3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

Resubmissions

05-04-2023 01:27

230405-bvfhgada5y 7

05-04-2023 01:24

05-04-2023 01:18

05-04-2023 01:16

05-04-2023 01:13

28-12-2022 04:22

Analysis

max time kernel
267s
max time network
318s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05-04-2023 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MEMZ.exe
Size

16KB
MD5

1d5ad9c8d3fee874d0feb8bfac220a11
SHA1

ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA256

3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512

c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
SSDEEP

192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MEMZ.exeMEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\e6cd5fd7-5657-419b-a0fc-3571f9ac89cb.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230405031916.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 3 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exe

pid process

6956 taskkill.exe
6972 taskkill.exe
4872 taskkill.exe

pid	process
6956	taskkill.exe
6972	taskkill.exe
4872	taskkill.exe

Modifies registry class 3 IoCs

Processes:

msedge.exeOpenWith.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
2716	MEMZ.exe
2716	MEMZ.exe
4832	MEMZ.exe
4832	MEMZ.exe
2716	MEMZ.exe
2716	MEMZ.exe
4936	MEMZ.exe
4936	MEMZ.exe
4752	MEMZ.exe
4752	MEMZ.exe
2716	MEMZ.exe
4832	MEMZ.exe
2716	MEMZ.exe
4832	MEMZ.exe
5024	MEMZ.exe
5024	MEMZ.exe
4936	MEMZ.exe
4936	MEMZ.exe
4752	MEMZ.exe
4832	MEMZ.exe
4752	MEMZ.exe
4832	MEMZ.exe
4936	MEMZ.exe
2716	MEMZ.exe
4936	MEMZ.exe
2716	MEMZ.exe
5024	MEMZ.exe
5024	MEMZ.exe
5024	MEMZ.exe
5024	MEMZ.exe
4936	MEMZ.exe
4936	MEMZ.exe
2716	MEMZ.exe
2716	MEMZ.exe
4752	MEMZ.exe
4752	MEMZ.exe
4832	MEMZ.exe
4832	MEMZ.exe
4832	MEMZ.exe
4752	MEMZ.exe
4832	MEMZ.exe
4752	MEMZ.exe
4936	MEMZ.exe
4936	MEMZ.exe
2716	MEMZ.exe
2716	MEMZ.exe
5024	MEMZ.exe
5024	MEMZ.exe
4832	MEMZ.exe
4832	MEMZ.exe
5024	MEMZ.exe
2716	MEMZ.exe
5024	MEMZ.exe
2716	MEMZ.exe
4752	MEMZ.exe
4752	MEMZ.exe
4936	MEMZ.exe
4936	MEMZ.exe
2716	MEMZ.exe
2716	MEMZ.exe
5024	MEMZ.exe
5024	MEMZ.exe
4832	MEMZ.exe
4832	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

mmc.exe

pid process

3232 mmc.exe

pid	process
3232	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
6464	msedge.exe
6464	msedge.exe
6464	msedge.exe
6464	msedge.exe
6464	msedge.exe
6464	msedge.exe
6464	msedge.exe
6464	msedge.exe
6464	msedge.exe
6464	msedge.exe
6464	msedge.exe
6464	msedge.exe
6464	msedge.exe
6464	msedge.exe
6464	msedge.exe
6464	msedge.exe
6464	msedge.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

Processes:

firefox.exeAUDIODG.EXEmmc.exesvchost.exe

description	pid	process
Token: SeDebugPrivilege	1928	firefox.exe
Token: SeDebugPrivilege	1928	firefox.exe
Token: SeDebugPrivilege	1928	firefox.exe
Token: SeDebugPrivilege	1928	firefox.exe
Token: SeDebugPrivilege	1928	firefox.exe
Token: 33	4632	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4632	AUDIODG.EXE
Token: 33	3232	mmc.exe
Token: SeIncBasePriorityPrivilege	3232	mmc.exe
Token: 33	3232	mmc.exe
Token: SeIncBasePriorityPrivilege	3232	mmc.exe
Token: 33	3232	mmc.exe
Token: SeIncBasePriorityPrivilege	3232	mmc.exe
Token: SeManageVolumePrivilege	4524	svchost.exe
Token: SeDebugPrivilege	1928	firefox.exe

Suspicious use of FindShellTrayWindow 9 IoCs

Processes:

firefox.exemsedge.exemsedge.exe

pid process

1928 firefox.exe
1928 firefox.exe
1928 firefox.exe
1928 firefox.exe
4424 msedge.exe
4424 msedge.exe
4424 msedge.exe
4424 msedge.exe
6464 msedge.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

1928 firefox.exe
1928 firefox.exe
1928 firefox.exe

Suspicious use of SetWindowsHookEx 11 IoCs

Processes:

firefox.exemmc.exemmc.exeMEMZ.exeOpenWith.exe

pid	process
1928	firefox.exe
1928	firefox.exe
1928	firefox.exe
1928	firefox.exe
5356	mmc.exe
3232	mmc.exe
3232	mmc.exe
4572	MEMZ.exe
5796	OpenWith.exe
4572	MEMZ.exe
4572	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

MEMZ.exeMEMZ.exefirefox.exefirefox.exe

description	pid	process	target process
PID 4908 wrote to memory of 2716	4908	MEMZ.exe	MEMZ.exe
PID 4908 wrote to memory of 2716	4908	MEMZ.exe	MEMZ.exe
PID 4908 wrote to memory of 2716	4908	MEMZ.exe	MEMZ.exe
PID 4908 wrote to memory of 4832	4908	MEMZ.exe	MEMZ.exe
PID 4908 wrote to memory of 4832	4908	MEMZ.exe	MEMZ.exe
PID 4908 wrote to memory of 4832	4908	MEMZ.exe	MEMZ.exe
PID 4908 wrote to memory of 4936	4908	MEMZ.exe	MEMZ.exe
PID 4908 wrote to memory of 4936	4908	MEMZ.exe	MEMZ.exe
PID 4908 wrote to memory of 4936	4908	MEMZ.exe	MEMZ.exe
PID 4908 wrote to memory of 4752	4908	MEMZ.exe	MEMZ.exe
PID 4908 wrote to memory of 4752	4908	MEMZ.exe	MEMZ.exe
PID 4908 wrote to memory of 4752	4908	MEMZ.exe	MEMZ.exe
PID 4908 wrote to memory of 5024	4908	MEMZ.exe	MEMZ.exe
PID 4908 wrote to memory of 5024	4908	MEMZ.exe	MEMZ.exe
PID 4908 wrote to memory of 5024	4908	MEMZ.exe	MEMZ.exe
PID 4908 wrote to memory of 4572	4908	MEMZ.exe	MEMZ.exe
PID 4908 wrote to memory of 4572	4908	MEMZ.exe	MEMZ.exe
PID 4908 wrote to memory of 4572	4908	MEMZ.exe	MEMZ.exe
PID 4572 wrote to memory of 2168	4572	MEMZ.exe	notepad.exe
PID 4572 wrote to memory of 2168	4572	MEMZ.exe	notepad.exe
PID 4572 wrote to memory of 2168	4572	MEMZ.exe	notepad.exe
PID 4052 wrote to memory of 1928	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 1928	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 1928	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 1928	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 1928	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 1928	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 1928	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 1928	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 1928	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 1928	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 1928	4052	firefox.exe	firefox.exe
PID 1928 wrote to memory of 1260	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 1260	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe
PID 1928 wrote to memory of 2988	1928	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4908

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2716

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4832

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4936

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4752

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5024

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main
2⤵
- Checks computer location settings
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4572

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:2168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
3⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd34f846f8,0x7ffd34f84708,0x7ffd34f84718
4⤵
PID:2092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
4⤵
PID:1876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
4⤵
PID:2784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
4⤵
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
4⤵
PID:5480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
4⤵
PID:5500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
4⤵
PID:6108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
4⤵
PID:5820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
4⤵
PID:5456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
4⤵
PID:5492

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 /prefetch:8
4⤵
PID:6120

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
4⤵
- Drops file in Program Files directory
PID:6100

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff68c245460,0x7ff68c245470,0x7ff68c245480
5⤵
PID:5524

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 /prefetch:8
4⤵
PID:6124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
4⤵
PID:6004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
4⤵
PID:5500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
4⤵
PID:6548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
4⤵
PID:4228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
4⤵
PID:6324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
4⤵
PID:6392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
4⤵
PID:6292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
4⤵
PID:4432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
4⤵
PID:4260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
4⤵
PID:6724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5912 /prefetch:2
4⤵
PID:4000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
4⤵
PID:1060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16060529510994190500,15577300249364952440,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
4⤵
PID:6364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
3⤵
PID:5700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd34f846f8,0x7ffd34f84708,0x7ffd34f84718
4⤵
PID:5628

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
3⤵
PID:6368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
3⤵
PID:6648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd34f846f8,0x7ffd34f84708,0x7ffd34f84718
4⤵
PID:4392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
3⤵
PID:4240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd34f846f8,0x7ffd34f84708,0x7ffd34f84718
4⤵
PID:2308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
3⤵
PID:5632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd34f846f8,0x7ffd34f84708,0x7ffd34f84718
4⤵
PID:5432

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
3⤵
- Suspicious use of SetWindowsHookEx
PID:5356

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
4⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
3⤵
PID:6384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd34f846f8,0x7ffd34f84708,0x7ffd34f84718
4⤵
PID:6440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:6464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd34f846f8,0x7ffd34f84708,0x7ffd34f84718
4⤵
PID:1400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
4⤵
PID:5688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
4⤵
PID:5160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
4⤵
PID:2452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
4⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
4⤵
PID:6192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
4⤵
PID:6240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
4⤵
PID:6176

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:8
4⤵
PID:1636

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:8
4⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
4⤵
PID:2256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
4⤵
PID:6612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
4⤵
PID:6488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
4⤵
PID:5828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
4⤵
PID:1876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
4⤵
PID:5968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
4⤵
PID:32

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
4⤵
PID:2444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
4⤵
PID:6936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
4⤵
PID:6360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
4⤵
PID:4284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
4⤵
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
4⤵
PID:6456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
4⤵
PID:3376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
4⤵
PID:7276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5812 /prefetch:8
4⤵
PID:7536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1
4⤵
PID:7616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
4⤵
PID:7516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
4⤵
PID:7632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8760 /prefetch:1
4⤵
PID:7288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14009203107430730710,6147186066731773181,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8744 /prefetch:1
4⤵
PID:7420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
3⤵
PID:1848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd34f846f8,0x7ffd34f84708,0x7ffd34f84718
4⤵
PID:3816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
3⤵
PID:6064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffd34f846f8,0x7ffd34f84708,0x7ffd34f84718
4⤵
PID:5828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
3⤵
PID:7224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd34f846f8,0x7ffd34f84708,0x7ffd34f84718
4⤵
PID:5352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
3⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd34f846f8,0x7ffd34f84708,0x7ffd34f84718
4⤵
PID:4432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1738287481051485290,3559468787617664630,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
4⤵
PID:6832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,1738287481051485290,3559468787617664630,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 /prefetch:8
4⤵
PID:2104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,1738287481051485290,3559468787617664630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
4⤵
PID:5684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1738287481051485290,3559468787617664630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
4⤵
PID:5152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1738287481051485290,3559468787617664630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
4⤵
PID:5868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1738287481051485290,3559468787617664630,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
4⤵
PID:7296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1738287481051485290,3559468787617664630,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
4⤵
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1738287481051485290,3559468787617664630,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
4⤵
PID:636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1738287481051485290,3559468787617664630,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
4⤵
PID:6756

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1738287481051485290,3559468787617664630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
4⤵
PID:8016

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1738287481051485290,3559468787617664630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
4⤵
PID:8024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1738287481051485290,3559468787617664630,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
4⤵
PID:5348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1738287481051485290,3559468787617664630,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
4⤵
PID:2780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
3⤵
PID:4272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd34f846f8,0x7ffd34f84708,0x7ffd34f84718
4⤵
PID:4380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4052

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1928

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1928.0.987885055\1063215985" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1808 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {799ffbef-6760-4b7d-9726-6bbd754ae309} 1928 "\\.\pipe\gecko-crash-server-pipe.1928" 1916 294bc0b0858 gpu
3⤵
PID:1260

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1928.1.1362516182\769189282" -parentBuildID 20221007134813 -prefsHandle 2308 -prefMapHandle 2304 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6ff0522-80ad-4bb6-a7c3-cd070a0ae97d} 1928 "\\.\pipe\gecko-crash-server-pipe.1928" 2316 294ae072858 socket
3⤵
PID:2988

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1928.2.987699778\1319035099" -childID 1 -isForBrowser -prefsHandle 3104 -prefMapHandle 2872 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7457ace6-e6e7-4919-a01f-3ff7fc80b1b5} 1928 "\\.\pipe\gecko-crash-server-pipe.1928" 2920 294bee30558 tab
3⤵
PID:4208

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1928.3.1829875384\1144420509" -childID 2 -isForBrowser -prefsHandle 3572 -prefMapHandle 3568 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adaaa663-979c-46d7-97a2-12449ff9e80b} 1928 "\\.\pipe\gecko-crash-server-pipe.1928" 3580 294ae062858 tab
3⤵
PID:2100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1928.4.443109688\499623861" -childID 3 -isForBrowser -prefsHandle 4272 -prefMapHandle 4268 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85e42605-0f02-40be-a7b2-607173f04d8d} 1928 "\\.\pipe\gecko-crash-server-pipe.1928" 4288 294c062d458 tab
3⤵
PID:2504

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1928.5.818794767\1259146194" -childID 4 -isForBrowser -prefsHandle 5008 -prefMapHandle 5004 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54a5342a-4dc5-4db3-81fe-e5501a5d7725} 1928 "\\.\pipe\gecko-crash-server-pipe.1928" 5020 294bf4f2258 tab
3⤵
PID:1980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1928.7.1295372358\251615224" -childID 6 -isForBrowser -prefsHandle 5404 -prefMapHandle 5408 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6afd8526-ccb2-4ee4-abc3-5dbd296d4578} 1928 "\\.\pipe\gecko-crash-server-pipe.1928" 5396 294bf4f0a58 tab
3⤵
PID:2912

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1928.6.10422954\1256913384" -childID 5 -isForBrowser -prefsHandle 5260 -prefMapHandle 5256 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3212cba9-14b0-4052-8211-add33ce67a94} 1928 "\\.\pipe\gecko-crash-server-pipe.1928" 5268 294bf4f0158 tab
3⤵
PID:4316

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1928.8.1322994735\672686020" -childID 7 -isForBrowser -prefsHandle 5804 -prefMapHandle 5800 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a4d16e7-c236-4621-be76-8623bd32deb6} 1928 "\\.\pipe\gecko-crash-server-pipe.1928" 5812 294c0812858 tab
3⤵
PID:1796

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1928.9.1360649539\1123250371" -childID 8 -isForBrowser -prefsHandle 4748 -prefMapHandle 3156 -prefsLen 27116 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {805e91cf-a4c5-46b4-a088-30269f29ca54} 1928 "\\.\pipe\gecko-crash-server-pipe.1928" 4620 294bc6eb358 tab
3⤵
PID:5912

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1928.10.1457698081\486322893" -parentBuildID 20221007134813 -prefsHandle 4340 -prefMapHandle 4344 -prefsLen 27116 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97167b3b-0f74-49a6-8db3-2b122692be8d} 1928 "\\.\pipe\gecko-crash-server-pipe.1928" 3316 294bc6eb658 rdd
3⤵
PID:5976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5260

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:6740

C:\Windows\system32\taskkill.exe
taskkill / f / im MEMEZ.exe
2⤵
- Kills process with taskkill
PID:6956

C:\Windows\system32\taskkill.exe
taskkill / d / im MEMEZ.exe
2⤵
- Kills process with taskkill
PID:6972

C:\Windows\system32\taskkill.exe
taskkill / f / im MEMZ.exe
2⤵
- Kills process with taskkill
PID:4872

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f4 0x2f8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4632

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4524

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5988

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1428

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
163202a097983b20ce2bc01b538ac220

SHA1
d6687b7a0da5b733e677f7f9bc909527e97ff748

SHA256
031eb7b5db01a3ac72cce6caa1b26a3abd390d0bb06ae09af624088979c9330e

SHA512
dd1323e23848cfc3bc9d025e856bb2e48c94dac3093110356ca9c1fdac2ebd5ea304d0c79424197e6153126d29189c07a2993ce03873392023aaa967e5345a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
163202a097983b20ce2bc01b538ac220

SHA1
d6687b7a0da5b733e677f7f9bc909527e97ff748

SHA256
031eb7b5db01a3ac72cce6caa1b26a3abd390d0bb06ae09af624088979c9330e

SHA512
dd1323e23848cfc3bc9d025e856bb2e48c94dac3093110356ca9c1fdac2ebd5ea304d0c79424197e6153126d29189c07a2993ce03873392023aaa967e5345a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
163202a097983b20ce2bc01b538ac220

SHA1
d6687b7a0da5b733e677f7f9bc909527e97ff748

SHA256
031eb7b5db01a3ac72cce6caa1b26a3abd390d0bb06ae09af624088979c9330e

SHA512
dd1323e23848cfc3bc9d025e856bb2e48c94dac3093110356ca9c1fdac2ebd5ea304d0c79424197e6153126d29189c07a2993ce03873392023aaa967e5345a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
163202a097983b20ce2bc01b538ac220

SHA1
d6687b7a0da5b733e677f7f9bc909527e97ff748

SHA256
031eb7b5db01a3ac72cce6caa1b26a3abd390d0bb06ae09af624088979c9330e

SHA512
dd1323e23848cfc3bc9d025e856bb2e48c94dac3093110356ca9c1fdac2ebd5ea304d0c79424197e6153126d29189c07a2993ce03873392023aaa967e5345a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
163202a097983b20ce2bc01b538ac220

SHA1
d6687b7a0da5b733e677f7f9bc909527e97ff748

SHA256
031eb7b5db01a3ac72cce6caa1b26a3abd390d0bb06ae09af624088979c9330e

SHA512
dd1323e23848cfc3bc9d025e856bb2e48c94dac3093110356ca9c1fdac2ebd5ea304d0c79424197e6153126d29189c07a2993ce03873392023aaa967e5345a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
163202a097983b20ce2bc01b538ac220

SHA1
d6687b7a0da5b733e677f7f9bc909527e97ff748

SHA256
031eb7b5db01a3ac72cce6caa1b26a3abd390d0bb06ae09af624088979c9330e

SHA512
dd1323e23848cfc3bc9d025e856bb2e48c94dac3093110356ca9c1fdac2ebd5ea304d0c79424197e6153126d29189c07a2993ce03873392023aaa967e5345a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
163202a097983b20ce2bc01b538ac220

SHA1
d6687b7a0da5b733e677f7f9bc909527e97ff748

SHA256
031eb7b5db01a3ac72cce6caa1b26a3abd390d0bb06ae09af624088979c9330e

SHA512
dd1323e23848cfc3bc9d025e856bb2e48c94dac3093110356ca9c1fdac2ebd5ea304d0c79424197e6153126d29189c07a2993ce03873392023aaa967e5345a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
163202a097983b20ce2bc01b538ac220

SHA1
d6687b7a0da5b733e677f7f9bc909527e97ff748

SHA256
031eb7b5db01a3ac72cce6caa1b26a3abd390d0bb06ae09af624088979c9330e

SHA512
dd1323e23848cfc3bc9d025e856bb2e48c94dac3093110356ca9c1fdac2ebd5ea304d0c79424197e6153126d29189c07a2993ce03873392023aaa967e5345a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
102159ba8af7b04bb1a72f124b90f204

SHA1
de1ef3896de60b964e76b8e7d33806dc491e017d

SHA256
209d72483292a2e373a820b44aeb3f63b57a114feaa94e932ffbc25b4c1151de

SHA512
e5fea7f2447e31e57a14cc305fcb7e4515dd5224068b9c2592d41ad4de2ece0b31847cb799e82364d8e3f8580445895fd83ee848a28a6d107c915cf90d22ba10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
9d3cd2e69d924847bead0a3750315553

SHA1
dfb62b05a5b96ddcf5c253c2afbcabd75e54079f

SHA256
ce81bf48f06fc4a61cc9db7fda4c9803dad382b2d4e60f843ffe92802101a5d4

SHA512
02249f409bfae6eb239fc23e7f33c20ea94d930c9e528aa1b57452960f5f64006997a920e4b1d6d48722bead752447e9e3f5488efa60b32f95c509392c71367b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0820611471c1bb55fa7be7430c7c6329

SHA1
5ce7a9712722684223aced2522764c1e3a43fbb9

SHA256
f00d04749a374843bd118b41f669f8b0a20d76526c34b554c3ccac5ebd2f4f75

SHA512
77ea022b4265f3962f5e07a0a790f428c885da0cc11be0975285ce0eee4a2eec0a7cda9ea8f366dc2a946679b5dd927c5f94b527de6515856b68b8d08e435148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
425e83cc5a7b1f8edfbec7d986058b01

SHA1
432a90a25e714c618ff30631d9fdbe3606b0d0df

SHA256
060a2e5f65b8f3b79a8d4a0c54b877cfe032f558beb0888d6f810aaeef8579bd

SHA512
4bf074de60e7849ade26119ef778fe67ea47691efff45f3d5e0b25de2d06fcc6f95a2cfcdbed85759a5c078bb371fe57de725babda2f44290b4dc42d7b6001af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ba82fa0dd0fbe12d9a5d7b71c6ba5e47

SHA1
c0dbf10772ae431bbe69dcc6324fbefe3ef1caa4

SHA256
cd9a825244537e4f603c9e01798717fb89e8754e9340f2137ec2d0ae4cfcbd76

SHA512
c0f9a8e2459596d569cad4f5911bb0a856b381f534c272f2ea0ba8acf728a9ab2489b7b55a54249d3ff649c36250befb04688f27c0bf83f621bca160eb81b6d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6e865ad3-c02b-41f1-a642-870f9d75abf5.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
162KB

MD5
b81d6636c3ad72c63e532e5180eaf7f9

SHA1
ddcd059999fff6218e98af62dbe3fa9c885a0de8

SHA256
2fb4351c49b47b7cdaa9516237a8b1e690e4448339d09d70a84c658729e461ef

SHA512
4f0b87bbf60061a8efca4906554f958b7c28cf582452e01a8316d8c5ea8c98beda6c3230afff207f0b92d316c4c2e0ca1b4631e7d7364344b4a76394115af06b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1fb6f72a15deee50_0
Filesize
341KB

MD5
c72193a5ac0ee15c4aaf911bd7cdb322

SHA1
c1ed2a6bbeba826991e15eb157a607de1dc10a9c

SHA256
159cec8f40a6c2c7c775116041be01bf75d6a5c443f8e31814fd2fe1c1de996b

SHA512
e76a9b3c5e00627e417df1915f4c9e54aca856e6f964f87035ad32b35c2183446e8f90a65b745ecc41ebf9e4862efd671784b713f7774ec2406e0f1c352e7ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a528caa10bc48dd2_0
Filesize
288B

MD5
2126d45917762984cc98b211bc1d1095

SHA1
87b787d14f9524df24fc2087ab82eece30e0dfb0

SHA256
debf3c932da792952e639aef36a3b4f176b96a70cdfe8c8ff4b4b6dae1c9f4a7

SHA512
a9be1bfbb677b134c61e007ac11300ce4fccd6336b54d7ce9c933283689258b242c57b1b1cf57fc0a733029ead128699ed7c5525c4f68e130b263a30168eed77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
fada6c48596548d156e260ee0a5d9f92

SHA1
9e0796e496f98c775e3b9067724a7ebf73717bae

SHA256
f26b7b5a7c39abe71f7d2fa0a10ae1f5bb9af181a539cf5820d2b1f96fdd4579

SHA512
77034da37af48f64ce5b21e98fc764a76637f6554021bc1396f66090f58c36ce3e76777ac3ea56bd1a948057a58e081d9d283527ade74da18d4230def33da1d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
9a8544d72b5e69707d933ea00cd6b1bc

SHA1
b3f0f82e880f73289caed004590f151e0c229c85

SHA256
290bf9708a7764ec33f7bb631d99b2603d7df935bfc368416a1c4f020c8d95de

SHA512
7e027a0b927bafa212038e18a5801f86a4a72467f5c3fe5cc46072513fd0db6ac3aeff65e2fd54a4db7b374782742f25196a994c517a6d6e21cb175cfd50e126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
1817b5a101b167bbd188f8b4b0ff8b61

SHA1
7418bc2eea290813402b2c832057e74ee4d0ee1a

SHA256
b078798d4a5a02fc298eb822d42701f900c37b80c0dcd9ff6c22e81d97ea8782

SHA512
25095034d12c9d257521017f6fecb1188942b3dbff3af00f4d1a41c538d8689fbb6c265660f3a0fc0e26f16adc68b3799306036d940ec086eb99eb6aee25a05c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
86361852d16dd6b4392bc7469f1fd9fb

SHA1
684a45bb23766f79afdef5e3b07d3b9a9054ad17

SHA256
4c4806526df3de72e60aa16db6397ced894c123b0ce297b2afcf854de5d90251

SHA512
e2d5723a6bdf3d5dc032fb204a63a21c3ca4b7a6ade55e9e141d7cfede88f0330c71770965865b13cb0b26d34e66859a720646e5326d9c418774b8c721b8d8c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
535af65a81a2155227cf21590b6e99f8

SHA1
733fa18ff6d7a9d2648b585a6c23e1ef9b89d967

SHA256
375ed78c58efbf4443a145f80776d4fef24f0347c0aa34aed0b2f7a3d1845e7f

SHA512
b0b90670e6eaa651e3c562cba5bceceae39daff3ec24a35420cbafa30b2d0fb4e47e20905793f3c59018a6e04d631ba5eb82005df251704c78603587ee0cbc77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
beeb1f7ebabd101794d18c91ad44c2f5

SHA1
2030e943bb9fc62ae0ccf07cb53eeec2440b5516

SHA256
99eecbcc291a5e57b64aff434d1691e3eb2742f160fc38f0ce4c0164a9e2f740

SHA512
191162ffda0f73972067f14c7f4355f85d5db9c005d66950026602cd9d1654e81ef1a777c61e72e843553075ab45527770da71d19c6e779bd0f591f113a695db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57b268.TMP
Filesize
48B

MD5
7f8111f3fd28695733c1a6b46cea987f

SHA1
185a38e58cecf5cde449c49781b3858784202496

SHA256
90e34c19155099cd59e70fabf30472f0ef788a682be1cc61922b9f4c9308d97d

SHA512
fd112f7f5331f0a9a4ad8f2b1411e7a2ab3a7ca24cc3d408ae0a04ac753cbe7c7f8ea823ada8c7c848ca443dd57749f427898e7f6088c3199a284dd0d188df18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
3c9cbc332f83145d33e595586a771722

SHA1
2ff48e67fa8a85a46f097a5db353b802b6de3af7

SHA256
9e2f1604eb94619478013816b95f13ad8fae7062abd7d49569779a2172e6d2e9

SHA512
cae32e7d1add357af17e595897ca2309f271fbad41ff28139179b49ddcabae442da8d8e54814b910f501889860884907b9772af650bbffb7e8d4c9f2db29ee8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
822ceae45e4647e786f965249fb27afd

SHA1
e28855706e50282e0f72e1fa053d5f4f2d254466

SHA256
725236f0eb3e32d1da57e869512a3a282138eb288ae0cc38238568568a77ed5d

SHA512
b44fc45e396bc5e09007bfff3bf35d014c04ed00b83a0f9a6805dc4fa7f9ae204bb90705416f03a5891b1142eaff52ffbdeceea7d3ef97344b3d6636dd2ed7c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
9eef74cdeb6e903b5a2e656375223963

SHA1
bc023751f1aab6e4a09d2595a6c48d69663f5dde

SHA256
6805930326e1f70c3caa87b9d0b2cae3e61fe59c685b0a13a7f47008242f7605

SHA512
66b1f8eefcb5726188c5616b45685b1ec77cdd15d2995aa18eaad4a1239888345ada38f3d04ceafe562176020213ae8faed3356de29cd0423d6018d3f589fd2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
Filesize
256KB

MD5
221603ee3ac256e7494606616849f027

SHA1
b3cce0fe67e8192a483ad8221ca6eadbc166c340

SHA256
6c92dd86203cfa0e7c1083e6dd59526404517aff495bcc6ef8dc5608c93f99ca

SHA512
daa2c5d6b3380358d18688aa37b258bc5e37d614cf1758e4f7192bf97f6f93cb1e58c109731d41bf6c7040b0c220b750e1e94462f774ebc6ef9513a5dfdd566e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
9a0efbae8ce21f922764d71547d73a7d

SHA1
0f9cca88fed181314f9a9a94ae3885daadc17ca1

SHA256
f65cb263d2ef3078342639746ba0464bb1ec74c6b0c13b78cef87bb4c8914170

SHA512
4ff0b17a575347106992ff1d6e5ebfe5f2d5a3ead4026690fc37515215c6ef773ae5f2835b6e362a945bb0f868cebeb20ddede79c2292a24748fdea2d14d5d10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
451B

MD5
ea073c5e77d4252177f728d47ff52e41

SHA1
bab9c8294390e7946a1bcc603d88074ea8154037

SHA256
32ac63a6b14580bbdcbc4239b563c5f3286a9325d9188584c5cee25d30bb881e

SHA512
c7df94ce1258a204dbd27a0d8d7e308408fe4d6cca91e02dcb8b86e25817b25203d1aec892710478005de0422f2a6dcada4e330eee30b6d1c6258cb83f5c3695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
334B

MD5
1b3eb95ffe716a964b98508b8ea80582

SHA1
134df1e989cae212bf519eb4e61b0eb76c5387d4

SHA256
f827bcae636ae392620aa7486b27676fecf2b2b760904e4169a4649c1cf8fe21

SHA512
5940a51c83711e37a115692f7bedbcc0a86336b58e2415cf47c33d86187379390e59e791f43384c87b49d83cc63d4e141752ba1274b1050f073cea2d52f9b7d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
37b36d37180b3e8ac792ad5517856d01

SHA1
0b6bb73ccb944ac1004accb6c9b07427d061c9b1

SHA256
2c5b5727b9baf861144d91d94e8a64ce793813260dc0bda62f96c6ea23a489ad

SHA512
a800304960658ece7c3697bb13c6b835d5cd66649311e76a9eaeb366adbcadcbce21c89dce7fb85ebacc84a784f9e88201d7103dd5fec72482c8603e28d65fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
815B

MD5
71e24b9d4fbf62c73ba083d9e7c466e0

SHA1
097ab6481b014f00c9a6da48dfec885326c41cd5

SHA256
1f05c247343007603e1e64cb1d96e35ae7865ddea0d0a40eac4d397f4d903620

SHA512
aa66f8d5bc96b27779219feab87bfff587b8abf46daee35cf69a1a80af44e3038e2fe3645a850b9808a30440ff58c8fb125c3043ad088342da5aeff6ea98a7dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
17KB

MD5
beda004765d98be7ec83f67a4190a351

SHA1
faf8e042422917669dc1225cf79da5ba4172389d

SHA256
663eb8ae4e7bdbe032f85a10e5d2ffa05cfa0b87fc3b418e163a98608bf058ca

SHA512
06611b99cb7dc367f51149944a93dfa8950f23201f313b80c69ed00f55d0bb4697d3c10891390f27129321f63c7511ad416fefa1598b96b669be48761f834b7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
846B

MD5
4ef5b9633bec752e45e956ec1320ff88

SHA1
7eae2321a07ceb88da6b24574ec5c452cbaf64b2

SHA256
3276716a07e5b0dc528a69ffcd61ad49cd500070c3488229f7d61a76a129249c

SHA512
dc4708ee0972e88c460ce24056d9a196d9ffefa537670d8e00993f1ea298355146d60d154fe0bfda0f2f0454be9b7ac5fd2e6b9abeceb70f368f7f30c2ed346e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0770044fbad0200de16c48171fa89535

SHA1
1ea93d21c610e0f8f42b3d891f50ed02e4d2dd15

SHA256
0e1dce0df62000da6a52441d087293dc19f7e05eca20c9767232f8d9949769e4

SHA512
47601cb27e1e2ad66261ffaa7fb85617ffbb3fd01fb3210abe78b29d677d1b939fd0d3d979b35c114a341d92ab7f1687e5a7f5075f20b4e47b03c954b0f6f7cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
e15fa70ec67817962245f497250f49a7

SHA1
860dee95efd1788d491fea99f469401712374936

SHA256
e742fce7c134f1e0aa2c39b28d08324d75edcae3322aac8625dcd2350eccaa19

SHA512
ede5a059db347ad37d2e439d4f144b9330ec9da7f4560ddb6dab286fd44e1db6a9245b7770ced8edf156150284214f2081bc4ef7292b1a829708eac2804cc29a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f7154c82f47eb1f4ee025bcf877e457b

SHA1
c4f7ff08d5dc9ce116119a0919a1097d0542db3c

SHA256
c0ad9de2564ccc55280a6722670ec9d678a56d9ac9083e233203a410d04d031a

SHA512
77439381fc40e643a6eddec8b51c747c0cf1c2ae601d4d4efb8fdd3759f06ad3a9a5dde0d68853909f0f82bac984d5645af90217a1f84c636d0b4bd5cd1d0643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
81ff808d55af792ab195a63f5f1a5267

SHA1
e414051a2adc249db4edbedd926ac140914d1a21

SHA256
4622d9356ee84594b56e5afd5263df5189bce87ff4ad8c8cf3652ca0a09c68f8

SHA512
18bc1d1e5cec4433ec24c0318c0a99771412f1ac644627d9ea51bb1179b5e12775c2b4e627b7149179947c9c62235195892fb5bd2d6d46c60da54458b055e9e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
93750663effd2cf704c6883a8d7c0bfd

SHA1
934151f86a7c2f554226b5b579c5fd4cb4f597f0

SHA256
0636f324d1fdef31176138795360a725726c02a12c802fffde9939a9628e9726

SHA512
c463c615f150ddd3f119544ce0cb85815395c1926029e189f01daed1337c37bf2efbb2d72c35382439b3f52e0894e61086b1023ce7642527657fe478f95f4ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5373e88560d41e0fdd88d26411049e8b

SHA1
810b77cab5d88de6b613f1748b469e351df673b2

SHA256
f6260ba6a49460f607f4e36f56d8b9c5bb822d14d001dff48fb9d6cf8733ea19

SHA512
6f140b343dc23f10e7d18dc77c0dd72c2e438eef6ef9ce9e43a0b95708e4dc927a53e4b3dce02cb1477ab2460f8274a7f8e91408e35f0c30bdfd4bbf0e8ecca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
51143f0776b245f812c28a49f6f7d03c

SHA1
7683cd17c9707581be922e1c2742ff65a11fcce3

SHA256
c8393b19c17f155ecc3faf4047200771f99423bd04051a27ab2536c3098eca3a

SHA512
36eba50f838a92db977d5a725cd55f39bc267cfea2dd420090fd5d7736821194aebbc762fcb7490a10f3fccb81909bae1721b6846adf39dfd2fe93a355620dc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0762ff281d5654e40912b8e7dfeb7383

SHA1
407a958f40f4b21719b1564a6e7bed85a771b733

SHA256
bd86a02d69e82a57ecb2c09b7d138f2f27502019f6ee8759eb006892dfc9d7bb

SHA512
8fffd882792c4ee0b936496070a9fc48491c3b34850eb4644c94e0b583afd4f8cccaf6935c4169eb1caf8ce6d5c6c171d305ec86f0bc03692784e1c0bad4c546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
bec48bc7699fd742a4b59603d99ae269

SHA1
1430a52564282e0d7a7eb7f94065ab7f14aa811d

SHA256
362267c98b579b883963097dc148d65273c53cd8023584a283a736fbdfd17de5

SHA512
62fb4962e02d8d12a2c2201cefa8aa23704d0b0aa22821b68e7629c3f5c1fbf40431c4c509a318d7cadd78ab6973f5c3b4162535d5ac81b66f392da00ce301d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
98a3bbd320a6a3d4941534ec007bee3f

SHA1
977cf362c87ead4abc8d344d0696a961a64a6e58

SHA256
60bca84a764e3b481991de00b32020c19c0089a0f84ea8eac8353461e831462c

SHA512
d4ccea275bc43250f3eaec8b317af91145e6fabc457958b6f64e4a3361e656ac9346819a8f7fafdf82b363790c91fbff51a3953ad58e3dbf6d80fc8ab9aace08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
a0f9d74f38a7b5f5d018e6c42cc2e990

SHA1
e2ff0cc75133efd694ed4c70a7e1d85cfec0b8d2

SHA256
8f204caeb60b30e908db6660e013b2df682a87eda40a0883a3e727f359a1276d

SHA512
5cd314f5367f5ddb34ea3879b8302528dfef0270dacfbb6d05219a53ef9c7ca4ee6faa8241614456fe1d26b0be86ad6a4e31f9fd76abe2918b07d81c103dd9ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
c589d9a8bee3c37a698976ac0e82b3cd

SHA1
2a07ee4252145a8881e437693760531d0c096c5e

SHA256
f621ee716b5dac53a726ab517a35363485742fd5400e749045ffb57521c9cf8c

SHA512
a6b4d3e1576bcaed3bccc578c04c2f85b6e307326c73787ad46366b485138da94c3759640cc2a6efdee54049b81a14d2c8ea29dce9c7dccf38f14a3a832409e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
06e7abd7e19a8991e7d324a4e5a010d6

SHA1
9a49ca7360b949367f1080f88afd905257a516b8

SHA256
e9443342022942b0234c8ceb7f19b699eec1c588cae7383b6ab6752f1d967e9a

SHA512
91630c26185b3ea80109a4920bbd4749f15d52d8e068038a987f407414103da9acf74bb6d116d349d1ae63dac561f092cb713ddd5655e49f84af72a280c0746a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
f583426daa0d7614ea0dbfcab7a68ab5

SHA1
c6e6a8d609c0c5ea97b60aa9b27fd0d04888942b

SHA256
0991b3ba42335f62a275b65e237f3fdfcd5b3d480d22ceb6f9f0cd438389b005

SHA512
43a2184efa1a355a3ed335479f71ac54bc41fd42b3e37bbb9dd05cfe6e7112e1dc72c4428ea7ed1899d85574c5cf1c7e2ec14c93522397a285e640764ab54bb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
8fdb3c17d3fb30d9ee3875d186ddbcb0

SHA1
ad75ec01f07a2c40fc931d8305667622dc662d5a

SHA256
667aa37375270ce633e19856c533f448b8c51a05210d2afea97b714341610d9b

SHA512
4d8adc40bf06ba621435b9643f2082b106fc2ce1ab58874ab5760f2ecd67be462347f3e74be464ccb36894376749e07584b1006198a2fd959aff0cdd031900db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
4c11e22a295a6de079617167dfa426b0

SHA1
4fffaa98dcfc171da91f38a0e0a767e2e86c985b

SHA256
58ae8aaf1e143dc0ad9b2bdabd88017692d153d4e701897d0f1441531be6aee8

SHA512
d5256e04cd16d662b36a648e83b7880f21843bba5cd1a66115e0369147121eed402aaf0f290605bf16f25bdb04739cdca321303f3b6614431dc04c0d5410c17c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
4c11e22a295a6de079617167dfa426b0

SHA1
4fffaa98dcfc171da91f38a0e0a767e2e86c985b

SHA256
58ae8aaf1e143dc0ad9b2bdabd88017692d153d4e701897d0f1441531be6aee8

SHA512
d5256e04cd16d662b36a648e83b7880f21843bba5cd1a66115e0369147121eed402aaf0f290605bf16f25bdb04739cdca321303f3b6614431dc04c0d5410c17c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
6789e2039f557a56288d0c6d3127b2d0

SHA1
40bcc66320e458ca6ba42d8be251b52c1aaf068e

SHA256
3d5fa0a1e126cc18fab228221efb433fc9afde153a5f862d2db69d3e83e41960

SHA512
b287eb875c6b8f613efdb282e5cad2d540078d3febcf523d7c20a078d37079aef03be714c0baa0fa126638cfc8f6b855832ad98654e954368bb2dfc5a54546f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
015285a22cd8b3a4e17878f3618c7862

SHA1
c6b5ba724723e153c837961287a66ee4c8c11b18

SHA256
cb481bb1fdb4370821bef6a15188f1117caef912e07e6283cec9f93280b9b2f0

SHA512
198ceeecc188df33e4466d1f8e4d4f2eaa496352dc31a58e2f97b99ab90ad70c7918b78f9f810fbeb1797fe154aaf17f1b3f194d5d6f8bede79e1d9e71f6cb42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3a37b5b372617f59e43d8ee67c882d58

SHA1
dbb690f80825235f1ac1d16faafe7aa228ba14c4

SHA256
f7a0764912d836d95ca36323c664b408b51515eb9aa782c91f581e285afd9806

SHA512
cb406e7e74c9478be5399d73116ceea294f41fe7b7e247cbe12828a327ce6e935d7bd18e0196dc6b97d6b8c3834685dbce0b43272bf1a790ca9de67a10d47270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
d53ac35ab3976e67caeed75c4d44ffc1

SHA1
c139ab66d75dc06f98ada34b5baf4d5693266176

SHA256
647867c7236bcb78b7d585b476d82a101a077fac43c78dc59e612253fbf69437

SHA512
391355c71734ded913239a6db10a3202087e756bccc8e29411108f21b3f2460d9a9c606619aadd785285be70eddcf61ef9519441cd387cd3823c1399a6967cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
8d7ee92369af9a61cce705c5a8b901a9

SHA1
8e58ab896d740ccc90d71d10474eae15c052a566

SHA256
b4912d40980b666264a31ef06e7722d44881e8acf92df8a3338bf74519cf353b

SHA512
0c0c12b521a3a5780a1428c3166c04ed028adb266c250dd80c4ff2cad62c97793f9f09c910d0cf2615d70cd99104f091429f57d25978ca7822560cc67ddeb423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
d9ca2b39223c3d87dd994d5dfd75d443

SHA1
411ee74cfcce755ba6b6db272397d2608df65fd2

SHA256
f2b66fea0e684b39e75ab6c5efaacbb4f66e1c1f5927911b132b0e5c582f4371

SHA512
2b41d729d4772c3a6a123bbbdb6dde41cd30e777a4d4a6867ab10ecab1318dad65bd5057d86836e8212b926a9c941f933b6e3c6b1615e9b2abac90ea0ac99627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\5e41b488-f9ba-4bba-9562-80f49ce4ae23\index-dir\the-real-index
Filesize
1KB

MD5
bc06ad259136900f76721a8087af7156

SHA1
15c6b602bee0b640e2c85ccf1e7b49244ab2d67b

SHA256
a6a442e8438f869d102ff78dc396b84b0018ff483ad7745373290ce7446d48ef

SHA512
0a174d0c48c8abf5a5052a285e405e4cb359fa0460bc64bf1a6b31eee69b2981eeb84289086272541380496fbfbda673c80b9bd33c7fb4768a92050b6f89c617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\5e41b488-f9ba-4bba-9562-80f49ce4ae23\index-dir\the-real-index~RFe5abb91.TMP
Filesize
48B

MD5
9d79b9b2504cd9b6b39f4ac77655b11b

SHA1
ef355975f109ee074c4c966c0b1679e27368519f

SHA256
9a13bb5c9cb05bfb29c73a9421d8345895fc64d11412b9b88442db35008180b5

SHA512
39e77d882035cc22049f0cd62f186dea09f72c96bfb41c0a4aa2713254ed2aafbd7cb31ecec01722b9ffc4fe3c5b1329aab95c2dd61cd6106870c51d9bd5f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt
Filesize
115B

MD5
3225387528e453443084526885a0e175

SHA1
a18d322b06a8e19913aca4d35b8eb5bcafcd48b4

SHA256
f692c9e09405887b318d5120aabaddce27e240009588fde492fdfc4e0000e06e

SHA512
b9fa0d43b6b6a509391962d75385709025c94e7daa93c5e03b79f419284cb76c8b22533ebdd98f54fd970af2788468b75195b0fd7406955021542ceceb55370c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt~RFe5abbc0.TMP
Filesize
119B

MD5
b1d9e92d266b7d0b27d9bb82eb426ffd

SHA1
810b3ffd080559877e061c7b1e8cfe7e56a33f17

SHA256
732df030fb1df155c20775b4a0a5dea1403c6072f64c3ca3f1acf4345bb95ea0

SHA512
709dad87bb36e8b6defad239b4e3ddd0938acb3f2459cbd81497f980188d779b21f212a22ae5943da314e7aca52ea9a7a312b669968e11d6f6e6c9369c686efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
71a7c585b32de4ada20596d581d6b7fb

SHA1
345c6fc6901c94b148d3b6d1bec6e93d7ded3e90

SHA256
6f6f59a11156283497b7247dde9b40c11b7c00235cc50d67d65f1f7841b2e857

SHA512
f401392c7afce4d0f50c64ac9d3a849b5cf2001eab1856672db9a13119a3e782ad98bed838a3af41f5b9bc461a95181c8d1e2dd1957e1a39665e3e56909ef1e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5abb91.TMP
Filesize
48B

MD5
3de403c5e6dfaac928283f747a811360

SHA1
158f2e64fa252738888f0e607be0536cd3d279f9

SHA256
1463dbd33e3965a1df454c71628c36412c101dc308ac85b91cc6ec7bc6b1ed89

SHA512
6d06aa059640364ed4d753e390c6f473d3ed31733a849a64c5cabaff44afecb0080bad0322c197f8066becc2af6d1fea45239e4b4c38aa3ba36bf4296563a3ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
281B

MD5
2322b6269b105d19c190b90366e4d12f

SHA1
4b25f0603a95abc8fdcbb50caba0cbfbed601380

SHA256
b20951f1c0ec95ae6fca062dec01b76a83cb0a009091e966a597d9e3bea7dd3a

SHA512
917a0350c5ca4ca0c98b2a849075a052b8765ced9bf41dbc9a007029e939612f85faf85c50b9dfbd0a7924cdd1d182269d02986cb9f23c9caf8b070871f4f546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13325138520329878
Filesize
9KB

MD5
973854178e158d7ad4799b9dff6b4716

SHA1
c701e74ac741bdb8b88ca623487d7c5381da98ea

SHA256
aa062a522146820d58d9449048359b08ce3908301f4ff76219afbc7fe51417e6

SHA512
4e94cdf7f9ae38f3292d5f1532f72803b69df35e4e1f8c15b546de9f82fb0bedd57f74d7b3a6eff6d457842b2d7ae93d6e42c47f7f8b65a43421bdbba96179b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
115B

MD5
96dffced069d26256474790b5828b61d

SHA1
1213b56ca3c294df9d428ef5f0dd8b74dcc0bb07

SHA256
0f565bb29d4bc6c6040e499b542961619887a1225bfefd1791efcc1ad89a5377

SHA512
425aefa630fec9abb4420cff29b54d6ed4d5ce81a8c2bc9bd8054b03a516c3db6ceb1d32d809c17c49779f06843f11c8f06ddb4528f21f44b238fbbfb035a316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
350B

MD5
b0ace6414f2a0423508581d1d18bdde5

SHA1
6aa7f80744d89ba84af4baf67eff1ac00c9ad6a0

SHA256
d3d17da5afc584092099d43259f222c92b2c669f28978838313a04af21127a8d

SHA512
e6446dadc2c05cf4c938c345b410f204216e49eb34f54dd087121c5c8e6ad5e50016219ea3a02997e3cb7846c56910cb621faa88062cfb2856484e2b95455d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
326B

MD5
ed964199c0a9ee8d11897e3864f075bc

SHA1
429f6298b89824e2208634a6806539dea76a660c

SHA256
92ca71ff034b5686b4a4f850577e079a86973578607135c08c5575ffe38616b6

SHA512
5662bdcdaff51c7628aa23de97145e13d4f70e1e5ba2a2dce9b5db7ef25b97a0cd1b19a3cabd3b25d197b50319372b458c56a97c6af440cddd5ebef70dc1b550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
e8b45d69eaffd7bc0db3d7c637e80d41

SHA1
9b24fd1f731cf3a7ae46e78196706965a14dc123

SHA256
35a292748107223e7d24bf4dd708df690138e7daefba2ee1770d4992df857e72

SHA512
4febc9baaaa3a6c2409c6835110ecc0bc136895533efa3cdc4ea0cb50da8b539155b859d9d5c31e8a31050dc0c6fc818ca0c0158d5758b69a95bb89cc0f500f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5aad97.TMP
Filesize
4KB

MD5
155231ad35ecf29a7e3266b68a0f328c

SHA1
b30f579aec774eba4462a092f8bd9db23db86f2b

SHA256
c79790a4066efab99886c59fcfece77d9ae499afeb0d44a74eca137f6caa6307

SHA512
8c261d92f2f3bf63ccbad746b010e7926722b8d972ca00411da297fb3f453db823cafe00e9547c3f08531a2fedc6d1f22ce77f472a5b3991818d3f5069dc9d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
e6b7c6b68cfe90df8271c360a0f4847c

SHA1
a671ba1dacf97af4f403cf1ae883d80bc9911f09

SHA256
7264f07ae88d7f93ff20a9a1cb82db465b497c309f74b780406efebbc9ddba39

SHA512
3789d567850505fb5435b98d9fb7ab8339085cbcd5eab4af7e5d73895cba29457273e704f823a5a0ef41ed22b7f416ceacd901ec3d18badb7a04d0c0965b4b6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
7987961212cadff0a36071646c4c9451

SHA1
f8ab861e174fc0c1c8ae39398452c7c3f2b2ccbb

SHA256
7a73bb5b2161951675dadd4b8df4f5dc56625a1c005f45ff5b33c3fb992e5a26

SHA512
a4fded9b0268ec1e2ed45a1c1e92ff02d8abb952019304b470640f713e92775e5d6334c9db4fc489b6b0fe4390af13967bfa79ca30be13e431d931ab5d56ab93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
9803df74b4f18abfc0e598bb3512599c

SHA1
4ea86fc92a9e2e27bca5a29f0fa796da971a46b8

SHA256
55baf8d12535fc7f270ec86abf591de8fedae483d43619abf7614e07ec56e2ed

SHA512
70098c8021043932c4347d74b34187557f2db75059441e9635953a94a8f521d86ef8adbfc5108eb464e195738b1bae51cc0aeb41a7f5db83afbe22024bfff258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
9803df74b4f18abfc0e598bb3512599c

SHA1
4ea86fc92a9e2e27bca5a29f0fa796da971a46b8

SHA256
55baf8d12535fc7f270ec86abf591de8fedae483d43619abf7614e07ec56e2ed

SHA512
70098c8021043932c4347d74b34187557f2db75059441e9635953a94a8f521d86ef8adbfc5108eb464e195738b1bae51cc0aeb41a7f5db83afbe22024bfff258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
6d16888af5e06133f6831da3be78e3c7

SHA1
92cbf9271f57f1cefb97207cc7a5da3abf2f4a6e

SHA256
50b2bec07408f886a46847a76cd9068738fab064abe5886252a4ffd17773e13f

SHA512
bebca635d36cc25bd2ad697d141d7c86c58fc101f9a212f94e792e6a7608bac08063b1b90d3da9b6e02f211af7ae22c68cfba5d4ddcec03ce7b99d657c05718d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
c612a1162e14d5e1e2b069ad61bb73af

SHA1
67ce9d81bce5a28f6cd02b6aa1725a2b41cc19f1

SHA256
1affb1e0b1868b59e9e6dfdb39b8954f52a47e6d37e01b7876225602a14bfc84

SHA512
c00185f7fb0eb4b847674a8355633eb85fb7a4bad87f6a248c56d3932c4104995be0c0ee312d149fcc6f7201d3d4ee287f459ce467b72f4acb3e22af1560d9fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
99cab204e686aa89247b0cd154f3b944

SHA1
0b05a5bdebe3f8a5a1c9f1a0d5bf689f4be75f98

SHA256
ae7830a0eff678ed52b026c46c1321b8d6cc580b1b31630c85bf6dbe56688258

SHA512
5f612b6461e3d85a3443daba6bbd4893233735c9dfde6277bf75a3335e1f00a193928c1ff7b4ca8212c5753951ec35e40e3b95b763543c8aed31cebc064020eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
40221d29bd3ee83737895756020c6c27

SHA1
473db0f2e054734d83dcb6e9e9ffc5f0ee491299

SHA256
9cee9d39fc3f478d026f9d225b9b51c1b45739d6b6e5d1b312b13475277e6851

SHA512
a864b6b0e3cfff6c8b2cb23a4536ba38099fb476bb28952211404acc6e1c553f6b87a628529e2000e0ab89be500fcee631d2d40a83896397eb06cc70f7f56789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
304e6da454851325c052c085cc740aeb

SHA1
edf30461f1ed442c388dbd07f474ec3e8d49c6a5

SHA256
e5a5f90c8b0d05cad4dd5573cdae394b42d722bd1af0a26d11dacefdf84a8ee2

SHA512
527f17dc9e785de55c374456616a5c7bdab9865e8949954bc3ce42e581e0e84b3d054f51f7a30e4dbedfa37ec6c9d098096f921ff2c73a2061c6786ab24f171b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
eadc73b3831f7e44326c51eb56a83481

SHA1
d1d761dfaf970a0d63d04aee565b38509c116726

SHA256
483aaa5d956ae7ad24134e40e49c5c977f5137447d0643305da3334113915d45

SHA512
05e1b3a8f2ab3fdd5eca4d9184f46b5f8d7334ae99893c12d199ae7bc01479292e867bc46fba498f58504bd020341cf3e1d9e4084a16c83e9687f0c61cc9e082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
faec5ddeb268f242262fef76b4eeecc9

SHA1
31ad14bb2f5fc7d752dcd25cf55cfb430746bc5a

SHA256
1d98d3545c9f92a83dc514e0baeeb4f5ca214dfa45eb85efa3598765229f054a

SHA512
3dec6a6ffb9e1392f889e28748a81352b47d9505315e20c852a6d43996e897463270b032ada87efde8fd3bd14dc389a872d4f38bbc40bc013ac0217cd3ee0bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
0a0bfa696b1ad3daf0af5f125fe64507

SHA1
8f3aac5f6c3d491794877bd4af5d3d9ad7541d7e

SHA256
767b31516bc8f62053b405c610d8e0d25f972854ecb5a6493321cbada3f20f48

SHA512
154ee6ac257b00f204f0fe4330b715aa018e1752abbb712f96d04f2f355d202ce6181c063e3ee38b1105f0d8d4a18f4d51f31cace5bbaf58bca828306051366c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
539a337dc3d46de4d26d3aa7e4046ad4

SHA1
8863591a616a54c02e52f32a383eab41257d7efc

SHA256
331945d02e6c25b37ec09a93c532a3b300628765801c27086024a13b32cad10c

SHA512
c4aaf0c1d967b8587b1ced2ab2748fa62ef4f6506a4e86774d6d24a110b55a4b65f9f654435f54901b7fa6772f5c84d8a9b58d6565296555ea4131030fe61cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
aae13c4c5e8e2a378d1050701a6ee10e

SHA1
43cba0747351e94571ddcb4592ce2492498180c0

SHA256
76303dafb6f49f9fb8fc86a8f8c0ea0c2886951e33f7ecd5b0a875d9463725cf

SHA512
a99d552bdfdd4630058c16ec93fb4bfbd6a8b577c04b5cbb25663dbf184a11e0296f10ea806e431c83ce0a604afbdb7f9135d365c43164c875f76f056ebf58cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
bce97349933bff5dcc76ae9715efc98b

SHA1
07d4799e97a30c01c5ce24bf599804498a8731da

SHA256
85776cdef2e991afd864d09834b5626d77e32fc8d6a10b46ad24939c540e2d41

SHA512
65583c31156da6fef1a3ecaae3a0d5828786e97d2c30d2d7f08c647c609546f0d00af716f28c1371c862425b2e7062b7290a0a2c2677bd77cf2b09132f7d19cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
eadc73b3831f7e44326c51eb56a83481

SHA1
d1d761dfaf970a0d63d04aee565b38509c116726

SHA256
483aaa5d956ae7ad24134e40e49c5c977f5137447d0643305da3334113915d45

SHA512
05e1b3a8f2ab3fdd5eca4d9184f46b5f8d7334ae99893c12d199ae7bc01479292e867bc46fba498f58504bd020341cf3e1d9e4084a16c83e9687f0c61cc9e082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
d56deef4ce5c0d8e82895a9971701706

SHA1
3257de848f139147092f343e0d571f7f2548a717

SHA256
1d3078cd3f4d9270be0577c5786630723ff07f7e1ce96914ea9832b55cd8cf8f

SHA512
209cbd91d660216ca530beec7da2f67529c60c7510031c5cdc007ae117adc60fdb862c7e601428fde625af097d76d1209ffbf61348db714d7ea0496686b58472

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp
Filesize
153KB

MD5
4ba9b4b3fb9c36e1237abf52787149e2

SHA1
86a62244d0dcbabff9f5a4a8e8042165008a4ce5

SHA256
11ed47461930d7801d430a0928d532c7102a2b0fa6e05624119a2589471d1cb8

SHA512
2e1490d5931d621f52c36b036ce110c66b91569df5b297fc070d33c47f8771afdf1a4e9cfa19108c25b0f4078036a6cbfdd0605dd76aac085190aa7db071f029

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\21693
Filesize
9KB

MD5
b1f44c31915c810929c84b46e51312fb

SHA1
d574fc681d41f4bfd2f6384c25b5d6b564fe59e6

SHA256
7172a563cb34808d45b2049b825c90b087e786a6c6d376ff896a0039a0405c3f

SHA512
6a9f7763c06ae7196efc0cb4ecbcbfda7b08cf5c708701f403f0a64e69095347b38265b0d0e48d9a8fa1c9d98702ef44e4c24431d845f2e66114aa326f2e6830

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\0DB74A2A87E5D9374D873015DD2963FE993FDF82
Filesize
110KB

MD5
698cd0bed1ef2852cd353429ab48bd35

SHA1
0379114eef4fedee8128fbf64a685d5700edcc4e

SHA256
bff649326679873096dda7df6c784ca17e59cf407363c9f7e037d0e699d24c08

SHA512
c74d05565104af21d8e09edaba5c02004b4fb013371a81eb5e7729a073d3e5a6ad4bc5ad5aa280f46593e760708d7a0a5193967fc13c0cea5ddfe9dc7c2f3323

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
10KB

MD5
2ad3e4be27f445aced258d09995b6cb7

SHA1
11d67e446e4aee0fa096dc36ca09ce3ad91551da

SHA256
deef70a85de63c1da87e02c98b0ef5057937f53af62804101f497ecda19117df

SHA512
eff25155dcec824e1ffba2478c9f29ee23793270c4c0df77eab66c6e413711ed4ff0a5e10ceba9ede54c752a465d4f40a28e4b7b8566a8d8b729ad750db108fa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
10KB

MD5
858ee2ad4e777ddcf7125872c5c12c80

SHA1
ad6db30381e8b41f2165a7e6092fbbad28894916

SHA256
ba348b1225444e3bb65ebfc323a8e98f7b46d3cf290d277e5a4008ea6d9a846b

SHA512
12f573737765809ddaacea3b91b3dd39b16aa3e7a5493db4d6d062c77acd5462dad3f6faadf6abf4ceaeecff4a7e509f5bf26fa54618b53ed73575087e698d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
7573528baa0928c90f4247c5331af7ab

SHA1
10fa80c7f81916709d7d77047d273b85abe828a0

SHA256
f47de5a074b342c36d50df428a264cc56e578cd2dc18792734de24b379fc46c6

SHA512
0edef08d6a484a5cd42efca1bc1a42ecd03725dd69d78e910a8feff40e86ffc4144236d906f75618efc5414c974ff921fcae699372b9e777802c1f4a6683eb7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
6KB

MD5
c352ce33ba35d413d35e9de46b0f3fa4

SHA1
3d36d418e350f45b7445fb832511f103ffdf0f07

SHA256
aafb0d66859aed0e00bd8c33ab3621a6795c6a6a805ed493b1bab39ad0cddbfa

SHA512
bd0239934badb1cdd8ea4c5e7a225bf425b02931ff8e9ccf42a841b4c9de6a5bf3f6ded080e659eb8a27e6f969cfaae8caa1999c7646e73d92354963da40265c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
6KB

MD5
26e6cbb699bf3f3570d6f9ff979b5149

SHA1
0c719ff0c06baa6bc7e121919c83c2bb6e2979a8

SHA256
3a162b095d1150d5171d28ee53d0a0340976c868cf5171bc1b342a6f675c8394

SHA512
37808e603bbaebff4f4d737bda9d0c00bf26bdd4870a20f8ea996fac10f8bfb0d9804b8c74e9de3c48a9ca61e046ca0e1b504aa8289d269615adf4fe7caa5658

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
7KB

MD5
c0f5efed0b89c60ea4645b3a7dd84d17

SHA1
401f6c34d11dd2135ab0b43625d74896da2b65c0

SHA256
f5d9cd5ef293db9bbf54621149ab38b88393d0dce045472204900355ca1d81df

SHA512
69e146231dc27403ce78e7d2132a8a352287b8f473ec58513f24e2a4fc414329500540e7ebd8c00096b55fd5a09ce6f8c2fb6e4cc4e680d05430c57a60a618c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
7KB

MD5
abb7cf5c86eda3ec59b70e64b42d7f69

SHA1
e3ba0b0b98a3b6eb2172d30cc74b044a533e2702

SHA256
dde77949face65855ef9d0eee1f8e50d6aea4c49ddac1882be4835f64b8eec24

SHA512
ee6d76a3cce4247e75a2fa3131e5f074586777ce6622486ae5e41a79abcc8a1a2b9209e61823cc0c91f8f00a6d5de120d5c3059220c25e670ea5d59d24d6cb87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
7KB

MD5
ace96b88597ea94407777c198676e854

SHA1
7fa68935634abcd09ea91a4c408ec4180151af30

SHA256
4a7fc9151f8f52a075e95805b34af48513d40aea2d632062a4df1a7a0eb5ccbb

SHA512
016a0388485078b60a5b01ca54c6214b57fe2bca2034945276382480091d82ea6ca3ff890bda7725a78739ce22db5a2e4af82f6d91e9055892ec4745929e3ac3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
7KB

MD5
3604cb51aa8be357818262bfc2670c33

SHA1
d9bf990ceaa63d445963f02a690ce07fb3e22f0f

SHA256
d2275b13e34beadb9eee443b26ebfa4e765e063b62edf05f55f15ae5279afa43

SHA512
890a96b4a595a3c3521b4bbd04c644cc676de4161a4afd7fc72ab1b8903de744803ff64d55e85446ceaed8a8b7bf7a0bb32bb2b2c964366f01eedbf299fe7a38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js
Filesize
6KB

MD5
207077fed406e49d74fa19116d2712aa

SHA1
3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

SHA256
b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

SHA512
0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
013f2b69cc0c3bd4d8967e6f92588900

SHA1
4d47019391ede3c0cf5a27f876e6e36accbfe1be

SHA256
c3eae30a3f6c9afeff5752fdfd23753b2a69d87e032cb604fbcbb76b81b35136

SHA512
d6dce70ebbe9033cdb108388b8e858cdc08ab3136dedba4a0bea8795e2736db70fd12ad40da03a4778789bf17b522ab12dbd4c2c79a0b1a188abb2a21cc94a33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
56d2ecc54f47fa00a3d29373b01b8616

SHA1
aeb40dda3931a0fa492ab67026af47c474f7c139

SHA256
74debc9967c39325a9d2e58d6772659f5c6d27effc403e15b3d5d80733423d2a

SHA512
45092d830cedc2dc53e842b9859f34c24b871801306a96dc48f73c15f8e84ce951675b82896c57d7c476f1626d900eaeedc8907d9098fb53059c2febeb8223bc

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_4424_ULKILTZDZGRGJUZX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_6464_GXYBVYENROGPFVAR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4524-2529-0x0000020A39C60000-0x0000020A39C61000-memory.dmp

Filesize
4KB

Download
memory/4524-2482-0x0000020A31550000-0x0000020A31560000-memory.dmp

Filesize
64KB

Download
memory/4524-2498-0x0000020A31650000-0x0000020A31660000-memory.dmp

Filesize
64KB

Download
memory/4524-2514-0x0000020A39C40000-0x0000020A39C41000-memory.dmp

Filesize
4KB

Download
memory/4524-2515-0x0000020A39C60000-0x0000020A39C61000-memory.dmp

Filesize
4KB

Download
memory/4524-2516-0x0000020A39C60000-0x0000020A39C61000-memory.dmp

Filesize
4KB

Download
memory/4524-2522-0x0000020A39C60000-0x0000020A39C61000-memory.dmp

Filesize
4KB

Download
memory/4524-2523-0x0000020A39C60000-0x0000020A39C61000-memory.dmp

Filesize
4KB

Download
memory/4524-2524-0x0000020A39C60000-0x0000020A39C61000-memory.dmp

Filesize
4KB

Download
memory/4524-2525-0x0000020A39C60000-0x0000020A39C61000-memory.dmp

Filesize
4KB

Download
memory/4524-2526-0x0000020A39C60000-0x0000020A39C61000-memory.dmp

Filesize
4KB

Download
memory/4524-2527-0x0000020A39C60000-0x0000020A39C61000-memory.dmp

Filesize
4KB

Download
memory/4524-2528-0x0000020A39C60000-0x0000020A39C61000-memory.dmp

Filesize
4KB

Download
memory/4524-2539-0x0000020A39890000-0x0000020A39891000-memory.dmp

Filesize
4KB

Download
memory/4524-2540-0x0000020A39880000-0x0000020A39881000-memory.dmp

Filesize
4KB

Download
memory/4524-2544-0x0000020A39890000-0x0000020A39891000-memory.dmp

Filesize
4KB

Download
memory/4524-2550-0x0000020A39880000-0x0000020A39881000-memory.dmp

Filesize
4KB

Download
memory/4524-2553-0x0000020A397C0000-0x0000020A397C1000-memory.dmp

Filesize
4KB

Download
memory/4524-2565-0x0000020A399C0000-0x0000020A399C1000-memory.dmp

Filesize
4KB

Download
memory/4524-2567-0x0000020A399D0000-0x0000020A399D1000-memory.dmp

Filesize
4KB

Download
memory/4524-2568-0x0000020A399D0000-0x0000020A399D1000-memory.dmp

Filesize
4KB

Download
memory/4524-2569-0x0000020A39AE0000-0x0000020A39AE1000-memory.dmp

Filesize
4KB

Download