0e165ef2bebf3ff98bba452f294b801

SHA256
680dea1ee8f7898bd93c9498fb9a80d586c49e0a295560baab98bc8c10824bfe

SHA512
625972fb9df49f8eb282463a0140ed938339edc9408011a9c34bdda1c5371f30d9c3abef49602084750c8a3236732d39079deb04ab7bb3cd06b04a6504d3a519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
ab6ab31fbc80601ffb8ed2de18f4e3d3

SHA1
983df2e897edf98f32988ea814e1b97adfc01a01

SHA256
eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8

SHA512
41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
d7a395e500a143c4a59cdf5b0abf5255

SHA1
d52a317052a17aac3d096474a666d548840b17bd

SHA256
c9fcb5580f2732d3522190229660f2cbdf49f5ee13343bec333a22cc5a5cb9da

SHA512
6eec1207a4114e560c1f472b3acbb10904465a3f4096f34c47512ce3d62a2353d50f28e1f777353b6c671cc5869fa07da37d6ae3aec279a1f67a7cc0002225c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
187B

MD5
d0e62c6da2380eff8e3cf102bad5f550

SHA1
df95c2f7ed5b718ce6501329a76ed534e86f3d51

SHA256
86d56d74fb937b86db4e4350c2c124cdd807562d99e00cad93f2a45c62fdc4b0

SHA512
08917e544ebbdd58709e26fb6b168770357a1328f65814750aa4cee41227181b0311a42f1f2efe68eabee362595b9e8f3adcf59a39b85bf73c3a99fb81994749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
279B

MD5
49be67e37aa87db6483394036d768c35

SHA1
977b774101e19f8e11c4a485651a9d77862dc65c

SHA256
c94f43b3889f29136b7a7b6bdf679bce6aab4b8ac10958c6e679c2bc07216402

SHA512
f081c683b7e5509253093fa147b2106136278a98ff676e8c972339419e511b03bcdc1f7b2bd4674b3f85bfaed0f08adf73f6842f8ec61d730c9aa623b0622890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
560B

MD5
9c4dbefe1f7d8a9e327a7ce70f76735a

SHA1
082db62e8c2c3df60a147d864187c7226451f4a6

SHA256
19575c5826dcdf2e43bc8f8d29d4a60006687af19a14f3b018386d018ce01fd7

SHA512
4f83f1de50209c96614173232723e4dc1acaaf25efa14554dad027552f58ae24b447eabfc2cc81ddb1c56af2da7335c632043a729e1ed8bcb1ab40f2d60d35bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
297B

MD5
a06337b1b57b8cc4e1b38c7efc5d865f

SHA1
0cc93ce440e77952c9cba4576a4476a1a152ddd2

SHA256
e7fd9f4fe3e5aa72f3726595f726990698ae50f1011e77d0242ae4e7a36d065d

SHA512
8c2ffad1dd9fc63305737651f801b183a0acfc0bb4f4b4f36cd6eefc3ba84f1ed3757ec02dd95b3992c86a5ed91724485966335c386ff5d777f861cd6e8f9d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
fd11be371cfe212e731b869f448d92cf

SHA1
ff793214f71d01833db9fab5ffc68cdf503f1beb

SHA256
b1f8f80ac83dda38626ec8682d93f58e8b1d8b19f7ec88c20f8b0c27b4795c7b

SHA512
600c784e7c9998f0b35da7770fe2f263d471cc16e7b0f93fc7013f688d75d571e121d1909ee75862a1db339d06d58f1dee372d338064bad3a28bf3fcf8dfb4f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
bc2f84c4bba403d36522df437c3f2197

SHA1
1a0e056c56cd5cbe182578ae90959f4c804105bc

SHA256
d96cdcc775190bc19028fb6566c7710e4dbfdb804638b92b16f09a0df742badb

SHA512
994eccfa1d1075203f66d081094ba870f3b6014a6d506fc9f49aec6946861245fc6f45e0be7edad17eea20be88ab094d2fea92d8bf57e2fab510c26bee646423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
a0736f0dd2b81a64a2d998a69fc07fe2

SHA1
977259df329181e5b30d389817772966a20dd844

SHA256
226d4fedb6f26a7808e6644d655ecced7941e7e771cc3cd401d18dc8af23713a

SHA512
c9656d948426ad937313466b5539302191b111726a3c72777f6190f37cd4140f42b0d5996f2adf321dc693279088d9e542688da210d85ea00fb6b3e469ebe3d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
3a68ae849e926e731df1369357a04ad1

SHA1
75c611635389b697f9045a91070eaa336e089f22

SHA256
63425259b06615d3db76547b7ed8e92f395cf7bf2bf25eed2014a52c38822c08

SHA512
db1927c03f67db49c6195bf38e95404821326da20b5ac0850b485ffda427d8edb812e4f5277ed787c963fa8ed78531c8ab06ca20c1a1d936d2f3c38a1f583e70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
eb03bfc6ceaf8cc83f429955b6a546d8

SHA1
9d470da6a74e9ef8e78c5fae4436ba8ce104ccff

SHA256
7a73e2fb7a0cf44e589820b996f819696a14df4cb5ac573c5761c5caadcc8fbe

SHA512
a45b01c4ce34fbe0dc515e10e506b67711c2f7ddd0af1ccda61bd307d0428718bce3073fda421ab8019034ac2f179b965ad1254f3d6a0be7b169e51f9ad0405f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
5af8df1fc3ff2c6c2e71bee2070f140c

SHA1
0947fd2b967e0f65e22bcdd4f81baa43bdc4ce6a

SHA256
ca3dacef36dd5f6d70a45152f0f331483f9c5e432f09db993d2505d4266c38da

SHA512
bcd6c93661ca45345fcc0152821248843ecb22ae36c8bef34c8e801090400c105513b42ac49cc201a7ff1a3a71604fc86e5ab072b41b9e0ded29f29ae6f79c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
281a4b7482b2e15715415acfff819e70

SHA1
ecc8e2badf9128e5df8fcbe076f30b256047c49c

SHA256
68e567d55562605530af2e24420b5943ee7be97678201dfe0fb96e272c6b01f5

SHA512
d9065e2ea035e77e75eede278c084668b35ddff3ad452b002d6eadcd73607df15ff5b85524d30548e80a1aae1487f9fd865981436b287d19e302d6a74a3a70b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
662e7dc5df25e3cc74004b6d8a34e90e

SHA1
2e1933e65685a02b91cc83cc8bc32ad6d1fec4b4

SHA256
1bebe3715a4b3d8371000cc5c16d4481781249b92891e0a621c28abd709fd255

SHA512
0df46cd788cb2e540f24177068b02502f4c1b846232bf6acf4444d0ee60522e415843e45345b53651abb0171199cd5a978161ec24bc825beec954cc195d7f18f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
c520bd40846244cc4f7112f50ddba2c2

SHA1
8c0eb9d938fc4c48c3802590fbdc72763827210c

SHA256
ee668744abf0716e62f0802e7e66206df8ddc1e358cdae189bc47ce0533dfc8c

SHA512
7cddf9b2b58e06e8df42eac8844b6cc310f5bdc819018438ebf07cc2691c5c75ef90fa456e067321e0d763338c554b31c6d2d8faa25c36cce3d5c1137606e821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
feaf6be9ff81e2b4fe9a2448b230cfe3

SHA1
9a256f08d2d8b4e001cb17136f4d8b5d4d31df9f

SHA256
8075c90d208379c0676b5848b1f5aef714c5c847a0525ba67167a52f8db02346

SHA512
fc0faa4c71179a7ca81f74f52cb05ed1f6104b4367075af7142147cd7c0f5a1a34028aa850b0fc5a675a6182e160e1213606b2e6e894ddc68aeccb2ed0aaa5ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
a1275e76fb66453a97dd9d1cd982c7ed

SHA1
a9053d1cee1fbaf6185af6bc93e21d9011091b9f

SHA256
ce01807587a14c7028ba9d0934382ee55dd2267240408547a1978d149ffdc0a9

SHA512
281af6c650df6b0a65488532598c1e83626a9b933273bd1d1f3c8b227999ea2619a3915c71c9c745ae4c72be31a918bcc196ed131bff3f7582de5e5162c25756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
fd11be371cfe212e731b869f448d92cf

SHA1
ff793214f71d01833db9fab5ffc68cdf503f1beb

SHA256
b1f8f80ac83dda38626ec8682d93f58e8b1d8b19f7ec88c20f8b0c27b4795c7b

SHA512
600c784e7c9998f0b35da7770fe2f263d471cc16e7b0f93fc7013f688d75d571e121d1909ee75862a1db339d06d58f1dee372d338064bad3a28bf3fcf8dfb4f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
8069ef1c1780a2ffee08a3e3c2160a2c

SHA1
9813b52691666b41ad78743b7f34caa7d067efd2

SHA256
f97acdd02aa77ab0d2ac50d0bbb2e8e2dc1db45bba2d1c8f78deed7abd377fbe

SHA512
c6d96c8687f546107b162160c3b29262f9e46259ac76a8d91d276cf6fb1cebbfeb663ac56f9e4526d171d1afb6bf838e2a7a7b024c639e9f4736ff47e10f1ccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
ac819d447ba46bf881c5f0fd21874e23

SHA1
8ab32a8c526726e13eb80a1dc585baee6344d759

SHA256
fbb46c0c6cf4f78d0589e0c2e54d96ebd81fb405765ccb75b8e62f3c42aa3f9d

SHA512
5d93abdc0034dfbcec4c3f29227367cc681314789fdb5fe71fc66819bebc0e4469781739dee6fcb6b412d90b7ed694cf2434fe3f53be04f4a7a4f9f03d2561a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
ba96e417dc465429e56c38a03686c66e

SHA1
61c4a80cd723075ea31801236911f2f7594aff92

SHA256
59b0604f0200313166b16afe7cb05c4bd0cfe344e52384ca7d00d485f6cd9ef4

SHA512
d556351815f9f8ebe56302369f66ef9bd504d37e94928eaad8af2a5df0bc19a3de5a3c16d2966254bf443d15be7885cd541473e838943f27696fdbf3f74e85e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
45f959c5d663f823b95d307162509331

SHA1
02d88c34e09ddbe7580a956fe2455e48655e0500

SHA256
a3ac022af54b3e67c991cd0ff737392e77050233d4c86597dcc6506dea34a1e0

SHA512
33fefe3228b7786e2d84a9cb1a77d2a4ff713e63dc10ecc1014dca3f410f677757dd4d739e6e50cbe5cd5042462da3a72eb5e5b8561a4e9273a7bd9e00a589c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
a33c617f79da6960c34b6aea791d8e5a

SHA1
7d9331ac815e040ba23312cc62b4a9c33d5dd536

SHA256
4a35a23923bbb899795f65c78fdbaf3784f267d451527cf689582b7a658c0284

SHA512
d82c2c0c122f6c2eb1800e34b83947cb3b85f838cac19eb71eef88960204849eb02a65c42fca6bb63dc30a3a2e2cde73f8373457ed16aa536553ecd15186dbdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dcpq11e\imagestore.dat
Filesize
478B

MD5
4eadc8b24515e022a3bd07f649b779d7

SHA1
36eada3d9c65a66afd80a477824fe3776c3f95e3

SHA256
13a112b27fabd66a63637c573de49d4b2f7c839d50e244eb333903bf801303ae

SHA512
89ae0fda0151ad086aded6327cbb4fc1adad6e9c168c9067d4905403d4432870c11522a539af465f8dc810f8c1beb57447d995d01a0f939bc7f6d69a65a4e129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\favicon_32[1].png
Filesize
348B

MD5
3a880420311ad60097059ffc0fc53393

SHA1
7644b902864c4ba3604f61e0880e05da15ab464f

SHA256
571c382651d6337cd5fa49c512d02f0f99d523a896b87175fb59c710e1fcbc7a

SHA512
c16652970d04b7b76f7e7ef5a8d091984a13406cf7f5475cc3cfa3ecae3278c19be5494be39a8e549978b0675d1c70f69cc1413de9240487943d91965aff17d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\MEMZ%203.0[1].zip
Filesize
16KB

MD5
1ef3ba090e941e51bbe0b8b3a2de4446

SHA1
72080fbcd5b076277503c1141b1e2225db03b290

SHA256
c7a5724e268a5e3da96377805d8bc4b86f659ca4f3a62cd1b866a9ca15846e50

SHA512
0146ec923b7e80b9d112b0ce5eec71d4d71fb9ab9de6f1ac4c07ec5e510e952ef1a4a84df78eb22a3914f761515b323dd799b330e944bc31eda5590ac513c740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\MEMZ 3.0.zip.uq8dec8.partial
Filesize
16KB

MD5
1ef3ba090e941e51bbe0b8b3a2de4446

SHA1
72080fbcd5b076277503c1141b1e2225db03b290

SHA256
c7a5724e268a5e3da96377805d8bc4b86f659ca4f3a62cd1b866a9ca15846e50

SHA512
0146ec923b7e80b9d112b0ce5eec71d4d71fb9ab9de6f1ac4c07ec5e510e952ef1a4a84df78eb22a3914f761515b323dd799b330e944bc31eda5590ac513c740

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFC09A1FF6F7025CD8.TMP
Filesize
16KB

MD5
7eebd0ad47e487e8a299fbf9230dd78e

SHA1
fb49e7ade10e9ff856dc1d28643750c41e951040

SHA256
ffba734bc7798ef7820c422287b321352dcda6c37ab59be9efe64fdb611b9e00

SHA512
72701370a7aeef44f31584d10acd6b11f33eab736bd3c8e45831ac33a5425c4822b39f8bd71b45f35c640a1f27bcaf2d013dd56807728cc426ed0ade4a5f8df1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
48345340f83185399577d9a9e7c4e52d

SHA1
83b690b9beaa88f7b1d32f1afd2ec5cc585199d0

SHA256
4a4a19f55467ae361c8a33cd7f6d947b8f8e121633dd282e33d68d513e20df49

SHA512
2bcdebd30f1c2694eb078470292d04fb2bfa15059122e0125f235aa6db9badecb8f16497d4303d4b8d356bf689d44cd917c476355adc53ac3a909f2f7548f30a

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_5020_NPGTRKVVRDBIQDLZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5332-1993-0x00000000053C0000-0x00000000053C1000-memory.dmp

Filesize
4KB

Download
memory/5332-1994-0x00000000053C0000-0x00000000053C1000-memory.dmp

Filesize
4KB

Download
memory/5332-1989-0x00000000053C0000-0x00000000053C1000-memory.dmp

Filesize
4KB

Download
memory/5332-1992-0x00000000053C0000-0x00000000053C1000-memory.dmp

Filesize
4KB

Download
memory/5332-1984-0x00000000053C0000-0x00000000053C1000-memory.dmp

Filesize
4KB

Download
memory/5332-1983-0x00000000053C0000-0x00000000053C1000-memory.dmp

Filesize
4KB

Download
memory/5332-1991-0x00000000053C0000-0x00000000053C1000-memory.dmp

Filesize
4KB

Download
memory/5332-1982-0x00000000053C0000-0x00000000053C1000-memory.dmp

Filesize
4KB

Download
memory/5332-1988-0x00000000053C0000-0x00000000053C1000-memory.dmp

Filesize
4KB

Download
memory/5332-1990-0x00000000053C0000-0x00000000053C1000-memory.dmp

Filesize
4KB

Download