hxxp://e | Triage

Analysis

max time kernel
592s
max time network
634s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 18:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://e

Score

6^/10

bootkit persistence

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\3bf73392-3078-4514-be1f-a139c9f76fc1.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230401203104.pma	setup.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Taskmgr.exe

Enumerates system info in registry 2 TTPs 21 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exechrome.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133248544661505359"	chrome.exe

Modifies registry class 4 IoCs

Processes:

chrome.exemsedge.exeexplorer.execalc.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	calc.exe

Runs regedit.exe 2 IoCs

Processes:

regedit.exeregedit.exe

pid process

3312 regedit.exe
2380 regedit.exe

pid	process
3312	regedit.exe
2380	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
2012	chrome.exe
2012	chrome.exe
5020	chrome.exe
5020	chrome.exe
4376	MEMZ.exe
4376	MEMZ.exe
312	MEMZ.exe
312	MEMZ.exe
3860	MEMZ.exe
3860	MEMZ.exe
1668	MEMZ.exe
1668	MEMZ.exe
2344	MEMZ.exe
4376	MEMZ.exe
4376	MEMZ.exe
2344	MEMZ.exe
312	MEMZ.exe
312	MEMZ.exe
3860	MEMZ.exe
3860	MEMZ.exe
4376	MEMZ.exe
4376	MEMZ.exe
1668	MEMZ.exe
312	MEMZ.exe
1668	MEMZ.exe
312	MEMZ.exe
2344	MEMZ.exe
2344	MEMZ.exe
2344	MEMZ.exe
2344	MEMZ.exe
312	MEMZ.exe
312	MEMZ.exe
1668	MEMZ.exe
1668	MEMZ.exe
4376	MEMZ.exe
4376	MEMZ.exe
3860	MEMZ.exe
3860	MEMZ.exe
312	MEMZ.exe
2344	MEMZ.exe
2344	MEMZ.exe
312	MEMZ.exe
1668	MEMZ.exe
1668	MEMZ.exe
2344	MEMZ.exe
2344	MEMZ.exe
312	MEMZ.exe
312	MEMZ.exe
3860	MEMZ.exe
3860	MEMZ.exe
4376	MEMZ.exe
4376	MEMZ.exe
4376	MEMZ.exe
4376	MEMZ.exe
3860	MEMZ.exe
3860	MEMZ.exe
312	MEMZ.exe
312	MEMZ.exe
2344	MEMZ.exe
2344	MEMZ.exe
1668	MEMZ.exe
1668	MEMZ.exe
2344	MEMZ.exe
2344	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

Taskmgr.exemmc.exeregedit.exe

pid process

1720 Taskmgr.exe
3316 mmc.exe
3312 regedit.exe

pid	process
1720	Taskmgr.exe
3316	mmc.exe
3312	regedit.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
5448	msedge.exe
5448	msedge.exe
5448	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
5240	msedge.exe
5240	msedge.exe
5240	msedge.exe
5240	msedge.exe
5240	msedge.exe
5240	msedge.exe
5240	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
2104	msedge.exe
2104	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeCreatePagefilePrivilege	2012	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exenotepad.exemsedge.exemsedge.exemsedge.exeTaskmgr.exe

pid	process
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
1020	notepad.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
5448	msedge.exe
5448	msedge.exe
4684	msedge.exe
4684	msedge.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exeTaskmgr.exemsedge.exe

pid	process
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
1720	Taskmgr.exe
5240	msedge.exe

Suspicious use of SetWindowsHookEx 23 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exemmc.exemmc.exeOpenWith.exe

pid	process
3168	MEMZ.exe
4376	MEMZ.exe
312	MEMZ.exe
2344	MEMZ.exe
3860	MEMZ.exe
1668	MEMZ.exe
2124	MEMZ.exe
2124	MEMZ.exe
2124	MEMZ.exe
2124	MEMZ.exe
2124	MEMZ.exe
2124	MEMZ.exe
2124	MEMZ.exe
2124	MEMZ.exe
3956	mmc.exe
3316	mmc.exe
3316	mmc.exe
2124	MEMZ.exe
2124	MEMZ.exe
2124	MEMZ.exe
2124	MEMZ.exe
3808	OpenWith.exe
2124	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2012 wrote to memory of 4464	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 4464	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3756	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3896	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 3896	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe
PID 2012 wrote to memory of 5024	2012	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://e
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea7ec9758,0x7ffea7ec9768,0x7ffea7ec9778
2⤵
PID:4464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:2
2⤵
PID:3756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:8
2⤵
PID:3896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:8
2⤵
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:1
2⤵
PID:4024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:1
2⤵
PID:1840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:1
2⤵
PID:5044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3336 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:1
2⤵
PID:2380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:8
2⤵
PID:1812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:8
2⤵
PID:1720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:8
2⤵
PID:5080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5196 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:1
2⤵
PID:1780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5100 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:1
2⤵
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4624 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:1
2⤵
PID:4012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3160 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:1
2⤵
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5436 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:1
2⤵
PID:3032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5648 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:1
2⤵
PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5652 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:1
2⤵
PID:524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2836 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:1
2⤵
PID:3288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3540 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6024 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:1
2⤵
PID:4012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:8
2⤵
PID:1436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5984 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:8
2⤵
PID:1688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6056 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:1
2⤵
PID:632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5836 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:1
2⤵
PID:3848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3152 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:1
2⤵
PID:5012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3444 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:1
2⤵
PID:2340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:8
2⤵
PID:3852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:8
2⤵
PID:3624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5972 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:1
2⤵
PID:3764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 --field-trial-handle=1812,i,1249085142985583107,10078160694426456059,131072 /prefetch:8
2⤵
PID:2996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4140

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4732

C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3168

C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4376

C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:312

C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2344

C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3860

C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /main
2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:2124

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
- Suspicious use of FindShellTrayWindow
PID:1020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
3⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffebfa746f8,0x7ffebfa74708,0x7ffebfa74718
4⤵
PID:3812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,4685772434076205299,8878374512920494042,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
4⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,4685772434076205299,8878374512920494042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
4⤵
PID:3540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,4685772434076205299,8878374512920494042,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
4⤵
PID:1080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4685772434076205299,8878374512920494042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
4⤵
PID:1280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4685772434076205299,8878374512920494042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
4⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4685772434076205299,8878374512920494042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
4⤵
PID:2296

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,4685772434076205299,8878374512920494042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
4⤵
PID:4488

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
4⤵
- Drops file in Program Files directory
PID:972

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff64e605460,0x7ff64e605470,0x7ff64e605480
5⤵
PID:1748

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,4685772434076205299,8878374512920494042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
4⤵
PID:2004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4685772434076205299,8878374512920494042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
4⤵
PID:2144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4685772434076205299,8878374512920494042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
4⤵
PID:3488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4685772434076205299,8878374512920494042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
4⤵
PID:5376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4685772434076205299,8878374512920494042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
4⤵
PID:5368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus+builder+legit+free+download
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:5448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffebfa746f8,0x7ffebfa74708,0x7ffebfa74718
4⤵
PID:5296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,6017011011935494331,3846904189577091530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
4⤵
PID:5724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,6017011011935494331,3846904189577091530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
4⤵
PID:5728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6017011011935494331,3846904189577091530,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
4⤵
PID:5104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6017011011935494331,3846904189577091530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
4⤵
PID:5408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6017011011935494331,3846904189577091530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
4⤵
PID:5868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6017011011935494331,3846904189577091530,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
4⤵
PID:6092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffebfa746f8,0x7ffebfa74708,0x7ffebfa74718
4⤵
PID:1680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
4⤵
PID:6012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
4⤵
PID:5972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
4⤵
PID:5924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
4⤵
PID:2320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
4⤵
PID:6136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
4⤵
PID:5332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
4⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
4⤵
PID:5732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
4⤵
PID:1140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
4⤵
PID:5628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
4⤵
PID:2816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
4⤵
PID:2144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
4⤵
PID:5248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
4⤵
PID:5136

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8000 /prefetch:8
4⤵
PID:5500

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8000 /prefetch:8
4⤵
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:1
4⤵
PID:5528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1
4⤵
PID:2320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
4⤵
PID:3832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
4⤵
PID:1316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
4⤵
PID:532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
4⤵
PID:6076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
4⤵
PID:5992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1
4⤵
PID:3616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
4⤵
PID:3868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
4⤵
PID:6084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
4⤵
PID:1084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5275323328195550096,12753909513269264658,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
4⤵
PID:6000

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
3⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffebfa746f8,0x7ffebfa74708,0x7ffebfa74718
4⤵
PID:5504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,15449940875758130425,17523541453296939981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
4⤵
PID:2456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,15449940875758130425,17523541453296939981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
4⤵
PID:5432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,15449940875758130425,17523541453296939981,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3016 /prefetch:8
4⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15449940875758130425,17523541453296939981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
4⤵
PID:5756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15449940875758130425,17523541453296939981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
4⤵
PID:5848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15449940875758130425,17523541453296939981,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
4⤵
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15449940875758130425,17523541453296939981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
4⤵
PID:5476

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15449940875758130425,17523541453296939981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
4⤵
PID:5744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15449940875758130425,17523541453296939981,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
4⤵
PID:5520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15449940875758130425,17523541453296939981,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
4⤵
PID:5924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15449940875758130425,17523541453296939981,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
4⤵
PID:680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15449940875758130425,17523541453296939981,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
4⤵
PID:5312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffebfa746f8,0x7ffebfa74708,0x7ffebfa74718
4⤵
PID:5272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,12282234122678600417,18088077661141136380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
4⤵
PID:5304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,12282234122678600417,18088077661141136380,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
4⤵
PID:3936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,12282234122678600417,18088077661141136380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8
4⤵
PID:4144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12282234122678600417,18088077661141136380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
4⤵
PID:1932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12282234122678600417,18088077661141136380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
4⤵
PID:964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12282234122678600417,18088077661141136380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
4⤵
PID:5168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12282234122678600417,18088077661141136380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
4⤵
PID:1036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffebfa746f8,0x7ffebfa74708,0x7ffebfa74718
4⤵
PID:3500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
4⤵
PID:5576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
4⤵
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
4⤵
PID:5724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
4⤵
PID:656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
4⤵
PID:5700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
4⤵
PID:5740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
4⤵
PID:4240

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
4⤵
PID:2808

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
4⤵
PID:5944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
4⤵
PID:5708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
4⤵
PID:5980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
4⤵
PID:2996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
4⤵
PID:3808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
4⤵
PID:1884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
4⤵
PID:4292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
4⤵
PID:5512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
4⤵
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
4⤵
PID:5260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
4⤵
PID:5476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5464 /prefetch:2
4⤵
PID:6092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
4⤵
PID:4340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
4⤵
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
4⤵
PID:4696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5072 /prefetch:8
4⤵
PID:4416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
4⤵
PID:5784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
4⤵
PID:220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
4⤵
PID:2644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
4⤵
PID:4520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
4⤵
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
4⤵
PID:864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
4⤵
PID:5508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
4⤵
PID:5440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
4⤵
PID:4840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
4⤵
PID:2116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11519585706804063281,7355395853261935676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
4⤵
PID:3176

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
3⤵
PID:1904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
3⤵
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffebfa746f8,0x7ffebfa74708,0x7ffebfa74718
4⤵
PID:1016

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
3⤵
PID:4944

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
3⤵
PID:4700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus.exe
3⤵
PID:2728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffebfa746f8,0x7ffebfa74708,0x7ffebfa74718
4⤵
PID:3568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=best+way+to+kill+yourself
3⤵
PID:5664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffebfa746f8,0x7ffebfa74708,0x7ffebfa74718
4⤵
PID:3468

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
3⤵
- Modifies registry class
PID:2464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+buy+weed
3⤵
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffebfa746f8,0x7ffebfa74708,0x7ffebfa74718
4⤵
PID:4692

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
3⤵
- Suspicious use of SetWindowsHookEx
PID:3956

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
4⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3316

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
3⤵
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
PID:3312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
3⤵
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffebfa746f8,0x7ffebfa74708,0x7ffebfa74718
4⤵
PID:4384

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
3⤵
- Runs regedit.exe
PID:2380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=batch+virus+download
3⤵
PID:5976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffebfa746f8,0x7ffebfa74708,0x7ffebfa74718
4⤵
PID:2772

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
3⤵
- Modifies registry class
PID:5852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
3⤵
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffebfa746f8,0x7ffebfa74708,0x7ffebfa74718
4⤵
PID:4588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+buy+weed
3⤵
PID:5220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffebfa746f8,0x7ffebfa74708,0x7ffebfa74718
4⤵
PID:4240

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
3⤵
PID:5940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2696

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x338 0x3d0
1⤵
PID:2004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3808

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3e14055 /state1:0x41c64e6d
1⤵
PID:7048

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\672f2ecf-9225-4c3c-9d00-edde9de38b86.tmp
Filesize
7KB

MD5
b161c00bd95660b160f010eefff1f410

SHA1
d0375e74cbd0d329c4603a6317e818a90d63e58a

SHA256
2c0941f6ef52272c145d45d34b0bd0a637ae7606a9c0e8a4e4fe59c36ab6f21c

SHA512
8b4615d0cc702104c25eda430db42bfa17eef3015bdac41342200173e2cfce8c00092e7dcd0e0c2acf10dc1f817202f93c223b3e08e25cc8b7895269d3f3b47f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
744B

MD5
755efd5f3e079858d54dfb0b76522c5c

SHA1
f8fe81484e2face2f698ecf1d3c775676da43e2e

SHA256
7908ed68ee4a4c05f1eb883aa03f6ad3d548a8903f3525b2de22160303ca6312

SHA512
86b2f0652f25b967305abbb545f215dbc2571bc2e7801db2341f80c9db64bd444b55366b7ee9769fe38e34dc06110f63d550a770577b9f2e6cb628d9ccd09ee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
53c981ecb8efb9c5c65a4a9742dc280e

SHA1
a4cd8cb3e5e3ea7f5a9eb87ea92894353d337501

SHA256
248299c2a95e67dda2f0035a489cdd07488b9befd040c214df0f7584be6431d8

SHA512
a299433057b9116ec7e1f3c4f0df5e8f63bbdf527ff298e14ecd5581a3d3caa164da2c5c258823ec423e0e297e6287f1cee5e4c56c387e83e65198e8cb0daa4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
5e788234581f8ce8c7c8b1759f7de744

SHA1
97201ae258fc469f89857a1166b23aaa1d7c630d

SHA256
2767ca69ec2be9d56bb6d392cd49df063526284043a676c54ae8521efb16fd0e

SHA512
aa173e701fb3d3e5a048f68199dc9e6379b798c2f130c4dacce56e3d0797ca4ad92df97f97b4dc8e58fe3cf3a606f958e5aa5d411b230eb1d9aac41c1d928789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
f5541afa660b52132262a40c957b2849

SHA1
f58089dcb61e6fe13cfce4c9aa5c8669f102d4e5

SHA256
83409cc5c0a08e38406681e6c9f4e2ba96fb09301532bbf444c4392102e3ab31

SHA512
2ae4c9abf7e8806ade7fe548cabd039a9cb2729ccd348ca19f498c668e411d523a7c1772a354b8d7555c59209a18a2ba8e0b9a5941c930f37dcba557569aaf8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
bdf7e4c7bc9a5d9707025efb676fe017

SHA1
84654e6f0acd79ac34c3fd8233f29cf82a850206

SHA256
424e4c4b1771582ca74bf4fb973693488331f1b2665962c5fe7f928b08871b43

SHA512
35d3be231340e4f574595165f68f7ce65014ab2dba0b41852277ab999c788abe2e5151bd40f419011bd3218580793c9677385ba9f9e1918131bad3f2458318f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
d1a9c15720094f0dbe536cffb1a8e137

SHA1
f058c650279a7f4089be0596835db4d4b998b2b4

SHA256
3abbfcea430895ded0bbb33d5c0c93daee51ea5ed6b7ac979dabcc5b7ef19264

SHA512
e3d93e10ef49ed9523dae1ae75539df296781084e6e91a6a935a103fdf53bfd27ff588e767f3d5f9feca7c2ef620a49c2cfbb732fdc54bcabd9c1487cc3ec0ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
d164c0dff4036110512993ce8aedb637

SHA1
7d4782093ac7d3211e5e518354974855c78dc637

SHA256
1df659775f41642a24672e4fa55dd7b30007d64555763ebf41484522a0cdc958

SHA512
3e900999b70b43d06df72ac922349b0e89f5d6b3c92ea5587e0e1a8bd3fad282cc34a7a118b9d118f29f781053b931f2c15ffdb74fad872c03c33cefe43c0f25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
a811e9da530ea8fff0b253106d1bf391

SHA1
ba925336e630c93a1e4b4a36b5f01d86a49ec2fc

SHA256
609fc0239bab092cfa40faeeb19a5b0ce3906bc8b59a4fabbe838911dd9b432a

SHA512
7d328e81e0acc1c7af94801356fd8874d71bc8e3c73d00d790f2b1f137b45066e95024356ba52eceb7d909a7a42ca1adc3bc13ec556a34a83338433cc9b62aaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9661cb514e463e3d565cdb0753645c6a

SHA1
a981bdbd9bc3858fbed7cfdc37487eff0f3ef820

SHA256
caaf0d914ddcd76d3417ca8b30a8d0b4b5934e98b5ee528a3327a766318c74c7

SHA512
35933df7283c6159c4155b43f2ce2421066a24a6b8fa42d53237a5b4101d55a77a0e24326c168fbbf839129793ce65812abda459ce6b57612af719592b7acc8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
be72feacd8064e7fa02db17b89fc588f

SHA1
ab1427e21ba88085a629f1739d8f0e367b95eea5

SHA256
7dc6b89cbcf43c08a70c37b091fa93fae27679a97902640a2230df619994e813

SHA512
580e93703036c73ca7f26e61ac8ecb57398af654675a2abf2effebcb845d23d300b2b299fdb3ab32999cc836010bbf63ac05fb75d7092598615cb5b48b5dc0ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b4bd3d30d87034f37b1417a661bcd02f

SHA1
fbb2a2dc77c13384327f37afaf5ace6a9495e1f7

SHA256
6ab99205e8d22e12bc122e60f5ddb114de95b56a1e590a5ab934f10e0a333600

SHA512
2350582608b7c029064acda432878f01f53b48f060351853c5f864e00d6900c94d40210493b439f3b2ab06dc2cbd8109ad11e1a55f1ba3e189e7d55b389978f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
d9463a809f54a50f2b94600218e06856

SHA1
4286a13d58d09c908728a569bfabf7f17056dbbe

SHA256
b07169922490616df82871ef2f3d913de6454def10346cff9c0f7fe210273f3d

SHA512
47fb6c9d7d6fc7fc60f22730999a5cc542c98e342df81bf3bf8a205b5a86d0a03730ac403862a297127ca8881393fc8c09f6f78b8523523e0f5203f10a12b2f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
85dbb8ba1ba42aa7f5f50c325671bbbf

SHA1
20d1d04cdb9e68e57c0343c3f6491417c87db4a4

SHA256
32ac42d981bef791e5b6538b166a1a55f23eeabf867b479cf66c6dbc15af0388

SHA512
a33bf6db2e328a99fd9094b481175480cb85c60f3533b935fbce068a9402efac8e915f206825de00ac47a25fb3b1cc22ba98c51bf6ecd1626fd5abbada12bdd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
29a6a86152ea453b3fb50dce6f4945cf

SHA1
bd431643225a10d02734c95aaaeb265db782dfee

SHA256
4b65db7afcbd19434125a01b8a1b8c1d30605f52dc1d8592b524bc3f912dd616

SHA512
e5644b499c65c771f4605042cc9b1144cf7f038047e5abfc6cd96a784811b14c8cd1c8ed901fc4eb730efc01f9704a92d480dd770c0c4515985d8e6846de6d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2bee772f83e0c539217075e7553f0e99

SHA1
e6b1c22be115a824515f567d15c8f7a2504726a8

SHA256
165f3a9976d4f8fced84e03c2897f6c132c6a65267e47ec70660ca4cefce848f

SHA512
26a35893597d2824588132b5ba233a3db5cb775a0de73b3c9a63c10f979166fbd355e6e3883884aed9fff7cc79d5f332e10eee6b9370ba72aecf56bf07e28946

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
378a0bf979da2175cc766c3bd390bf37

SHA1
6b94af83d43d8a58c2339b0ded38eea180c675d3

SHA256
2c760dbd1d1dad7e5b27c318de99b5344ecc0d47c859c12b92063b1501c11be7

SHA512
af712e0c38afad0ef77221fb32030bbebdaf5f612f75f24341bd957c133ad083ad3092314b63581a1b4c36f8dac5d69ad102ef98049c0d80539144f2ec8941c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
6576da802eb3ac809a52dab94f4e720d

SHA1
46a565e77e6469150cfa35c1bae99446de0e4951

SHA256
59d09bbede5943d7010c95d40e4168d748d8e7794b63fe6a123f5e36c1cbae11

SHA512
72576b447e8f0701a8a579e08274af83b04e870df09e4e9ccc1a1cc42cef996565e373b73267033f54f6f99df26b4484c065df79cbd02a5ca621831628730b03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe588d47.TMP
Filesize
120B

MD5
67c0cfb5e664e3ac97f191be8d16ca53

SHA1
3155ee9fc372d3bec6ecafbeff08d553756f37b6

SHA256
8744179ba31d405dd69da2d8d1b47aa7497ada78ca0f7d35ccada4665904f293

SHA512
bb31b3e20535799647d8443ac424b26bce3ef3bbbbce54e41ba84e3a3621568c2508f523759a9e850e017c0d00bdad28ec573c104024da006dbd20e52709348e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
a333be7e51f507358a8ee595ac48a488

SHA1
4d85ce7d6480fbecd058b8b667cfa965730c96cc

SHA256
d0782eca2a051afaac32016da79007f278d9da4552d1805f09748730c039f5bd

SHA512
376dfdfeea5717bed86077fc6e6f61acbb81823fd5093e86e936c316ac1476c2ae96eca462b293158fb2337b279600f80b8c00a440d62177a838987c96c378f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe570f42.TMP
Filesize
48B

MD5
4403f24f4f83120c73cf590fc74d8661

SHA1
f2819814338c3c310f4e171125748b0bf67dada2

SHA256
0f7d4b6624f9fddd68c4008c5116dfbe50a001a1eb02253d17a1e64ab8c0dde2

SHA512
cb590531960e894b5192cd0195b1a9e257b24eb31e25add26c533c758550f3611e61125ae235a66a8f8e0d4f96e43a82acbab4c351254bac46b0016c341d9fcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
fd5943c7050f3db39f5a8a3b87d23451

SHA1
8d685a16e5b2df34bfd44cad75f82ade59b9d49c

SHA256
6a9cb6d9f1552cd3593e2d3b1db1d743e1dbf1000acc78424499124ad86b75dd

SHA512
d474a3b01a18d906b0d0f08e0dacab7056ed8ab83edbd4605884c216569b02953df8085fecb7ed8241ab9669b7764bb061f5c72fd6df18c02431bd3c12a1152f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
f4483fcde06688edc1fa2af26a0bf99f

SHA1
595d69fc71c555f544b8616e42413fbe866710a9

SHA256
7a196ce5986ac3c06405a1ff6b1a76cf6fbc8a03bf65fb8df8721811132e0647

SHA512
ba4f4f7bc973560cde5601fef1abb59857dd079c4d3e26086dc16290b6f778c778f0130313cfc61f4a6c52839b2c6debc3ab31ad77e1c649a05ca98d2d7ad91a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
f4483fcde06688edc1fa2af26a0bf99f

SHA1
595d69fc71c555f544b8616e42413fbe866710a9

SHA256
7a196ce5986ac3c06405a1ff6b1a76cf6fbc8a03bf65fb8df8721811132e0647

SHA512
ba4f4f7bc973560cde5601fef1abb59857dd079c4d3e26086dc16290b6f778c778f0130313cfc61f4a6c52839b2c6debc3ab31ad77e1c649a05ca98d2d7ad91a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
9cd7b209b0ffbb44b32ac9a79eb2bc10

SHA1
e5de90f0d44e5a67e433eb1fed6810647f2092de

SHA256
38ea31a9e60005f8f45f5ee8851102f6e48932ea2d8bed7eb541253fcfd7074f

SHA512
4fd5896f5debcd1783e92e8977492b569ea3e97aa4c0767272c14a71120874674144194de8ddc896ed666a007fdb5603c2a321c9f572079518de7f27669efa0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
40496e4c04dd065bf6d1c4d17be4678f

SHA1
e373825a3773fba488afb9556c6fc2ff9da12f7d

SHA256
d519b79e343554ede37e7c6877fb3db66cac7b403d5b3a65b51153d7f9f21c67

SHA512
c991fa931786659c99cf0becbb2bb063f45dae7e64509b685e3b976d59a724cdcee886a1c3a6412e6afdcbcd5f1c547e10079e751415a1dc664c106f839918c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
109KB

MD5
18a2de1eda049f26b481910057ebcf7e

SHA1
f5856775d548474ccffd862f47792036ebf5ff91

SHA256
ce251ee36181a6e7f8c0aee09e90967625d2121c1128ea9fb4f43b421ddeca12

SHA512
35a89cd94decb1e516224ba963bdae0a83da38d3b5c80045b8e06de173113c1b376d9e116275391c7dc270d5c480b788f646162026faecc1616de30a0717ee12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590cb8.TMP
Filesize
99KB

MD5
0656b2c73e2926045e1c1ac97b17c578

SHA1
f8cd83713a7935f1b5c7b7964b5caee61f0faf76

SHA256
73528bbfa1291fbf1e7b18477dd1590cbf86ec46559bc641b28273c8e2ec89fc

SHA512
3b229da3904fbfc072351d439ac70ba68d7d7093bce24ae08bf0d489311907a4ccb05da3cff588cdbf0fac707e304ca73759c2080def8dec963e331f551af150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\779a6cc5-2c7d-423d-b41c-9a69ed363f3e.tmp
Filesize
13KB

MD5
d463098997723a1a20429148fe6ad16e

SHA1
66d5b5d3fd415498763c49931a14592e1bad34bd

SHA256
d813137fa9146c0d57badf51d0a036d29e78c29fb1a27a8777735b4ab6d34330

SHA512
8e7dd8890012dad0ff161e56a0a8901724f6c80eac66173e69156df2388b1a29fae892f1a63c832b07251f2a4a26678f57e5e5dd34be796eb9ba39b491a3ed7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d718caaf91ce110257325ea65e6ee3a9

SHA1
56bc9d07345088e0b578bbecfdbe963ac152a12d

SHA256
e05343bca8937346cd930877fd533b350f178214dd3fb7b6d620d236c6705a7e

SHA512
30b06348adc7af9974228951e64c5df00630e70c1760aa9515a409df92afc76fc602fabd39932ea43b6b775047f8218f0b0fea877575a4cf2754e80586fcaf25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ed491be6d70da7465873e176ec17cd64

SHA1
adc253cd1140dfb2299f54c9a8c60cac1a51a09a

SHA256
d6d0d36f38cc8702bb31857a6f242420074f91178e0d01c82fcad61368fdd4e7

SHA512
6c5703bbcc93d55add79d867107d65e0f5de2932de9903c6da997daa577f40dec19d5d6f1e0292276f7d93581073a1d0144d36941377930d24f4827e72b63c3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
bb2d13d457b88396bb4545ffa5448b43

SHA1
4aeb7ba5de15f1d42fdfda59fe27d8bb95537ec7

SHA256
8cac85a63d948737b34798cf06fac9851c3b6e0fc5edd5e60d6c35cd12e5ad30

SHA512
2db3fce0b43834f6018ce0c3292f406f81421f294214debec0b6ed24a80899bd60456c7b0c7544fb169f7caa8ff84dc3ab4827b909b8c4943b88f2547adc2787

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d198c0473c014db996d882f54b98b0e2

SHA1
d9bedcf4479fc2f23218945d10a2cef060c02061

SHA256
742efd1a92ce0bd5101de0967ea4712abdf84882b0f919d30b451a6e7016b207

SHA512
a19ed282ca84349e7c4139c9a72956c9c4a509644a211932160c6940562fc3e018ebfa9f2796596f035fa927f9f139d02cd706406558688849cc9d4611f8bab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cce1a24d74dfe418fe43f4b258af64cd

SHA1
3f0aaec8885c0d1da16b20d83dc96dd68ab468da

SHA256
5dc8433d337faf089dff887f14b458193038994a0f52256ed55cac0c4764996b

SHA512
5bd0820ea4d161762cc3fae4b6e17e62ad66d14d97fe3be0706b11d7318be14046ed4a269baeef681c0bd697f85866cb2b6c69d60cce3221bb74c69d5ef6d53e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3b0324e8129bcb5d8e03acef012df58a

SHA1
0781d99b2ab45534c073193a9985b541db3367fd

SHA256
d884e261d9dde2f7082a611c4d7b8fba2fed259b0bcfe4628dfbb9749c393a5a

SHA512
6378201e29f60b72f4e22777d744b446b1346bd6f8c770f898f3e6abf26e63ede158be4d86a37787df11520a759c6f260c27160ce2abc5bdfcea20eadd24823b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\35983eaa-efba-4ebf-9b0e-4a22dc64a84e.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\66b3e163-c6a2-4d11-8e8c-2197b3a72265.tmp
Filesize
4KB

MD5
a4d12248654dc5491222b1710560cc56

SHA1
cd1febb68b319cc57bee46ae9d963a878f80aef6

SHA256
51becf2f5e8c658e1ce04e7437bde29ada9026cf9c94ba1b3bb5b6a8b3c0ea91

SHA512
bbc9076b2dbeff283529055099a366390861a39da51905af888a1b16288d29c4490d25baf2b21b73de90ff2c84259b2a8524c6f4c13aa59c1304033b75f4e2d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8746bc85-448d-4ec2-9798-61ebc2daadd3.tmp
Filesize
4KB

MD5
b05c987066ea5f1825e3f0248ae94339

SHA1
6bd024665df966bd348ff0b712205e5b5db5076e

SHA256
7fe3e46896b09dd68b638274e0be02d47e475a174844911eee682f178b3dd2f6

SHA512
0b8e557566143479787b5c943af5291c82d63fdb4cf5c4f946bb125320e6d797c5767ab34078ad67fc56859020d482c5480067c3159181fa4fa3ff53f9603ac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
Filesize
64KB

MD5
c4f7300442a8f13dddf5c9bd09128727

SHA1
d7c8a30cdfe9027cca42c45f44d569627112ae6c

SHA256
5decc8ac1f3d26152842e44d1aa103c913711168c968c936bb782fb3cac10155

SHA512
3b6ebaff36af22dcc9ae7a7593657b56f99afb242ebeed50d26a33e1e6b0ff31c98ef576b96cf98c277cafc1050fee40b5d4c3fcd730595be756089a980030cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
Filesize
61KB

MD5
a0efa5ed4d2876e063ebceda6a5ee1a2

SHA1
06c14bce0a9dad23ab9a94cb976c1acaea052743

SHA256
ada73543baaa7b64d16deb817b39b984d7cff5cd624948c5106f9cb1c8af21a7

SHA512
f6898665ac8b7e20b6d613d7409d5e819c5a6af123ac512f9fc72ba135666b4fad18eeb8369c7ea6ab4a7e1a8671c67337c30e90166a2219867a4d6cceb8a9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
Filesize
50KB

MD5
40333c9d07daab8ba8a53f73ee3f974e

SHA1
36c2b17a7c48fc28036534f445b79fca9658f0a4

SHA256
998313664fbeab2403238a77e6c50a4541d20805b30533f67de1a12c624fee54

SHA512
4a893bf97a02f88a3ea7830b5f72eb56295566a2c6ceafa33fd80f74f81edadbb4172f71c0e12e4a06b1e927f9d7b0cc62c5ba070cd50f3f25c8b670a1270de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
Filesize
107KB

MD5
f7d0caf37d196733802d70ffde7306b0

SHA1
29c3b2044acbe4ecd75557563fa647ca5ca953db

SHA256
108dfb988d1c7838a44fafca3abc98945e7fc45a8c471d382b4450093b0d6045

SHA512
84dd29afcf0d540af969de55639b4329f57eac29ce6a541fae5dcc1090f4fc6403e574fc1182dbfc3063c4b6bc3147c26ec623026e56b970d301009fcbc738cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
Filesize
612KB

MD5
a583b39f19252d5e929044138520b689

SHA1
51fc5bbd8694b72756de25fc60f13151d132ef01

SHA256
0123ffed642c61e4754dc6b590a20af667dc7d0b4262335c8b4c46e562ad3823

SHA512
434f70f7361014f9d2f87de0c29a2c2d1cd240333e99a4a61722404534783210575594c4ab996ec60d682157ffd5b2b87278cfdc9a2fbaf08213c42f1f1e1a8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
Filesize
35KB

MD5
fbf149f3cc52c0e994c22360da1fdc3c

SHA1
71c4a5d6a47d01dcb40c659951b5ce38faf1fef0

SHA256
53e46cc83cf44a5dce1b018be9011952eb7714f2949757cfa2e3efde44112dd0

SHA512
9046410e4bc370c68e98c5c00875469bf667cec7bfb14046df5a8547be292153d3621da4f1bc4ed583b044f739a3e56dd9f0fc70bd79196568aca2949501d1e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
Filesize
126KB

MD5
d4315de76a2c6bdf2bf9987bd593f19d

SHA1
55062d4bf6641df71cb282631f6ea7909419d876

SHA256
11e9ac8b7850f0723ba5b8f37eb9f28d928ffd3d4b9b1603e19e67eac1c68f44

SHA512
3f41580cd5646fc24532d0dff347b84b2c50423a6a8fef71c5b993ed9217015ca2e165dfa6c2f70e74db498a1cd79da492661c01f97c4b64ac2b32bb2d532b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d
Filesize
67KB

MD5
fa9caf97b169b97f64425fac5776898a

SHA1
799cdbf5060714a92aa991f93202cc55f97ca60c

SHA256
29c10624673cbf80e30c64190a1bc32131ed5f4be8879fe21e4b68b22a5c24a6

SHA512
d3215213d453aecbf0767ef9c4d7de0dad34ca0029690dda17b2f8e420066aca79043055722e125fe060d44dfb45ee1a1fa3b4ab66652998663e677dbff99a4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f
Filesize
162KB

MD5
b81d6636c3ad72c63e532e5180eaf7f9

SHA1
ddcd059999fff6218e98af62dbe3fa9c885a0de8

SHA256
2fb4351c49b47b7cdaa9516237a8b1e690e4448339d09d70a84c658729e461ef

SHA512
4f0b87bbf60061a8efca4906554f958b7c28cf582452e01a8316d8c5ea8c98beda6c3230afff207f0b92d316c4c2e0ca1b4631e7d7364344b4a76394115af06b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065
Filesize
20KB

MD5
6e84fa41ccacbbd926e8b19acbad2cfa

SHA1
d3a5df60b967517efbd7ecb5dfaff728a72fd775

SHA256
6b1a707db5ac3a353d5c312f76e3660974a807029d42fabc9f6749b540d85931

SHA512
ea192ceb5849c1392ba86e2f2fb5f16a7a468d93c177f3eadb6192a86fc966f5d4c959f9290aa88016186f5bc4f14737fb043e099d9b04e8343234e15537a614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067
Filesize
276KB

MD5
52db62e1ecfaad387952e2d28ffae2a2

SHA1
742621573be81ba1b7e09ff1c1ed0e86b2db9e63

SHA256
f7a99feb816d60f7a57557e86ab11cba85f01e77ce2a9cae295f441883a0a7b1

SHA512
76a5c4e0d1064900ce0d744bb30c0605bf5012f069e868409b460764a4a21fdf3be50d302138ad3a3ba675b263e1ec41e0388a85731b90023dd97b198a6f29fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
5a76488bb7ff8f8e9bdcf7427515f091

SHA1
ed9d2a9a72d240c3fb70bffab68cb830ddd90c31

SHA256
319be25eef9132bda163d2be39d5486117a2885199b064d8f935c8dbc5274614

SHA512
0c24de438d014fbea026ffb5c2972bd1fd88d89d9f4822f24d28b0a15ee186eb15ecbaf756dfab8da119ea9ab067c8c9720085d5fcf7f048583516c8018505e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
7eee86a87930f7bcf287a140c05ba6a0

SHA1
ce88bfd58694bca9af0d0d042e351c863c193768

SHA256
596609421a675b4a1e80e50d5761e17e4b92e2858e91de801da3921fce52ef3d

SHA512
73348866dd05e9573080f0517d24d8cd3febba78a2a756e7436600f8a3b3bbf4c26cdc2a259af87661bf3ed10b13abb71aa954d3ac88c29e020197b16d1dfa7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
552B

MD5
ee3ccadca229c100f390ec8579182b76

SHA1
4fd6edceed9d7aafffea86c37a8cfe3bbeefd341

SHA256
4dfc7342ad68ae4efd50bcc2f3f283323911d589ddbc41ca0ffe596cc1e6430e

SHA512
1f2615fdd7e2697c49e06aa7787d48951faaf9a0ef8fecce6d61611a96c9eae96b2838c4a71bfe9326062a8d31c95881b444308d57580ca3e4e0f2d5d2cdc4b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
4751984575f0607d1d4b49c965399b68

SHA1
e75a6c7e2ca23771f79a3841b32589f97e3d15f7

SHA256
ba961cf271168432edee22b3aa46d19209bab81da27f3b14a5e21a703545ad70

SHA512
cb406a956a18f925bf0115cc069b6e36a2e052b712436449c2ebc10ff52c08451f0399b85fff688e0b276a510c1cccbce609e7fc6be9c229ef8541512bf311c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
25ad3ed1ff74cdba1218f5843e158980

SHA1
03cfedb81f0f7db1074d2662ad47814f40ed955b

SHA256
5750eae59d66bd8051b9c1821278ca3b237e11a7a205d260908e1363b15716c4

SHA512
7a64304c30f8f2d200d9fa7af6dd76386d4178b3271aa8426973f3e99d959b44a71bb4fcc7e57367a1f82cd47aa29a172f77e87dcd439ddb23e9afe425e243c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
2ca2603c39f75c929e4c2cf0e6a7e44c

SHA1
a3a5a10a21f247ccef6da8597681a0393d895352

SHA256
c1f6cf8256b6f38329347d37ec3c4766cb339ad184eaa42e1b935a5c170b4ca6

SHA512
22ee25d3573cca9665bfdcb869aff4a377888854c3b74444a43f8b6f13051d71f4252590db9648805026251c2da0e7e129921edd138d7984417f8717ae245d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
4014253f1a8a26daa6e6968ab8016ee4

SHA1
0ccb648c2e5851d498ce0ad2e94efa864d148000

SHA256
a6c9017b8a543b454afa64aea0ae348fc50241c48930afefde1198920bfe404c

SHA512
c8a0e4a8f012c2ff851d705932d441f68ed05a98ea3dda295df1015eab155bc9b32fe0d39b05ee37ebb202ba2d332b62408c3a3f5b8cb2667b5fff87d0358b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
48e149113ac2b4976360242fde6e352e

SHA1
b4d35ac95175bc8cea8d637551e3fa8a2a626e93

SHA256
1e4317f1d6829af85260b438f97b7e0ec346c6d0806756f609d0a5b61b1428b1

SHA512
6908f3585eef746f427baa52ab221f6f95efa29c0246f49e946e2a5ed14db626c858da7bdabbeb290722363e8e118e7d6f6e761f04d4ea6e6daa5fda2523cead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
2d78ee774d925fd64df1fcbe91e6d748

SHA1
9b9c23c5fbb724704d0e28ba422a5ab7c86c32c1

SHA256
8157d958deb19907697b369bc5c6146661e65c1564a4e360a371715f649e6411

SHA512
d62991f1ebf5c1b0544889e392e5dd3d0ba6ae22f7c976992231f10d5c5395463d0766dfda4e6e2563581237dc0adfb4c52e14db51fba71ef4c08edd129af6e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
fd5b5ab6ea4d225d6efcb09f5feb6a82

SHA1
d971818d7ff5c07535d484626b210e1bf17ee7a5

SHA256
ab92536d35dcde404532e008b8a6a2786c85cb7c18b56fc8e195ce359684de06

SHA512
f7137bafb6c2ac5aded842fbaa6da10dd899f458a4fafc97522d70714b79f3d8acc38004b979b949b91dc9fc5e88e44840c1693b9ff267cc713f453819b74ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
f76033042c442db15006e92e8b6d742e

SHA1
12bf810b8e861dc3951849057fd8d5efdf2ee0a5

SHA256
7ed48f6747797f2cae402fc1a53d091e09f3bbb1d2dbaf6453d97791f7cb2805

SHA512
01370ce6e388c7ca0986967fac3b7aa399da9ac70e3c3698d713424aa96f13b5bc3e62a3f8c2f68a2e7ab60548833f2fd0f7b077fc1ddb3df65e53ac018bf313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
5cd26f072a890208652bd4ce13ae6440

SHA1
23ba3508c4e633b4c85996be24ca9fdf074f48a5

SHA256
538ec392fa1f26b960e5ed4253012b201a2e30c311a19d33fe0f3f12e1f32383

SHA512
b5058f9405b2c7c4533f384dc8a01b78981571a9a94a98edd2d338ba152b730f8a6475a16b8309f0763709a870cb845417e84ad048fb7df3804dbe8778de552c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe59d74b.TMP
Filesize
48B

MD5
3dac1b3f42d23497ac7b43d4422ffc46

SHA1
875311cc080e004edc539839c677c7836e8695b6

SHA256
0e84315119b03fe18c4a0628e4dcb1809616aa8193ba543686f68808912e51a3

SHA512
685240115074fbbaa410234d0a6e3986eacfb84b13be12e602a5affdce8a2b0f5bdf4118a6bc57416f44e63220429b7cf89efdf2d5a699519cb449619a631655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
24KB

MD5
d6339988625a48a910482d83deb7909f

SHA1
17202d5350b3f78f31321cdd893222a50a7cee6f

SHA256
c135a59583a271f10bfe9d8efdb53edb23fe549c0c72b60040697bee12bf0e34

SHA512
ac20c73650634719f66ceba1d1898bba22fef06afee0a8bf413cf30278974e732b9f9340ebbcb90881cbd5e12a3cf3ee61098a105594dca8f3d60fd238a1c2b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
0658c4e617d7a80584cb9803df8b74b6

SHA1
e6d83ec7903babbde627a52831717267a9dddcc0

SHA256
94af35d6c730c903d729eb931689d9e5c506132dcf682e4a6d98a8875990d49a

SHA512
dc1c27d2efc9e907abf588b45f21af4d0e5074870e3f830c8095014df97760a7d688845f29d3982c1e83ef86ef396ee12d17c9a7b615cd6ad3fefdc4a46bb1c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
907B

MD5
d3c162baac7e920d8e4abf4566231a6e

SHA1
cf5d2f707e57dd600e6762129dde231dd4b5b795

SHA256
9662714b1f63215d10736b495037da9dcedeef44e338d76d39d128533f8c4239

SHA512
78599cd919e2337204b33fbf50d76177e0404eefbac32c07142f78d610f3de5a0eb15c91ddcb839358181a29392e883e8a32667dcc1ec3892cc5497c49677352

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
113B

MD5
92a801c85f4361b0da86cc433f66b779

SHA1
62ded3405c62a32ff07118a817bb48813abb60ff

SHA256
4df736a4c2d236920a701a9bee2e22616a76f0227d2fe9cf39e142dac794a93a

SHA512
69be7164253f5f8955d8dfee2f52bfa712742edd05bac26af6cbfa9b592a53798a31870958a2008da33a94ef45c744d8a0522d6e9e5850755b856759c6ee1fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
22a8acfe280f2a6f16b781719cb310d1

SHA1
c11f437cf139b41c6db3395a6d914b181a615dd4

SHA256
8dff0db7236f1089543a4ce66701af3922b4f2b0f3a51b718474e59efac71dde

SHA512
c2496b2bec253b96c05aae95b3cda7af903a03f04f31b7f06b6758134f8fc39bb92feec18e5203fcf0c32521f4e2ea8548ccc34a79afb4e5219bd687663a392e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
041db60fb82e66e19833ebee14b3949b

SHA1
47ba0e50c3046967cdb25eb9fecc5afe0670d4ab

SHA256
036f8955ab1e96a0d76edd00fbe2eb4f1dae51873b3bf8629ad49aeeb0bc8f90

SHA512
8f1c0875b90b3ed3093708f049bc9f5860bc7e52fdd7bfa527bef35b29cd8e40a2f10f9f7169b88c51fcc221a94b85fb04fa66dc4d9f0b84bdc41356da7a81e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
bc7c076911a28829daaed396f45e3795

SHA1
3794794a60b7f4a9be9164d6b6bffe84982a7f7b

SHA256
3f0fcca8ff4d635a2ab8b4390dfa2ded4053cf95a796ff298ef2572feb510d35

SHA512
dafdbd3d987a2d94a9cc318f8e910c2fde09385734952fcfeefb70d2e53f6e13f10af82ce6420c0c80d29b55a69049c2dd1c546a39dbd58ce6ef8afe59cba014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
13KB

MD5
1bfc8f007847b7fe1667136144130cd1

SHA1
e331a69c53eaf2a093eeb3f633ae79d1af217b0e

SHA256
58588e99784c9696ca5d19e12f056fb90d187a52186ff183adf7e7981b0d652c

SHA512
4d05d94333591886a535e7a909f8979acec457ed929976bbc1491d465651503bb0d57160819a2d5d93b9068889108df80116692119357b39581017c10b2e4152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
03256c9cb5ce0767144b30bfe8feca0d

SHA1
f9ad0231adeb5d234812294e10f4a25ae242a861

SHA256
1fae8d7a18bef0620c79ccef18e008adbb7fa81514a2de03fab600e243237ebb

SHA512
f6a2fb6da5a8ead66c4b285d9ddfa5cd512b072f693fee2269eaf18f0de5d2370e73be68d714b8d2d620a9095f59283b88adbda7937f5475cdd454f2f2071cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
14KB

MD5
06abc6cea468f4fb33ad5a204eab187d

SHA1
8fc32f1bfb17e332d6e8e33bdc9987c62cc3c011

SHA256
a4a37b35539228c36cad86d24aad6891b29b6a65d49e670ed9671a241a6f3cae

SHA512
40a13fd557f8c483083c0bf476d620cadf425125daac5a7c4b809267a337cba6a17782c75fb874cb6e1b1491adcd7bafa173000f56fbaa1aff06da331c592413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
17KB

MD5
366e01a8ff3f3ac3b6e5e8608ad476dd

SHA1
5e24139c8956f6389900642786ea9ed4ab9ca755

SHA256
6cab0466bbf53d50d07046b323e167ee65935da0e92d54431b89caddf3291fa2

SHA512
aeed594083e204146be0362613f4b24083da0ae1625d1d3eb1bc72cc57e9ef315b9a7076ea978c02379d6b2d733ae63385e37ab5d0660fbfa98e61c7b523891a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
12KB

MD5
bfca802eb772053bc8e762d107b0157f

SHA1
e17ec2c2004b876b4f7b58956b72f3bf871a57ac

SHA256
783ba4f450b65f6a6661d3f75d068ebd09bb1032620d659705d72c870b5cd491

SHA512
7d078350dd32919e97abae90869d201519486f0cae0abdca293824ed081c8b773aac4018d7158adcba296283eb8f145768f003eff8728e998c6ca3654eaf7ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
81f822b47053964c533cb615f4ed1815

SHA1
fcd2776a5f1fe925996bd802029b64788751b9c6

SHA256
c0a7fbae8ac370cb890483914229a7937cd7bd594d7c7acd387a36f079e3dcb8

SHA512
86b86e45f1c74701ec834299762a6b0e2865acdf6e0a5480bef1ac91792407b4509af31e2c5805284740aa8dcafb0eaf2c743930f0d26f63a528e13f51515fd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
81f822b47053964c533cb615f4ed1815

SHA1
fcd2776a5f1fe925996bd802029b64788751b9c6

SHA256
c0a7fbae8ac370cb890483914229a7937cd7bd594d7c7acd387a36f079e3dcb8

SHA512
86b86e45f1c74701ec834299762a6b0e2865acdf6e0a5480bef1ac91792407b4509af31e2c5805284740aa8dcafb0eaf2c743930f0d26f63a528e13f51515fd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
8dcdf12cbb3a500e91687b129d45a1be

SHA1
43fcaff43b005a92740e4ff51c20dd214fd8b570

SHA256
467dca17fcff17d1e0b3b590300dad18d754917391339f25576c5f93c3b799a7

SHA512
fea9758f26702006508c81c9bb9094e3ac8c6d6eb4b0f4e1932e379445f8c58e9cc5aae7bfb0d42fe453f0e7ad6c9a70c946974b64346ed0623a81d878437239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
52438dd9dca9820356bccbe05abab192

SHA1
a575391cc66c8342ea51809e226ff43f1e6e1574

SHA256
8ef2c82b09a45aab7da0a6932030203c1728e570c541e54825c0938d02aefba6

SHA512
42a8577469243d715f53da580ded5dc489a00f925924a01ab05f673c3228de30c87990457de40b8d7d645284ea9f5f26e5b0b085d38eb9146c4ada71de2f1b48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
bc87c37fb08350be5765f9773d7588d6

SHA1
00d0a32643456c1107c46490cc63e9fd1cf35101

SHA256
44fa34bca53b3cf87ca05b8a875ebc3b75a493f2dbcfcccb70dcb6c1aff15ea0

SHA512
4e8e748e13581dc7961a4d34871dc4bfc92bfc2a556e46a4ff835b694572ea3c5e06be5616ffed8f822180e0ce73a980f2e321b6126d7e545f6e604838af2571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
5ae7129c8851254fef74426f1d2df148

SHA1
00e0a6194ac47dd95f3dc9fa0fcdc8c2ce8232d5

SHA256
82b4b435e60b0c76391a6882717e7cd4d240d799a4e036a9f19de65bb43e2b11

SHA512
1d73dc92ebca1e8ca224f88f8e0a8e39bd391850a0d0f2d8b082e7ce14f1db8223443f79d6b576aee94b5b4a7cd5b1a4b69d0ae25b58c1b33611374afb57ae99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
66d0c51f35cba6c3db971c70b49f981d

SHA1
3e3aa0bba6e1c4b903ccadc2776317e2967f27c8

SHA256
0e96a2d541c655db4de1431a137459fe6f11aa9a2f43cf3fa3c72bdf1094d09a

SHA512
622ec99b4fcf8309f77462b91c1680268147ceaf7e11ecf53eb1a25c24ac01a42b48f1dc2dc6b031a66c36f71f16a6104e176aaef51ba1a7aff4c0e7b1a19806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
ba1bdf6f08e4ba77e9a0103e25b9e6e4

SHA1
2b4f2e4decdfe4a88307c867c2fa6d223d5f6d4e

SHA256
574423d5eb735bc14dc677d6464bcce4ad52c6492b1646aaa22da20ff253f30b

SHA512
169e7e0dc8effae94cee3dd2eddc641d987efbea652893048b811deb3698e567507fc348946b0bcffec3bb88de1c13ccc8e02915b469ffcf0829487c1cfe9044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
3ef6fb67369d6736dd916b3c1c61dc70

SHA1
04e7d205e58b1a4565453b11d23f94c0097b1dd8

SHA256
69a99f4dd3796c7d80ded620c04bb2f9b1fcc17e6bfc33e8514eff1c5a21e1a2

SHA512
75989befa67cb989b570b4028d036eed8929f81e7eb44c938564161d70b76a88b82bbb60f3df22d0afa36561eb71b4568604f50365a3bb695e28b734b8ac07a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
5256665562d8a481abba23e881021c52

SHA1
6bef4725d1808f94f9ab626a6ad1baacc65f2408

SHA256
adf20da50e37894d756c80a8802a93c88e87414a6fa7bc5bc086bcbfa6a67c85

SHA512
aa0972724adf22bb4dd80cbf3c8c7d4f84894c981aae0ced74a580cb6a1eafbde1348e2f02245849268d0b7ed2e6d0be088e342721f4a3ef4ea391e30fb76ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
bb1cdbd82fae9ba5c97f2a512e0b3852

SHA1
ef406425e605f53f867843cbdb1ab9a68305bbac

SHA256
4abc4ef7458e9e0b7a76ef69da23718d65a7ebc72bcd80d3404af954e5b1e3b4

SHA512
06fb4dff521c54837586f6a54a907d324bd3561a13566084922f49a7ea60376bc5a2d84a34448e8b9eb3d446b794ea7fc9a4da375a17e718a105de19bb177a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
1f78fa912193d9e12a3f8cd3a3641c4a

SHA1
77fb260c23bdc29241742fb93f490d2c766698ae

SHA256
76e7c1a5b029900db6420ee7acfa56fdc86a9790d8ca08cbcac5614108ded1bc

SHA512
d68b4b43f0a6e0aa7c4b45b79427ae11f73f9300f1435a4bbc16d35d8352ad1058e34a8707e2915491c6ac506bf1ba9cad78aeca5ccc33f3936d523aa515f24a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
2c63b0297e557daf8bf153470421682c

SHA1
15c1448da9c0cc908fa6d428f52e2b57eb45fb04

SHA256
300b63c1ffa1fe3fbaeb440751e0b82cc17f991ea90bd084e0e38d3552fc78cd

SHA512
73d561a48e8a04dda8e65f12ecfbcdcfb7654389783cea10371358ec5e1571f456d6ba28533833991b7b1e6017a79025bcb199557a55e682772f80221e4272ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
4492b623767fa178594559272c6522ec

SHA1
cf4c62bb0aa84466beee1f149cfca9ac1de9a42f

SHA256
924592f572d48b145bc14b9f4a3018e2c1ccb28124501546b702d55b796ae2e2

SHA512
a3e84fc61a44efd8b7e15086232eaefbea7b39298adacdf74d87f4bd48564312e639cdb2cfd63f537c4aceb37207b5529e72f98de077a928a020326c790eda20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
fd70d00fbebcd901738bdffb0b4183eb

SHA1
0de9e3a940d60748ce02451e8f10b3680317dd23

SHA256
da2ad28f70821662240015f7a07461fb59c21e266b57355d47b84e6faed51d4f

SHA512
3c22f0a88bf07f6f14a5b5f105bee73c61d01899e1c37803d03d94348f894cabcafe0813a958bae27980aa421814432d2fa9cabc38a6f5def9f0af354a193eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
3d1df4dc44ad2f05465909f8be98acbb

SHA1
d9c0ad9aecee014ea2dc4c37605dbbbd97bc6f7d

SHA256
8b84d5a4057f3aee621a1b0f17cf0d361cb45413fcd2d93db538162da0a534e8

SHA512
bfb6006c5e1d2d8b8c122f2da7ddb66f3028f0858c002af4a4a4ba42779632be1a4605e0c0366fa62044a4330ef49169aff94c14eed4c575c1be62abec16ac6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
4dc3374932445fa0a13f2d79147170f9

SHA1
e455b7be989361c6bae642e85bd155ae7bd5d642

SHA256
c4c01fdd50536f2f3c940b9d2678df1f0af1669e9d8e562feadd57490a5f7b50

SHA512
8527028428ec8869b1c9c735b50e36272831d597acfcac597d4c7698c1eedad49072098c4a62799d12ff095719ecea367aebc380cc968fefe8d807077b133de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a9a59c87ae6a524912cfdbb5b428d875

SHA1
0d7de27bb70a21e4c20c486784bcef28e4790912

SHA256
a4351f841787925a83cc6250fe071262b70bc8106f0de40af8bee17a9512955c

SHA512
c9ac0e48a1b70dd5e376cb8642e78c62d5cb53e21605024a838da04b2710afd763f2ae55717a09677bc5ace798ea7005f71b7c9da717667c1ea012d376a11adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
766b56c5313db53b0774fc44f38314d8

SHA1
19358233f2f6f11287127839495b12138d875322

SHA256
059d7c991a9ea0a787018fb30a1749960ab88cb393b27e8eeb6ccd437c7db329

SHA512
e7fe25d9034917957f654664d14ca99f2280eedf032b412af6e7d931f04055de54612f874c3152f48abd34779077f60830234c04ae3daa554db9b7d0a7b2c674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
a2f2323fb169f1b470896f62d945842b

SHA1
6eef0cb60c823d0291465597560cf2be0975d315

SHA256
73062279e0315e0547aa41f1da8ab17f662bf6da36a6fffbe660a132d4a13ce5

SHA512
0f55cc79ddec3113af2294db3aab916d4ec5553eeef0bbf16da2d399ccf6207e6bddfa4d9ddb25631635a06032c04a0927a5bba9caa5469eec19b035fc2d7748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
ab4afdf712a2cee17079ae4430830023

SHA1
89ff4fd183701093b7f6c15f774d656f5f33f5a0

SHA256
cfc143a620be300a5de74a553caff92f3a20e87647430ae8b088180af8ca5b57

SHA512
70a7a9040d74c1158d0dcf9172b2109efb519b10f992c18287813f31d29fe0636ffc88757e78ae14605eecef58c38696344a9648a0ed81359fb520452cfc70aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
6df8b2a371d0636ea28186818c10a02e

SHA1
fea338bec57067db199c5f9dad4869d995083c20

SHA256
4a64f43e44f2088440a9630af7eda9c20a178d8cbcd0856a0c637d19c691811c

SHA512
27d34f75d97fec8d2d92fc2a2f905d877419e6255229bd16be316cff9c27725e5138a905acab49fd057432984fde54833f5ac37abf7e334f44163cd8d5ac1c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
12f14f3eab867aa8d82644644ff2a2c5

SHA1
f8dd6aa28ec0e2a9646c7ef874d1d60b97ca4ee2

SHA256
65548c2b34951648d265f748997614cf05936b88ad58e8a73affb57f1f1c460c

SHA512
538b97ba0851161e12bc517c525ec0ec2a23b15471552e4f071ab6cb3eff6ffc304e113968d46ba45168638ff9614576d5fe4a9c175914840f6917608c1f429d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
e280fe1fefcc1fbaf24c7cd9313cef87

SHA1
2aee3a947238fa5ca1be5aee195a4f251c6be5a6

SHA256
8c198a08ed45fbfa9bedf8d300734d8ce3b2841b2656e07324dec7f6f389e277

SHA512
480c89f00b164c13ee0a2551243af062a6aadf85e8832f32ff87ea7b308fb5dcd2e8210ff38fc75040e0b267f5e6b6f0608ef994b82026505906d2debe2b9ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
f42c8497872f25a3c7546ee462a78823

SHA1
c136c3bb5e82812e39c1053e53b2d5156b226716

SHA256
812984bc3b3b504985ae7d12ec255f11d58d3c1b5ca253d4c5c68ae661ebadb0

SHA512
eca4acff0b672ff802a39cdc7a76dce4bac419ce0e7052a72a65928e2c7d955af2d3085b41317a18a84759a5f3f19280cb35ffb5cd4cfc890df29705cb7647bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
3ad3d60040d22cc6491d98663cb24298

SHA1
b6117efa8d169cf8925aa6706d67bbd176abec47

SHA256
af839c640584524e5866fd2c04232241f93ec1a04d42e10bbf8433098a4151e6

SHA512
bbd2b90993f77767472c29f34135b11d9deace0c40b71de8153151b6f1ac1d3ef663f2f23cd6cf4b99ff5b4d00aff55298fc0a33ee940681723cfba8c3d97710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
b3a2524f73b869b2a06334d76e2ac7a2

SHA1
71136ffd8347c13eb1a6bbe0438134bee380d063

SHA256
ffd481bda0f1b58618a624d2c11e0b3e5ccb88d55202f5a81ba794debb1c71cc

SHA512
f3dcf2365b3629944137f69e08e4618a1db59dece1e237c56a198825d784580742438987dc8e12da52d2ac1f0d3548fefe27d8e9bee91c16099fd0e5d2a9eeb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\59be3f28-17aa-4826-aa84-3dd4890988be\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
c24919745450d5c10aea38ba1a341881

SHA1
468e9a250c7f030c7fac9c0d5effc666dde1385c

SHA256
229aeac7c5cbdf174c54cbc4f6f481bfbb5cc75b59f0aef7fafc174abe76741d

SHA512
af53691e86c8b5a6f5ffc4ff4c74585387218bee8ec18c283011644ebf3251498795862c5deed6bfda914725254edaabd5d0563c6c7be4ca502efeaddd852437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
614b58e02e7213a2cbeaa974fb281f0b

SHA1
25a6356522172b1d0d2f097faf20d2aefc5bdc6c

SHA256
8070c290e14f1182b671444b4f3f08411ab82675daa2bcc76c2a4fc44ae93b37

SHA512
f26de167d915007fb75b357e39a7d9028ea7c59d2162cc8e05c21cd816096cd955e4a88dd2783df307b89540c59fa9649d7ba18dea219e6912b86494ab2ddf73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
a6192ccf5f77f45ae213052cdd7a1705

SHA1
29a3ce1017e032ed486294cffdf5fb972d2161df

SHA256
5f4ac0ee0e27cff9df5cf814ec44d851d97111b0d1f5627c1172ace56e223fa1

SHA512
7cfb338975a33bd3bdb4afc812248b80834938e40f6a1d6ac4c0c134d55ef891dd78843673204d0793946b8b1fbb4769a984725697bffcf3400afdaa21bfcffa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b9b14.TMP
Filesize
90B

MD5
f9f959c6768d2392a269c8f81d3632fa

SHA1
78b5214ffa64d83aad81c12922672c6e4868b532

SHA256
980b09b8b3c674982f106227be950ad42fde2d6f084efba9c6940d4c852a3300

SHA512
4694f1e9a18673c592428476f8382576d50bb8c41d4165e1d0f8b3e6121727e1e728f6f74d1a3ec118bf94845548ced73cacc7e6001d8f1788bf709a2408d1c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13324854670994921
Filesize
1KB

MD5
cd42e75c0e0c1cb5f10b0fff22f13559

SHA1
b2d7e39234466d13e39ca73c68c3962cf85df660

SHA256
bfaa0a0186efcbd8c85e033271970dcdb5da3814eb9987ad8e7e36ee0e1109f4

SHA512
3be0bf8cdcfd47b648a8aa9996f2d3676331505e4ee14b2e166c910b8297638e22c18eb9edfd1fd5bbd1be6ffdc98666820f3508dd24dc548b5bf9239497457d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
3ddce4a02486c0f0ec856dbd9a64a276

SHA1
4c4c347d669c47aba51ec9d3c836af6fc1173600

SHA256
ca05932f8dcb5c779327c71f4eeb226cd719f4c0d907d59e3967741e35be44e6

SHA512
e87747449882aca1e157b08edbcc26e9343be0e5f2636ca7d93300dc6decb36f225b5eff55ff38ae5e9cc04e80805b512b75d3a5c9da95c27e0b8f79a16bdc2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
2c30d03889e4b99130ff564b59ac93b5

SHA1
22a5aeb8c0accc07e078daae2776d2f7b125409b

SHA256
b0f854a01f0aecd3fab8f72ffcc14532188357a187a4c92e31e377f8e9e74db3

SHA512
a29c8fc45488a5c6e17972d29aee3b85521a9dfa4b6c32101a83a266d5ecab7a8fc1306a37f0859a36715518a43f2813579804b6676e9be3c0523e584089d66a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
d8a79eb06e5f7fcb68a1d9759621368c

SHA1
fd57af8e0bfc49a2abf48e0abfa982deb8b6065f

SHA256
3d7523cdcd88def3ab7dad5703fb99b201f751a33c196060565b54a1648dc587

SHA512
5a7ba3c8b4c77b6b885440ab84690ef86096fdd152a427aab7d0b2635a2f451d21e00c350d3a7787839d100220d027adb8ef9c2e25590f74bde618ab540f8196

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
de9e93a4717f653173ba7c22a347d0c1

SHA1
deb81f152e88b7f187e2e64b2d5b6f58dcfe786e

SHA256
d45022f1d8bf5627d54f172136f569a6a1d7c4746e0a16c1d15106cbf17e00ac

SHA512
761bdd1978cd67e20027adb35f0696691ee6e534f2b6d5367ae4697719bd81730a5357dadd5da35dda46fafbc5d035e5b5822b50cdaaf26fc600fc0e3e22c1d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
c8faf74d608e7222c9450578664a4b81

SHA1
9e64b33dd166086ec1cd56126a196633fa7d110c

SHA256
21cebff4efbeb1894e0ad57b49dd177033fdc2eb74b3acef527ae7f763cb939e

SHA512
946e5e49c351f195e942a2be95ebdf50c886c32c325f1e704e4251de19e49d6e85153bfb8acfe16f70d9e91783560a7ae903c2aede007f708057fca8bf832b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
d0341d2bea2a399fe9da9630ab0ec34a

SHA1
b8476771d153502fe3a7847cd28e8e48e5874b81

SHA256
110535ada3747379ed6cdc7b865ddf1d3348203627747d92a91f86e6bd664c4e

SHA512
35d3d0a1f34282093f8e68241e40945b4bc75fddba8317c9ea82b62b3740f5e0a91659db2c28de12457c6fbbb6e1b84ae1ef9ae1a8a13497198fa37925bfcc0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
44004c0837088398ebf2deacecefcfe7

SHA1
b46a9ca5eb2cf1df59826a8f6708376020c9995f

SHA256
d87b81110943c82b30dff748a5eb174a88d2b25520d1ee8ccf0836df19943843

SHA512
3d8b3e3c53f1e292b20400d9112e4887a2af0212ae52c7952ace212e92e4e25759acd4939be09d695288dcd57f01dc284fb547b24e23c8a6c31ad7aeaae234c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
2a0d0b60b7c2799b819a63a5aebba1a8

SHA1
8ec8d4c77a76343c12b4eec555c9047dc1c38af6

SHA256
b6d9a18f0c651cdb94e2baefb6321f768931399361039ec63d5d518d7500fcc5

SHA512
09dd80bbb4be5e9208a553453fae465fd596b073894635a5b80f593ceb52a2ee612a4ef5231f8a91803fb11904a47a91e4d512b8da8e842c3fa7ccd181c30919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
d73db0ecc7e76da4d8ddd7895fbe791f

SHA1
bb95d16de83924412b1503d33d05dd20d03a4b43

SHA256
0e273910112bc491f0e9d7a07f74b69056bd174622288164e6eff7f29f19dfb3

SHA512
e8455281c6eb255da41cbd4edd05ed4d6f5d259d3d6eed3c261dc45294c4af7d428019c86928566c16ba67d038b56843fdf23d25c4dc0fa79f5e06a6f65bb718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
1f969520701c546d6a014401d5ab8eaa

SHA1
a44e3a4d2c1b6e5b2faa0524d6def01834cb3196

SHA256
554f2bca05a718607c310495c0164c8fdc2566c339c42d7cec9c05d19e55fed5

SHA512
f940a7c338ab20ff72560e66b20fe0f96ddee4a5350ae19328facc1363c594cba20bc2d70925e7253054a92c8e272f5792398971398ba184e2bc114386aaf2ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
8e0365574e4530d379badb49b784ddc5

SHA1
0e10887fca35adb86dbe6e66d2255ff45ba01375

SHA256
a1eb9d3fba1619e1e0ee081d3c45c71f2e36788cd10a9d56de3310b7b3ce2a14

SHA512
2a91e1a920f8cbea5837b3a6044135f0c590a1b29ad6bac8898eb90e54c29d5189cacc743dddc87816386508b137d9a5a4bf6b511ac8a894ce503f25c5d20c77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\eafc36b4-e932-4752-91f6-e7862cd963d0.tmp
Filesize
12KB

MD5
e850ebad9ccef89127837aa233ec8659

SHA1
f9b9a5546b8cb5f8fa1373471ddee5ab53cca771

SHA256
a377ae52b2df0e47b08dac0352a25eb01c3e2fe9facacc66ad8fd0fede7300ff

SHA512
60738a1c0d1f9a0df5e66157d530ee7953370c6fc270860493d69dc4131e22f947ecfffae2bc014c85e22297d2bb532dff526fb7fa2203464c4396183d11d6f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
5bbaf4b24181134289377ebb369df984

SHA1
ba25ce9b489639134653558d1747b108a672e28e

SHA256
85f503dce8e9b3a35a75dc0c4d7f1ef9580d287c19da173da0930c104efc0fe3

SHA512
d528a9966b0a31538bc3c0790e61abd7603fa7892166d57cd1b22b6f1af34f7cbac2d1a72b21bfc3d119d0814c53cd11d6631ff6bb6bc007434c16119de10779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
454a9317b6da2529c6514127d11ffdb9

SHA1
99a0d3b0c6457f98301fd0d96bee6f7e5b6f319a

SHA256
43909e55ffe95e2a98a64c685ba23f1b5137089a9c54c280f0ec4bc6bd22b35a

SHA512
bd71679a4f08569ee2ea6055933b90172e6daa46ad0b621a9d2c4c306803dafe6109c2d960a0caa1efa243755a6c5426ee64caa40cae1e1e56958dc057eff002

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
7c2fafd5da314b2ae962e13c8d8492e3

SHA1
8f8e94129376cf1a0d1264296e208ab90c8a26bd

SHA256
c2b34c331083b63345375b229076fa68af841c5f1e5bb12f1f4141e293458e34

SHA512
52fe4ccf4c2699b9458a3e025ef42ffa88bb01dbb6cfd6934f9920788fbf2c7a45b3770e9f2aad29416fa03dca2db7802b78f5c082da3245d38eb266ffe84b8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
e7aec331ce2b2ab9cb31fdfe88e7896c

SHA1
b8456e58a2b40b31275550b63790e62239fabe3c

SHA256
fcee6e59764b640968c535ec7c0c4eddf4d277cd5e2aeafb51c81af8b0e0f9eb

SHA512
2920140d272a4384cc767d9c9ca87552297353bd748d354652d414386451c82afcedb53df78a09fda358841347fb282dbaf1b9a3dd1426479531706e0f045a10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
5a7451a6efa7900208c79ec60a5454f2

SHA1
ea76fa323a1bcef365c071dd8c7420c87bc4f5af

SHA256
deda07d288903a55fb56df324ea8c2d4d00428e17d5744a571022d395d067be8

SHA512
11c467dc9d5997c881490a12e1c4366f9d58572d62f5b5b7d16776354bb7c567ca6d37acc14a1663695011e395434f2e521dfb4e572e642c18eb3ca4cd20dc96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
181848a705bad94c733fde8caa771892

SHA1
1994a304cc16b05c8d3ed3d455ce0c18f3fe926b

SHA256
cd51d23992c291469e8369b5b61003457dac639fd62b37899cf30876205fe085

SHA512
9aafe4c6eb84895a152aa05d8cb135d83a3b6dfb50eead6ed44c399a9d7e37b8aa49d7b64e986884ebd15ad5cbc6f276d402aeb4273346c2c725ad50b900025a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
fb85d96d6dbcc9627d969696dc40527b

SHA1
4194ef50711262223dac2fe4cd5500b904f2b915

SHA256
e42af9a55eb5329cc888940d54d0eaa33defd58ec7af5fa4d44ebc4b9dcd96ad

SHA512
b7730fd5ea42c342783f02a331b8171a5e4e14a9bfb50bd62bed68f3c57ffd36be8c278fcdb0151800ad0bd067fdd090caaab098c22df02a5eb07bde2c1af09f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
6971d55a8354717c66ee797b48207d98

SHA1
2e81e1dc712476ef27218b21784d62251d657dd2

SHA256
268f9449a280670102da04f5b4a4f8383f090ceb11c8a8a32d6cdeb46c075ba5

SHA512
69c16806b8f1f4be596961acb100d6d501f47129c491e1707cf08ff15492ccb1e193038b36418324c06eb7d351f4d40fc2a4adc608ad48ec1df79b244738418a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
cdbf0c9564b868fb4463f6f14e7d87d8

SHA1
bf9ea179cddc5203286b68c3f1ca97290d242854

SHA256
c20b746fe0c52136e9018ed0486af47836b3fae123ee8f42ad24bc2c40b0ac50

SHA512
9f7ec36ff3c025cd9b699449b60333a0846c90d8b5d6a53c2d7ac1ae25e4c842afc051b31a95907f90b7ba4ba9290339a812810861a3d72eeff76fa3aa45bf53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
d1be6b4ef041899c2c6877a74ccc6f8f

SHA1
6a93be90dffea490965691e16f7539706d801bb0

SHA256
425774a7571c1b95dff75f6c6c4d3189649ce2fb39cf8c673d5dbc70d57b38b2

SHA512
029558cc68924dd1f34622d0ce1d9da76c9d29fa464a140ddc45c1f04e39d6884be3313b81b5dd0d148cd7231851677bb16b622bb3072459e3a6161b36a61cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
f10855a7fe6f248b5b95cd941e4f198d

SHA1
aae3db3b980929eb52cc642b038a928572b3ee0f

SHA256
888fea7113dba96dfa63c177aad65c88a9bce9b088022687cf70d8e482e2e7a1

SHA512
ca788f4c418d6a04d8b25e3cd3b38a0b12d122cefdafb183c99563ee58853c6ff699691763b89a25b773bd303f9f8f3d164ee15afd549e32267b07b9c5e0daa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
eff1ee07b25cd393307cfa2f09840a26

SHA1
db71e8a45f5f541314e2843fba1964ed648c427e

SHA256
46b3410b7a83a120157495914cb07ea9b499585655293fa5e7a8654b891151ee

SHA512
aaaccdaa86fda1c362a3dd9b5fc0d5f6edbaaf7cd0e60295b2d4540612dcea7f14e6b8085ff5bfc6e079f438a5c88fe78d41e57633bcb383b07e1318cf5953de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
885cab440986ba37765782474a06842a

SHA1
636cd765d046e71cb48e841d10a90a9b1311e3b7

SHA256
a1b65b2a437b7bd14c4836f31767ce035261301fe08e7791bcac722311f928a8

SHA512
f430f60e2060e8335499720abb04a7fd41bc2af5a482b5375e251acac9d74ea0a4c94a22d605123e9ffc1a08718f96085803b2ea01d85b04ada8c00cb519d4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
90e0fe6e0296df698c55d8c72388bed2

SHA1
914ee98724ccfd180169f9a460d3c7dd601ec2a2

SHA256
72ed60b8ef1e59f1fb8d76cbe8dda12403f940f97b1129d86df36b9b089b3f46

SHA512
53efa75a34f6f0fd22ee9efeb25c8c8e6d9a7d4c3b88d244dfc0f47330519184dbea121b97237d8c2de9e7981f8040e86a3e4c424338a13199d07ab52a94e71c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
454a9317b6da2529c6514127d11ffdb9

SHA1
99a0d3b0c6457f98301fd0d96bee6f7e5b6f319a

SHA256
43909e55ffe95e2a98a64c685ba23f1b5137089a9c54c280f0ec4bc6bd22b35a

SHA512
bd71679a4f08569ee2ea6055933b90172e6daa46ad0b621a9d2c4c306803dafe6109c2d960a0caa1efa243755a6c5426ee64caa40cae1e1e56958dc057eff002

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
df0825efc7594be1727ab14b7eefd01c

SHA1
1b9e0e4b373485ae152ae9877e63edd21a7a04b0

SHA256
69662d61c5b16f4866db6d3e33989a96f46b318fe64ed8a29ca3c62d12b00ec7

SHA512
abc1bc4a8e367514010a2a597fb8a4c5b6324022041d760493928b40e1346871bb438ac1c6e79a27bbcc3663eabc673257ec8859499559b1001a9bef32c8b677

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_5448_YPLYHISXFBCMOOES
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_2012_ADZHKKZSCPLWEKDC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1720-1584-0x00000000059F0000-0x00000000059F1000-memory.dmp

Filesize
4KB

Download
memory/1720-1588-0x00000000059F0000-0x00000000059F1000-memory.dmp

Filesize
4KB

Download
memory/1720-1585-0x00000000059F0000-0x00000000059F1000-memory.dmp

Filesize
4KB

Download
memory/1720-1582-0x00000000059F0000-0x00000000059F1000-memory.dmp

Filesize
4KB

Download
memory/1720-1576-0x00000000059F0000-0x00000000059F1000-memory.dmp

Filesize
4KB

Download
memory/1720-1583-0x00000000059F0000-0x00000000059F1000-memory.dmp

Filesize
4KB

Download
memory/1720-1586-0x00000000059F0000-0x00000000059F1000-memory.dmp

Filesize
4KB

Download
memory/1720-1578-0x00000000059F0000-0x00000000059F1000-memory.dmp

Filesize
4KB

Download
memory/1720-1577-0x00000000059F0000-0x00000000059F1000-memory.dmp

Filesize
4KB

Download
memory/1720-1587-0x00000000059F0000-0x00000000059F1000-memory.dmp

Filesize
4KB

Download