hxxps://tria[.]ge/submit/file

Analysis

max time kernel
915s
max time network
1320s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02-04-2023 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tria.ge/submit/file

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MEMZ.exeMEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

2696 MEMZ.exe
2480 MEMZ.exe
4584 MEMZ.exe
3120 MEMZ.exe
2548 MEMZ.exe
4292 MEMZ.exe
4780 MEMZ.exe

pid	process
2696	MEMZ.exe
2480	MEMZ.exe
4584	MEMZ.exe
3120	MEMZ.exe
2548	MEMZ.exe
4292	MEMZ.exe
4780	MEMZ.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Drops file in System32 directory 1 IoCs

Processes:

mmc.exe

description ioc process

File opened for modification C:\Windows\System32\devmgmt.msc mmc.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

description	ioc	process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Windows directory 59 IoCs

Processes:

mmc.exemspaint.exemspaint.exe

description	ioc	process
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid pid_target process target process

3148 184 WerFault.exe
5188 4076 WerFault.exe
11292 5640 WerFault.exe msedge.exe

pid	pid_target	process	target process
3148	184	WerFault.exe
5188	4076	WerFault.exe
11292	5640	WerFault.exe	msedge.exe

Checks SCSI registry key(s) 3 TTPs 26 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

mmc.exeTaskmgr.exeTaskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe

Enumerates system info in registry 2 TTPs 51 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exechrome.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exechrome.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 17 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exeexplorer.exeexplorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{DAA6822D-D193-11ED-9F77-6E21A4042E2D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133249404631099552"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

Processes:

explorer.exeexplorer.execontrol.exeMEMZ.execontrol.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874385"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByDirection = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\IconSize = "48"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupView = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	MEMZ.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 14001f706806ee260aa0d7449371beb064c986830000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Rev = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "6"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874369"	explorer.exe

Runs regedit.exe 2 IoCs

Processes:

regedit.exeregedit.exe

pid process

5160 regedit.exe
8456 regedit.exe
Suspicious behavior: AddClipboardFormatListener 3 IoCs

Processes:

explorer.exeexplorer.exe

pid process

5444 explorer.exe
5444 explorer.exe
3284 explorer.exe

pid	process
5160	regedit.exe
8456	regedit.exe

pid	process
5444	explorer.exe
5444	explorer.exe
3284	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2480	MEMZ.exe
2480	MEMZ.exe
4584	MEMZ.exe
4584	MEMZ.exe
2480	MEMZ.exe
2480	MEMZ.exe
3120	MEMZ.exe
2548	MEMZ.exe
3120	MEMZ.exe
2548	MEMZ.exe
2480	MEMZ.exe
2480	MEMZ.exe
4584	MEMZ.exe
4584	MEMZ.exe
4292	MEMZ.exe
4292	MEMZ.exe
4584	MEMZ.exe
2480	MEMZ.exe
4584	MEMZ.exe
2480	MEMZ.exe
3120	MEMZ.exe
3120	MEMZ.exe
2548	MEMZ.exe
2548	MEMZ.exe
3120	MEMZ.exe
3120	MEMZ.exe
4584	MEMZ.exe
4584	MEMZ.exe
2480	MEMZ.exe
2480	MEMZ.exe
4292	MEMZ.exe
4292	MEMZ.exe
2548	MEMZ.exe
2548	MEMZ.exe
2548	MEMZ.exe
2548	MEMZ.exe
4292	MEMZ.exe
4292	MEMZ.exe
4584	MEMZ.exe
4584	MEMZ.exe
2480	MEMZ.exe
3120	MEMZ.exe
3120	MEMZ.exe
2480	MEMZ.exe
2480	MEMZ.exe
3120	MEMZ.exe
3120	MEMZ.exe
2480	MEMZ.exe
4584	MEMZ.exe
4584	MEMZ.exe
2548	MEMZ.exe
2548	MEMZ.exe
4292	MEMZ.exe
4292	MEMZ.exe
2480	MEMZ.exe
2480	MEMZ.exe
4292	MEMZ.exe
4292	MEMZ.exe
2548	MEMZ.exe
2548	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

Processes:

mmc.exeTaskmgr.exeMEMZ.exeTaskmgr.exemmc.exe

pid process

1164 mmc.exe
4480 Taskmgr.exe
4780 MEMZ.exe
5448 Taskmgr.exe
7092 mmc.exe

pid	process
1164	mmc.exe
4480	Taskmgr.exe
4780	MEMZ.exe
5448	Taskmgr.exe
7092	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exechrome.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
2692	chrome.exe
2692	chrome.exe
3076	msedge.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
5564	msedge.exe
5564	msedge.exe
5564	msedge.exe
5564	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5648	msedge.exe

Suspicious behavior: SetClipboardViewer 2 IoCs

Processes:

mmc.exemmc.exe

pid process

7092 mmc.exe
8156 mmc.exe

pid	process
7092	mmc.exe
8156	mmc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

iexplore.exechrome.exechrome.exemsedge.exe

pid	process
2188	iexplore.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
3076	msedge.exe
3076	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exechrome.exemsedge.exe

pid	process
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

iexplore.exeIEXPLORE.EXEOpenWith.exeMEMZ.exemmc.exemmc.exemspaint.exewordpad.exemmc.exemmc.exe

pid	process
2188	iexplore.exe
2188	iexplore.exe
1972	IEXPLORE.EXE
1972	IEXPLORE.EXE
1608	OpenWith.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
5400	mmc.exe
1164	mmc.exe
1164	mmc.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
7016	mspaint.exe
7016	mspaint.exe
7016	mspaint.exe
7016	mspaint.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
1704	wordpad.exe
1704	wordpad.exe
1704	wordpad.exe
1704	wordpad.exe
1704	wordpad.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
2056	mmc.exe
7092	mmc.exe
7092	mmc.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe
4780	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exechrome.exe

description	pid	process	target process
PID 2188 wrote to memory of 1972	2188	iexplore.exe	IEXPLORE.EXE
PID 2188 wrote to memory of 1972	2188	iexplore.exe	IEXPLORE.EXE
PID 2188 wrote to memory of 1972	2188	iexplore.exe	IEXPLORE.EXE
PID 2812 wrote to memory of 1800	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1800	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1952	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 876	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 876	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3508	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3508	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3508	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3508	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3508	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3508	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3508	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3508	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3508	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3508	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3508	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3508	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3508	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3508	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3508	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3508	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3508	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3508	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3508	2812	chrome.exe	chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://tria.ge/submit/file
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff497f9758,0x7fff497f9768,0x7fff497f9778
2⤵
PID:1800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:2
2⤵
PID:1952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:8
2⤵
PID:876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:8
2⤵
PID:3508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:1
2⤵
PID:2320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3284 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:1
2⤵
PID:4936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4528 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:1
2⤵
PID:1284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4664 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:8
2⤵
PID:3936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:8
2⤵
PID:4004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:8
2⤵
PID:3304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:8
2⤵
PID:3488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:8
2⤵
PID:4760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:8
2⤵
PID:3488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:8
2⤵
PID:1336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1800 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:1
2⤵
PID:4236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3352 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:1
2⤵
PID:4760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3148 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:1
2⤵
PID:944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5364 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:8
2⤵
PID:3228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5108 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:8
2⤵
PID:4412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:8
2⤵
PID:4976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:8
2⤵
PID:1612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1040 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:8
2⤵
PID:2136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5472 --field-trial-handle=1960,i,6494333626927873940,3553424242003933422,131072 /prefetch:8
2⤵
PID:4776

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
PID:2696

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2480

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4584

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3120

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2548

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4292

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4780

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:1792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:3076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:2508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17574220273746398531,10077152104085625167,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
5⤵
PID:3512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,17574220273746398531,10077152104085625167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
5⤵
PID:1748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,17574220273746398531,10077152104085625167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
5⤵
PID:4196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17574220273746398531,10077152104085625167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
5⤵
PID:1612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17574220273746398531,10077152104085625167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
5⤵
PID:388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17574220273746398531,10077152104085625167,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
5⤵
PID:5540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17574220273746398531,10077152104085625167,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
5⤵
PID:3408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:5720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
5⤵
PID:5872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
5⤵
PID:5892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
5⤵
PID:4416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
5⤵
PID:6024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
5⤵
PID:5996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
5⤵
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
5⤵
PID:5100

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
5⤵
PID:5936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
5⤵
PID:5532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
5⤵
PID:5600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
5⤵
PID:456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
5⤵
PID:2408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
5⤵
PID:3420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
5⤵
PID:1716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
5⤵
PID:5448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5064 /prefetch:8
5⤵
PID:5416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
5⤵
PID:5372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
5⤵
PID:4668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
5⤵
PID:960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
5⤵
PID:380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3048233641266239726,5055453776761612962,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
5⤵
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
4⤵
PID:4112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:4320

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:5004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,5364197662264451982,10777131680557174885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
5⤵
PID:4544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5364197662264451982,10777131680557174885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
5⤵
PID:5408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,5364197662264451982,10777131680557174885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
5⤵
PID:4296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5364197662264451982,10777131680557174885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
5⤵
PID:5380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5364197662264451982,10777131680557174885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
5⤵
PID:5232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5364197662264451982,10777131680557174885,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
5⤵
PID:6096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5364197662264451982,10777131680557174885,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
5⤵
PID:1452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
4⤵
PID:6000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:5200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6938104604722768225,15027215704372253856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
5⤵
PID:3012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,6938104604722768225,15027215704372253856,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
5⤵
PID:3984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6938104604722768225,15027215704372253856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
5⤵
PID:6080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6938104604722768225,15027215704372253856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
5⤵
PID:4120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6938104604722768225,15027215704372253856,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
5⤵
PID:2568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6938104604722768225,15027215704372253856,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
5⤵
PID:1856

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6938104604722768225,15027215704372253856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:8
5⤵
PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6938104604722768225,15027215704372253856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:8
5⤵
PID:6048

C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
4⤵
- Modifies registry class
PID:5192

C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
4⤵
PID:5080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,1139017716245672465,2937826445282481530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
5⤵
PID:4520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,1139017716245672465,2937826445282481530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
5⤵
PID:2584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,1139017716245672465,2937826445282481530,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
5⤵
PID:6084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1139017716245672465,2937826445282481530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
5⤵
PID:5948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1139017716245672465,2937826445282481530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
5⤵
PID:5832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1139017716245672465,2937826445282481530,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
5⤵
PID:960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1139017716245672465,2937826445282481530,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
5⤵
PID:184

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,1139017716245672465,2937826445282481530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
5⤵
PID:5212

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,1139017716245672465,2937826445282481530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
5⤵
PID:1644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1139017716245672465,2937826445282481530,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
5⤵
PID:5784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1139017716245672465,2937826445282481530,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
5⤵
PID:5204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1139017716245672465,2937826445282481530,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
5⤵
PID:4460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,1139017716245672465,2937826445282481530,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
5⤵
PID:4204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:5772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,4436744184283186795,8954050886953842643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
5⤵
PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
6⤵
PID:7536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,4436744184283186795,8954050886953842643,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
5⤵
PID:2124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
6⤵
PID:5148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4436744184283186795,8954050886953842643,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
5⤵
PID:2032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4436744184283186795,8954050886953842643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
5⤵
PID:3564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4436744184283186795,8954050886953842643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
5⤵
PID:6020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4436744184283186795,8954050886953842643,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
5⤵
PID:5540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4436744184283186795,8954050886953842643,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
5⤵
PID:884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2268,2304348921738737968,8818249849903684704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
5⤵
PID:3440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,2304348921738737968,8818249849903684704,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
5⤵
PID:2560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2268,2304348921738737968,8818249849903684704,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
5⤵
PID:528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,2304348921738737968,8818249849903684704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
5⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,2304348921738737968,8818249849903684704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
5⤵
PID:5904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,2304348921738737968,8818249849903684704,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
5⤵
PID:5668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,2304348921738737968,8818249849903684704,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
5⤵
PID:4076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
4⤵
- Enumerates system info in registry
PID:4680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x110,0x114,0x118,0xe8,0x11c,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:2136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,786187182792052190,6085854431506623878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
5⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,786187182792052190,6085854431506623878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
5⤵
PID:4944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,786187182792052190,6085854431506623878,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
5⤵
PID:6056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,786187182792052190,6085854431506623878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
5⤵
PID:3428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,786187182792052190,6085854431506623878,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
5⤵
PID:1812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,786187182792052190,6085854431506623878,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
5⤵
PID:1064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,786187182792052190,6085854431506623878,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
5⤵
PID:1632

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,786187182792052190,6085854431506623878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
5⤵
PID:5528

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,786187182792052190,6085854431506623878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
5⤵
PID:5660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
4⤵
- Enumerates system info in registry
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:5964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,7660826651697654996,7198395285891457472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
5⤵
PID:2416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,7660826651697654996,7198395285891457472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
5⤵
PID:1240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7660826651697654996,7198395285891457472,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
5⤵
PID:1532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7660826651697654996,7198395285891457472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
5⤵
PID:5912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7660826651697654996,7198395285891457472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
5⤵
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7660826651697654996,7198395285891457472,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
5⤵
PID:5884

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7660826651697654996,7198395285891457472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
5⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7660826651697654996,7198395285891457472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
5⤵
PID:3720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7660826651697654996,7198395285891457472,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
5⤵
PID:5672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7660826651697654996,7198395285891457472,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
5⤵
PID:5652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7660826651697654996,7198395285891457472,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
5⤵
PID:3576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7660826651697654996,7198395285891457472,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
5⤵
PID:2176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7660826651697654996,7198395285891457472,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
5⤵
PID:6040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7660826651697654996,7198395285891457472,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
5⤵
PID:3336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7660826651697654996,7198395285891457472,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
5⤵
PID:3396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7660826651697654996,7198395285891457472,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
5⤵
PID:516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7660826651697654996,7198395285891457472,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
5⤵
PID:1456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
4⤵
PID:3984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:5928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
4⤵
PID:2124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
4⤵
- Enumerates system info in registry
PID:6124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:5700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,4021441392318058653,14287505147849630633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
5⤵
PID:2176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,4021441392318058653,14287505147849630633,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
5⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,4021441392318058653,14287505147849630633,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
5⤵
PID:5172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4021441392318058653,14287505147849630633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
5⤵
PID:5572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4021441392318058653,14287505147849630633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
5⤵
PID:2320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4021441392318058653,14287505147849630633,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
5⤵
PID:5244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4021441392318058653,14287505147849630633,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
5⤵
PID:5428

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,4021441392318058653,14287505147849630633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
5⤵
PID:3428

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,4021441392318058653,14287505147849630633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
5⤵
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4021441392318058653,14287505147849630633,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
5⤵
PID:3892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4021441392318058653,14287505147849630633,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
5⤵
PID:5948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4021441392318058653,14287505147849630633,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
5⤵
PID:5624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4021441392318058653,14287505147849630633,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
5⤵
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4021441392318058653,14287505147849630633,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
5⤵
PID:5524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4021441392318058653,14287505147849630633,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
5⤵
PID:4856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4021441392318058653,14287505147849630633,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
5⤵
PID:6112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4021441392318058653,14287505147849630633,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
5⤵
PID:692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4021441392318058653,14287505147849630633,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
5⤵
PID:3924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4021441392318058653,14287505147849630633,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
5⤵
PID:1456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
4⤵
PID:5396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:4316

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
4⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
4⤵
PID:5752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:4716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
4⤵
PID:5164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:5636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
4⤵
- Enumerates system info in registry
PID:3964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
5⤵
PID:4380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
5⤵
PID:3616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
5⤵
PID:5108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
5⤵
PID:1748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
5⤵
PID:988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
5⤵
PID:5792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
5⤵
PID:5272

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
5⤵
PID:5160

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
5⤵
PID:368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
5⤵
PID:5524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
5⤵
PID:5644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
5⤵
PID:1884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=184 /prefetch:1
5⤵
PID:2108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
5⤵
PID:5892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
5⤵
PID:4548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
5⤵
PID:5472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
5⤵
PID:1060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:1
5⤵
PID:5220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
5⤵
PID:1376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
5⤵
PID:5980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
5⤵
PID:4508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
5⤵
PID:6316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
5⤵
PID:6556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
5⤵
PID:6548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
5⤵
PID:6540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
5⤵
PID:6532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1
5⤵
PID:6752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1
5⤵
PID:6392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13818352928015414384,13194271676494426647,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
5⤵
PID:6368

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
- Suspicious use of SetWindowsHookEx
PID:5400

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
4⤵
PID:4140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:5968

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
4⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
PID:5448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
4⤵
PID:5796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:1444

C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
4⤵
- Modifies registry class
PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
4⤵
PID:5284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:5916

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
4⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:7016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
4⤵
PID:6212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:6204

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
4⤵
PID:5672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
4⤵
- Enumerates system info in registry
PID:5556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:4840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
5⤵
PID:6960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 /prefetch:2
5⤵
PID:6956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
5⤵
PID:5468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
5⤵
PID:5624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
5⤵
PID:6160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
5⤵
PID:4132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
5⤵
PID:6900

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
5⤵
PID:6944

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
5⤵
PID:6940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
5⤵
PID:6824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
5⤵
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
5⤵
PID:6452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
5⤵
PID:5628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
5⤵
PID:1296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
5⤵
PID:6684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
5⤵
PID:5400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
5⤵
PID:6328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
5⤵
PID:6420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
5⤵
PID:1772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
5⤵
PID:5628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
5⤵
PID:6044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
5⤵
PID:6340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
5⤵
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
5⤵
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
5⤵
PID:3788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
5⤵
PID:5240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
5⤵
PID:5616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
5⤵
PID:6236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
5⤵
PID:6996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,14853126200560848195,7264017531372696044,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
5⤵
PID:6284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
4⤵
PID:4228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:1368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
4⤵
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:6876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
4⤵
PID:5124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:4204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
4⤵
PID:6928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:6944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
4⤵
PID:472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
4⤵
PID:5516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
4⤵
PID:4312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:4132

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
4⤵
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
5⤵
PID:4100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
4⤵
PID:6032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:5604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
4⤵
- Enumerates system info in registry
PID:3324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
5⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
5⤵
PID:6324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
5⤵
PID:6168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
5⤵
PID:6868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
5⤵
PID:6904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
5⤵
PID:6020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
5⤵
PID:5784

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
5⤵
PID:340

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
5⤵
PID:6712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
5⤵
PID:368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
5⤵
PID:6612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
5⤵
PID:6328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
5⤵
PID:6684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
5⤵
PID:6472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
5⤵
PID:6336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
5⤵
PID:4120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
5⤵
PID:748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
5⤵
PID:3368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
5⤵
PID:6152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2328 /prefetch:1
5⤵
PID:6420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
5⤵
PID:4724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
5⤵
PID:6740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
5⤵
PID:6852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
5⤵
PID:6972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
5⤵
PID:788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2352 /prefetch:1
5⤵
PID:2500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
5⤵
PID:6676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
5⤵
PID:6580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
5⤵
PID:4236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2356 /prefetch:1
5⤵
PID:2500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
5⤵
PID:6056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
5⤵
PID:5680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
5⤵
PID:5580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
5⤵
PID:6788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
5⤵
PID:6704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
5⤵
PID:6056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2324 /prefetch:1
5⤵
PID:6228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
5⤵
PID:3740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,10772347446012386996,7344391767284073273,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
5⤵
PID:6664

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
- Suspicious use of SetWindowsHookEx
PID:2056

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of SetWindowsHookEx
PID:7092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
4⤵
PID:5956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:6556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
4⤵
PID:6100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:1608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
4⤵
PID:6964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:6820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
4⤵
PID:1716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:6096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
4⤵
PID:1796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:1216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
4⤵
PID:5152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:6924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
4⤵
PID:2492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:1404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
4⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:4544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
4⤵
PID:6524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:6776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
4⤵
PID:4580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:2432

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
4⤵
PID:7360

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
4⤵
- Drops file in Windows directory
PID:1456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
4⤵
- Enumerates system info in registry
PID:6336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:5640

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5640 -s 1856
6⤵
- Program crash
PID:11292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2348 /prefetch:8
5⤵
PID:7892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
5⤵
PID:7824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
5⤵
PID:7840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
5⤵
PID:7748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
5⤵
PID:7756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
5⤵
PID:8068

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:8
5⤵
PID:6036

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:8
5⤵
PID:700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
5⤵
PID:2216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
5⤵
PID:6284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
5⤵
PID:6128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1
5⤵
PID:6772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1
5⤵
PID:6744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
5⤵
PID:7628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
5⤵
PID:4504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
5⤵
PID:4420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
5⤵
PID:6908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1
5⤵
PID:8116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
5⤵
PID:7828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:1
5⤵
PID:7612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
5⤵
PID:7796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
5⤵
PID:6728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
5⤵
PID:6704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1
5⤵
PID:6440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
5⤵
PID:5828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
5⤵
PID:7920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
5⤵
PID:3124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1772 /prefetch:1
5⤵
PID:7708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
5⤵
PID:3800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
5⤵
PID:692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
5⤵
PID:6052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
5⤵
PID:7132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6388 /prefetch:2
5⤵
PID:1856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
5⤵
PID:7156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:1
5⤵
PID:5948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
5⤵
PID:8440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=196 /prefetch:1
5⤵
PID:8472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
5⤵
PID:9092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1
5⤵
PID:9116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:1
5⤵
PID:8584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8204 /prefetch:1
5⤵
PID:8624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
5⤵
PID:8564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8360 /prefetch:1
5⤵
PID:8620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8276 /prefetch:1
5⤵
PID:8756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8608 /prefetch:1
5⤵
PID:1496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
5⤵
PID:8232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
5⤵
PID:8800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8768 /prefetch:1
5⤵
PID:8284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8220 /prefetch:1
5⤵
PID:8344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:1
5⤵
PID:7176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8568 /prefetch:1
5⤵
PID:8920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
5⤵
PID:1948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9308 /prefetch:1
5⤵
PID:8288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9296 /prefetch:1
5⤵
PID:6136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8496 /prefetch:1
5⤵
PID:9564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9496 /prefetch:1
5⤵
PID:9584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8220 /prefetch:1
5⤵
PID:7172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8712 /prefetch:1
5⤵
PID:8464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
5⤵
PID:1528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9472 /prefetch:1
5⤵
PID:10056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9576 /prefetch:1
5⤵
PID:6376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
5⤵
PID:9324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8492 /prefetch:1
5⤵
PID:9244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9144 /prefetch:1
5⤵
PID:10192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8932 /prefetch:1
5⤵
PID:9000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:1
5⤵
PID:7296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9704 /prefetch:1
5⤵
PID:6172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9928 /prefetch:1
5⤵
PID:7428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10136 /prefetch:1
5⤵
PID:8952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10596 /prefetch:1
5⤵
PID:9660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9872 /prefetch:1
5⤵
PID:7288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10368 /prefetch:1
5⤵
PID:9688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10292 /prefetch:1
5⤵
PID:9008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10852 /prefetch:1
5⤵
PID:8864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10892 /prefetch:1
5⤵
PID:9080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10384 /prefetch:1
5⤵
PID:9836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10300 /prefetch:1
5⤵
PID:7376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11108 /prefetch:1
5⤵
PID:10068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10424 /prefetch:1
5⤵
PID:8368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11268 /prefetch:1
5⤵
PID:10268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10312 /prefetch:1
5⤵
PID:10624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11588 /prefetch:1
5⤵
PID:10796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10148 /prefetch:1
5⤵
PID:11212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
5⤵
PID:10392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11432 /prefetch:1
5⤵
PID:4120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11252 /prefetch:1
5⤵
PID:10632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12008 /prefetch:1
5⤵
PID:10648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12164 /prefetch:1
5⤵
PID:10372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12520 /prefetch:1
5⤵
PID:10764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12468 /prefetch:1
5⤵
PID:11080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12884 /prefetch:1
5⤵
PID:10748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12340 /prefetch:1
5⤵
PID:10900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13540 /prefetch:1
5⤵
PID:6364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
5⤵
PID:9416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12432 /prefetch:1
5⤵
PID:10684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10304 /prefetch:1
5⤵
PID:11540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
5⤵
PID:11860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13712 /prefetch:1
5⤵
PID:12276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13716 /prefetch:1
5⤵
PID:10244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12116 /prefetch:1
5⤵
PID:11840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10536 /prefetch:1
5⤵
PID:11420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10262160816188997507,10387192052109128916,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13252 /prefetch:1
5⤵
PID:9692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
4⤵
PID:2172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:7572

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
4⤵
PID:7848

C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
5⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: SetClipboardViewer
PID:8156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
4⤵
PID:2440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
4⤵
PID:7804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:7860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
4⤵
PID:8064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:6180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
4⤵
PID:7744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:6584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
4⤵
PID:7808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:3524

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
PID:2828

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
PID:3080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
4⤵
PID:7816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:6132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
4⤵
PID:6708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:5312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
4⤵
PID:6624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:5692

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
4⤵
PID:6156

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
PID:692

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
PID:6396

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
4⤵
- Runs regedit.exe
PID:5160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
4⤵
PID:6816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:4688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
4⤵
PID:8372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:8388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
4⤵
PID:9024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:9036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
4⤵
PID:8432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:1356

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
4⤵
PID:9212

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
4⤵
PID:8784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
4⤵
PID:3448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:6540

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
4⤵
- Runs regedit.exe
PID:8456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
4⤵
PID:8036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:8056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
4⤵
PID:6392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:9112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
4⤵
PID:3848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:8840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
4⤵
PID:9460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:9476

C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
4⤵
PID:9992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
4⤵
PID:9272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:9288

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
4⤵
PID:9408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
4⤵
PID:8748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:10028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
4⤵
PID:3616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:7148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
4⤵
PID:9812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:6804

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
4⤵
PID:7852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
4⤵
PID:6992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:9524

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
PID:6344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
4⤵
PID:9236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:10056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
4⤵
PID:8296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:8068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
4⤵
PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
4⤵
PID:4332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:2092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
4⤵
PID:7236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:7292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
4⤵
PID:10092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:7796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
4⤵
PID:5948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:9464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
4⤵
PID:10560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:10576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
4⤵
PID:11144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
4⤵
PID:10896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:10932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
4⤵
PID:9540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:11196

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
4⤵
PID:10948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
4⤵
PID:8664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:11116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
4⤵
PID:11476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:11488

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
PID:11964

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
PID:11988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
4⤵
PID:12212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:12224

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
4⤵
PID:10532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
4⤵
PID:12196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
5⤵
PID:11548

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:988

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:4524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff497f9758,0x7fff497f9768,0x7fff497f9778
2⤵
PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:2
2⤵
PID:4608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:8
2⤵
PID:4136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:8
2⤵
PID:1184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:1
2⤵
PID:3532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:1
2⤵
PID:4732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4564 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:1
2⤵
PID:3424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:8
2⤵
PID:1832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3836 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:8
2⤵
PID:2852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4960 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:1
2⤵
PID:1792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3184 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:1
2⤵
PID:3464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:8
2⤵
PID:4332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5492 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:8
2⤵
PID:4288

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:4936

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff6c3567688,0x7ff6c3567698,0x7ff6c35676a8
3⤵
PID:1232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:8
2⤵
PID:1772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5052 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:1
2⤵
PID:6052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5684 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:1
2⤵
PID:5236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3360 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:1
2⤵
PID:2208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4788 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:1
2⤵
PID:3200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5416 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:1
2⤵
PID:5192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5984 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:1
2⤵
PID:1412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6500 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:8
2⤵
PID:5272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:8
2⤵
PID:5060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:8
2⤵
PID:5572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:8
2⤵
PID:5756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5640 --field-trial-handle=1852,i,4876766605344080235,12863992915222401660,131072 /prefetch:1
2⤵
PID:4264

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4212

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x430 0x3f4
1⤵
PID:5508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3112

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 440 -p 184 -ip 184
1⤵
PID:5772

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 184 -s 2884
1⤵
- Program crash
PID:3148

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 416 -p 4076 -ip 4076
1⤵
PID:5236

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4076 -s 2880
1⤵
- Program crash
PID:5188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff452346f8,0x7fff45234708,0x7fff45234718
2⤵
PID:5688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,14701491373455015910,16622383659070920041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
2⤵
PID:5964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,14701491373455015910,16622383659070920041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
2⤵
PID:3480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14701491373455015910,16622383659070920041,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
2⤵
PID:5292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14701491373455015910,16622383659070920041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
2⤵
PID:5944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14701491373455015910,16622383659070920041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
2⤵
PID:4044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14701491373455015910,16622383659070920041,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
2⤵
PID:5724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14701491373455015910,16622383659070920041,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
2⤵
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14701491373455015910,16622383659070920041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:8
2⤵
PID:5100

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14701491373455015910,16622383659070920041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:8
2⤵
PID:3680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14701491373455015910,16622383659070920041,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
2⤵
PID:5780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14701491373455015910,16622383659070920041,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
2⤵
PID:3768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14701491373455015910,16622383659070920041,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
2⤵
PID:4608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2208

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
PID:5444

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3188

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
1⤵
PID:4188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
PID:3284

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:1856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:7100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1816

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:2680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7284

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff452346f8,0x7fff45234708,0x7fff45234718
1⤵
PID:11156

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
Filesize
1024KB

MD5
d9a49a7d6d5ca840cf0f0e937007e278

SHA1
90197e483cc1bf8970cb6012997b1968f43d8e78

SHA256
183acf4a52e283da352ac2e3d51d43dbdd1534325f4585b6763a4ef38151b876

SHA512
142acbf150500db5f703b3e56c42895cb4374927f6e26adb02f090cf18e9797b8f4e34b7e621de6daf03093cc0a7df73cb4328525ac7a1a4f36e2b61dfde0642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
d5aa436f438bef1f8801fe7aea488da4

SHA1
fe3fccaeaee75c2addcb31ddb74a609fa9e47873

SHA256
53e51ffd114b6690845f9206d0584783c37637db83a91286d25703a725d25200

SHA512
f4d08c551c6ff43c7136199806da7d6db8d3aed894d81f60123ac9021cad165d03052ac5f5b6b1feb92f67f590d06e40ba9871daabeacc80c3be392992c4f1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
d5aa436f438bef1f8801fe7aea488da4

SHA1
fe3fccaeaee75c2addcb31ddb74a609fa9e47873

SHA256
53e51ffd114b6690845f9206d0584783c37637db83a91286d25703a725d25200

SHA512
f4d08c551c6ff43c7136199806da7d6db8d3aed894d81f60123ac9021cad165d03052ac5f5b6b1feb92f67f590d06e40ba9871daabeacc80c3be392992c4f1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
Filesize
44KB

MD5
83cda1dea6eccb676fe1063465e25d20

SHA1
c56ae13454d7fdbfeb77b83be7572ae7ccbd0475

SHA256
b81e18cffc94522ab3ee49e2b31869b96332b5a192d0640eaa583bda4fb694cb

SHA512
5e23b9c7143f4ee0e17b413c307f2a19fb97872a355da466d1f13ff1e6cebba732386b9abeaa7458bf62a5e4926fda82acc003f1f869cc8aa70e9a10a15e26de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
Filesize
264KB

MD5
0c2b36c85866409657e605f2ce9b1f50

SHA1
7fbe31e93e9a09fc090b63694bb176ed84a72096

SHA256
57f5f7d559d15d59d69c9c6ff30b7de84cac021dab0dc87c983ad696b88c154d

SHA512
2c02bfef7baad7e64c7ecdb4542a6b18e70d6953247fd14e655f4121204f1818caa35594fb332141077e98ab50133ecfcf5e7a7acbba3dfe1e4baff3f28883b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
Filesize
1.0MB

MD5
711257b465e9f8ef017a81d31957e3f9

SHA1
00ebd77de15106a2ef8093db4de9e576eecdb015

SHA256
9c43bd70fd6cb85a69f127ceb8b487caf718d5d042692de4f2dd34ef9c15492a

SHA512
9c69e4c5b54738dbc6e8bb10bc0ade7bc5d22002787e7297420c6d92869d22ed64206b1a18a71b0a85f1aa99f862dc2bffa96f828ce2042f7ae9fa2e3b52e717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
Filesize
4.0MB

MD5
0adda085add898919739fc06fcc63044

SHA1
d5775ee60be17a9a5530e8e80eb0b5d8a8910c24

SHA256
a0eca99eaa8787e9587c20727766cc26fd99af999a20d7a6e0a66edd3bb8ff0e

SHA512
6225849a8ec8ea2e1a879bdf85c64eec4c5fe9586e73d2ef0b111027e5f137ce1cabd52eee3acc508857b773abb7555e8fddf1cfeaf43d6a25cd86c75f2949b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
Filesize
36KB

MD5
19161ad07c24d8167f60e48144c1c5cc

SHA1
5cb7ebb4f744b23ac39023d0e656b683770cde6a

SHA256
7c61558d7396ae6e394ae1544b94c97869e3b97a5e4527b24a513aa8201a9564

SHA512
68fd5e61456d0ca0e039c08b7b3eb413522dc6263dd87d3b1ec122527b4b31f4ca66b2753aa42b5ebc2ee9a702fb0607d47cbd515cffc46f9207ad5a96a68986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
48KB

MD5
10b1102baf964d75a0ce7676ee85dbb7

SHA1
b1e6c78b08ae79f5aa021fdecd5ab04fc04c2995

SHA256
a908f0b83b50291bba322fa1d67afa9c1217c0d544d93b29fd6ecd9c394b4f95

SHA512
cfcfd7da69e1648ca1ccc86365a2977bb21ecb9aeb173a3bb95bb39adab64bc88694d2377e9dec76563cc2277ad8292be9d43b706d4dbdc1a2a23f76cfc1fb3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
97KB

MD5
fc94a3009f751e0fa9b36d1ee8e086c4

SHA1
bc11339d35aca7264c93544051bd23f9010ad208

SHA256
266f9514a22214a2b20877b4302f7626d1a5df2a70ef909c2da87e61394081aa

SHA512
7d390ddf1bb2b23c2dda104b6dae0da89a7a4d9de158dc5e8f5de680b2bab311ed52c1f841909b96af0541ceff52ed80875ae4df5abd61c6ded51809ae9e4df8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
296KB

MD5
330872f1e1b2fb999ed13cc141601ac5

SHA1
6a9d1faec53ab604cd348a19c671360ec1be48c6

SHA256
ffbf9b787c37b2abf76bc0951e0a18909473f9fa166a42b5343014f20178ddab

SHA512
63a233f7558cf30bf2d6eecb49222cf6ecd15e03f4ded97b4478379ee1e6480a3cf52645a275b5cd42c73f48c787dbacd875213f596c8985df50d0e0a1956c18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
61KB

MD5
374476f0bdde69f76e1cc469ac711785

SHA1
50bec0d3dabb382ddac5907adb1f6b2f31ec2286

SHA256
19c25fb4a54eb635da279302b8edd702880e4a52ee826742f067ac006637c56c

SHA512
8cda848498385664cfe05b1e7c4d377e9b7f3c9aaa8f8e2d0d3618916e3ba18726e1cd87fe73948548323fca8de7d04b63e122f9cd3b291b516b1711191d598a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
64KB

MD5
c4f7300442a8f13dddf5c9bd09128727

SHA1
d7c8a30cdfe9027cca42c45f44d569627112ae6c

SHA256
5decc8ac1f3d26152842e44d1aa103c913711168c968c936bb782fb3cac10155

SHA512
3b6ebaff36af22dcc9ae7a7593657b56f99afb242ebeed50d26a33e1e6b0ff31c98ef576b96cf98c277cafc1050fee40b5d4c3fcd730595be756089a980030cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
137KB

MD5
2f5b46c68096bbef188176d4f84a130c

SHA1
0ad80c2b8783750c312273dcac070f97be0d26c0

SHA256
e6231d5748339a7e5d0a6735eb2570aa9bb9d71bbe52ed5fe8f393684d71cce7

SHA512
94f73533750597edba0a11e17cca8e78d1a4a9d2a395b4354e169a009672023a7ed63f818c9dc9f158028f8192cefc9631d60566d632aab0f7e01f97d273dbb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
Filesize
68KB

MD5
7376fa45f083aebb4d1f89a1e71aec91

SHA1
5c0fb4b8ebb2a665e602e20fac0a2ad9afce9a6f

SHA256
713bbe73000f8273cd7307129d799de0b31282c9b5954081963d44472b127a76

SHA512
c393536304a36268cc2598af55d21729d4ebcb00754c9bd1303bbe6edffe5d2445068dc207a7eca83d83742383ba0e73cdd21b8a5ff08307e073d4bd42aca207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
Filesize
198KB

MD5
5dc2fe57f81e9d900113c99dc690be18

SHA1
a8714a1f77b3858d1547356284c2460d8ae0e4b4

SHA256
dfee9e6a2d82a268c1f849de6dd31c950275e0fabbcc2f91410720f72b3a4a01

SHA512
321ef3700acad693a26f03ba501fee3dff70258f8c78636e656c4668c46d05a07b294fc6de5b216742b2d67481127d7f548e6623f08b7fc8d2ff244c46721542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
Filesize
24KB

MD5
023f8251466922dd04a9001286956dd3

SHA1
49e30879d1d4e5d49e283c287b1ef2c8d22d49e2

SHA256
02ed197b56be9ce4e6c856e4cdbc0d3c25e6ed292e35293cae28ad208c5f262a

SHA512
6f4a9993bc75c60c95be47b679c0c156fc5f867947dc79851282cee7feada16f84384b4952f91e16a6e9d1103613d964f498a6c37e907279802d05957ec36528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
24KB

MD5
c48816443b3daf4b0799b3dba57ba272

SHA1
d27b22ced903d2cca37ba2ea3f6d2dd6d4eee8cc

SHA256
31edfb94161ca0b7d9bff482e26bbca661d82b8aa1b67a82b8cbb0c1b0919270

SHA512
57ef34d1623f5c7338e151f0dc1855e940866311d7520a5995a4576856c1ecbc4065612203b1b4aa9d652bc155eeaa29cc735c77939dc15daa7acfde3aa84813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
Filesize
61KB

MD5
a0efa5ed4d2876e063ebceda6a5ee1a2

SHA1
06c14bce0a9dad23ab9a94cb976c1acaea052743

SHA256
ada73543baaa7b64d16deb817b39b984d7cff5cd624948c5106f9cb1c8af21a7

SHA512
f6898665ac8b7e20b6d613d7409d5e819c5a6af123ac512f9fc72ba135666b4fad18eeb8369c7ea6ab4a7e1a8671c67337c30e90166a2219867a4d6cceb8a9de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
Filesize
209KB

MD5
903e9aa56221175c9ced9bbb4e9b0a7c

SHA1
3a06dd4febd5f638d0520c8a740bd05d6ca37613

SHA256
1ec30a0a1a004f12bba16749ffc9bb52f210966c84244e5f6e0a0daa46588351

SHA512
04a2167b3d50c2001d6668ab5404bd970f240df0824351cb47fcee5ee3e6fa1f35389f799900dedb5c36d6d5802cf0740c33a40f502adedbed24c0f03a3d7a82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
Filesize
50KB

MD5
40333c9d07daab8ba8a53f73ee3f974e

SHA1
36c2b17a7c48fc28036534f445b79fca9658f0a4

SHA256
998313664fbeab2403238a77e6c50a4541d20805b30533f67de1a12c624fee54

SHA512
4a893bf97a02f88a3ea7830b5f72eb56295566a2c6ceafa33fd80f74f81edadbb4172f71c0e12e4a06b1e927f9d7b0cc62c5ba070cd50f3f25c8b670a1270de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033
Filesize
75KB

MD5
af7ae505a9eed503f8b8e6982036873e

SHA1
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c

SHA256
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

SHA512
838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e
Filesize
48KB

MD5
1e7768364a8db1e88535d1ca1ee9cd6b

SHA1
90d26fec8305c95cc5f6fa4b2398456d88627570

SHA256
eb24872de47889683879df871844b6468d59bb8126f106189b44bbe305853a0a

SHA512
a47fa27c6b7fe18bb7e82ce09f30d3cebc32a8cd63da4ca822ceeb1ac90569bf64e66632367673c1da9e3983c330f26a6edd7696e5e6e1814cfedef017d0fa19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
3af48a56fe1ba909b943d4e174d92b84

SHA1
713cc2df9b22914f850bf9ab89bb11752c7484da

SHA256
3384875c3c58c49e5f73913cdb6d0613de498669700f632c393fe8f4f0f22d63

SHA512
71502d9a7be4715b02dd1a6c5fa0b45f7a4dcc2c8d95fa7a9192c34c4579f8859756e0d34fb6aabbe11a86a580165f152b20246a1515387839e0fc6073ae5f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
5460ce78fbdc12e6b6db5ce8c3f863c3

SHA1
045b7e9e955b6ad3feca58f4ea17f13998e91bc3

SHA256
3734d5a52f8f01b82fc010e3df7c80232c08971d6012f4ed5a70b96262d603bd

SHA512
7d2fc81dcfa0f42d2c2a3023f2324957da444e653f2c004775f3348f812ca7197d08afafb9d0b38722e314fc6419c925966fbdfdb72f3c748128cc83e4861a52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
9f605812618e3f7855e0f1a9f40e4c90

SHA1
b13b680896e9d1e573e8d8a10b522d091c64891a

SHA256
8d5e7c86438412b51d2a10ebb9ed2aadad1c5fd44fcfac1e31496c2d55be8372

SHA512
06fa5cdf93bf4537d1819d98ee20b5797aac6c04585c58cd6437c3210e5362c3f1eeee7275c288a628433889e2f0d43ebf5eb8906c6a4a77bc7854d7adad1130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
Filesize
24KB

MD5
50a50c6c8d6a95ae6b1401d4ae4fe224

SHA1
7949f1c373283dc5ac4735ef2bc38a615ddad708

SHA256
34e67b407f3fe89d8fbd73d539045db19cd88c3e7660f2149a4ca8c1df120c82

SHA512
e671e9caed217273cb0f913c5e6075d4829ffb781aee47056e794d64f71e48d7c8ffeabf6e0ddbc36a0665768f70547a7ab26f540a0ed6341c1564dd6fcbd17f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
Filesize
148KB

MD5
5a5feca8a1a8849d078649a8b2cf9fe3

SHA1
734b372c8c76bc87355ce2e2e22df53801a6f79d

SHA256
71c5fb4b75e1dd30ab9d66fefb684215f109f8003531dc57b2ed23ba0915d5cd

SHA512
db66fd9b64d38288a5610a6153efcea5b4e4d20b8519579dd605a58d3ccd8d96e928b28a13424f9ec4509811f8c5e8c7c32bde2c54a284a650a05e0c6b07f1d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
Filesize
392B

MD5
40678671a414234c20b3ad9899485b11

SHA1
2af3d4fbde903885fce2c7941a19019207a67d75

SHA256
00ce12ed78c17463d7769c0648d7605d2cd5cc2bde502c001ff484d83b702477

SHA512
204c84d00ce1d4db33bb818b2942012826cad4f887b47f30b0a8eab7477b50158784c073bb288fd63dd6cad65b81b2c25f2c2c8c71ce4d2d3870648dea6b5cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
8672428c2ee2f35b108de3934618df65

SHA1
c20e34c733ab665742f76b3d2d4cd37fd4833130

SHA256
64e9ee7214699169669779b9878c362b6963a5c699eb35fe0cbed179764e2c38

SHA512
def31346be050d8d4c012f5011c900be19a192449886eea8d1438ce9cfb8d2e7c0c211292e63f70ece75e828e6ef91e9e365defdbe580584ffbe68824c483bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
11KB

MD5
6f94fc81bb9d0eb4b7b02be3fba83f12

SHA1
134d9ca9923a162743443fd9737d5ac815bc7042

SHA256
8f0badf98c636fb1652850cc7620a44f8752db2e9df863f8c85eb2a569a62a14

SHA512
0005f74abf8e6443e33a9ac4553ad4d4ceb190e451be4c1b4ac0636cb292f9a48f721f230b1c42fc555bcd6f4864613ea16dcc1e788bdf371a011df2817c60ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
a680436f48605c2b716225ba8adf7275

SHA1
d22d4ebbd76083459628c1a81811f4ae3137718f

SHA256
9bd776e1ae0bbf22133f9136099194e31384001355486cf69dc36c2c8bafb77d

SHA512
fa93ab88eabaff64665a723898aad6239eb4e613b1ba9b5ff3e2fbc461d5c60fb38b546fca238e047ffda2498a29fb79b84b1bd1897ee4f3a42ad1282268dc36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ebeb98e1311cc8ad9d76a37d31007752

SHA1
e21ac9c8d8f645018b7a276d9afda92f84661fed

SHA256
6cf8b7e341d73952257712f1f45fbcba5af8d6fc66063c53a901807c58aabd40

SHA512
17e5b85c115fda65366b4db5c751b32b0a321533f4bcd72f8d6fcd4d32dfda76f22857fa98c62e7a6a54be78fcd76882c952a5c3591935294b6b8cc08ebfb60d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
3872db6d69a4e32ec0d007481ea9a62e

SHA1
8cf555c5c805999666ee3c394785830c38a422f5

SHA256
e0f94e125820b802334f772e7fa8116f123b0598d72c925fe19dc2c7e69743ae

SHA512
839b39bb38d3ca5458f6a3ba357ab734b516f9ddeebc7b86bdd49ed8e85f6b08278d18e5ae7085ef06b919f6e15f28455decfab1222c829d5dbd58e7b23426d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
3f180e02185a36b18a66c177cd59da3b

SHA1
2d917870e2c17aae83a7a5478d108cf357ff87f8

SHA256
0cf7578e505adce9b229d052300513212e5c4d270ecfbea1380349729f83f4f1

SHA512
21c44f864ad9a8a17c6e34eeb8a053dad9edc43cbc76ab4e385816d7e5eb500da3295fb81f1aac12d57a122de81800ed1ac237b5f77a5dbc99a222da02aac3b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ea995606507764200a08f2095360fc27

SHA1
25f2a1db5e1f0298419d16c8402b53b955b63115

SHA256
ed2e628671f434ead3f3caa574bea2431140191e25227ac1c6e93335b016b71b

SHA512
ab05d4c40828a71b86e81ed0419f9677584655823d7d8d9dc333c6f6dd3cf000bf97be8d10ba67232df63341c25dcd23a099c8ee7b1527f79dfbacb25d7ef991

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
13868591b561b0611f98d28b60f2bad3

SHA1
ffa7006179b46400174ac80edaea49a3e33b76da

SHA256
6d2300e991d75e1849c44da167ddd4cfc0df8cd6c0a7225db7f7e88bcacb1af0

SHA512
8c76edcb5e18356a6a4a87d2aaeb2ff213fb5fbe5cd65bd8c453e951c6e1c9275baadb8efdcf48c8ab233424e0a518f2f0fc1747d5552787c53beb5ce8fddafa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a11f95a7-6048-4d43-9ff1-00dc5c80c4a8.tmp
Filesize
3KB

MD5
45b80b5d187bc8550ef166cedd153827

SHA1
7fa757bc558c4c86afcb8ef074c83bc18dfe0de1

SHA256
2b29aa9e2912b8162139446dc760fb961186ed61f2a69fc326e313fef5f63c77

SHA512
a892c330ffbfbad9791428778d2acf3133992eb8ea1a4cd57420c10114677fe60c92542d75f1619c64959bbf55a755b9d9645b6f75a501ad05bbb214f64988d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
09a50c99213e24ab328e8bc1c21523fd

SHA1
8a90f49bda32ff39d73982d6c6011d7af88f2a97

SHA256
fc09a10c8cf2e5aa45fe79b2e6a86328572cdcc35629a552dee214b9dca1fa70

SHA512
de00332a39606e12d2e72b6202f364103223d4359953d7fe21bd702547422c70f58c08ddf0ac2052a7dfa0af8bd6b8c713e7ca61b5d12721042c51d8866f460f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
e9916af87d7f4cc2e3a52ab5489f30a9

SHA1
54b1c829e8c8ef427b7174a03f7ddf58f79a8186

SHA256
d93bbc4ba7388f67e54b1e3be1252c746918be7ad1f4bf589a204a38fa962f12

SHA512
e37561e92cadd2d761dadc9da815a6d9fadc750875cfd31c82ecebd7dda219725a008a2c3530dc77588eb43e5541fde24b48a1589c683fbf3d26ed9ed9ce63bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
e9916af87d7f4cc2e3a52ab5489f30a9

SHA1
54b1c829e8c8ef427b7174a03f7ddf58f79a8186

SHA256
d93bbc4ba7388f67e54b1e3be1252c746918be7ad1f4bf589a204a38fa962f12

SHA512
e37561e92cadd2d761dadc9da815a6d9fadc750875cfd31c82ecebd7dda219725a008a2c3530dc77588eb43e5541fde24b48a1589c683fbf3d26ed9ed9ce63bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
87bd6af81fb440d755a74f5f19f39ab9

SHA1
663b6080610e3727fd349ea3b3ea46ab2b8e32de

SHA256
78882ce5dfab2c274e012dd83fa323dfdc4a9ce652df06a9655506abb740b59e

SHA512
af02dfda4c999957e53af06b52822f6137112e91f6fa2ecd16acdbfb2ffdfd873f5a9d653d2dd9c604ba9d6ee32c141160081271e09c6065f8c24429ff784a96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
24929962b2fe17e4c31a56265dc80a0e

SHA1
0f4d3d7cffd75170ee571f04d55cda5aaf596c37

SHA256
9aeb0287ab16cf7b1255242a848b13e02634fb5b855d9d2cff5447d7a9926278

SHA512
afb8fb80a4917c18ebdaf69538e76781547e427a0d4e7af7262b8eeaa2a5857e4899ee7e9ed3f60703c5dd48df014069f636eb4cfa92e76cfe07f3ff2e9a0477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
03da138f4e698bf5092b3fa58b67743c

SHA1
f12ab3c5d7d8485465176f00d75a5b30af492a65

SHA256
958f360027e508aa6001694c5158c9f5af4832fa32be5ce214e2896c5d8b160e

SHA512
3e1c76d66d1b2794e6e3179d3af6b672822dc4b5c695cddcd13771cb822d2474f7bb419470ff54160c24a0077a1fcbdd13e7c9387320229d7d9674733eb0c976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
4a6fdc834837fa0a48b5242008db4c72

SHA1
359ca8686639fe970f6c3cd2c94038c634edee45

SHA256
72c21dff24c475f88ae8d1a17ec0b3cabca7dcf942cf6e2e78f73f370b46baab

SHA512
4ae26303b08690d3b0a591609bc43e52ed8b8ed07c1a19209efd88e4b7b895202e4f41142f3c5a6d2f18ab08d076a02e99e1a6ef68e75d7f0e3fee44d9df0d04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
bae6b15c85a7967d865163b1457a3379

SHA1
64557a7821b535e33bfcb3da4f1072f706691902

SHA256
b04a19229ccc6c8dbba26b6e05f8c4ea96ff881e6b4b5b8eae55fb8d5afdf760

SHA512
ea976aec5f755701162a6b0828fe03d3c17ee04499cb2b8fba05824b5e684e3033f40c21051d227c3f84b57416708706ca99ec09521a614ce8248979570bb2f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
a6d89a43ff619584e30420b63185721a

SHA1
a249a1518a24df8379785d9c859e5de4dc3a6d6f

SHA256
cccdd6999272333afc82616e1b31964b0402fc959b198c36ed1f740e6a409893

SHA512
2f2b7cda5d4f811db70da830fd7dbb7ecbaddd7925e7cb3e5dba8d6fc8c699d3e08c1a135c8594eff4cff02434cf7108b754e199dc2d7461227a26fcbe90bbac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
a6d89a43ff619584e30420b63185721a

SHA1
a249a1518a24df8379785d9c859e5de4dc3a6d6f

SHA256
cccdd6999272333afc82616e1b31964b0402fc959b198c36ed1f740e6a409893

SHA512
2f2b7cda5d4f811db70da830fd7dbb7ecbaddd7925e7cb3e5dba8d6fc8c699d3e08c1a135c8594eff4cff02434cf7108b754e199dc2d7461227a26fcbe90bbac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\35e917cb3edd36448504a1863c9174753b7c2800\c2980ee4-49a2-4a48-9652-2608b45ba9ca\index-dir\the-real-index
Filesize
96B

MD5
f70a8045922ffa459b6a60c1286fcc60

SHA1
6e5e7106908138ecba87be7aba56aa988871ce49

SHA256
c8838ed9ea0f4d898d47b9ca5572b6f58a3192a3136d58d3c5fd4c12e23a9c02

SHA512
02f965f17a0cda08d1550c3750693537d4bef0eb6ff4fdfde2a5c45f8cff17ec4897d0adaa3acb5f392e298a7891b5f06a7166ab694496886d9845a5638cd279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\35e917cb3edd36448504a1863c9174753b7c2800\c2980ee4-49a2-4a48-9652-2608b45ba9ca\index-dir\the-real-index~RFe58c917.TMP
Filesize
48B

MD5
ccad7f363f6743316c557019314fe5ce

SHA1
598a5ce93dbe577cb580bb8852f508da1625e892

SHA256
d233d348ea58fa9177db4d3f2fc39175c0f161bfce8c9ed7f784b3ae8f9e2d22

SHA512
84bbc6772da859309c84579a58f541841f8c0504181c3921ebe9f709b08a57af5587b2527d99a95f475390c7f79a7fda15d5a5cf06d72ffab67d85f76aa02942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\35e917cb3edd36448504a1863c9174753b7c2800\index.txt
Filesize
141B

MD5
7b74a1b24c8af6f66ef537264e352294

SHA1
8d726acabcfca1051bd7108c18b954c0452b7230

SHA256
d933a1fafc3dfb8ed1847618824092cc7fa90f7c52db822e0215d418e2bbc9e5

SHA512
efca696616c9a84f88c36ae2e2309078c325010187da6cef8779456021f6bb56309252ea3723d96ef62786fc446960bba536fcf08ea2efdb078a138d64cc8695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\35e917cb3edd36448504a1863c9174753b7c2800\index.txt~RFe58c917.TMP
Filesize
147B

MD5
1d7128a961c0bd6d9d466138885acb30

SHA1
994e8b85e5d7de13c97f853384e90fe73fa312fe

SHA256
ba3347ba3917f69d932a51fb183ade49ccc2663847f0623be3410559264e500b

SHA512
1abea1f294ba4e48eb3917f9887548b500b17dae2c2c8cd9440400dbc98ea3993d7500c117c823c884cfd531d988f277d487f5a0c27fe3fa22016d819183ffff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
58db6fd273630d0e4a89872409657a82

SHA1
6d222aa06c1bcb4c6decdeaa24c3b164a14d6502

SHA256
3130b048f44d459760a3416e95d9965175fd0f67dca5a9495499a1075fd806ed

SHA512
61c37dd7c177fc928f63c3a732e1f230b57d34c7e0ad7b8dc2536fd292b4b46ed4cbbd5b413155b40fa0f3b66b3784353920e98d5ab5533ca49939ad5e8be984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
34714fab8ebd4de6ad0e9b72cba1691a

SHA1
1be16fc69a15a241f1d4626ea992ddb88de6d026

SHA256
46e65bd7047ba1bc57e05c2ab734c1f221272e6898db3af4789aea87d7ed1759

SHA512
7f5f1affb5da0d812da92e77b26399f996a209e059ef453423f932687e4fe2857b625e535cabe2e918a976255ee7cfa99c69295c89ea3af1b5d0877b268647d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe578d9a.TMP
Filesize
120B

MD5
c0d244b355afd8bdaaa5d7decc98205a

SHA1
6c7d1c439892bbdedf09b3f573f80217635fc3b7

SHA256
fbc1149aebe6feb018779312113f81dcbe629d47432c20593d5de94601730dde

SHA512
29126833bb4c543745a8eb62c38dfce7f83584aaffb3f1ff8b1d93431cf8f270d0e67e2c3cd432d806bd2f9c87418829679fe8cf0d03f322384941be4bd0ac89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
216B

MD5
104da60fac9561a23835dc672c8ece92

SHA1
36029a8406290b53d246a437f037b1655c7ebb22

SHA256
8f6b8499e7a3460807b8829f1bdad441ca2b27da41a9ba3c90e22b27c7098eae

SHA512
1ed7f938caa07f460499a742bb3c7d8a65341b609de19c75112c53680468de8186500971bbf16ec0c38e8c522f552323db141c7d8318772a2c3b8d67c8851a2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c917.TMP
Filesize
48B

MD5
ed895999c97dfd36c90e6f0b2beae105

SHA1
cce4b79b54df5cef34b7fc5185cf67c5fa53ce76

SHA256
d0955110d8c3d476593b6aab8067cd6b9bd3c1b21a4658b831620d5ce298b694

SHA512
79e1d3ba37d3dc4df0567d25999f7c1851409d64fc57384f38285b74f4ad819ad2be3cc24959528977813097346296018d9e7136e854d766f4681bc0c412186f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
Filesize
345B

MD5
5c7d7f9985a1ea392e3ae27511666a84

SHA1
cc51d9f77be3af933cf13e95008c3ffe21fcdd54

SHA256
48b3a664d74867f52486e4f466d86e2676e1c8b25c9b4210a5a178a67cdc78b0

SHA512
7328b7f577429e58b88f7d0b9b715146a99c0999e78ae50cc00283df97ec3776e19aa530359533e94c929395ecc5b94e4ed2c5b8f8d3b842544d618c8fd49728

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
Filesize
128KB

MD5
edce59e196ee273165466267d462c5c2

SHA1
7bb795c744b3aae8c4978c00a63c167ff70efd68

SHA256
f5f86b9f1ff74937b03721f83da5b4dc542e212bbbfabe674ad642a1f35bb70e

SHA512
9de9a32fcca05200741380a3ddc9532cc671cd03e21d6b4be6061227bac9ca49c47967f6d090a9ca457ba6135441515173b34b510c15e6bf3e95c6924aece6e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
193KB

MD5
79b6e25866feb2fc41fa5efb77688273

SHA1
7dca792dcc3e38f0f9f6b257997347271ee44d67

SHA256
15b463261e09a5e4a1d98786ff51709e55a58dbe236d2b4b62e0d8ddeace96d4

SHA512
9d32f5a45840988e0804685605e07bc583d8e26e9e197bb498cf9c6b1afae47f971771dd0aec994123b45382761658f3b72732dbcacf13e043b4f0bed931dc66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
176KB

MD5
c1e031da55490cfafcacb18b8a86566d

SHA1
4ca1da4f4c0e013c2786341907023e6c513e4d04

SHA256
a70ed7d56fc89df03bc73bddb191fdf72ad874d4401c58b1e2c894523c25dd49

SHA512
b04b2df5e214c29fca828befd223d6ab2aa34dbf274093eacf55a5020cfde001e958cf8b93c52f15dbd17659f12896e41db8e53e2935f77b6d729c94c51db112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
124KB

MD5
370010979834e1b6edfac5accee8a3ed

SHA1
bafde28820667c8af07536dfc1f51b62baaa55fa

SHA256
6b868d86e5da71ba57bce2bbba9157e89fbfaa22513a05125242aa7958dc6aca

SHA512
d61300885ccc88c27149517d56661b640a4e16d3edbbcad67dd4be0738e0f71ee72737b472180b0721dfbe259d20830470ba3761d7800117454e7159d0f09799

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
124KB

MD5
314b88c8460a935d75595eea2a1da4dc

SHA1
80960790b6923e0e43306688604be822f32f47f8

SHA256
e627040e76b72ff6c6a82e1e6f5c31fd33780bd606c6345c30df63c3dc7f4ff2

SHA512
0a9f3a9eb67ef559c77da9944001b2070993e3a9c4d504223bcc6e0efc5e8938b7f5062d7e7fe16d1fcbd9c504653e47e9ccd0cc7e33eb91ca142be852dfc68a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
175KB

MD5
839697a50d6dcb0b4aa5b161ce9a7471

SHA1
c36c1cdd63700be9f887db93b357c19329479c37

SHA256
fdd060702a00cd81e2d3c792815c1e73817c8375ef823dd72da6b3a8f649ec44

SHA512
a208c657d15d4b911a286e95378e8a1f4596abe0e37cb44ce7d41819c375193f9fe86545fc247b7108deedc3eea901a85f04f642ce8e3e0a9f40179f70a8cbb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
175KB

MD5
ec8556be0431387eeea0f5be4abec360

SHA1
0201b6e98cadb4155f8f936ef15fbc7bf703ff97

SHA256
35eeba411c68551edec9c7f2ab7a77a75c96a2ec1c9daf82d7a530290644d232

SHA512
e9785130ea120665db410f53f2b12c05f29017bf0f02a8c8bf8f1ad96e867544152be041a3f4a2634b0898e2f61fa91508674adf8fee2302002345c01d85a28f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
ba7af67d07798bf43d8806a630c9842f

SHA1
daf6a206a00a0a5aba7176e4a51691967f409072

SHA256
6ed973d8f15265bb7bc5d0d7a08df9e9a9f8cc953a2f5ce00feff43b9b6efc67

SHA512
251cfde81e9e004beb6740553e2faa4e589dcd128300efca945feddf906a98d15ec58dfe7e3fc4b8a03db996d3de0a207f06d49b2a1476d663d5787fbd08e0d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
175KB

MD5
9a1fc63f59f02a4709a813491fe397c3

SHA1
403fa6bde51b55ef1ec9a2e9e7453fb3c375151c

SHA256
b8fb0042d4fad07788584fbb36205187e063739976639fdb876206b9ddc9eabe

SHA512
bf78586d2a9edbb2b907fe4de07af63f838022b75a59e8f12595b5ab925b04d4ee6b9c08f575985142aca572f3e2ee3a317627aa8b7f5bf5002ca85188a84ec7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
98KB

MD5
5b0f04ec27c03daf296f8d8545d0dacd

SHA1
9498a5602956b1141b317cecfca73f300b86640e

SHA256
7942ded82af718fda532becdc4696ac89e39bb8bf22b62b66ad5a7c25f545890

SHA512
c8e76b941b838b0688d013e63845efaea2ce7dc523f10ebd3871f99244876535ab1d7d0becabe59ac7874e0a74977d894891f1b6b30364ebd339ff623ceb14c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
e0273df13c00afd4dcaae66b6217b457

SHA1
8e736b003b36c4509256e25935bd41c9a70bb092

SHA256
41898a7a536b3824f0fa8eebc67042378ea52bb9090602897f208b7e8e2cb63f

SHA512
7ad7d2d492f3fbe56d9a77873150333899c217291845a20d126e49c9df55bf41754bfb6ef3813f51bfe87d5a9a0847392d4a8bbbd3729892d4e87cd915f8b30a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\bdc13839-ad88-40d8-b6e7-16b0ed5ed7a0.tmp
Filesize
193KB

MD5
79b6e25866feb2fc41fa5efb77688273

SHA1
7dca792dcc3e38f0f9f6b257997347271ee44d67

SHA256
15b463261e09a5e4a1d98786ff51709e55a58dbe236d2b4b62e0d8ddeace96d4

SHA512
9d32f5a45840988e0804685605e07bc583d8e26e9e197bb498cf9c6b1afae47f971771dd0aec994123b45382761658f3b72732dbcacf13e043b4f0bed931dc66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4f469564-2210-459c-a524-0869f345088e.tmp
Filesize
12KB

MD5
3424f3c34de25057272afa33aed426b1

SHA1
23b224152b2f034e5c140bd12102e782924c70bf

SHA256
d2bb8e6accbfe22cb7d6529c68f0545a81ead5e8fc5b097ef19abb29ec6d644d

SHA512
7fc857317c4fc10fb7ea83446783b69a29f9c77bf23590c14402890e724870ae4812fc0cac1bbfc7f76609319d883b5babe2f4f5b583f05a747a899cf9c3ed91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dfeee58d8e9ccc6ffa537d5b4782ed65

SHA1
995bd4512e107fe1274eba41e49984403e075f31

SHA256
1a35071ba780d220a4e2d5c2c696563b316ba36993191563953059f70f6ae884

SHA512
3f598ed40475c4ebc65df2b9d1ce35bd29792cd0bddc2c02ab4a1776cf8a814523261bd130118ce5f5b16f111fe060ec185397fc7a6dd5539f442f8fb1444ad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
915f1cdd06037299cb6fceae21e4d3ae

SHA1
162a49f613c49b93d4c53c09abd5b726003b4733

SHA256
4ab18316d70c05edb9e3c0f2b4d00897b865db88e7f50da725e21af0693de019

SHA512
97b1bba7f9a17baca0c681f74db82f5903c53610a24fa80cd39c0188ad33bebf7869ad897c097e457d922fc814c36d161876c21530ec30fe6d7a684baa145a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5262fc2d031cdd8816d851eb9349cddb

SHA1
1fa16fcd98382fa01c824e669306fc2697f6cd67

SHA256
3bc621c2de03850f967970e7bbd4dd6a293126055725ab9a096de6ee560ae6bc

SHA512
a9e4d78233e650947bb6c651e3a6598a21bbe53c1d086d7c390f3482dded0e0673d20c7850554229e269383ab842261b683b441e097354a5bc55cd79589be0ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
570eb7e1299b01795751dcfd65f27e7a

SHA1
322efeb4cbc100f8b42274647cc07ef675a3de4c

SHA256
0f6075f3140777e90e1ab1946d811af7bd1b39248ad4f0389731afe107537a34

SHA512
b7867e96e3b117c1f73989bbfbd2bde8f44896bd7e70589a542f748f112d6a14bb0b963bd45acb56c590c57863654ea2f13e807e2adad56b6794dbf450528364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1f729949c1a85349b8079d33890c4481

SHA1
6ebd4e8cae0d6f69f0393e6616ea15b0a2c011f3

SHA256
e117d29dd0073b6db1667827d1ca6ed7c7ed0f4a585ebe65f2bf0a45cecd7aa7

SHA512
77bdecb7e857bd9e0d24b4f2248a5f9a4474cc06b084dabbd7721a6da9d734bf896bbfcb30744d031c7e35f9ecd9232a2a5662505ec112c46552d65744eb8f05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4f3db8e94315bb29b2b777472226871b

SHA1
bc86c98b3c6497a34765bf33d3e93ad36190e7d1

SHA256
28059bc7779dc2b13438fbbbb03ec820a40117b302dfa70f8e69f2d490a8b3ad

SHA512
34ddd17bd79f60b789aaa3589c7fd4c244eddfd07f792fb0f49a6612b12fc9e096aac27707bd4d6aef2ec9ac6372a3a7cd67c898718852dab32cdaea79198954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b6c35c5daa461ee23e201fd4466da5b0

SHA1
b55b555c7242ea2c6bda042622d307edfa20b8c9

SHA256
41535fcf6800c7c908f350961e3d915bb8cb2e8dc6f88c595026a19f54b487f6

SHA512
386726ee00444eafe5b9e3029cce93792f7ff4d87d1a5798aef40fa309e6693874933c34cf5a5cad5445c30497334745d56a82e925fd7fb4412b74638bb1fe29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce958d2b6e8deddd37798fe9aecacbda

SHA1
6b9d13cbe27447f930a6f1e834bb63e8b9dc5c42

SHA256
b18654ebdeca3932d81dea833ddd8c26cda8287b9119d18c0320aab9e4302987

SHA512
13b69ddf7d788bbf97c88e4a30b50f63a3978b49f6231a803645b783acd46f90e1cb166bacf182905ea979797ea7451340c4c27b86f86c9a0a7a6b1d59c891ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b8ef9f1ffe5a7ea10421e91494e144b4

SHA1
242baf5822b5480b7e5381312d40d8931055ac17

SHA256
5ab0670181dcce26960e5d3d04caa3948b00ab1cbacd4cdd1ce1ff0044ec5fbf

SHA512
c8666ed430f04636b7eddbefd10a6f2643c5e9adef775cdee6c36d9576b6be5fc32c7fcebcd0dfd2bb45ebcc108d7cf40e3271c2397624c54cea5e8593d3b03c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
bd1372e5ea363178fa7f84b09f81865a

SHA1
6a69b3f007af3f9f80ef92b9996ac787d7989024

SHA256
ea32ee0ab8fb132e7bbfc6e24acce06c375cd71444e637b8645f2b1dc4684a7b

SHA512
8bcc20c6e3c724edab8ec40b38039065df7b8e4759c671ade0670269ef839da5b7a707f1a6455e24ab5a4963e32e607b8ec1212afb8e4e572a5064ac6159ce0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0d7b49ed49a73beb4f63f141001c6803

SHA1
ba9890612a1042e9465ca288713c38346f364f25

SHA256
38626da3f18ccdbe5e2742e1bca662ea1a634b04b08d5bbe7b42f990eb72e5ec

SHA512
0348ed01a6271f626afcbc063d891218e4f7e2f4c9ec0dbdafe055869d6dffe694220989e6c806ea3a1185fa3a2f98c331fe995dbc5c1cd20bf7b1ed294c162d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e35d33afa9675d05ef4ae6c1acd54e5d

SHA1
e787ecf6bf5d3b4288c457fffeb7641a670df30a

SHA256
b36db473600db515194ae8169cfae2fe004373e2298f38be7801c260bc13249e

SHA512
17f4d82d47ba6780f2f2253679cec648b2cfe68acadbbd849fbbe2463fb2c2353fd90d7775d21448f1813fb940853f61e2305babfa54b6df2304dbeb6d1b2beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8c118a2480c9434657959b92352efa44

SHA1
2e5bee2c5a6722732df31fcc5cd1c36d464b6c4f

SHA256
34ac95e08bd1eadffb555e3350f5edeede4ff5ee1f6d5ab45a141537c4774314

SHA512
b695a79a5b00a1d1cb6a40c111e6edecbf91baa3f55c64f92d316f2adb6283f386a61828a22214e78e3e366f689f5f1c86eeedb95b31bf61517b6d9d6dea53d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
061387f955145765c3c47bc829359fad

SHA1
0ae207e1f9f5fe94a505d91a101f351a2d45d7d0

SHA256
f9a4debb16eb47aa6efe2adf8011a12e9113f5ed2ef3ddba7a0e1eaef0ec3cd1

SHA512
007674142f71a9ff6f17b5bed5aad44386a14cc8416cccd3467f011b4033fee4acdc32512c8d4780aa031e38fe519d218866d35cfac63d86e7e01b777593d698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3fb7fae801a588ee0de9e4f071e1eb6c

SHA1
e589c0f4146ae5b822499b36209d246d3cdc774b

SHA256
115b80ba92f6e1de240a061ebad5db79bb5d755ec92273243407dd0fffcfc8e3

SHA512
a5b991609e8ddf3f800970013297de43cdd77ffdcddfd793d8d0c02782c3496e9903bf37af04e899aa8f70ea33173c8b7be438c34c7f802395d15c50d66a55cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1fe06e03-dd62-4581-98cd-5e1d5205ae75.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b
Filesize
27KB

MD5
53b5e785dfdca21fa7adf7119fa1f8cc

SHA1
a3a86dfd216ad29183ba5493ae39d45b62f9d8b8

SHA256
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

SHA512
615020bbdcaec3b8e7fb0fd2b8c5cdaf3c4013c9323b6884fdaed5151788e213260c01c7ccd766898ee91612ab6163150167f9cc7109700b571b546e39f7cb41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048
Filesize
162KB

MD5
b81d6636c3ad72c63e532e5180eaf7f9

SHA1
ddcd059999fff6218e98af62dbe3fa9c885a0de8

SHA256
2fb4351c49b47b7cdaa9516237a8b1e690e4448339d09d70a84c658729e461ef

SHA512
4f0b87bbf60061a8efca4906554f958b7c28cf582452e01a8316d8c5ea8c98beda6c3230afff207f0b92d316c4c2e0ca1b4631e7d7364344b4a76394115af06b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d
Filesize
36KB

MD5
83c36d806dc92327b9e7049a565c6bff

SHA1
130e24c26b34bda9c0d5dd66c721c94d563b31bd

SHA256
427afe9d62874d41401d01558d48bec98f26d675e4480b073835576ed1ff499d

SHA512
cf38e2bdf80e4711b759994b0ca8da631eeb11be8bdcbd39c76947d1729951d6a36b1cfd2dff6e55b7deb84e74aa6c46df0bfdbb182ee29c2a1f2d1094b1e319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b1
Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ba
Filesize
30KB

MD5
bb9ceda85c6f582b0f5f9e1f1e2343f9

SHA1
71c464e1023210d5e79828965f49570d58fae799

SHA256
ae51b6d1cfe8a4afacab53daab8eb8e72d615ce5355ea0aa8c36b75a34998cb2

SHA512
601f2eb382aea53257a58df6ab20ed61272f41ab29f10c26fceedf0ddcc15ab3b8aa418cd9606cd319d846063679b55ee3c424e56f3ee4445c5cbc94674098e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c6
Filesize
47KB

MD5
dcee8bec60bc3e6604afb1207a1a1071

SHA1
fbae272dd2c7d5094b56e745c9a20a5af3753110

SHA256
4eee440e9fbfbf184d78b7af016f48bece83f1981441a06e020e93b8dba3a488

SHA512
bf7f3615a4960612331182860d140a4a3fd3db58405112e6429625d5629acb1bcb521ee2ae8ad2ba61a779f9be6b03caef10dc30dbba4e2bc23b88c28e8a3063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000101
Filesize
66KB

MD5
5620578ff61a4ef98cb5cd6e3a4dbe6d

SHA1
9e756ea38fec5af5297033cbc7dd589cf612316a

SHA256
410146acda94082aefd3c01cdb8906986f80d885f0583c0e58eb3b18d63ca6d5

SHA512
1618336bde0396b78bf41e1b554c21facf1e51beb9d3a68a7e2f73828cbeb0753517d7ef1449a19db703b390c751467dc3ab430c491470413e87e6968a81df81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000107
Filesize
149KB

MD5
1882732f7ea7027a3aa1ddd91ed6107b

SHA1
b50782b9d0042d5c413ceaea3a7281872ce3157b

SHA256
403a48f5c529dd4ff49b6469a4058ce54b9ceb427a0b081acd085e09e0210efd

SHA512
aabf1137df0d155906b8a3711f80738aba7c8e83db02fcf64044355da256b8d9d8dc0b8cb3d3b2d60571f1419d386a26629d50b17bd9ac21055f9a42024cdd02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000109
Filesize
117KB

MD5
1efe88c2f74781c4e81cefb6031afcc3

SHA1
8db031984acfd4b9449d9b3ba8966b3647fe54fc

SHA256
f2ca3d7576f43e71e8a25c923d793d705d0db028389195fa7f68e5bfd76d7136

SHA512
5716807b7f2d02b7ada7dc6aa20255d7db5f2f06c3b915e1c8f6a50c3f796f7c11104141cef63a6a7e49ae1a7b93e539a852a16b8cd10c237b43753c787d1f24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000110
Filesize
190KB

MD5
4af81606d4260d6fae82bb81785d2635

SHA1
eb7a35f8d047832a8523a8d3cefd264dbd99b5fe

SHA256
5bf5a8dd3a17e12303c6d6b194151863a5ce02e85c8561e25ee634d9fb7a956f

SHA512
4f7e155de0f37a0ecce724cb94369c9cbd83d1ca1d9c305d479a89747f7813296ebb44732cc608ea7397a5bff070ebbf3d8c6d36b79854b6e379dec096a05670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011a
Filesize
144KB

MD5
dc956afcd83629a5ea76e11a125b7341

SHA1
28ed8cbf73ad213433399fdcf01bf611861e4404

SHA256
55db96fff9ca7104685384f0959c13755ad4efe572c506f4b371323b13cf4412

SHA512
ec1c51922f9adb9c4e7f678548b4f95d2e1ee3a1338c1505c6fe0117afc3c4fac6d0bed3e5b90bf092481fc0a485ed2c909d72b55369e969e7c8dfd6345cc176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000123
Filesize
199KB

MD5
50c608f2e3df7953253c7185f485bea3

SHA1
6430dc0496b91503bacc890ee4111c69aeca85ac

SHA256
d4b3af87d8bf2305b2f4780cdb414e9b13a05f0f4f11a77999fb4555a37b0f1b

SHA512
a62ee0c5feedb9d8dc25fc054699ce53b8bfa59b5d2389c72bcf368b46867cfec157fc32b73210e9a8f896d6bae47d898f9c4a2165bf3a5a6745ca8ad555efac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000125
Filesize
250KB

MD5
ae25e961931e3e275750886a989c29da

SHA1
38c8e2ce73efc75dcbee571a42cd136f0f040558

SHA256
13ac898b056e880e82a513dd26a7aece62543df23cf331551e654c7fbb056925

SHA512
463bbf28a254c4e5ed513e951867b0773398d4af0bcff47d13af16ef18dd65317277a88d6556032d53ccfaff9da025d8e772d5982215fa5ce028969e691bd602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00012a
Filesize
20KB

MD5
842147f829084998fefa7925b79de9fd

SHA1
dcccfef7dbe3006120d5111033da1549118f2bf4

SHA256
f36dba83dc74e070789229b2ad5421e4ab93a247967631ed3daee46f8d97c6a8

SHA512
eefea861ebc1f28b825f046e9d707083e1b09c4d51c7d98aacf1dfe09a4bfbfbcb54fab6c29b0faff31097fd29d29252b7140dbd62e77107c658876dd19ff2dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00012c
Filesize
191KB

MD5
9cdcd97c2b46bd020dd1af2acc34c5c3

SHA1
954a8d5f775b618dfcca963d99df7069ddf45ad0

SHA256
c918c8780524bda0fa023ba4f6110044fcf1a491a79f7aee72ffd98d196262c3

SHA512
c272c4b6135c4dadfd624c752f6c12126e3082f79cff677fe92651978d539d0a32bfb5a26aff53dea8d4d9fb5e10c2c023e645ae10014ec7cf7748569b8342b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00012e
Filesize
162KB

MD5
9833a7ac8beeb8c8d75d666fff9a74c0

SHA1
7c6dd2e4c62253ec97659001180be1b52ca020fb

SHA256
21c84e42d561de6fa34ae3c074d29d766b345a0a04ee96a8f664d9cd6eb06139

SHA512
c8eb7b5e0ba3e78c0c0c65ff68d3679eaed7af37c5b4011958f6309f37e6fac33a33db0fc44028c9ee5aeaf0ee912b565410417e63c0cb6d0b9f58142c2ec269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000130
Filesize
51KB

MD5
83d96a9602d453d066c714ed505c88ed

SHA1
51ee4a3bad2b9b4030a0da9c3c10c9a28668a1d7

SHA256
63e4a4e5d49c2a4012a9f67f3d63ca7239f98c1f0a3c50723df604d5b3fddb32

SHA512
30807c75850cd86ce9f6f24ec317678aca3170e26be5a8422e7ccc9504d9248e173744329c2c05c2fddc0eac91bd4c4e616b3b46cc2d69675e24ab218ebd9155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000132
Filesize
142KB

MD5
b02d195058b9e47a8a26a8af0f549165

SHA1
79e5ccead3cd48b1180da8c4de1e652feaa422dc

SHA256
6f88a07c9ad1225127c8df3fa905af3928453badd30b57ea8692cd7452ee5e2d

SHA512
a2573991d00e12b32253c754c88ed817aff519d061021928d24a9340d305b0607b957400f8c17d9d8e66d12d989f1336f5b5978bb3b1bce7dd124684e9d8aa26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000133
Filesize
19KB

MD5
7eaf205f76cdec8547ec4a9d19af8ae2

SHA1
6b1b5758ea50e73962195ca390055f0c9d7feebb

SHA256
c174b490690562ffdb11e9d30e61161da0fdb86afa2b44cab43b0ec58954a7f5

SHA512
6483c7dd3abef934d27502a9b6df5e0c4fabe4884c7508a4130e8552bdec20ae42f118e103a4c7ae867172234f46c414d0cf169b7dee0d0d21dae875553fbe03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013a
Filesize
286KB

MD5
57766bfb7317b38e9056e5b28257ba41

SHA1
f4c2d5edba2216eabbace967a7cff07694c294b4

SHA256
ee1e8b69d9ae160739aa9b9425dd90b06e44fab37782e3e387936a1ba6eac739

SHA512
53a2a59d497e6d3efa05014657fa303a94d8c1b729893589ce803a0dd2c9f896ab7daf39f5d6e915bda2edbfd8e547df6c4962dae3be5ad931d0579ab8560dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00015f
Filesize
65KB

MD5
b503872b096a0d782a97e9e3d592a3f7

SHA1
5d5c43e5c6c1f3876daf37adcf5a82a23ee3444a

SHA256
e41c887888480e04d98babba7b5062cf2aa7cefda1dc04d10c486915bf9764be

SHA512
245be0695260cb75b8eeaccc9a249eb11848bd96a6f205d80794bd27669653999ced9cd852267d846c2d72fd557a72974e793808cd848993c6fd3a556587d6f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000195
Filesize
61KB

MD5
a0efa5ed4d2876e063ebceda6a5ee1a2

SHA1
06c14bce0a9dad23ab9a94cb976c1acaea052743

SHA256
ada73543baaa7b64d16deb817b39b984d7cff5cd624948c5106f9cb1c8af21a7

SHA512
f6898665ac8b7e20b6d613d7409d5e819c5a6af123ac512f9fc72ba135666b4fad18eeb8369c7ea6ab4a7e1a8671c67337c30e90166a2219867a4d6cceb8a9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000197
Filesize
35KB

MD5
fbf149f3cc52c0e994c22360da1fdc3c

SHA1
71c4a5d6a47d01dcb40c659951b5ce38faf1fef0

SHA256
53e46cc83cf44a5dce1b018be9011952eb7714f2949757cfa2e3efde44112dd0

SHA512
9046410e4bc370c68e98c5c00875469bf667cec7bfb14046df5a8547be292153d3621da4f1bc4ed583b044f739a3e56dd9f0fc70bd79196568aca2949501d1e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0
Filesize
7KB

MD5
90a455023dca4b2196fe149ca96e46b2

SHA1
d955a01a105922de63744b98634371eede25dc5d

SHA256
62d25ea0b47c4c3b4c4d422e07d0c78b3be2a2fa4dccfc2f497b6f994a98af4c

SHA512
37580778b7925d0381a09a09c0456499d4e63d46d606a26429e33e92501c60a0f4344e641428253a2366b2113f83ddd55ff5a380e1b836f79e4fa28c19e3ea8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0
Filesize
7KB

MD5
e997764514095a70ba63ce73ffea48f8

SHA1
19446c779c3c6d6cce75a5a9bd4c810e58fda308

SHA256
c155d863f0017fe3c69acf6b0db5537fc2a2ff5f324cf74a991d453d9d862dfc

SHA512
1e3b3f5188a12f5f7f89d3b7d415af28819c53c98b60bafbd71bfda96323d2f2dddbff443decaec83d0462d36a2c1462ef38bc559451159928aaf4a86198ce5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
3KB

MD5
d026e5aceaf084f3bfdb76adcb08b246

SHA1
ab3ab17fad40502f60786621849b8a0685b55976

SHA256
5a19bb69eb14e5a51629ed66dc0fee10e8687c32fee0aded1a3d77984fca278f

SHA512
f80f385d285cccf998099a0eb5b9a157fb3da6beabd2e7a33cc47c578ccbd00996c1eeff81f9c31fd08444cc311e43f82b2a8ea2f01e295e011fd3bd878121ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
552B

MD5
980f70faf06d418af2fe6b79904f8aad

SHA1
025a0b068857657cde14acb13192218b599ee4e6

SHA256
7e64523a2548b597d3fe9b61808dd0f124ce8acf3401b91ce9060477b975a7e8

SHA512
b4c87d5734720d4db8a31d7e33e13cab16dfb816090805a7e3e778df317feb6316fbf5b93bca73a149896329e773be8d8f2d462ea1eb46ba6f718bc810b1bbde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
59fea55345b2bb5f49b53e4fb3360e0b

SHA1
1a2a656fc84d945ad5c9621061eef89633c3108f

SHA256
bfe41abacd6ec309b67b79b4993e0df7e8b8a8faacf50d7706e69db6ce487691

SHA512
f3d61d1663a1003d5271c3ed0fc5f7b23035fbc389ba71b373f80a5a17e209240d1c3924ebe2e1f2b97b4ebd46b98bd64562c1ce8cf7ea6acf1c6c6ad71fbb3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
dbdfdab6a4fe8798881641f3bad2f4c2

SHA1
e68680335cd00b884ef0c55f8f56cd5dc4593bbe

SHA256
38167c50a4ddcc8fde9973f963f1ffe2b3fb1eb113ed2c1fec1b74bc98c5e55f

SHA512
f6ae8ca75a8c3cc21f0dec745e4e6b763f38974d09b5878c35f0d40b5a334353e5991f13114ecd356b258b3ba312fe885834f46bcdb64e988893473e0e79092d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
7f945291c8309d8ef0b7f2753027f4f9

SHA1
fdf88fee6e215243500e9a8d364e5009c54d49c8

SHA256
68c89ef5808fd068cbf02a3e30161725b7148f892c13529a65aec4fd24edc763

SHA512
e6d554eb35cc71bddf5d7257a3236ee7f39ef733ca8177ba80c1cfc4cb549980af7095b41bd05331c2cac00664b2956b70a2de00aa306592f855c924dd9f22b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
dd82c18c9dd0297b30d1b01f3c4f9b92

SHA1
5819828bdba9c9139614db6e7239c0d7f25b0d2e

SHA256
adc9eb709937fd9484d4116dd80a456f4b4a36329ee7d9525d41c7f4b776066d

SHA512
14664aa2ddbe91315ae72c59b5ff22d833805be9fb4f16bd0a00be1887af725563179b2423249fda51a22fb33ca391f949d71d4098f79fbc82585d3d00a0a5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
840170b9b0c7bdedf8192f62005b2769

SHA1
fdba44df1daab011282f9ef0de2a263296a7c802

SHA256
8326abc677ccf5b3be90588f73634f57004a6995849d790e7276339c997bea4c

SHA512
b576790adb15de7090448ddbe75c645017e031b617e51279697c44dd9022582256c15ebdbe6e7b40d8a121912f7dee5a111fbfe892402a41bfe4310676701ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
200daf7f37f77cff395cac45d581a50c

SHA1
d194e6b21b8512c388884e191ec91e98dcf6fcb4

SHA256
14e6d8b23834eea1495a178f3aac3ecea2737e78c2a4656a76a5acba1226510c

SHA512
122ef00d2d144b6b1f1d72f0880c9d639fe6426127c87000c415b1f93c27c358aff33831fe35c0fd01e7591ed2bd1ee0b87b7e79133cce7a5b22a3f56a4f8a60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
def0fa9299fb5e656beb7c6510efe567

SHA1
cd96f8af2ebf3ded409a0d92d2730a28dc63a84d

SHA256
5d6f3e21d2194c55264cf60f968676d0c96ba57471d3b46f17d645d4b131ddfd

SHA512
700a662bd914308ab86bb8fba88d98e9b7c1639099f4b390c556ee979e191f3c49cb741eb1f83d30c2300969e64fd5af826dc6a646f6449b62ac187751e31aee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
449a736bf7262d6fa062b4fb4bb5a998

SHA1
9e7da3225dc6b6320335a20ae3bd4ff596bbc81e

SHA256
f3894fde39f1f72497a3ae1a0da8cb40fbf6fc8f37aa59b9ca497d6912f9cc91

SHA512
aef99780fc38cc7787534fa315f3ed096eb83c372f0656fd6caaaf2c360f8917d342d5bf7b41bd4647c56b32aa4bf7ec265ae2080ffe984d084590f92623dda7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
213dcad4ca7c1e26f910c03196b40fd6

SHA1
0a7082252c3173c51f60a4b485c5339a80b91f34

SHA256
39540e62ca83d8ae43deabc8a811619e2e15acc25c4c057e910019d0f9c06967

SHA512
36e3fc1bcbc1ecd58e2cc7f61a32a590a605dbebcd07a90c9e7937ac315f73de17b80634a53b16d27e249e4c6156b72835417e1c6275664ab7d76d3b06c22a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
fce4cb51f13a966629699a269ac8c2e5

SHA1
5d462799c4319dab10011917143703a7f6d0b044

SHA256
e27308fb3f14a4505208156116f432690a6d3208985088fca67cdae6d2fb31fc

SHA512
88681fc3378e7b88dc6828bbad59719a63683307f51e520655fbcf67845eb1992b7b3eb97db0fe650b83e1dac2f69756e8e28492a73ad0b2dbf5e627b57219a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
1dd0af3efb2afbf5979cba10ce0c7450

SHA1
389f40f3d7bbfa1e303f7e2a519467f0a8d6f5a7

SHA256
b86cbc5d9d0f8aa8a67099f49a6dcfedca43b6c2ab4417c032dd6b80a3bf88d1

SHA512
4ee805756ec0345bb039b44315e7a8996fef2b2a187b11d25df4aa0d4509d45659cfa8c8e9c7e2956d802e558919731a921ff39acb092dff761e5e3ed03f97f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
5874d629e0bd73769201f6711fede61b

SHA1
69d7df05ab879407393939a9676c8bfcd71ca5d2

SHA256
b834d6e0767765da9cf2964f6ac262b31ad515d0020d6490bc231d140038759f

SHA512
d671ad53607b80406f3b876789d09c08ff9bd0bc30fef1d45a7ebcce0e042b6389d7338589203487de5cef84760bf73ffde983fa64f9916b4aee276c09a6dd1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
2520c968c47affbd957e5eda9d96ef93

SHA1
7abac86d611b7f48c228dbd265161141ae3195ff

SHA256
03e84d2928501e647c19241dcd22188e278e4c7cb814b98fedb928588983e2b6

SHA512
8609e8db9b7e58ecbed0271ed22dbb0184354ddafc85c87c55d484e01140b962ae4f848e544c0b2ddc753dbee0e903afd720601c319fce35c24e4fdcd27929ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
899c70013649a306d00eeb90a64e4d95

SHA1
c3399fdf699b8e7d1fa684b290a01ab786ddd5ed

SHA256
486157ecbd724c5843545f7456a42271f42accb9dcc6d1adc2de5fdf99169b9a

SHA512
58e11484d4741eafc8e9f392b7ae6eb1cb1fbab6fa3e5beb1845380bc26e890d9023042d2a20c6c43f7b26739f9bb6a531407d6925e5cedb4e405af9f14d03d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58db77.TMP
Filesize
48B

MD5
bb8019da4359d90fb7b7bf9e536ef070

SHA1
643f49f4903650a41754e9cbe17cbbd4165b651e

SHA256
db64aed9402b082ae7eaa09578b323dd44a2483c36aef37c41839816766b12c7

SHA512
8007656e17a4ce0db5a32a3ad24ed7f83553d8ce1ff5ca6356c255473ee092ba313c995da4bfda190d2cc05770f28b457597fceca8dc3ae75a31442134be67da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
b54115443983a55c1869bb66fe539a9c

SHA1
f10f4e135f19c1b8db4dfd0d5a32ed93792e5f69

SHA256
a8d624f2201d4abc85b6840ede99b318bc494834fbf0a5d32bc7819c4e11922b

SHA512
d2a0d4af2761b155fefe04f1a163211e3b85a8bcea207d40f14cebb55bd8efd730405aa281e8edeb6178d648091c5b4d13727970e21c584491fecaba87b3e628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
9KB

MD5
521d39d227855dacf29060ddbbe1aea1

SHA1
bdc76ad83fb4e65ee100908964a45aa4e67f98fa

SHA256
82c019efa46aedcaad485189d7599751bb1a2bb34b9f127e7bce5bcc3afa1e12

SHA512
c21626950ea350855dee10006f3542826398a335bc6c6e4a0f2f8b519b469782959c63eba68094f184fb4e627d8438d01050b316abd19745ace3bfd2c2e295d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
9KB

MD5
a45ef72cbe803f0c4825cb2f2d7b38aa

SHA1
0d9899ffc0160d33bf67d267a76c2197b02279e6

SHA256
c2afec40b7de8a7749278bff6187f276da8f5e6c9bbf332ef0357d07d1eb2cbf

SHA512
ebd4bc32e795dee2e4e3cfd5b4e83281938090c70e8d7f3f344bcfc5ead6857f01ab6a0b02d78e49f8a9a632319593362eec06b6370315399d97246bbf802f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
9KB

MD5
815716cc0a7ae6ce3b923c9dceab068b

SHA1
9eb79ee502837b02084fa246ac968b1bdf7f9c85

SHA256
483130cbe0589b2cf5de2f96351b0734615a5cc0f8854b8eb989cb4c85765aac

SHA512
42814f7e5066a53d70be09e11ee1140fadaed927a8ee40c8429ca34756fc09e31a7c4637421444a1b2f4314fc1ca3eb47a1bf515283e711637a247f85ddefd6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
10KB

MD5
2c3d3f3f7cbe26eb1cbf3ff47712fe27

SHA1
87b2d0b5c1bea92fe7f37bb8ded188b615d3ba8c

SHA256
9f04fc91fabeda1903a74bd19ace3236adb565b7d949c5fa03a5606d1f4768cc

SHA512
27f47af48aa113ae77c4eff396a821110e1aa21fae80f6befd21f1c0106e045aec6cd4b87b0baa9f514ef2604ea0062a224d239b3f8cfadbbb358c171fe8d1c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
10KB

MD5
d2c7d54cbafe0211d4f7ad456ccd20f0

SHA1
1764788178ef6eaba69e074bb3b72f526458a213

SHA256
ac1c2b0a02707e8e81a05269e388306cf66bf8ce3b91a492cc3c2cf5bb14fc15

SHA512
ef1ce514137f1df408da49e06adc860938f9c0513a9c70d5bac26843b89deeb4d56f1e7193d91d13ba2969043c88747f36d108238c2f22a436ab504b028bf1e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
18KB

MD5
1d3b9fb3fec25e1032f8f664205eb840

SHA1
6ba188fcd77c33256964abf1f187fe0d975380c1

SHA256
047eba327599b5f4a43ee930e6d238e79714a2351b2fa3f02cecf12fdb41a74d

SHA512
9077ff6798731ec1a4449dd863b4ef3bdeb0a4694a2e9d683e1629e68d4cf86da46593f05fd8c1787de162a2592bee193489f8df0f0e92b0d96ec41b971f662d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
19KB

MD5
08c3731f4d90a927f61fe1c368d4478b

SHA1
c798a2d42406642656fed5f85e9ca69e9e95dd7f

SHA256
b01b2c2fb5c6c102511d2127ba3ee34913058b2729026b6af310470cf4077428

SHA512
4fdeaa4559bd9e5082ee2f98082b9baa30cd48e760524e5781b15c6ad1bc0912d6d17375b028a794c61a3474ae364cf0300437e8613f9dbe18d1d5de645e9978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
19KB

MD5
4c170117de1bb5612bf5d1444f037ace

SHA1
7209ace323d5c467a89e496af69b8e8e09b06df7

SHA256
a121e1deb2f4d749fe24cce3328f9d82da585de24819bf477083b0965b1c270b

SHA512
36f51a887835754fe2db9f61337ed7c3e77ac685dfa9649c426db25f51be4ad1a6e826a69ade9d7b4e23f11f69894bcd17debadb87142b1d9c7d16ee8b526e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
192f7cac4cf86900564aea7b32985558

SHA1
25024e5f3d68d1c3b30c9824055a83e0838cace7

SHA256
90a39710e427785d3c424635e4ba5851b36182a9c5ed1ff5fd9a92feede3b57c

SHA512
af7355b154b2231f7bd62fcb04347651de5a066cf2464e62c9ca9689aa20669cb3c2c11cae8dd1bbf015b61c243fdd3e445c4eda4629142e3ff9cd8e0a5e048f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
10KB

MD5
8ec948e00cd396abd78a45c1e8af37f6

SHA1
ffba668f9373b84518190c4b8eb8be45dc34695c

SHA256
d7f2924a602eda5772b35f3b68c74b87ef1276164fc56529246082a10b8d351f

SHA512
209b8b5565c75179558afbfa33a7d0753a65f72b1849ae4884a81593c945e6f6634ffda8c8d864372fc56eb516c95bc3cf86bbe77dbdefc698ead894b4a0920d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
10KB

MD5
a37f0728e9806b91c0c174c97c95f0e8

SHA1
240315a8fa5bedb5b75d89e4ca1812ed4dc61674

SHA256
612297dca63bce772586f991e146da6c0606f2dbacbcfb6e8f8213557be3b1b9

SHA512
eb166bb195a4224c940adc93b5d28feb10190fb5087f9b97695ff59d3d322cfb8fb64a8554c633e218d47ac79eee7ca2d699309cc67d3e3659fd606f314a682c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
17KB

MD5
96f937227731eb7cd9931011b6325dce

SHA1
e93896e4a2c335556eac4f4580b0d626a106e7fc

SHA256
abbb3738ff8c31b6411afffc4297fada2a5fdfc92e831482307e5598b5716e80

SHA512
f4649d25d46ed856c083cc997b7f15e03b61c2f7a30c9ea9ac6d5b15724488bbdb163051e8e3cf2e1841a2e86e6c834ce4bce45bdd7d29505d2f92797d4ad1bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
19KB

MD5
8a550027adf7f855af2867a59d5c1af6

SHA1
ae77eb26b1e0aff24e72e702276b5bd5daf77ee1

SHA256
5e23f59b9fb2081e1e40216e0ab70ca2ff0b5aa1a136cd4e0952a01b6c16fbb1

SHA512
c7d333b371e80e1fe1354f13e239d54b5360d811e02db3572658f3a47be3d01200adb3bf97de14b351c2ee69d98a367e1e6e0f3f2d1c1550211185c932ce30d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
25KB

MD5
bb9b6447a026d7cb627d9f81fe869bb0

SHA1
f52194c58fa684d388559040e967de4c14419c96

SHA256
9debaeccdae8f96d2af1b51b7436f68360f0d8b1fa65df828b8af927284933a1

SHA512
e8f341018f5d1ef3e85799f786e968382d024eace93589da0ce82b30e46fd903ec0144e3a5086851b783dc7d94480f142cca045af689c7c4f13c86f28990164c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
10KB

MD5
ace7b4e120fda2585b8e69b23694e908

SHA1
531577e6cc476d698928e972e1b9619b2d88d9b0

SHA256
950388698e99976b8c1fd9d04bd949233a5cacc97ce107d194b8368be6970057

SHA512
1847367d58a2cc3a6956174d09d8797d30e961451277627afc908ab4f469af535cdd4ec4aa06b8b8bbbc8674a4ae7126156303614be41fea2d221703d78eba9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
10KB

MD5
f6a4b10d602960b7cd292d3c10fbe12c

SHA1
44dd81535a001ee18b32ef402e7705f50def40bd

SHA256
d752139dec671dde628c1dbf81ec02da1c07ce5ee794e54ff175284e8f9fb73f

SHA512
8ffdd3f8aee7f15f8d921e0b625ebb0ab31c5076b813c24b9578d26bcc8a2847f8cecd54b6ea63a5db876a24a4c9b9b085067dbf9213cf9006ac1fb0bb64a47b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
19KB

MD5
91d58cbe096f4c58876741de60f798a0

SHA1
5c262f6b914ee35243ec4f815932e5e24a3dec69

SHA256
64a6e9dc8d4616ce0310bbab1606a56c4f418a7507bf41541c42ad1b0368f6af

SHA512
24a30efad91289654c2378efb91e4e86c842d39472d7808d2e7119486977184f242866aa31bfca06d56003b09d906bc3a86af495354220f22ce9f34e63c3a6a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
9KB

MD5
6c574aadc5083869177298a2e90b4140

SHA1
9f2cb020e5102239c6769a4de7c6bc08d0c9d940

SHA256
3637ef0efc97bc6da632e095a1c7ace4ef1a05bfaca8f8d4b1dedc646b07139f

SHA512
2bbf39a587e76c53c86c7f8868151b09fa4c930d42cd842ef40f23c7b03485342065cb89ab564efa7b357938a503a85de492fe22ebb09b9d5069b82ced5a95a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
a8deba9d2142cfd077831d57eb493f1a

SHA1
64ef2c60f403a491720038df1500bc8b4c81a608

SHA256
2f57bb715c62d7159cba03b6aa8cc917c44b61b7ea5e025af95d8958b2d44c53

SHA512
7a2fe98a7075f2a4fd44694c59698f5b7a72a07ed2343a2e89c8b3f3e1dba23e67cc48b8357d58e6db5b0fd8e258a355097babe8e87f13eeeb57421ab14c4a9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
265b45bcf42786c08469fc3a4625e843

SHA1
084b4275d71cd8bd097638e8dc3bddb64fb392e6

SHA256
f90682c2cbb23ff2e853444dbb8763b24aed2498a0732b254b91b5b53b213857

SHA512
93eb8a4642dabd5b42ced2cd58d50f71a2ffc285068f13127ead6883ae26195df93f0ae7b69f435d5810642559be61396ac54c6ef2ecaef57c14c0d13baec833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
619fa6647a63dd9f894bc805246c1a51

SHA1
d26b8efa5ff938dbfbf8c3a0f887623a671ba910

SHA256
2174d12edda76c2703d07f60b7eaef05c482958665c554769d9ddfe6c78722fa

SHA512
4d0a92bb24faed9e05c541836ca99412334de3d6fcfadba9d668f6961a6b3d6eb44e45bf8fbb2bbc0bfed3e495f9bde1b5b9f2e32405c4f6ae4ebc00391ec5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
80823895232054e54529ab324d7dea55

SHA1
80f19f865e6e7e9fdb2cb362dcb60115f03388cd

SHA256
819dad8a952e1ea07f1cc5570a0fa2e1983e085480b86d936440fd0c06ea9485

SHA512
79ba44d82274cd58948825c5a84e0fc36f1f5d6d38afcf084f333705dc8f6c72632a1d4defde64785092f875ab20db83664253f56220cba704ffc7155c4ad934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
9fe264a5e36ebe4bd1c49a23143100b3

SHA1
a252a3ea3d6750fc5568ecc8dbecb276dc706b71

SHA256
fcc918d3e696d4e53fa8195d2001c5cc0a5b347fca5adb4b1a3ba9dbc2b803f2

SHA512
59ca9ac08af360c3252db0f258c7adb7a0ad638ea18dcc832046d649a5ee48b45bcc9a94c7c02808da36c17e0cc28513553b83e0dc2b91aa48420cf5065d7660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
0243182761a428d013e45d2fa534c273

SHA1
b3ec63882ef5f8cfe995ac6a145cd1813bdaaf64

SHA256
b5a1ebd8fa6d6d9f66e58b08d01f47b899a0b124eefdd9610795b032b16baf29

SHA512
2414b9dd1143b110544e4e7a844fc646163806f44ba8e6009b9f3a733ae241d75f0402075df8e5f3ef6aecb9c0ae1861b6422f8831929471065fb87a75ba507a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
61dab345ed8a4b79145fb8c8f7165b82

SHA1
aabb212bb0afbf1a02da487391b759c2024d54ee

SHA256
6c41f20d56510c085d16e1d7ab1669eb2cad3e1372cf61d5af89abf8b1115bec

SHA512
e12cd24a282ad7f57e3ac8ff7fd7f9bf28a566fd981080d2d706c227c1fcac5c0afe70ce034663862775792879b1b4a1a9337bd386d577100a1a977a2c2dcabc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
8dd3b1382b4be64926fd5a6e1cfde92e

SHA1
c237220bcbc88d7e9134aaf8c443857460e3d2ec

SHA256
f9bf2a8440390d70cf52a1c434fe0a2e344e414c6c216c26c7f8d4b16158971e

SHA512
2136dc749b7dc117bfd1d7be7254d668781e48c758b64eb217ff0c4e17674776142e14b78545547fcedf0088c1c65de38699959396368a261d03a4d372016f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
5e6427cfc7deb603ae731c0a51bb60f5

SHA1
1d7fd56bff5257550733aa37e3d6a2d2eca37d33

SHA256
1d178315d85d6727e21d9f8f8dc0a45f61171c93c03e53d26aad3e37adfca2fc

SHA512
eb16a0561f7e47c9f4cfb35c6f7de8e48737c7949da2b6d065649e675d693f8b1df507c1e64ed1e9a8333343e5a7c8a0b5cf35f2ff16ac269246da3a775c1781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
61b45b603812eaa9647fdf189d06f5c4

SHA1
cf515e3dcb013a06843244e04ecb21788712f625

SHA256
cb614de6fe64c6f41bfa09761479d2dede0040a4a79f6a4b795f3f8005effdb2

SHA512
b4cfffa626809b58bf943f3e505fb1a38b879d9d2cd4dc5ae03fc0c0e1e2961225dfd836148ed27f040d6dcb15754e46045faa55d0320b5b951d521766acffa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
f46f1dd5bb8b88dc5a1bb0c6f060d73b

SHA1
02167cc1a9f7a2321db993ec99c8539c34aab8bc

SHA256
05aa5b8034756cacd6d5ed0fb85ec0cf4bd9fbe72fad523dfe9760c602e03f84

SHA512
12154bdb0b9170141342a0ec8adf59f11e4c8f3a310a8b9a7d46f3bbf2762e2e4880118b3ed8b3ea3c1076de102087258fbdbb4d250917eb234eada0390ca6c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
ed18887ea70c28f0a65b10ac1670bbe0

SHA1
68029addd1fb9d07ae74f721df4572bfa677356a

SHA256
6a72022742cfeaecfa643f71a9c65cf47c6295cf7a92782e3a4348d68b78ffbe

SHA512
a19841bb09256ca4e69d3bc29a621ac05bcb59dc94d301e0db8ebc2630fa6c21758edfaaa365d6af26ce1b40aea3a86869c952ad1b001cf0306223573022bedd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
bb1d09756519ff065ce6ac63d61f40c5

SHA1
ebe0d0f6cc807addda0602f5f280b8f4173baa86

SHA256
4f34000edd7fe4175504a48f6561ecec6d3bb1cb980b30376a9601fe254af6ad

SHA512
dbb0a2d5ed4724cbd4cd2b0df085c31786bf37892d57fec43a61f43f95c13045da4fba92e062be13344007bb0022cceae43148571828a47975659eeeec312294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
f1ac775b12006cd42713a56cdf30782d

SHA1
0fcd162de095f7a6946a033d1593f21e33d79dda

SHA256
e1ede106ce0e41000effaf9e0871db2b4d728a6e0e634d0b99da6edbbb1a4c39

SHA512
4d502f62e88d8781b3ea7ba26b2b7dd28850af416987155b9d69bca5150abeb1a50b3fb20d0e77fd5421afe97d81fe3394b333b3bb814c774a372630da4cce62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
ad7209d760748594ede42fd16ab51cdb

SHA1
4a5214ad0fe5981739d09c0066c75fe54b7706f4

SHA256
51e83a00c38fe77e745b86e33349ff6c580df9055fb3025bd11e925f2759017c

SHA512
1cdc22bad6603dca4398e0dbd9d78918a51cee1cf9bb400fe3f5f2aa93eb6bb19e07b77bbcaae882e0e37c7858be814ff43fb431796c808151e3a24658f91cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
2b3667c8936118b8a6c55ab433c2bece

SHA1
ed98db0ba4ad5e0f28286338a0e4b01f5c29390d

SHA256
fbb2ff49ef918f76a1a7d8213cbc5918e62c7d6a928fa530306c08daa7dad2f8

SHA512
4ada4320b01d8d6042dc8a1668af46a4fac7f1324045205172d0951b852965ec438fff5367416ba9b61348e190ce040933b29280602eb06977ad97afacafc4dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
b4360a078497297c4343c711f5c05c3f

SHA1
cb8622b70262a924028e814b70f2e34f1068c16b

SHA256
437dd60373f0be1cab0909bf316afda09ea54c5afcbcb5bd38c75aefa32e98d2

SHA512
26e02fe68468ddcdda8f5ffa6619bc24820b95d0cc7dd527e23b8b70b62948fa8384583851bbf2440bbabad4bb9b1eaca8fe81728f8d29416b5aa3d5846d6f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
c08fb6426b5ec240f2f1a3502f727378

SHA1
8c383766581fc8b3fbafca770cd59016f15fa063

SHA256
1ef2dc4a5bca70376cf8edfa5d75ab72daae20324b4fad99638b9a8d662f905c

SHA512
cad5bf00649da82fd30dd4adde0aaa147603c2285b5c241edc9d89342076b2099a4818c4f793a80ab5584fd8939d8dd5e581d2149da4fba82f5d754b2304eed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
3ae6e9f768a1a7d5070bbd3bd56ee764

SHA1
14d036c5e3e2970dd527c6c1a8268d992512d2ee

SHA256
44e0284f4cb14d74fe8e90351ab921c9fcd93c33ebd35b7f7fe20fc2499c88c6

SHA512
f2c55dbf918c1df64b1090994d868d221cf62e2dd71e259dc99531f82838dc0a909b4cac4d3921da5b6a38295211c100442aed99677293f4e11033774711ecb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
2f7ee9ebe8b105cb246e0449d209e804

SHA1
8f4673376c35f47f7dd5ac350b609dcf59154f45

SHA256
98c292603116580179fe7b0faa12bc775468f2ae51e16a6098217af69d5938aa

SHA512
fba0e28e774cdcb5697685ffad08d720a87287d30623489c1d65048287f4ad65e4d049b74906c164d803952ace99c9145d40389b26c37b5737b1e708ccb0b43f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
2a51848182c1265ea14ccd41a761bf7e

SHA1
82e28c16e7968a1923f5e0993b10111a166671ef

SHA256
07ffca21290f86e955cfee3c1ea985ef05064bdb251658d94c5f63f158d3fb37

SHA512
e545607c4348052a8a71ff3dc65ea3da1dcc538e635c369262195fa5109e3ae95261395a8ddd6900007d110a262b4dab5756a56f5d398922800f7cde8e3d36fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
db310e87515cc49b5acaad2fda9edf1e

SHA1
85bffa6e322867568f6b5b6c2806c3b175ffc93b

SHA256
d01d640958ffab718bf0ad221e8ef9c37a7b5205428401ca18aaa437bf5c3715

SHA512
f311447c442128f7da92e526893e576275f3170ccc36a6517da732c9f70a163f59cb0a0b2266ea65023b446db8c629f50560b4dbc8cdcb2781f0f4c76e14e7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
243dc9a898f9975a7b7e32cadd61ed85

SHA1
b72b18b02d00c8dbe0a5306b958f6ab577559f10

SHA256
91a9fe29996291ece307a00aa8ca4c0de785527f9b4b605be2ce890f6fb883eb

SHA512
958cbaf74aebe28d31e9975e651b2ede7805adbdc2bd58a6db7f71a5c6a78df85f76972b197c65bc259bffe7194e8a38a67e1eb612f8d7ce0ea06758d16e661a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
f376a6ac969a71eb99fbe52f59a763f5

SHA1
a2379941e1f3215759250ba4b15ed4d3a8e9ce0d

SHA256
97344bebd9f243ed8ae7ee7d05712c0d23d8b701bc4cf372f26c6c8ea22f131f

SHA512
e79fd2baafa280310530a99cbce2b4b4b54b8dda18540bcc00935e5ee7a3242b15297c77e8e70bbcac4c8226db901884820f30545d2063783b53f2b7611db6e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
18KB

MD5
d34f2c88ed7f91836bf3d9546ff60886

SHA1
fa1efb5c9c6a7e56f3e9d78adf20e84571685041

SHA256
d3ad06bd9c2a672029ddbc0db39a4e353ae40807d267cb60ec00af7b09a05408

SHA512
b918660ceced33f2ade855858b7716c3e2c7e48371562c4f4996474068bd6716d88944981eefed2e7347d06e8d130e33bb2251f1c4ac2929b6171b16e01e8229

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
18KB

MD5
38ab4f7e3c49f54483c532d0f3befbbc

SHA1
3cb1809d1a81e26ac8bab7dbdffd281ead733abc

SHA256
10d5dbee2138564da8c22ecb2bed38ab500e480df6aa5ae36d4d01c613d45d33

SHA512
d7cb2a3ef195c39bf02742dd6b942917994e6e066dfd69c71fa1272356f37b5d5f442a480559694146f2a5719c251e1270950331215b6d39608435bf389d223d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
18KB

MD5
4d2b3ebed7fc63ef66722eae7cd7974e

SHA1
a53cccae44b63e232bfcfc47cf49d9f21cc47ee7

SHA256
0c9eab47e759baf0dec5e1bf57448fb1eab44d5f1fa96521cf098a6c2222dbe2

SHA512
aee0ecc0e07014171a584e67c642567c4028435853f23dd2a21b5bd262b220526976ea326da44199aa7c9de36431b1daed618f4e7babb742a3408b205af6a68d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
18KB

MD5
0b8de16490530a9e2d5b231307468d83

SHA1
9716d884e36afb476c8ac04b7cf7984d9d9b6e30

SHA256
770c20623d9f8584fe779e8ff07ca5cbc1cae743bca77ad4dc7e5a29967cc6e6

SHA512
f93611c6ec64ae185f3ffd25a5777b0941b5b9b077397c61026b2ca752120a6e6faebe69f9b764ce00d923b627c4512901452e55c20581f535f30a3c01e6b20e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
18KB

MD5
10f74aad6d12fb0a1b4ebe1e61d6b08b

SHA1
e7db31a228b44540a12bc2cf5ef63270b1a2e116

SHA256
db1f1a0ac4dc196a9286a673a4a3a487b0fb51bf2c47375c10a73a4ce311f0c1

SHA512
f939bd8c5e01a12b00dab32053269a4e1e028eb179c1ed9f10463cca52414a69f173e87ca9827ab2e1827793da2f5019372f922312bf988da0ecd77cd759b011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
18KB

MD5
1a2a62676680858a06d22922347ab4c2

SHA1
49adc177627c0f5b6a4750f3f64377303277ef2b

SHA256
89e6d6155def1c2530fb0a2714360fe730fc8b1f2172e689eace5fc0f1424740

SHA512
0e5f486af84437e407d7a5503c2ca793a84dc3b8d2c0136d2b742a7a513a571e6a0dbf377ad25e500378217fd477b46ff4ba9b994243747a371d54949621d603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
18KB

MD5
2b13e6013697f79285b2107b8feb8ce7

SHA1
77ea269a5c5f311034bca65b042ee26dc9616c6a

SHA256
bafe5e498e40b6039d6145f30b8772c1d657947ee067b96c21444502399df8dd

SHA512
d0e8a37c7cf19b16965cfdcd68e25803e2becc48c589751fd451e5ca2d0918059e163278ff7dcf71c6a56a4e0ee49a8c8f71fa72e98f61ebe18d3ef5ff1157b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
409c846b71d836c450238dab648f0471

SHA1
2f499604e91c090ab16b6926f27e4802c4d510e8

SHA256
417037696034fd02289b6a2a742b982b0b5f8090ba99c591e02df2950fab0f6b

SHA512
0eb9362d75543c4837906332755a395367be431499cdb6340d29ea267ca0c867eb2885c127207c0a3c1ec2a8978f213d4b93628f052d05e18547345424c830bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
ea5b1e7dfeed7b90ced8f147397baf47

SHA1
504412bc148521aeda14432010793f37a147526c

SHA256
5c141e875eb47b775bc2ba47b2604de0977d225ded164ce665d8e9fc00114c3c

SHA512
502f4fd849ba801ba53911efafa9e11836dba83fa02dfc0c5601c5f862ff7cda446108e783321faff693af332a8fae43c5cc8b375bdf05bbae81dcab9e35715c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
fa494e82c7c5172ece3c6a3ac2fbb8d4

SHA1
add81b7a4dba317a207549bc8e98c4884b943f71

SHA256
e5f6e6fccbac9f01ff5dc82f71f3cf0919509ac70c472676d1b5ee764e9d119e

SHA512
08d9491de01359d3324a7fa0b4a01351e37a2c8c05005e14152dec448f388cee39069a3f9165fcee89d25d6b66763812ae2d52509d28f5835ee4cd6ca658dd63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
47b57b3618a29fd38058ecb9f2321327

SHA1
be3fb75921dae931d8168305120d44dc67e7bf07

SHA256
a868e3b7c3af9a58c45ea5671363805e88d428a329b6b4f3d26cf00fc7a4fb4a

SHA512
83632c9c99564167bf6be7d0a024592a09d85024800c30344d7eb2aa10299518c11d3696d0ea79c2672fdf593ecb67839331a50e776d8e5a102410d3e1702bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
c6acb910663dd86bb86f69f63838e43d

SHA1
f97214cc82020b11c5ad3c3f4328ff00675e4365

SHA256
11c8f3fa1bd62a187ea6e3f2386d963cd62badebe677dc36038d36088ee63bbd

SHA512
6276d311cec300f4f3bbbd7ad24239ee8e42f2a296dd6547fc0d41e05d8abe42d379e9532a11eaab32f241533ca1900ec92f632a2b70d25d15dd24f8fb1011f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
38cca894efc7846274c4a37949e3e8b2

SHA1
7b6a61614d10d8586011cf92266f353581932f4c

SHA256
e2e0fcbbbd5c31aaa92752949d1d5062926b9b9ea06eff212d46c6b42a43a692

SHA512
a241a4015d63449c1d9ca69a763c657c1f2c6cc9dd0bb897dc3b8088fe81342e3efd5a4e71c48d236d02e236d9c1302a6abb4e216e035a821a3a7e61d7c78353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
edbdccf95a138bb3eaeaf80faf5871a5

SHA1
b939050c732c6f7c2b74c3a0c7a7fb6c8ce1feb8

SHA256
09e3eb661a54f16292911e1290e5fcece7cb4af44afa961621a72559c09e6064

SHA512
a9665d0ee56bbaac69ec6fc923147d9278ab4bdfdad10d53b9e07d4fe6ce75fb8a35d949cc2acf270aa626e5fa8da40661d1508813465e8f3fa23acb9e0b3497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
23ed5d7c6c8341a4a8447bd2224dbf12

SHA1
51f9ad8774b75115ae6f17c7cb67f44f0ad077c9

SHA256
0fa1abf2580b671e49ffe57edf51d4e2cc08c44b0a5c216b0e2706fb4d81e1da

SHA512
331c764e186d51c956aa1786bf9f4849927fad6b82a677b2b21b78895366f83ee667babc081ee42149fc54ef817442b498c38b20ef3edc566eb67194323a3c3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
096509919f470589fbbd7a558334b32d

SHA1
ea79a99d4367cfccc120e00418bce6c17052a775

SHA256
7cdd99e9de2b787eeadfe79187c37947438b6d424bc8fe076b93b07e44977c14

SHA512
c5327e56aa331a7f246070d5621f506bf0a8f1e02b748d61854e9126809ddede1b7a5d2146584d87ee328193959e6fba64f952f3f0444ae9a0b26de5c309009b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
d9bac0c9c3bffdc1663c0343dabafeae

SHA1
74b6c0327ac5e241a7ff6f7ab79863dd8e289717

SHA256
8938bdc47867b8eba7266a2081da1bbcb3bd34b1832cfb1f6dd199e54427a113

SHA512
9e7edaf235b46ec0d828626feeeec1e3a398066bc0999d16794d8437983b27b19a2c99ab8c599d760d9ceb6ac8f127a1bf256270c9fd879bc3fea69c3d71e459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
5a8a652dceab0357d9935bbbad69ad19

SHA1
af2dacae84630a47ce45ed983fb1929f8327c05a

SHA256
7d63736eba710669225665ef382e32e58c2a9a3b671e2535559728cc66216089

SHA512
b888f1a5b171a46c008f8437ac65387e8a23d67144dcc9d6024e0a5586402aeeb2ca401e2d2c4accc487e1745274261d692b91ad281fe17572ed96777be49622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
8b20523727cd9d7ff32c0e7693153709

SHA1
c043eb7b7eee6760adf1277c63d962ea6b29ab65

SHA256
203337e513f760f0f832ee8a8ae79cee40ade2552324e73d7dba18349b520dc3

SHA512
129f5ba1e00e9043c6cd11f2f9ab899a51cf783ed26c202fc867b9441c6c615c2e52a7e7d23076d79c6c1534e5d43fa6ab9e3bcb4e43c49ea0578d9d6d2eff16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
34a7d7ff05d8bc463bda2894613233f8

SHA1
e8fd94e4aa968c45ad0e0d07369d408a592f7c82

SHA256
6f7f878fbece63c285b4baccde344d90b2b8b549216883f46b4d4c66b29bd1e1

SHA512
608d08a8959e9c4d7f6ebde15474b75d28346ebf6787d52bc61ba44b4b267a52168f5a60befc33907209fbc245e37aef81f357f3822161d013bb4bbba2811588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
b64b7030a6631da6197cce471759d8cc

SHA1
67f913b7254510d9a1d5d15712028bf8076e4d31

SHA256
e31909531e828a51a47e9897827659a331e55422a66856aa7c8cc3ae1b198a05

SHA512
14e86036ec488d97f7a5b2c649324f91861d0a16d5a6b239b728fc2716ae3ce563e2fe6250fdd78c3d30acda4314ee540608d7b1a4087dfbe6149d8ba6452d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
c393a8d44f3c038d6cdc8c5c04a28a7d

SHA1
c11421196d399ea1e7c7e454a5a7cbeebdefd5b8

SHA256
5a3ce513f1008041771ae2c47d2309498b6e7d6f30525be69ebfa872257d7118

SHA512
16ab99192e8bbcf90620936d61b98f305de152df63cc69b95a11e45c73933006f616956f28b3c5182b265a99d018c905d998633873cffc265adfe888ba2a14e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
2cd384e3b42e4c089d17164e5dce0a6b

SHA1
c5b5430c1bd824f6202857c33675839b65d6dbe4

SHA256
9bdae37a9279df946e1e0cb006560845e1a38864eecd49bca51f5ffc03ba1252

SHA512
bb03af1b1f31ac1606077e083093b4353c45e9f28470d175248d78e0f748d06a689631e96b5e8cc61a8366e3dd6951036041063a77a76906e67eb6bbc259e7d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
21KB

MD5
4000c6df8aeab60b70875591389e73d4

SHA1
58161c5d6aaa62a3eaea97d800de02f6eb495654

SHA256
c5d0dfb7707402296559891229fe5741acb6dad16d10feabbd9b2d317fb4c631

SHA512
e3252330be89c547e072c7b276d9775acaa54aec094306544dcceb7199b74f51556c248d8c4d3758a8271f192d906de105ced5bfd647374266c46d6b4cec267d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
22KB

MD5
a118b31a6d85f19d48bb5a4727cc30f4

SHA1
bc5249bcc2109c385036730f1ddb4e8e1bdf0282

SHA256
e96634c7d2fff637e2da1eb720971cdcdb618df125af2c983e90e33098bf2c13

SHA512
75155bbb26eac3bd04430cb2e124b22975248a02d8da11e77618fc51025ffe3708776e29c4fe0136773f23e6d2f124553cd2fcb8aa358ff9bfc23eff1879935b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
22KB

MD5
9ef64dceac5a924593d68e8810ccd898

SHA1
be38f7227273b8b40ded2b63a04da6692888edc0

SHA256
e116d7ec27a8fe78f26aa0be196b606075aa1e1f553f12cc8649511b89b290d5

SHA512
441593efaab4ef8fd1395387823ce8c52b257bc1fe47c0a4c4bd6d6e54ed7ec56443f1d11e333ee00e7634b75c9bf1b82ab51e23b32994da2180b44f36aef63a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
22KB

MD5
a969a194874a3fcc86a5a710bf4c7f33

SHA1
1fa485755f4c8b0797e5409d60c8bc3f90068093

SHA256
b9c78a07ae5b69b0ec88d9f5236752759663af71bac3a919f2ea27fbb5f16c34

SHA512
807f75e4fc1486f5c64df747e26c4c69b9b6a2bd122c7030e81af749a3c1118373162781cb445cb3b68c3c08c99761e520581d38496d9f761dc01b477c338b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
22KB

MD5
14d03553425c8129f43f952f0c5347c0

SHA1
39cf97f7c89c700e89ae87ce4a6cc27a6dd70b54

SHA256
691703b83e6838108c4ec803bfd1796371b5dedeebbe15475e520ae9dc7363e1

SHA512
af394dbd23867a751b9921d4c50165164a5dcb8ec95840c4230278e00b883513dccba3232e08bc2f8f1676c92e23954cba88551324c2409ecd2a033390a17f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
fdb24eaae09df8c0fcd26c548f3596bb

SHA1
3636ed93a0c2ef27d5b09578d118376203e4a1e1

SHA256
5ba33fce201e3276a11c72c92fc3876353dfaef0432e9c2ecf2a3042591a341e

SHA512
3544d620aca22fb6bab2f6baed271ea52874bf849ef826a804a883d56e5bf852feae84b922c4ad81d031ff69ea2dead53cec525efb93a451b629547dd4758fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
2532df3005db2579cd6d0ce17c045173

SHA1
6b589fefb01e74b13851515398239836697ad085

SHA256
4da2e6ddb4fbfde9f20f5038631d224239d1f800152b612cef34d0b5897aa0e7

SHA512
567f5dedaa641f9f0e2e25cec7d0956c7da32a83486859ffd58a4ed16e4b983aa1eaa28ad96f6e6f5b4f815de01debd9cc95b62cb79c1d4cb43b738949841ea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
852213b091aeca4df271700bdf96b277

SHA1
9c7763da1b6efee590f7522ea61fd86e7366fe2a

SHA256
a08e5662a312909cd573050fc86fc7ea3473491b06c1a5704b48e236b22967a3

SHA512
c52e1bce33ddeb117f2db9e6d4216bea810272f4d519d84c40634743f536d10ad0549f6ac72beb7a2f578a54ec20d0901cc59aa6597ba1539e63dc26570a4312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
5a730770be0107d82be1ad686590034b

SHA1
a4a1a2bb9682357993cac35aa6fce1afd7788cae

SHA256
0f1542eaaaa94917d4fa2b9a5a361dd3879471955235dfcebdb912e6d18cef80

SHA512
60295b5a68742900a11281248c77f38922eaf006f0e312631b2e2e1710fd653309db21e679e505d8169da4e3135c43b913bc66214395fb67f492b9b24e88ab7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
18KB

MD5
2c47c869f252fff554636e269bbca774

SHA1
d42f57084a0b77c0d83fbd386676bc7b9db27230

SHA256
967315b0d8b1762e7980fd38d60927fc607dc35d955791fa27efdef40938283a

SHA512
3af43622ffb8b7d502de749f803273b5ab0c58bd894006ba0e89ad0b73bb226df2896db9956a9c0a7fd3aab54bfda24304532d14f58f7392b2ef04cb9384898e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
18KB

MD5
df5c971b5f1d2d21a895d5b64ad6fc52

SHA1
b77d859160f8b8960d9cf8c99912a8abad219f1f

SHA256
1724c9056df75519c48cae95aa059dd4ae76a1b8b4b101eec07d04b35d8db3e8

SHA512
2b976a7f0d0f770d3c62e1c46c18f1eb85e1b0529246702269d754ccc9aa7104497aec8220103058de611546f7f94c8ac7d06e9796e1bbc7610efb8a9e899c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
18KB

MD5
2db49e3059a514c76bdf16dcaeb90180

SHA1
2cf0e8edf1f96b4aeba3cd3b1bce18ae707171b7

SHA256
da7ed14fa471659e1eea98115e28c5125842599e830e2f988f5d006d9fe16667

SHA512
0ba1419bb2bcf32e9f9f853d06c3c1ed7a29c63ac1a1b6169c5071bbe486aed06d93693f16add25ba8fab93757720ad9bc79e90ec1743d6c1ff78c8ec9ce8f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
d70417b98ed3c588793418898a43fe9c

SHA1
c53e9162614b3aa4c4e7639f549ff1f390699267

SHA256
5420dce88382c8c2f82efc331f0af483f843fb6b131445e8b7c1625305fd3366

SHA512
a0f138885c12f7f7317b4ef4759c3cb05ce1539e034c7a427b4ad91c18fff2464d423dc995d2cb58ddd287785e7f8190fee4f41cafb7faec30071631cbee98b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
7a020b21cb2d17fb6a11bf08a3237212

SHA1
36152bb6557643fac5ea864f3e1505734ed9dd07

SHA256
b1a11b6f18b6b92831a91778d95427afebc70f2364edc980da3a9c64b8e10477

SHA512
da944760db06f4dc2ed4adeffefbe59246d2ce53122d3c21f22a698770eecfcce1052efd5db8dab45a1c4038a57de52835ad02a8e61d6b2ab8900fbc52d3cc86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
ee063f2a298473c705c01f3548d62f89

SHA1
7d071092d533a8723fdd575e8353f0ffacd56f5b

SHA256
e3a594b5dad4b17cf194871527982760876c6c3601d9f21be1829f926d9a96f8

SHA512
264e5b60dde5d399bf3cd103b96b28f6c7a686b5717e16b437125e570b66a75088735254bb5769b0bf0fbe699ad13d1841f012741058784f21aa416e050b06ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
0991edc49337eda39c0761a1c565b5b1

SHA1
506d275da942a64f842d47898a6c9fe49793c50c

SHA256
f44885fa6da03a3e025639d6c466d8fc8eb758ceb43f237307dfc7a56374085e

SHA512
7094866338b22b1db66185402564034efac450dc0973ffa014fa3de93f25ffb6aaf35fb131c29406f987a18269a7f88d99340160b1b6572756edaf739223d0cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
00eea867c7e69d3bf1160102fd183889

SHA1
2aa8bb62e034b564dd7fde203b73d6d45c6a1254

SHA256
cdd1a3fe653774e36c206f333d1c964fc95acda104b4d3fae6b9ac981f0cdc17

SHA512
5f8d4ea42bc5b53f51c1f269de4843fa7d234ab857045f638e23c937f5089b8afa5034624e72f288417d2956d2fdda2296fd97060a36b43c1228779500cd92fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
09f20afd5cdbf348cf521b0ac2ac6aac

SHA1
0979a52242ae14e159fee033432f88f8ea3bf27b

SHA256
d452b403bfcfb7d85fad352ffbad4293cf60390c6aa81ce68ba410b5d7175eda

SHA512
82f93bfa227f346bdc73533c92d068348a395a815a15729d590dff26ae6dacf6a4994a16e28ad4e77bd3be326e7243aa811d02f4b01411f01873ac7f0776f776

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
45cf440747a5f3c181e17391c90004ef

SHA1
9d016247095ef6293a665f5344e0ebff019cf2dd

SHA256
640884b557193de80490932b9d3c1523bcbf5a88f7d1b651be14a3dbc4e8b7c6

SHA512
75d4724b7ecae3cdf64007a6a0fb17c52d5a8fceeee85f17e8ee797cb8419bb9756cce9e5cb3db441ce0e897ae1f54a616fdf8ecaca67226d80eb7f26f406d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
8c072ebc5d2527e61d68baff5043f7ed

SHA1
e3effc431841bbee79bcf94dc042787744307071

SHA256
8eb60c0ab79914c8c05bb1d702d3cc566993ae7c196ba7b44c4cb687244e7ffc

SHA512
360e5191a859e316cabdeee66cfbfc0850a849b186a566c56c55613ffb5c28d2f09e19375a32658a0d2c96dafa3e4b6284f8a68eb480575d5cce6307a858539b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
c7d319d6049fa12cf1ea19299a917863

SHA1
67f30361c9b69bdfe8ad07d283a8fc2312259423

SHA256
3b5e0998465747a00e189905c451b8a9eb7aedefb58623f60917cd1804342aa0

SHA512
852f4c5ddf2253a34b695aa80c31c7805cc14d28adc7db878621ac604102ec6a2e81ee9b0be61bd55c5b63383df7d8aefaea4094ad6b0ce00596a709faf29965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
d48523462da5b27b38bb4f6a21139624

SHA1
1eb7823f758d78045c79d03f21d1ac0cfe1a263b

SHA256
60181f35fa4a9a51234dfece5493195db559dbf3fdb641efec58296052e30967

SHA512
368e65fdcff23bd613f2ea8febdd64647e03b9aba42b3e75b0da45c13974b6c48fac23ece83a11a2eed5fc5362cc847baf151e8396939a444d3fd73842ef272e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
5fcc95769ec90fe1cc0509724f9ce80c

SHA1
1942e07a1bd6570d04ca9c656a6f5af49ac849ee

SHA256
94ea391a5d1c991ef06e143f5ea5bb5665d4ce14ba918ec33df3982151d2b64c

SHA512
7d74f4e282eeaabd1b02c336c5aa8a30c947a696451b0e3e6af02d078b2d45006a0a84775b6d59f38718fb12a8deb9895b3c18cdc372eae73101fe1c1264c943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
9776e2f138fa9aaae2a279b2d7b91fef

SHA1
d2e0d2bf4ae52be376e13e6769d93eb99f49c404

SHA256
7c0921c7d56fab3d764499a7706c25f55d8fd4c1902dfcbb2a8f15c5419e66a2

SHA512
3a5df54cba817172dda6a045df2c011a6cfab87f534f784e4f08fc5d76f86d49b59eb7ee33f34ecad297beb9d1a09b82661151e676e2139f9453afc0013c3cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
4b8db8a62b87036e0dd3b8d9ad60530c

SHA1
7f37ea4548becac6d1893861a03122421db2f85f

SHA256
671fec955116afe278e5fd03f152b9c3cce6bc5bdd9d90d50df96a2c29fce48e

SHA512
f0dd7258b54cfd2df82a34f170931920f1c1b427ab273aab94684a8d89fb1f3062b44301e417655dd8372ff939ff994c7ec6a5a66d424a413f10fa2822954868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
b2afa39920ccb6c57fd556dfaa4c6629

SHA1
2a838a3637e315d2b5995f9ba18c59cfe8c6effc

SHA256
156487e222fe1d3bf3d9dcc5fcf361ffd73295f1e8dad51593dee354ca5f1d83

SHA512
e5b8ba1120c7ab1372814b6fe708bc5eb70fc5886bbacfd61927d44c77b682f47d0d2d010dd0e54ca2bfd2ec0e5c8f8edd323935ee8e29905329b0e586fb8d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
18KB

MD5
6d496b223fa5783f8b7ee6541d4fe97c

SHA1
c77c2e9a3ff4a72b7979e49cc00ae38ddba6b9cc

SHA256
237f18a2493897655ef5471a33acb4e05bd8ec4441453589391ad322eb632110

SHA512
4124c7074c7858ed46bf826c054cbfda238e290d85b5d8ae0d830149c022be193447f464f5b0190bae4bcc5de2e588045d24ad4ce8fdd77bc980dd313b442696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
18KB

MD5
36f12de0303aa62ac5de70ac8b671c8e

SHA1
e4a6cc3a1dba5605408ac9ae7d1558fa12d4b692

SHA256
e556b38f6ab06cb4b71291bdf4fee9ff9989b25c4a91d6c4249875de4584e4ec

SHA512
6eba48614337d29667e82528be1255af11d9962083237d35771659f339e355e5e48e4defe3670d6f1aac9a213f7d598df982d386a9b7143ebc1d910e0e3abc02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
20904a3236bb109a1a4e6152e868198c

SHA1
4e0cd2cce2357e8e7d9a796a54ec1e62cc87ec64

SHA256
d072831ea5c02540b9aaa3941674e5d7c837897a605dd90818e057d44bae56a4

SHA512
ffa325f9c1b6b753179025e1d7270dc0a054c4171a8e33802f9e5ac2b40e6de30f5bd8e6bf0d21b36787cb1cb24d1f71274d09c35df2339110466e601151d952

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
2dec4abffe007b3b1c1a09b76110b6bc

SHA1
80c37b7ccb6a5740b9ca80d43bb4e99415068a11

SHA256
e779ff6f4a263fff5caae87008272b07bf41967db8acd3e014aeb82814dbe492

SHA512
f1fb6c3a86dd63b0deda88de65f2ce5747f7379a72500ecb21ed46d76e8a07aec5a13f9ec5357013d194fc0b44a6aa8d1e29707b5aa46f654b1621f5df87317b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
89e39664ca4df96ea4589a7444cd0e21

SHA1
8c4a3155671cd735934d18dce5fbdf363cab9dc2

SHA256
dd76fb456d363ed125de0d91109da59f19aa60d3fef2dce462fee6367afff384

SHA512
0511e0f5a45fab981414ab9f360014132dd919be18d2999c48e9c4cf8c6af7d09468f38b36a1169c347e8e091e4caffc56435f6c740a1c6760165b80a3f16c39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
ae9e86d5d6bb9322ab2fa77e846a8eb0

SHA1
58cb46d8aea8e2ea88b25895c370a38eeb953812

SHA256
c8e12a83831d7c1f8bb4d9532d1d475f2c4549ead5b8c77c388e93e48b2e4315

SHA512
55199afa63ddfcc4b9e181429a14b6c8293c8e974e7b63b7362171fde7f2245dc8a874258dac83f1f7104afe49f08ecaf51204938ea1cfbac7baba0bd62c49c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
de90598f9c74e2e876038614b9dddfc7

SHA1
f9904a015b17fa1f8805c90f15061bc30d5a4f49

SHA256
9aa15065058ec805e479909cd1b6503e170f11d1149a322f9be035207f1558b9

SHA512
6fbf38f8dfc08ae1aaacdb5aba68f5842d7cb582c60c11c9eec33c3cad1eec60c3ccfb17a6b391443263f3abe3991018260e8603c452588d0237bd6336d17da6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
54f1715cbbfd8132b4e90f89da438d71

SHA1
7b7bf64179e131ff7d91134c759bbb7924f11da8

SHA256
e7a6004f096dafdad8ad8e2ecbf69f02c46efe0698022752a1afdf3c43a3bcc1

SHA512
c5590c5a55065358f36d1fe2a9717dcb7210281fdd3432a31396fd94166a64e178abf7c0e3ec2114c21ba3ad283e3aa75850875894eb97ae9cfd2e9a5390eebb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
a0a3c2bec4045d6a260226451a67a65d

SHA1
af5a961a6755dbb57477eb32797a2e37a132ca47

SHA256
9ff3fe214635c8473411ced37621ca354da9a8e6c95b38a6da287fff709947ae

SHA512
3a6255e6d04a326da21e217e0f3716e868210463b1edaab4b1274863d2855592a103d3f250f2a8ea4547cd2d6b0a9af7a31faf1c144dda9397ff20f5dbcd50e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
ee23b13c791e0d2d1d8950abd0d728d9

SHA1
7178062ea6969b3c45287b186f01534eab25db15

SHA256
269dd682875cac0e8503ffa9606c89f91da4ae83e1dae89be029712593d86c9e

SHA512
ce2ef7272fbe60f828ac5551193f0a8d828b94684c922fd866bdc20eec9df0b7a9fac03b3c2f6d69c7f22705eb61670a790b822d3b47f41dbd4cadf5540c41b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
c9fe4001a3b077eb2080074d7cce3084

SHA1
125338d8ba4359157b19eb7dd04267321486c430

SHA256
96fff88456424a0d2861c3163fdd3dfcf0d71f86e614ce742c857ca547fa110c

SHA512
b788618f00f7d1f9cada29bcb34fe6235e1b9fefeb861cf35cc8824381def58d9adccec8547b9ce76f7226502abddd5a276bf873bf0bb5674805f03055585d1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
18KB

MD5
024af90ef0c9890c4ac102236377f45b

SHA1
17c7442d4b22d6ac20918cec2d2b75b9a0489399

SHA256
39d2ff8b79c4c2b1a7a1e28f81607843490b556add27048e68a88fb4d04354c1

SHA512
917214b18a9347b7ecb0f5736b34f2fe5cbb178f7cc5d40911fcf0de8661d0f432de514db6951a811f9d6524cf343827ff8a56f35bca0f4889bcda7aa01014e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
3fba8a09b363dd8f3d2cb11632b9b4cf

SHA1
648e2eb5c1fd1da028894b11025cdd2e428525b9

SHA256
77663d9ab43b1fe7a9cf3693a6b3d8f82f0a920675df1083d0609df3d393e933

SHA512
8f3db111a9788239cb1a1aee6e4824da5c3eb93188ab055573e96c89ce42ba8d172ed9068eb66ea8227d6e5314d78ae42c568fc388c6cd38f6bf4b80e0ef5f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
2545de0653c7452511ce89b9c28c40e2

SHA1
c6285cc627f47f70ed343f3f4573f1093a7da6e5

SHA256
e6f49f5fc7245eee63c18af0dd8db621dcfe496c24953d784840fbf6cc474217

SHA512
e5336adb49171041130df3a487f891ef8e155692984a705c623b1ca847ab811e3277040333c428d0e5596a718ee4ce64690960038b06273e68bf2564f5cb7767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
b4196c64ed4541c5ebcef1d0aadd1f9c

SHA1
d418cfdd2579cf0cd9ecfb71015c1485b5a39c0c

SHA256
40130302f8b407ff3d98ec3b9978ddbd1cc5520e51c8652b53558ff0d1afba47

SHA512
7275a5d2ef241e8930f5f8a9250bd029f73a5feee5c7823c75c8d6fd43c3cb15618d9546af9cd77e23ec13ed6f7c17e92b0017fb122509c15100ffe2e26dd540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
165860ba1370c2995d6d46994ddec26f

SHA1
9fc0bf7464d06f5d8f098c3a15fb76a1e0bf8f26

SHA256
29ccf1e92c8114c64a29b68e3e5d290475101e04f1af6ab9741c1f3e070e3fbb

SHA512
656d516db7cb625fe390a26c19a3c9304b591daa1229b21a508440cf03c20452d00ddc9c4c4a05eb0f7ccbd73993e47ee0f2c5d4a4afdc49a9477e194f3fcd07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
959ac877709b8da7fa79b30291d42183

SHA1
95d19d1bab708cc1db086fe118ffd8fa4a8d7ee6

SHA256
c1bf05e1d1d1a0177a0981f6e2e573e2fae9ae47b857350120d0087bc008b554

SHA512
7b354ddcc3b102ce9eea12f88bb526498e521ba83f68c2b35bfa226ae17ca499aa7cb8bd26974ab0bfddca07116e20e7a6423e6d2cdc01b2d014d6b451ca013d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
fc18226d0ed5d5b860c0162108cd28e3

SHA1
175a94c6da1cc4f985d4a764aef9c1dc6974af14

SHA256
18efb32cc0317f14d6ca1461c9f86a578bdad1d8f0684ecb5a4d4e701d289583

SHA512
b34bb11be1b8577728ce2e742910038b5dc2c074d9beb47c3a862502f259651150c881e13b483e4ef451a4405bb16e1c17072cfa2fcaa4b2247957e5dc5aa647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
ac86f1f7dd514bfeec3b3737b6d4055e

SHA1
512c0a39b1bad8fe9bd812ce72b304b407954b72

SHA256
c120c4ffab7cdd999ef02aa3f2bff1f2f6a098523f122c6ee1116b3ff123e235

SHA512
0d91a8df9a8868c1b937d885c9c405850f9d7ad49f982a66f609419ace6c9fd064ff25e09672532ca2e04ac2fb16dfabef58527c05dcd04693307e8ab339d194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
4aeb2220b04cf916f345bdb07999d349

SHA1
924ba6638b55603108e1ce6db4bcfa593c6fb8b8

SHA256
f626f3989f1015c8f3d1b789949948bf2fde536f23220872390a29d162c406c3

SHA512
0826ef3abf1b4f2cc8c56c7377bb2f6c9a31b53b642b02f877576a58c1efaf991d160470228e72a353fd3a0572544ba48a955067e6653df178c5f1ab7bef8de7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
8402f1c8dc81a7d066bd8b221f6a0470

SHA1
325f4cda2f6e0f185d14b3cddf54703c22db197d

SHA256
c87eeb981f284b51b15de0ca8c03b122b4c6e254a683374d330186baf411ba40

SHA512
bc687006540d61c550f5fc45cf6573138f7effc785d0755b06ee9b2f21c34128ac828fc78d0908a7563cb41456aad287c01a762abda4c500db964bcd3e92ac3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
b81ceec552267bfc069d3e045393f5f3

SHA1
752f6ed8c52155f6bfc568dc1f0498545a6b33b4

SHA256
8eeeb378bb941633517ad1386a185e764c755ed8bc98f84bfd9f92c81d990129

SHA512
204ae8f203aeea5684375dd923ea5594c5bd1b1763cd2f899fc61c33e42e11be8e2bb70ae299b4484ba46f7cb3fa5f213da48b4603aafc3f8c770ded389dc5c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
f232d437568dd9d6ab237a5b26c0bdf7

SHA1
49704d4a5e9593a957ae6e67520c83b49853aece

SHA256
b8a949c2ea8e9ae470097b77524568203a4c9db5c146953086068bc2b1a01e66

SHA512
c3bd053d9bee889db1c57eb1a22d375c900d5d1cac0f4d14dc018def8e6e837440c50117b1e49d4f93b1cf7283930cbbac7ea29653181494cfff64d411213c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
16b92cf55f4fa26e3b878c82627b877b

SHA1
79273a6edb9e9fe227378e157992a4b2afb743f0

SHA256
bf3db4722e6b7a0c7cd181199e0406a76820b0e15d73c423f683cbefd6786904

SHA512
ab5f0c29258e77be59bdb37f5539664ae5327496d22b9777182b857db754b1a7e1caf0535b8479a3f396fdda05cb01d65989ef48f5d1dba1c38e300589e8be52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
49e1873766883675b1185a22e22ec54d

SHA1
c3971a65c92cd89dd98afa0bde42fbc5dbb068b6

SHA256
5166ee97559bcabb3bb2bf56498469a6af840837f8185a5ba0633de20c20690b

SHA512
eeaf20b7ad8beaa6ef4f8415b14f495cde25f8a7528c3dd28d6b267cb052e21e0cf584f368aa9808adcd7ef82beb9fa76bdda14cd44be3d7d55a8357ddd5688c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
a75b7d0823405022fb4b414bcb28492c

SHA1
706bd5eb5e119475f923b96c94527e694abcd0d6

SHA256
7a5100b5d6b23b1767af1762bf4b936cebcaebba60f186f38b54a519a2e98db4

SHA512
6b279df2fc340fca6c4d34b7f3c67306c3c5aa98bbe6cbda7c1ff30baa137177a0e03caa8542833080e4b1ff9e24a707ba9c5d2db6956e4c5299f2e63e60ca54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
fbda5f58eb8a189f4c5a02f452c133c1

SHA1
47764ebe84f100cc2ab7dae3cf964d06e165e52f

SHA256
849a52d3a96118721aa559fdb26cdc8870b6e67d1b7a1b7ce372d7d68661a628

SHA512
b8443488409365b7cb03fe815eb3992ed890b3880650d5796a65eea32348a9bcd2cde5aa06adce4ab63ad3c426db38e10a1dcc723cb4f101463d46fd5e875022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
820281d5e16914c34a86678dc44aae19

SHA1
e0be626b735075b06be7bca663ccf2b5db19bd5e

SHA256
985002b5d0430209ac2f6646b1c53667fd633a5a5523883bf070e818451eded2

SHA512
a9da5f344354417927d2355261d17311e461d32c1341bde63d37af3733bd27e4c4230c0742226b0c439530cf23461d95bcb0a7436859ccd20ec26ca71611de26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
73d82df4f604c3fac80c2450025729d2

SHA1
f47240ca23254037f6b9bc267749e0e9a1a2c03a

SHA256
ed51d3cd87a8ec2c0ce65c9a6971cc40adf2cb0d0c36a5819e66f566dc54f331

SHA512
fc1cebfbc1d9b26ce55d8d1e7b96b73bec40ff335615a3c68c0bc119a56b013493ed2b4664d6f14489b10f8ef9991e34e252768963c044c0407f68fc5b890e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
1247a6be873a4d9ef03fa65e5289b2f8

SHA1
71bac7f7dc8107e4718d16c4926adc9165c2048d

SHA256
7f727fbff08c59adcbd7cf8cee59144a72c46115da4c5333c1231d53332d0573

SHA512
a8df8861747f15dca1d8e49387151fe49cb61033ea45ec8fb8d08e19bf588f93a12efef27f6aa42a3376c0667bac3fe28076614f137f8f91f8b27c348a4cc1b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
ffb9f8d489619840dba2068fb27cdd1f

SHA1
84b1a3b7017169db33e8b49a1bcbcb4c573d68c8

SHA256
87b86f7c730da7ff7855a0a87ef9c493d3f023b152a12e12d7f3c02f0c4d85fc

SHA512
53e34625c84ba99c09a9407cc70f7f95a54c4b6089ed34861c989df82a8d35c8f2f93b4c66f6907221bc9cfb2d98455d30223a0dd5fcf07f7661043efed36247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
253922ef1475ca101b907f3958cb8505

SHA1
1b629b315fe8c8c930d904fa2c306ffac4d1716a

SHA256
c2523456437311d2784b4ffd29f79106c1be4213e789282ff17a2b1f43cc5b24

SHA512
7f8071551a766e2622795d481082600cd556d50769909ec88c4a2f2aa21cd2ae3b1302a39eea6d74c51251bbbd59eae03a35cf5298e5d771c4847927bde2e991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
6a4264e1d4b689a7baa3b4dbacb8170a

SHA1
69a05d200d3c614448b730b3170c1d9831214b10

SHA256
a69b2f9948a00d1cf49ded19d946380948de4dc30833d757593a1a68931c517a

SHA512
0ea5f8bdbf63c6d80d924f289ec7d3a9373fc3e04fefb3976dc53b57d8a98ba6d3b19c21e2fe8c4cd133440fa0e50655e7354a6972c92399c0fd3b19f583ffcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
d81f3c777a49d4e74dd55d8cc74bfca6

SHA1
42852981b10c48f462e38e10696d8b81f4397e28

SHA256
b0b6b7451a42255664cc20fdcdc0281327039e7e38e4d8e4fd5b2f5cedf2bb80

SHA512
098857d29f3e1b9785cb12c621730b3f7e2fc9e2fffba3db75d3d834918aa7d8c3a5959707ef042f0a40f21c98460568c065322687de49f4c14bfa6a1d674cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
818a728fe1fde89f4146d0ed920689bb

SHA1
e41277043274b6835146e61c32277e50029d4e52

SHA256
f244eba7ec32d8a164e90d79e1c064e9281186f7b9d963573ae22b1512c67339

SHA512
1926a1fa84f7abaf7ecc26c4ac1f3913d6c2f0b5abf9fbfb9630ba5569d76fa14c026e35968d7474f86a1099e6c3deb4b1a8fc69cc98ceb5282b1bd828aacc2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
49f295f9614250689cacbd51ccabc5ae

SHA1
fcd3d66c11e5865cd06fd2d29ad0c6afe994e491

SHA256
ff1a353c8268cef20933fa5c2bb9a7f97b9d319f0dfeeaae2849baf9bce0ad69

SHA512
df529d03efeece2ddff72019a55fad585cc5141c0e78b767d006c59cf2e1a2eeb70516a9cb2b964a0724efedf9bf3f03227d2a4711a8878dad8f73837d90e0db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
df3a979fba4954c085d3bd5a6b825a58

SHA1
9dbfd808360918ac3c90adf6b99e116511751b25

SHA256
958d3bb10345e3364e85e3b0128e1d1823c455307d3e651eae51b4a36bf1ad05

SHA512
1df4b70a543990ef65f7cb334ac926f041e901685d9116919be129665df913fdf28ba085fa77f2e681b44d4beb7df6f2f2dab43478cc846afade253b52d0a5fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
daf56a30ef1f3627c44f727467b7db05

SHA1
18b78b8905b389422a626a198e90fcb4c8716537

SHA256
0da9c32ae757344827942094cd76822f64b84232199654fa92bdac864ed73d65

SHA512
62e2dfec68c58f67e99638b7979cf2caf2a7c034106b124e5e59edfb82165fec96d09ccd670818f0e2342d4b4ca90b618efb657a88c2efabcf5965117c24724b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
b2dffbca6328df4b566b9fbd50796050

SHA1
fc0f237844d2acecda06214e412073c791f80a39

SHA256
9ac4deb730e3c6503d6a1ae3f9845d888d5668beb56b6bcbf661001a4f12464b

SHA512
b98d059565fcad848142cfb44915878d7a084a6f82cd4c0543750ea85be90b4acadd9d745c963671a023f5c7412d3354f46f17a7c95b3ea7a85198b9bbd58fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
8d3b228ba7bb0b40bcdb6d46afc7ad1f

SHA1
4e895a9f0ce33f0435d9b3158922480a367da889

SHA256
c0d8e61e615077b321e882c64e9d596a0de86c75b7108d7bf52fdaafa07680bf

SHA512
e2cf36c6fe69114aa5174c1bc7d0a6b9aece712ef0083f88f91463bf2cb05d8205ab25f77068aece9e0002d640cb5c822235e63cbc52afdd730b33f37df2dcd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
90d5e0146329560fbd661512b0a1cf60

SHA1
c852e3b9ed3d97dda69cfb99a8364b071ab45484

SHA256
9142a043ccf6080199e62ae3745e0c3e3ea80fc6db6add7b974271500e1cf0ca

SHA512
2bd412802cee7ecce8fd680b7381408c008308f875f7aa00d2bb0fe561c6fab3e448cec5b3bde94a866ddf9bbd411d57bf2922a76b46b5e802dfc4a2bc3bd169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
09780446caed65ab734254d7b2d441ad

SHA1
a3f795a7becd1b8c7a5ff85f74dcde8d344bc447

SHA256
f927536c81627838bf8c998c5ab43383a06730798dd470cf9b783a2eb4ac00e7

SHA512
8c8f355a16f8e0f7dbeaf2e0eea8bef65654226974e53fa2286dabd1af5ce3d4c274cc86cbad1f73ed369c92e1703effdfd46a8408d1a547c34c4a7c317a1637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
b8201bb430c25ae03320b2520cba285b

SHA1
e3002e363ddd76d516b2232fb830908c0a278b42

SHA256
e22d145a2fa75d94f63085234f19a2c3e35f700f6c88f0f25cb97d67cc6c1af9

SHA512
685725c2fb8e38c2fdab6d271e994b73217e79974d88c4ffc073310d56c2575cc19955e55fcdd76c1733aca361e2d43b094ce08d8c9b881bf393c137c716b085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
50ed2d51e50540c48e79563704c304a1

SHA1
7acb140e06707d89f27d3d825cbecf03c5b06ce0

SHA256
869c990bfbb93df5ff08b01a0664ebe4af3a81653125f6b41d502da3ddfc0ae0

SHA512
89bbed3564842ec030d86fead546635949a389b2b507d0896db7f93b00cd2400ddcc8bad315aa475dba37bef3885547e825f34f341184fac996a830a5cfd9743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
92797ea5f401044f31be423cbd9f54fb

SHA1
867c06a725c03970128243ee5059d3aa160897af

SHA256
9fc8690dc28d0e8058d27ac7772e38759938562ecd03e3fac568e287858b076b

SHA512
2eace10205d08deaa50d9b53fd88332f6767ff9cf828270c36633bf90e65a695d8f5979ac34090eeda8fceb1a93a153ba0351dbf8e74014f2f83b2677966a8c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
18a27ffc785cff55bc1ff1a54316ed75

SHA1
b0149134e093276e5a75fe49b8a67ff198231b66

SHA256
a628ef9e6b8ee90fcbe644cc5a662629eb6e530eeef81cea4d8e54c972ee77a8

SHA512
6bf7e1898b623864f9b6e9ad582e243ee09266d62e90217c927bb4745b9ca6c2e6de973b50f619077b9cb3a844e36d6df3d1c3ff1cba3f13c4f4593415594bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
c2a4bd86b3092b7894420e8ab81d99af

SHA1
dab9bbee2f8a24232dc181895fadd1cbca48c81b

SHA256
cab9855a64de9a8db99972612d35b8fd140f769f4a64b43fa42863da43f2b760

SHA512
28dc3d598d9994e4bb768c3664ef52e0336136523cce8cd907ea5e9ce79631f8b81fdeb9f77a5fa2a5cbd2a0ac4c2a6701c6ce44a7b47a331b6237280efd54bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
bc66a128cab244c16132b70738b8d17a

SHA1
24f711ae757422b6049d8febc5e48953a4bab844

SHA256
6e009ff61a2e034051766e5e3c5b3c277b70e6dce656dfb9cce97988c02abc96

SHA512
febcd720d02f0f0567310e4b487ee63e15f1d117d3b8003b1d641f9336402275258e571c363a392335c1f27b57b717a4ba6ae09af44d15eae5a616f60ad2751b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
d915717291a78e2d4dc275c4447c9409

SHA1
7ea4c709e684e1e3a55239f74779fa8e6193aea2

SHA256
fb1c5ec517b32a16b6b132e817e8bc068ecb7bbdaa6c38df8d82f1c1da0879e3

SHA512
d24f175002902531ac21f3e30ce8c24dd4546f1b428f88ba87890eb3064b06cb8419b173b2d3def01d067b590d6c18ed8e32d44542503e173a91495a943ba6e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
912e19cf0ee259d995bff53b2e6b1fad

SHA1
29a45b892a9b5b33b4b0751234457153cc692649

SHA256
44cdec170298e8670ebc62b6f1a1b62e6e25c218cfca8cb0449caad073e82957

SHA512
219ca037405fe0fde391003144436c90d9810f1dc310d0a0c6bf726db967338bcd7ad8f10b056faf7bf4b5f74ed4f79b78acc69859a82c8b781f746e9f3b9ffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
fd1b217ac0844e03d3cddcb959d9fdd8

SHA1
effd6381c96f3d4a05e7e87195e36b3a39a6e4c2

SHA256
9facf024222e2d71438ea7a0397b2664561035b753085ef357a3def7ca5abe5c

SHA512
f6a8656c8e62cebf636a5ccb5c38cff9ce555f1f51e36556f71e528c2f438032c813d634c22c0601f94a114e3e93cf9371a42db5127a73108c28d2b157675b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
9f322e1e93a3b1df2e11d046322b1bb6

SHA1
54b55b69efc66312f05dee825935cb5385ff78a5

SHA256
e178d3c3674da2ca8c5c13a1cb9f86a041d216a6eb1f3101ee18dc068b86aa49

SHA512
ab9d8e75329f93de00fe9e7bb0bb02dfa1b276a600f8fe0ecd343567604128ab2e2a3c83667cb54d7b5b4b74cb3436bfa45451cf11bf76cb022306c5e0724ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
f6051c7b64ff77b50e90b0a72d35088f

SHA1
1a03fc21063fc5ce2fdc321841fac26389f00435

SHA256
0b6c41fbfa389231d1fdc4ef2e604c91012d733f4fb84ad7d3a892854636e319

SHA512
db52cd81a5589d86f91bba16e8c853b9a929613e5849126b91473b51c10bb4c32c596b1e3d399233076c3d9066afd1d259bf934a716847ab0f2ec7bc7975ffc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
eb4f4eea3f294431e593c10b2dab51b7

SHA1
07ace2f221050fe6d506b27933d317456dfa9cf3

SHA256
207bc26654c423f88fa765b11620e70451106382b0493969e30398149034bb98

SHA512
b5b62f01143ce7682c03b7f289122aeff5b2a19ecd08b24684465c597c9ac9c335d7c885ab5aee827025244fcb99f7b71a7a46d7b7a64fa1247d299173afc5d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
ff9ceb38bced349af9292cab6d445ce2

SHA1
35c2a89816aaf4a94223164b9cbcf9164ae2f958

SHA256
e1ee3bc27f2c4716cf646edf77b9a29b966ef61f1314009ff8c42198624b2d40

SHA512
0fead1f5dacc9278a70b6283b6d847b05801467708a0842af87f094d31505183703cbb89b424cbafb8d601961c34e1b393828440515e8f7478ba2da00cab4947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
6c4b7a287f2ad900f687e817dbe10e00

SHA1
797e82b3e996ff78c8e29d32c432a8c06a2bb981

SHA256
0707127df3979ff4cddc0d40c4d9b56ae997baf6bc278ccdacfa73c15e1005ea

SHA512
e4847a61d157e2dd461743d30133bf41fa8ecc08a0207ed33bb8fc1fa3b557f90086c72a9241a62e7b52b2629d09735409755398b160485d84f60211ecf85b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
d6707bc02298d3ffc39533b5f05e27e3

SHA1
22cbbe37e678a3e9401998342798eff3c7808fa1

SHA256
e0d80e55fd7faa49cbe38313fb160f3ffc304b31accca0d5c9e9a8d7136b6357

SHA512
df3f1176037f7c79d9b2e86dd09fc3cee3fc5979ec6d2d94ac3fa425c105b769853bdbb81b29111ae48755d5bd8b9802aebb00409a86b0652d6c0ae1b1835427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
cebbb173ed81eb0e6f61c7f4f112ebba

SHA1
3ab97fba1cc22bda757dd424f647e00990a06867

SHA256
d2f8cd612911c91f3a8d9ae70d59cbe8c1e5db8c1816254d8ac4be638e34213a

SHA512
63b735d889582a8a74835a432b5c47afb66b37dd1676344396c9470eb4dad96f156534e601d718078a222bbae22e377e7f78f3adb25222ca642fe88b146b1fd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
5865ef139e65883b9d315e1488c66a4a

SHA1
6ff5700b2ffd864c42ef8a6a70597e1c58d458c0

SHA256
82378fd977495a1adef09d4137967f2dac9f66256028c90e746a7499ed996fe4

SHA512
f04c316cc5d2a8cb8654cd4589caff55b6a7c7bfa6fd8d297076b85613b1edf394cc7155b274ca7325391027946a24e11037dac135b8153051439a45efd5af14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58a052.TMP
Filesize
90B

MD5
d6b9e47cd68110264bc7397f9988aa50

SHA1
a52683c4b307a50a3f8eb5d4793efa2144f15f6d

SHA256
29fada6c8fab3fa14baad4073d64414b6ee3d4f475d327a10702475c71b1e4fe

SHA512
fe4081841a3d38788ed2e32b5be6f2b98e46032456af272a79d971a264c42a836e578f5164a42d4abbf85c90c49894df1978f5f5f2b0a0c12851e733f7ce2303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
11KB

MD5
9ca47cf02dc859d935ce65ed2bf1d739

SHA1
20c96361e892b2a46a550a3cc2e757656ec87098

SHA256
58df32a80bd8ac1a7a08445d55a74e67a17d857fc9253c93460095d2dab1d067

SHA512
fab6a5056be881bfa25a0a05f7acd5d1e17b79eec6f8f233f7291bc3e02a5aa5fc3d6a6b4b037614a156293c8e822679f51afb436a2d1c7338638b1d65782ba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13324940818453889
Filesize
70KB

MD5
401bdd5ee8ad812e07b0409a32175903

SHA1
04cf69c86dfaa4fbeec0efe59854e86fac66a7aa

SHA256
c6b5f03e9657b1d791011b2e2dfabc4c574ab639d32634bac792edebb9ca8e5f

SHA512
865b80218acf15e4ecc4f8daa490e5a6cd6162d268ed387b687af61b9ec2f4013e78935aa233800c7f1bfa18d77e3ea0cb24afed73f4532f7468124aeb1d12e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
98547be0b13d450e3fbb19637a34e454

SHA1
166c1256d7fe00a97fae417d047790d85c4512a8

SHA256
4ecb16f0db5dc107bdeeb0933536eecb724e9f230488acbd19150475e2367ea9

SHA512
9baae58ff75191d9a4c0d0549de7cd892016ab8096a995e3b0b183a773889bbbc2946b84005664e92eaf799c0c361dd757bfe2e61d672731c22ef8463c0516c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
1e29ee9691ea126f79897dc866d9dc70

SHA1
3c556a15a34bde0c19bdfb006e21b9225a24d346

SHA256
0544b12c51bc44dd81222a935fd84804cb89463634eb78737060d7f947c0cf60

SHA512
e613c7450d24662dd31c9fba6b4825add82048ad2cfca675a29434d3a4dbc9b7474da845d62dadc09fc436383a724915127c421018e4a39225734ce9ccb1b45a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
d866974479bb98e40086783abf20fac9

SHA1
68b29740d6882bcddcfee50be66f91cf812263fd

SHA256
3bae64cc19ad990177e544a3704970a85745de7a49cc870e5927f3752225c184

SHA512
e3ae00c840bd54c9d521fc7dba28561465ed31bd790ed6b9e66e4ccafcedc7e99dbea867ca485d82db09f6963ca12d140db090a4999483c1b986483f129829c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
7205de83365f1a772e065ec6f27d6581

SHA1
84743a8ba49c36b4a54bd4b4bc4a53c108785239

SHA256
4d93fd65e135924e05178f4733e1037686d64fb06e7b7466553706b1108b0605

SHA512
21a056659bd3bb3bc0e60fadbe18e37c226510444f7274543dc3d04d44b70e70dc72f2898feed9eb8d5cbfd6d5915eccf0abc20b1ad10761c1d99e497b828fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
6KB

MD5
e80128f261355e95b2bad1c0302f2730

SHA1
0a101b5200c2b6d2aa3548fd196fdfba0bbc1d41

SHA256
00e5b95bf41f2940fd01d1ee9c67f7ba11a321cb7c71fcc46d5ccd38c64e80d6

SHA512
5a1ba23eb821b95dc1fcd1909d5483d24ee9ec406224b85de127a4d09536faca42f049e2dd67df8c53df7e3351acb189439e37153e3a7f9ccfbc372d4dbeb2fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
6KB

MD5
6833e8931378203c13579e87482cb7b2

SHA1
571df87a11d3640917dc0aff17a2232e20d03712

SHA256
b0b8d3884396a7c15b8af727b6e215c42bc2b7e459b341da41ea9abb4f85d44c

SHA512
cf6b21ea82fdf7a58bd21a7ba8e586e3115a613e4ef5597f7bd71174238e377bedc82c5cecc3fc4dfcdfa87c60f15f88f2a36d0e72a96e17c5bea16e37672701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
7KB

MD5
3d59def7862b144d34f7a3c3a4816838

SHA1
d919529d583dfa4060182374f676e1d3db057837

SHA256
863ff589b3dcfaed619364c466bba5ee3961a80a64b1e0cdf76ac63360db1cb6

SHA512
c8d726a7c537b6021cf9c912eaf7991a9246f080847d486f0ef8350549f9386793d21cc0686b6f01fbf17463740413195d4a991d346f5066494dbcc3191f993b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
a43c03087077300e7d75deee87d43e8d

SHA1
257b7bcaf279cabc26225569a5a12cb727d91a2a

SHA256
b6f57dd0d3b6872ed2a7396fd48bcfd9c428171dc9f36d8a8f6b37c4ebdb58d5

SHA512
b4ef6d37ee5ace0c3e703e1677f5045fbe95581d7736d35dbf1f7093d4c97bf2c5bc3878c1c4183fb24646e2687432b9a1189b2e8aa943dd3e1292dc5db3949a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
10KB

MD5
95b110b254b8e940346097fb7f535b92

SHA1
a57b762b7d0d1ebcc9690ca9d7b09b1537faa8fb

SHA256
f60892af23c049358ef21d544ba031a7a0701a577ae3aabaf09f303621f45011

SHA512
3f1b7389e531ecad61f91e58ce42453a253baf7e17900b10fa5c491e45996df0a91ed01e11604d813dc448547502ce9bb0d4477633d78ca26c31c14b2f081c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
ebc712c26ceaa3b0a68395604725272e

SHA1
8afeab5ca041c38bcbb580de56f2fec5e876f6ab

SHA256
f0ba0af3b0a297122e263fb7c4203ab6675bfbe4e043d7a77970e17bfa793046

SHA512
755405f0193613c78f287d23bdc6e4285a80e3413c6642f421c7da07685195145b0ea74824ec13a07f4d31b79e8d97bc0a5277bfe6fab8d3e487b86c1df36613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
2a897da72f4fdb56bea318563bf064bd

SHA1
a4127eec050df5183070d873e4236114b80218ed

SHA256
22f8c18b0554f2680ee5b8562fa2870fbd9b5513c6ded1b7cba5f47d88ca9a88

SHA512
0cb6e8c8d06b79232dfa7c6070b6a9ab02fa6c5c90eaf8bce96ba053dd53e49c25ad8241b37696b1cc003bd9dc0839099d0893796f3a594f8cdcce9fc59c2926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
d51dd6dd7a10e513f6190158050f9cb0

SHA1
087710f21ba3ee4b460530d502f849c00133ae24

SHA256
764814ffd43d97cde089cc07ae0969bdaf55c52d44953fb7c067cbcddc977fb0

SHA512
af7379ec52bd9ec81297394d35b6de1240ef67210107d527efff859f4794040c021474d50021a3fff1f7a9cf30343321f594e8101fcb00b70ac44337b9e29094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
2db4cdec86d3c6f9ec5728f1159f60b3

SHA1
c1091e8ea2956653a5f0096965ee699ee8df1fbf

SHA256
2c1018c962bae7ec21ae048e97a289474d7388aa228e268e49d2479d015c3618

SHA512
290ee647be4949cca9d6a3f7849c6e2cd8b1db59f801f2bee42c60743170b0cb9a45fdb7f45f0b820f0eeca65d9e7e074ff6a0a33f6ce1cb4abba9e0a84580e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
18a332371f7fd256eed0db218e618e24

SHA1
d3c3b594662c377b115c1e57bf409d1d899a64a0

SHA256
6b2c433f40d7078b821842d15911bcd5008f4febccdf85a62eaa7ca399bd8144

SHA512
bb64ca20e4cf5133fbc945e0448900ba7c6e1b2672a358118abd1ef7f47d7225fb2f2086a88bd08696710d3df3175abbcaeb25a07b74e4460b737698ee7955c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
b42f9058093a9b8d2bfec354bf8f7b77

SHA1
9dcd35c812fbb17bb47c4d7b1f5f3a69692aeb20

SHA256
5d4fd8b3ac856cd8520fa826c1ca7cfd0dba89dd8fcd6bad34d326d5a41f2c01

SHA512
7f058a66c4d61dfdbcc0745041e72c55c75b897623c220bad845cbff678462d5bec7b64d7a8bf676c789a26e279e6457040f80ee0faba0b0fdbb88031e93f3fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
a0268e986852e3d9889d36e3e105a511

SHA1
80449b276b4d0d024292a649fde00e65aeef6b09

SHA256
d3f14e9e7a222d2facac6bcc49c7f3e93262950bc4a4a1cb5a44a6bf8a4798f9

SHA512
e5cc4d4177a422b6e7d0edd8449b49c5ccd80075aed11615189ae60c32729a2041de3352ec46fa8c611ab84e0c116d56bb6c87328ce27966d9da35df5cbc23a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
419bfc4412faec81aabc1882b39e51cd

SHA1
f44467fdbcfb7e5a161a56ff5198559f7c625b31

SHA256
2f20cd04b5c472a3d99553b65e0c23eeb9a906caeea1178a3c8c0c3ac1726717

SHA512
87cb9950e85cd990f46ddb1e1dbcc9133c54a35c6f303015998b141cbf7c237228e3566f5660d0c9c574d38566643bb63941d76e21e337350ff4e6c46a934222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
2a38736dbe72e6add94149c02b269419

SHA1
7309dd0976ad9be565a7091899248bc81c03b740

SHA256
df70fe37021f3aa6a18470bbe31b542061f87328e4cab4995a5cca5c6f8c764f

SHA512
572c881cb6284befb553f2bca1a36a0a11889e5e1e208903c787dc34131c8be389aa1acee80aeb43c27ecc2300c742ee491e33153a2e4f2465d47b194ff20bcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
5bcdfb4f9f39106d9601c3c5643d9366

SHA1
019235b0369add9b9b3fa1bdd5a8edb1261fd2dd

SHA256
4326da1822c11d5ec6d0202586c5102fb7eda08e11dc35d69f7e0142187dfe4c

SHA512
bbdbc09e883b23223ab4249aff583eb8b426a1d71bda83f9bedb216d1a81973d1300e3154605ba265226a8527cb478ee2612a74bf4fdd016039842a383e661b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
6KB

MD5
a2de5c7e923cfb1263d3be529dbfd1d4

SHA1
de6b93547587c4ca85e2ee994b85516824c19ed0

SHA256
abd914ed6ad0d2f59779a8b1b1b3045f8a4cb3811ed57378ecffba0ee1a0641f

SHA512
5d3504c91d15c86d13b7ea19fcb7ab4ec692e5635d329fe20773ffc8cdd3a92ed8a939eb35ae00c2ec713ca5172e82cc340e3e5bb2e2a1fcad081b827f05412d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
6KB

MD5
70f8a265aac5609d82195fb95e089b9d

SHA1
8e72ac7924ac8e412e04a107b88bf178c65a6ccf

SHA256
cfbcf11bbb34624e8b7546231f30904441829ccea52c9812ad8614f7bb5e6b6e

SHA512
63ce940d639d69a9e2a0b8c6de1a705b73eb8ca177af7c93da94f0238b9019082664b340ab299a004ca42295663ebb948b5a359a86bbe87fc41a0f106b458231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
6KB

MD5
6d48eb298d7c0ef95bfc97655330ee0b

SHA1
ed6184c2a6395f8a688e556de6137ac259e2b718

SHA256
c1bd29dfac19552285252161c7f94a811afb234d55da5d51649c497394af3452

SHA512
41a9f1008eca559d6ad4fcab88a2bac0484a852c80465352d9814b1fcf1c2f12c3584814b3a0634bd4297cd28949c7c38713ce6d437a9450da8c2e4fcfd69a5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
8dc3a9f2e8d7c3f4970dfe9647850572

SHA1
c220fc0aac4b526924d0c6780b7091cbe1abe932

SHA256
5004bf780faf7c31505e44a1cea7dbfb2049957c8f24d984a10c5005400fc821

SHA512
cc625f7d06dbaa9efef31cc7e8ca0c992d508da2b977e3af0451ad6ef82061be45263e2486a59363fce249ac1a2beea12866521a3ac42ad8faac42e36c040539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
1d00174c7e58924c746e3b6613292510

SHA1
545331c85e95cc85227a3ba4b9a3db422d11ae78

SHA256
f091dc932a1ae8f60baa47842588b73a88d3d3b0e01f63d6c217ab50d6337112

SHA512
d7a8ebcefe97d3c7444771c27bdaa73e97ed9fc9c92970b640b95c2b554bd4279daeebe78b1b35572801858272da026f77eb8ea553436caed72ac58d2b3a1816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
7189c34be6536817c02dc96291a39bf8

SHA1
f4ac1c1123adee8dae46acd6edac113662a3a013

SHA256
c046197065865fe98f4100812587ed7711fc0fc70fb315f64f4511d5ffee5b11

SHA512
0c39739c7ffdb223c1b06db805bc3924fc6ac63543325d39c899a5413ac51c234b66eb212fe60cb1306e6e85f833dbebd6a17efccb02e611ac7ce68dbb86b080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
e477794c237359d47b64441927a3dce9

SHA1
3fda80539d1ee5d738a75c429d342f2b5e257ecd

SHA256
c5e52f4f93f01009faaa2e545cf96adbd33602e522531f53a494f9e25fd62494

SHA512
b3cdf0508d866698285d3513006af8acf7a79a660acb1c7434b21d9b5a08d43f067124fc390503c96911e53603ce6e4adb14fedb72a2f374333d666c4139121e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
6KB

MD5
ddc8c8fe40578b82200828831e9d393a

SHA1
35a1f112ac40aac95cc67c54888d3f98cbec17ed

SHA256
2180618d96974d381f2d3df924577b8118424729513a84fe776489912ddfaa75

SHA512
d2a30df0dc6653b2591aab455f7b7a1f569dc5a35a9f09f57300d1e15e627202b9516dfd48e60926c5d3584c67d6feaf175859bfce48e7b24ddc6823cdfd17be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
6KB

MD5
c1ac3d420bb1da2ae409f0c2df8c9c12

SHA1
50ee1870f65e4dbbe85679d1d5c9078ddfacf17a

SHA256
2b4628dd1fc60f447c2bae05c3be465e89f1b7ee8fad3377b27ff3c007723cc6

SHA512
19ac75a82a44e8370110cf8a30c6f4ff913c669d823bd39dba7b84efe68894ce35dd393ae9d7079e50d15155a2c5ed28c45f45be03a128ae024edf0c836a20bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
c499cc9e456e1fa8a7eeef07e6481382

SHA1
db8930262f921070ac7a1b56f2543a505e691803

SHA256
c2b1db1f1fc2627a05fad02397b6c2c64687604a02e91c26f5b3d9964b912439

SHA512
a4398cace28b926cf1e3de4224318a1b836896f76f19324680b66f0facf630587e6220c5a2f1aac0af7751802fb17b189ad448922bb9865e2335cb1830ef6375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
b46d8be89749a41b6d695818e3e90edc

SHA1
a06fdcfff0e73f42f296c1720acda9801b07f3ce

SHA256
a31f96778d0fd31fedb04557692951f9feb1c5678294193dc90eea4a0c763348

SHA512
5ba9398ba570f11ec245adad53d3bbf0fb57bed52b6a0a7d91ef172fdf5f04fcbf76bb2dcbd323b1ce69483ad25737d8fc46687f5e5e31fabb7dfef9ecb0800b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
6KB

MD5
cbd2cf3e9e91db935b4037fb879bcfd9

SHA1
be47e38dded8071e245e78efffaf952359228c02

SHA256
20c83cecfcf4e1523d0c856c83634d671ae4672dbabe50fec8518912ef79a5ac

SHA512
5b2035b0d02249bebc86c228fdd040009223bf825b7c3de009958dabd1ce7fcfd727162118235f28a582ebb2268a905b58541ec290a19fd5eb380e018c21f7ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d2bf0382-2476-471c-b6a7-ec797c9de6f8.tmp
Filesize
8KB

MD5
2a7fa9e837063d84b5ecc92e11c65dd2

SHA1
dcabee32bc009e5b2b839094fb07809c69137dae

SHA256
dffd2c836e008c0d8cc070e0ac69003cc3e112261911b184f826742d0c1522bf

SHA512
95c989f8ef91d4593e643696fe90fc5a7a516cb451d91a2cd3f5f461e414fd30b377c51e5c8fa30fc97d4e610a3b06b45ed1ba8ec8890351cd0c4a7c7f241605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
a874f3e3462932a0c15ed8f780124fc5

SHA1
966f837f42bca5cac2357cff705b83d68245a2c2

SHA256
01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d

SHA512
382716d6fc0791ca0ccfa1efba318cff92532e04038e9b9aa4c27447ac2cac26c79da8ee7dbafae63278df240f0a8cab5efea2ee34eef2e54e884784147e6d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6671db8c02f3c234bc5b756619a0ed77

SHA1
ff451a14cdd61df48cce4448f118377af77da143

SHA256
f7858098c26ef2a143b0e7cafbc03040c3c1c3185f446517108a7bdd2a6d9c4d

SHA512
1c6182196ec6086d5316c741f974e6ec4efcedc3eb835ade8df2762d2ff245f055c05ed95e06fea3e04fe3a08e9582846cf2588c31fd69fc4978440039604ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
ebc863bd1c035289fe8190da28b400bc

SHA1
1e63d5bda5f389ce1692da89776e8a51fa12be13

SHA256
61657118abc562d70c10cbea1e8c92fab3a92739f5445033e813c3511688c625

SHA512
f21506feeed984486121a09c1d43d4825ec1ec87f8977fa8c9cd4ff7fe15a49f74dc1b874293409bd309006c7bbc81e1c4bcba8d297c5875ca009b02e6d2b7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
ab6ab31fbc80601ffb8ed2de18f4e3d3

SHA1
983df2e897edf98f32988ea814e1b97adfc01a01

SHA256
eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8

SHA512
41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
edd71dd3bade6cd69ff623e1ccf7012d

SHA1
ead82c5dd1d2025d4cd81ea0c859414fbd136c8d

SHA256
befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6

SHA512
7fa9b9ef95db0ce461de821f0dec1be8147095680b7879bad3c5752692294f94ebc202b85577b5abac9aeaf48371595dd61792786a43c0bd9b36c9fc3752669d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
904754a73eb4f8a75410a92b2b7a920c

SHA1
208f9e70a93742e8ca1f5e2537690172971209be

SHA256
c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db

SHA512
cb251f3f6679b9f339c3697f64ed056ae53caf22aedbf37fb57dfe47e8c0e95f295cb180c342e415bc540a9332c0aa9253af7fd2ac17b3e80ad94bcf2cf29469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
2e81a988954439e2f5650432150f54c9

SHA1
dc97881268a0e5c33d635456b0d8c9ed175db087

SHA256
7aa7f9cf2d9bd2c94c16b80051a144b03a2b4de1759c0fcd8649f18fe0cdd2c3

SHA512
9f0e97812dfeabb332e0b315dfc371b54478a3d3b09c713118f8b2f5652d96c264a101ef11761801d2051a90ad990d687877ef1e6240c77cd5df66373b8d3421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
8ab9f37a7339174c34d394477b9785d6

SHA1
ed6fe2248e7cdf3d9567b942bfb6b1c443e5e662

SHA256
562bf295827c79c10d6b0209686d8d87d4ad6825b4729727b3b83bb5d94b5c1f

SHA512
09266440eb75aa95d7b74e5ba488b7bb248c3dcf9fa197892dc8acb1f144b00cf8e121d3fc41c1d5714a5ec35e0e0ab1afb0c71223bfb6e740b34a8521f94639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
e9b657ef4415cbb66d50e53f6631d474

SHA1
c6c2aa34029fd97f60fff3d43ae6ba2a55ab1ba5

SHA256
1f8f9ddc9d626c91e3131bc4aa5eb9ea5e6a52d49009a2635ff8aa8c8dd47c3c

SHA512
571f360c0f5afc8ab729c27184d428f2108d6be43620b20770b9c377a20120402b8f457a62eba52f9d8a6981383d9332fbe54fabdc1e9395a79660ef469cb3dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
6ee9b0303c7c36f375ff3f3be54e9ceb

SHA1
35d5162f9de80644e2199a534091cbb241f3637a

SHA256
e425411f9f25db8d6b0308e4c0090e905b1f113acc22541800ecf7ab8eea1432

SHA512
143b74a27b2631d65933e8b622a78fa6df40b1a256aefd205348eb84840e05bda9f26eac0f42b3edd7ee8ea28cbb156b37e92f8d9b90fa4bac1d68a76814e361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
f84674d3a51dc1b445939f19964e2128

SHA1
4ba1d400cb282eafd86ca2f2071787dd8c4a1a1c

SHA256
24f027b8d3bde705cd3ca0e5cecf3c51991427fee77d6b0a1ffab26c1b3553af

SHA512
5e8a8dc300639af1c6d9877685ad77a2f0084a97b35a141e8d2654457c472d89066f9ebf19c335a3466420b0de819776cca2bc701cf2c0421b657a3319df3691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
d3badcb41bb4d4774eaa82c2889f7cbc

SHA1
989b206f48f4db3aa5dc3f145ec787eff5dd8341

SHA256
deac71dbf94c4f559398d6168b4da46283e56b47ece992729befa5b6c04cb11a

SHA512
9f2eac185231b47d261612b52c6a41113f900870befd78ace655884c0f9d7a6adae83df6b1b9665528604e4b7355200c348bcc5cc929f94ec6664978f710f973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
dfe32e045265df28c5a9dc2024e91638

SHA1
e1eaceb6d33ad20c6833ec8463a178f692fdee6b

SHA256
fa9824d0bf3f70d74d0fafc376001563d0730bf32945929b749efd9e8780aa7d

SHA512
5b6eda9689df655d8af8fd46197dc1c07a5c2a66c866e29bb37072d5ccb8b464d4515bf40293ed5a1695307b4e3c02190eea10f1b6c4313bb3ec2062d6507140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
2eaf6837c356fffc201242079928068b

SHA1
ce1ff66358c577ab5c871884a961cf2f3d82ad3a

SHA256
d5dcf684990042ad9f3e5f11da7335366b56f8c0d78d6b5cd563824d58a4b9e1

SHA512
1a63648c0ea5e718a97e1288cf4a2bc937d274a0a86fb1d0636a5f87f46a016c43e0ec0f4e266403b4172d36219ed854153575a90375241f3328959e48ea91fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
eedb25ab8bd88b3a16dec0ee26e2f26c

SHA1
bdaf6868fd3c47c4183a99fea35468f6af011b03

SHA256
f8980895457ebd617fc41de73a1d0991025a46b3fd83147ece391007ea3a953b

SHA512
b4c9b1fd8f497a63f22b53ec8bf5dc4dabe7a60d423d5c66edf9efb2774b2d2847fafaf3f71882885b7a89a913a0d951fc468684081c90fafe613d9b0bf58928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
c0ca24c1d0acf679b16d7eb4a8f38afa

SHA1
70db4f4718dde27294da94bb91ff1f0813f25035

SHA256
e28e4356af6b32bac383d55775ef8098a5ea7797522e5dc1ec1a0818278ea23a

SHA512
4a1b21053e33144539b4c40b54f65186f112eafde11cd5dc59c4d5173c7e8d24e460912d6c7f51e1c4a68e16a6c5d25a7c407733ebf3f83a0686806a0aff381a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
2d2df2eba9e08d8a3c391706de769601

SHA1
f4631314e714a690a0946f7748e57a141f0417a5

SHA256
b667b83b5c53954c25a3aa59f3671cc88d946c2254eea93ef0dc79ee14a5ea1a

SHA512
07ee260beff6e89e5a38522104d9e2568995e1b74c6af8b86eaa8412dcb8a5b90b9ab431856f528b54b81fe43d9803fa985f6541c98ebae8a9a6d9058c45eeff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
5398e9143d77fa12ca2e0ad5ec87a0e3

SHA1
5e911361ff4b7b849abca5af6ee1c05fb790414c

SHA256
3fdc98f77e5e23a67ecd838e1de899566811aae77edc990b23daabce7eef798f

SHA512
22cb49360fc19566958d3f573067b02690890c22f7b618a6a87ee8ad4dba31f6cf1ead49552de51396e754e8f40a8bdd2b50d948d3941aace9ad8665a1202dc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
e917a1ee273dc4b11447f83d3846952f

SHA1
658e3db6bee71e609616ff3fa6217aa0f4c28f05

SHA256
07f6813e59c74de073a5b396bcd4db5db6e0381eea1593f39d309b6da8d2b4b1

SHA512
bd4c290a0f5379cd2bfd385ad8f12f07b021dc3dd2d04bd49469220feb27eaa9428c87892dabee5fb9fd6d96ad27e08a6005bfbfffa9fc22bd018f55c561ab4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
4c697e6952f3d28dd4171b62ae0da05d

SHA1
561acc67f87f016fdfc2f0fddfffcc37f7471c8b

SHA256
de38c59673831ad3b769e15f844cb5a4b94d8881f77bf68b30a188a45adc52a6

SHA512
530a58e1193a3fdae212c9e0e2623e1ee067933f4091ce65d9238cd7f1c6a1df830aff30004a2e899d4c31ebb3c14557db9466ec7370c4f4fd067a43969ffb5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
8b01072c914d538e32243ca113418d59

SHA1
964f8a03fc1004be5bd744732616a51e3d60e62e

SHA256
806215f537d1bfcdd615dd61cea5a93d966ea1059910503c8939ccfa51cc80f5

SHA512
cc370912c31b1f1e452057bc59cf4e01583ece468a77abb110ff9b88c1ae134d99300dd218f457f31b59c92dea34c8bb66cd4a2f642c97fe05b0fd8646604649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
b496ecadda2d3978ebd4aa0abfe0f1d4

SHA1
18568467c9d0e06ef35f1efc5a67b5f828164eb2

SHA256
de298acd88f34fe5bda5588f79cbe464e15061f70b910682f588149b68b5c8ff

SHA512
23d3bc77a1f761f4cef53d1fc94bb42c6dc080a5961225d27090048eef675e62f85c9c3025644a78312178629af3a0953e9548b061f94f798e2f72254673a92e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
4fbe2da69f99c9acb34158bdd970aead

SHA1
b54474278cca2faa9cf88b89c4f4b958fb14a374

SHA256
637924b9e97a56d5cbb233228ce03fc8b6401048d7d32635139cb54cac009cac

SHA512
5be623f4b017984025dcf65ad62be634f6e33bbd62788aada7567a25277804eee1ef57f6791f7f278be5d1c8cfeeded09177060eeeb80c1d23be78bab6048c6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
252f11b460b86e4e2e971e7111831851

SHA1
887896d9fcb173271e50ddaa84b2352298af0fec

SHA256
4260028ab991035cba1c4b45d1fa42e61e63fccdcd80ef93486cb4329783e039

SHA512
fae620e60b89f508f15f2e5f87aacac4c1f27eeb2c2258fe68a62b38f1b6edc2d15a71b9a180867567c6242a4a70f9d9c8726584174ead43c6f8688291852dc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
72cf429afcc369507935af553d804a9f

SHA1
9ea3a7c0785206549e038e9f348002e14db25ea4

SHA256
27715ad0c34661107fdbe98edeaf1f8a0c46ba738293a05ec6260d836b3b6161

SHA512
23a85e9172f0a5c4b3bebdeb8e5d04443a7acfa371dc3c0e752ff2195a2350cf84acedd1feb5587fe4c3e6e0eb4d8159e83ce00064de4207d715937c5cc20888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
1c741e3d0567a96b88cbad0365f5771d

SHA1
641be848cde00282768ed8a51f63259ba3f2dd2a

SHA256
d47bc8433b42613395636a51e5bf2af8b69a7c45fbb205eef4a0b304bfb45532

SHA512
d8caf0ac2078f62030517a7e8696a90d3fd8445ecddb110e25cf44aff6c8f286dcb59bf1ad39c065c0cf01e4f78c28132eaa1391f6bfb6c755952c82d77e83d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
bd329b774542461eb27a76bbe1afe06f

SHA1
f259b2cdd13b160255d61f186faa02a637fc45fe

SHA256
8cbbdde2df7f862613ec91b2dfeb991ce6d409e04a85229d16d61e44d7c3f2a7

SHA512
57e3488273cb7682d46a11b02fac3b79c097d21e6678e6d5962b6655f98921faa22ca88e7a7cfc230e7d5ca2b2b71c62cf63e6e6f30cf8f139510a04505c8aff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
bf69d2f1caf9a9c5991e4143dbf29bcc

SHA1
5a4949a88fadd5ee4bd8ce44797c4b8c1730c8c9

SHA256
cf924ebe160d9a61c79e326a9d496e2883decdda96a019b28e8eda8e204ce25b

SHA512
27313fabce1ae486185212d698c742b6a60d9f590d9509fc46a934e4c6c6246b342970e69fb50ff9d5cf80e7dd75bd6a35b4f7c00d1250652e6a53fd35fe32cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
20f0bbf279922721b646fff6e375f2b8

SHA1
ea403fc9a2600d4b64b9acaa0655c8d880b072f5

SHA256
00284821549d8c2d76124bce1038c1bfbee237a5c8b2e10b2ff9ef7b8d20fa64

SHA512
551cdfcf1bb389275936eeac2cbe1c30d1cf07505a5536de9786156b22312d6a4c770f14ef5911377c97cb94da6d57cf97f59b17ef0c516854a665d128e2dc48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
4a2ce64e53d845fefe54153eb13a619c

SHA1
350fe2fa8279dc0cadd241730c95cdc06cb360b1

SHA256
e054ef28b4175c0e09e705584d001bb42f2f76daedf7624105f59c09ca2f4ab6

SHA512
468809d8f64a6cd29202bf727eff3139cfdb4ad21f468b3da25ebd1b3bfbf3f45c7fd8bb7af8d4227b345239a93f7f3f76dbec8d0a31413c1914eb8b763e5932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
aa4b12be8431bffe6c0bb821e572a5a7

SHA1
9ada9209b59b25f3d9566842756bf3eb4110f8c6

SHA256
578f6a6c79c30f2d6ddd3835aafe368c4156efd236c3cdfeb41b1b41b1e012b6

SHA512
20f5951e4e7a17f6d2be0a471203bea3a04883d4f4952ddf7fb35f6b6a984ba42c12d208b764b03c8c6a7e6068701485fdb82f86e409262822ef5afeaa8b0336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
475c664d6875b9e7f46f26b110e00ec4

SHA1
d13a471a11938f5bddf2f79921380700ddbf8d71

SHA256
63b6dc9c6f4e7e9bcc8749dfc1251003268b130785fc0f6154c52a38f07b1d86

SHA512
5455d6a884b1b0a550893db64a470e91611a3d3fd89d27ef0daa96ab6f8e0c797f2ae77d083c7af9b17d183212683393e4c33dcfec57566e6bf9541ecfc4375e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
ae06a5e82b26eed4d11184a79304dbbc

SHA1
6e632a6c3ad333c0dec8c3f1cf438fbe8e7c5f46

SHA256
0494fd6797545954116742b9fa5d296daedab31fe7dc01dc7db39363c05891e8

SHA512
697b172b2a3334956f32616616c8b422282ec0c62f88144e864175b704d4bc57b1038ad06afde07f56d316205c795c9689f71e58a49d806c0cb510c7fa20568c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
2f50df7b4afe6d100c801171fe46d507

SHA1
b30ff3a1dc0fbba7d406c33708c9e5c2891200c7

SHA256
fee1119f4820cd340f4348f96175195e4ae178321de6c9680ab844f547584185

SHA512
3d1970b6d620f9101461033e700b75810497cc30fb4c166c8cbb59361b96ed402f2a3594d27192cfd564d1b9874357bb836b7a13d30aaf43ac35e8eaa6bc2452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
8f6ad24f5d8e91eab943537ab87e0d90

SHA1
42d9aa2ba3152c3bb0a9cb48eb7ab05e206c2bd8

SHA256
3088be48aa22aff3bac080514b11ee5a77ddc163e3fd3bad25e9499c772b49e1

SHA512
655c6ccc3c84f89585f287ddddbbd202227df4dfec0a113118cabdeb134986a490508dde6a55064bf1866818626a12a94c720605ddb4b8396ec68da9e214c2a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
28eac8ba3bd69f56ff15f1cac4c7f05b

SHA1
583d9e18a5b2dc1355871716129bdec74b8b8201

SHA256
9e518301b58babc8012a32e9f25a2fa7efef392ebc82987b58b1865476af8c23

SHA512
a71e8ebfc4cfee0a07f37969e43e2d4225cc332aad89cabb1e0bfb67bfdc9d705f6eb31d5bc05aa2e7f8d62b264e97dfc5d3ae84fec967887b89df1f711668cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
4304602a2f4a4b9b733acbbc9b6e05ed

SHA1
26d1cfbb6d9f87f08de9418d03b1286918fcfe37

SHA256
b90c303c12c5e375ae4c591206e3e18699535bea0720800768e1d603b84211b0

SHA512
c27b76ca551127d441331735ef1035c5a806f15fbff52e7dc15d726bb17064a22b2105692236847dfba0322b130b420adee3cb2f0a26c9b5aa0ea026e8076e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
92323ecc9fa1a71b3e85e4d52673338f

SHA1
04825dfbf5fe05d1c30b6c25905321921401e505

SHA256
59dc945fba333ee353761efb55657df2475910021e133595efe7195cd2ff681b

SHA512
b43dc0fbba153dd7a2498c68b752afee38c3ac4b90303a38bbd4eea3f9d1b4d82be9acd5a24dedb37c69dd801f29af18e627626e53e67f61f41503278f86e314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
c1435ca46413cc01a2704a440e86c77e

SHA1
a1a9b0a5d8509f17139c66cf78abb2ae270bd9f6

SHA256
f01f5efaf0c1a71563a340aeb19d7f0058ed7ca6f8b8f6f9eb30cc1444d46de6

SHA512
b68d23bdfb3d2e1581f14177d3a19d6de6e9e28bd8eb10f0fdd2a5dc2d1d9ce15cef95d13724a8395101879f20d752ba15c4082f9f9585c64cc6d6769b590480

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\crashpad_2812_ZVSGIYZYNISUCYXC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4480-3867-0x00000000057C0000-0x00000000057C1000-memory.dmp

Filesize
4KB

Download
memory/4480-3869-0x00000000057C0000-0x00000000057C1000-memory.dmp

Filesize
4KB

Download
memory/4480-3874-0x00000000057C0000-0x00000000057C1000-memory.dmp

Filesize
4KB

Download
memory/4480-3875-0x00000000057C0000-0x00000000057C1000-memory.dmp

Filesize
4KB

Download
memory/4480-3876-0x00000000057C0000-0x00000000057C1000-memory.dmp

Filesize
4KB

Download
memory/4480-3877-0x00000000057C0000-0x00000000057C1000-memory.dmp

Filesize
4KB

Download
memory/4480-3878-0x00000000057C0000-0x00000000057C1000-memory.dmp

Filesize
4KB

Download
memory/4480-3873-0x00000000057C0000-0x00000000057C1000-memory.dmp

Filesize
4KB

Download
memory/4480-3879-0x00000000057C0000-0x00000000057C1000-memory.dmp

Filesize
4KB

Download
memory/4480-3868-0x00000000057C0000-0x00000000057C1000-memory.dmp

Filesize
4KB

Download
memory/4524-633-0x000001A078010000-0x000001A078011000-memory.dmp

Filesize
4KB

Download
memory/4524-614-0x000001A06FC70000-0x000001A06FC80000-memory.dmp

Filesize
64KB

Download
memory/4524-632-0x000001A078010000-0x000001A078011000-memory.dmp

Filesize
4KB

Download
memory/4524-598-0x000001A06FB70000-0x000001A06FB80000-memory.dmp

Filesize
64KB

Download
memory/4524-630-0x000001A077FE0000-0x000001A077FE1000-memory.dmp

Filesize
4KB

Download
memory/4524-634-0x000001A078120000-0x000001A078121000-memory.dmp

Filesize
4KB

Download
memory/5448-4255-0x0000000005890000-0x0000000005891000-memory.dmp

Filesize
4KB

Download
memory/5448-4259-0x0000000005890000-0x0000000005891000-memory.dmp

Filesize
4KB

Download
memory/5448-4256-0x0000000005890000-0x0000000005891000-memory.dmp

Filesize
4KB

Download
memory/5448-4254-0x0000000005890000-0x0000000005891000-memory.dmp

Filesize
4KB

Download
memory/5448-4258-0x0000000005890000-0x0000000005891000-memory.dmp

Filesize
4KB

Download
memory/5448-4260-0x0000000005890000-0x0000000005891000-memory.dmp

Filesize
4KB

Download
memory/5448-4261-0x0000000005890000-0x0000000005891000-memory.dmp

Filesize
4KB

Download
memory/5448-4262-0x0000000005890000-0x0000000005891000-memory.dmp

Filesize
4KB

Download