hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqblRheUR0Y1dPLVNBMURYZXBrcDhHdDhNY3ByQXxBQ3Jtc0tuRGxhOUJqYTYwZVFmR3VTSkdMNVk0cEQxX3NHNlZjNVFSTjVkdHc0WkVqT3YxaktUVVFjY01jTkFoQktKNW1meWdwMmFNZGRacGZqWTBISG05SE5qZHdpd2RXOXI4WFdHeGRDVFFtVjNsYllOcTB2VQ&q=https%3A%2F%2Fgithub[.]com%2FEndermanch%2FMalwareDatabase&v=hboii4xZhaU

Analysis

max time kernel
816s
max time network
822s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06-04-2023 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqblRheUR0Y1dPLVNBMURYZXBrcDhHdDhNY3ByQXxBQ3Jtc0tuRGxhOUJqYTYwZVFmR3VTSkdMNVk0cEQxX3NHNlZjNVFSTjVkdHc0WkVqT3YxaktUVVFjY01jTkFoQktKNW1meWdwMmFNZGRacGZqWTBISG05SE5qZHdpd2RXOXI4WFdHeGRDVFFtVjNsYllOcTB2VQ&q=https%3A%2F%2Fgithub.com%2FEndermanch%2FMalwareDatabase&v=hboii4xZhaU

Score

6^/10

bootkit persistence

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

[email protected]

description ioc process

File opened for modification \??\PhysicalDrive0 [email protected]

description	ioc	process
File opened for modification	\??\PhysicalDrive0	[email protected]

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\46da06cd-3004-4ab1-8ceb-32be52d066d6.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230406181811.pma	setup.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exechrome.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133252781336327630"	chrome.exe

Modifies registry class 5 IoCs

Processes:

chrome.execalc.exemsedge.exeexplorer.exeexplorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	explorer.exe

Runs regedit.exe 1 IoCs

Processes:

regedit.exe

pid process

6020 regedit.exe

pid	process
6020	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exe[email protected][email protected][email protected][email protected][email protected]

pid	process
2164	chrome.exe
2164	chrome.exe
4060	chrome.exe
4060	chrome.exe
4416	[email protected]
4416	[email protected]
4416	[email protected]
4416	[email protected]
2828	[email protected]
2828	[email protected]
2828	[email protected]
2828	[email protected]
4416	[email protected]
4416	[email protected]
1600	[email protected]
1600	[email protected]
4956	[email protected]
4956	[email protected]
4228	[email protected]
4228	[email protected]
4228	[email protected]
4228	[email protected]
4416	[email protected]
4416	[email protected]
4956	[email protected]
4956	[email protected]
1600	[email protected]
1600	[email protected]
2828	[email protected]
2828	[email protected]
2828	[email protected]
1600	[email protected]
1600	[email protected]
2828	[email protected]
4956	[email protected]
4956	[email protected]
4416	[email protected]
4416	[email protected]
4228	[email protected]
4228	[email protected]
4416	[email protected]
4416	[email protected]
2828	[email protected]
2828	[email protected]
4228	[email protected]
4228	[email protected]
1600	[email protected]
1600	[email protected]
4956	[email protected]
4956	[email protected]
4416	[email protected]
4416	[email protected]
2828	[email protected]
2828	[email protected]
2828	[email protected]
2828	[email protected]
4416	[email protected]
1600	[email protected]
4416	[email protected]
1600	[email protected]
4956	[email protected]
4956	[email protected]
4228	[email protected]
4228	[email protected]

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

regedit.exe

pid process

6020 regedit.exe

pid	process
6020	regedit.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

Processes:

chrome.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
5648	msedge.exe
5648	msedge.exe
5648	msedge.exe
5648	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe
668	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe

Suspicious use of FindShellTrayWindow 49 IoCs

Processes:

chrome.exe[email protected][email protected]notepad.exemsedge.exemsedge.exemsedge.exeregedit.exemsedge.exe

pid	process
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2104	[email protected]
2796	[email protected]
3360	notepad.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
4932	msedge.exe
4932	msedge.exe
5648	msedge.exe
5648	msedge.exe
6020	regedit.exe
668	msedge.exe
668	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exemsedge.exe

pid	process
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
3492	msedge.exe
3492	msedge.exe

Suspicious use of SetWindowsHookEx 17 IoCs

Processes:

[email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected]OpenWith.exe

pid	process
824	[email protected]
2104	[email protected]
2796	[email protected]
4368	[email protected]
4416	[email protected]
2828	[email protected]
1600	[email protected]
4228	[email protected]
4956	[email protected]
1632	[email protected]
3364	OpenWith.exe
1632	[email protected]
1632	[email protected]
1632	[email protected]
1632	[email protected]
1632	[email protected]
1632	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2164 wrote to memory of 4264	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 4264	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 1828	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 2976	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 2976	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe
PID 2164 wrote to memory of 3936	2164	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqblRheUR0Y1dPLVNBMURYZXBrcDhHdDhNY3ByQXxBQ3Jtc0tuRGxhOUJqYTYwZVFmR3VTSkdMNVk0cEQxX3NHNlZjNVFSTjVkdHc0WkVqT3YxaktUVVFjY01jTkFoQktKNW1meWdwMmFNZGRacGZqWTBISG05SE5qZHdpd2RXOXI4WFdHeGRDVFFtVjNsYllOcTB2VQ&q=https%3A%2F%2Fgithub.com%2FEndermanch%2FMalwareDatabase&v=hboii4xZhaU
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff986e99758,0x7ff986e99768,0x7ff986e99778
2⤵
PID:4264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1832,i,102010071487962549,10207003105960780956,131072 /prefetch:2
2⤵
PID:1828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1832,i,102010071487962549,10207003105960780956,131072 /prefetch:8
2⤵
PID:2976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1832,i,102010071487962549,10207003105960780956,131072 /prefetch:8
2⤵
PID:3936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3192 --field-trial-handle=1832,i,102010071487962549,10207003105960780956,131072 /prefetch:1
2⤵
PID:4896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1832,i,102010071487962549,10207003105960780956,131072 /prefetch:1
2⤵
PID:1324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1832,i,102010071487962549,10207003105960780956,131072 /prefetch:8
2⤵
PID:4784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=1832,i,102010071487962549,10207003105960780956,131072 /prefetch:8
2⤵
PID:668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1832,i,102010071487962549,10207003105960780956,131072 /prefetch:8
2⤵
PID:2648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4868 --field-trial-handle=1832,i,102010071487962549,10207003105960780956,131072 /prefetch:1
2⤵
PID:2784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3816 --field-trial-handle=1832,i,102010071487962549,10207003105960780956,131072 /prefetch:8
2⤵
PID:4204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1832,i,102010071487962549,10207003105960780956,131072 /prefetch:8
2⤵
PID:3732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3744 --field-trial-handle=1832,i,102010071487962549,10207003105960780956,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4060

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5000

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"
1⤵
- Suspicious use of SetWindowsHookEx
PID:824

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x504
1⤵
PID:4888

C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4368

C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4416

C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4228

C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4956

C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]" /main
2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
- Suspicious use of FindShellTrayWindow
PID:3360

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
3⤵
- Modifies registry class
PID:1312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
3⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf0,0x128,0x7ff9846946f8,0x7ff984694708,0x7ff984694718
4⤵
PID:4328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
4⤵
PID:3172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
4⤵
PID:436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
4⤵
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
4⤵
PID:1704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
4⤵
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
4⤵
PID:1816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
4⤵
PID:3588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
4⤵
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 /prefetch:8
4⤵
PID:5004

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
4⤵
- Drops file in Program Files directory
PID:1680

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff6256c5460,0x7ff6256c5470,0x7ff6256c5480
5⤵
PID:2496

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 /prefetch:8
4⤵
PID:2176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
4⤵
PID:4420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
4⤵
PID:2312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1
4⤵
PID:5352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
4⤵
PID:5344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
4⤵
PID:5488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
4⤵
PID:5496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
4⤵
PID:5792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1
4⤵
PID:5876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:1
4⤵
PID:3436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1314599642529351493,5612125844391680896,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
4⤵
PID:5348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
3⤵
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9846946f8,0x7ff984694708,0x7ff984694718
4⤵
PID:876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
3⤵
PID:5724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9846946f8,0x7ff984694708,0x7ff984694718
4⤵
PID:5740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
3⤵
PID:4920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9846946f8,0x7ff984694708,0x7ff984694718
4⤵
PID:2796

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
3⤵
- Modifies registry class
PID:2980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9846946f8,0x7ff984694708,0x7ff984694718
4⤵
PID:5180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,11534758026608916290,7074354812444753614,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
4⤵
PID:2312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,11534758026608916290,7074354812444753614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
4⤵
PID:5936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11534758026608916290,7074354812444753614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
4⤵
PID:4200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11534758026608916290,7074354812444753614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
4⤵
PID:2552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,11534758026608916290,7074354812444753614,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
4⤵
PID:3480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11534758026608916290,7074354812444753614,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
4⤵
PID:6108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11534758026608916290,7074354812444753614,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
4⤵
PID:1952

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,11534758026608916290,7074354812444753614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
4⤵
PID:5568

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,11534758026608916290,7074354812444753614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
4⤵
PID:5600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:5648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9846946f8,0x7ff984694708,0x7ff984694718
4⤵
PID:3736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4468536822613319582,4823225543676904524,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
4⤵
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,4468536822613319582,4823225543676904524,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
4⤵
PID:1816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,4468536822613319582,4823225543676904524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
4⤵
PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4468536822613319582,4823225543676904524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
4⤵
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4468536822613319582,4823225543676904524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
4⤵
PID:6036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4468536822613319582,4823225543676904524,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
4⤵
PID:428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4468536822613319582,4823225543676904524,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
4⤵
PID:6140

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,4468536822613319582,4823225543676904524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
4⤵
PID:5852

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,4468536822613319582,4823225543676904524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
4⤵
PID:5976

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
3⤵
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:6020

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
3⤵
- Modifies registry class
PID:5840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9846946f8,0x7ff984694708,0x7ff984694718
4⤵
PID:800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,7041201888022777703,7435488229603177462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
4⤵
PID:4052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,7041201888022777703,7435488229603177462,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
4⤵
PID:3644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,7041201888022777703,7435488229603177462,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3032 /prefetch:8
4⤵
PID:6060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7041201888022777703,7435488229603177462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
4⤵
PID:2260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7041201888022777703,7435488229603177462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
4⤵
PID:1908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7041201888022777703,7435488229603177462,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
4⤵
PID:6096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7041201888022777703,7435488229603177462,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1
4⤵
PID:5964

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,7041201888022777703,7435488229603177462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
4⤵
PID:5484

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,7041201888022777703,7435488229603177462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
4⤵
PID:1544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7041201888022777703,7435488229603177462,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2884 /prefetch:1
4⤵
PID:5868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7041201888022777703,7435488229603177462,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
4⤵
PID:3408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7041201888022777703,7435488229603177462,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
4⤵
PID:1768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7041201888022777703,7435488229603177462,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
4⤵
PID:5384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7041201888022777703,7435488229603177462,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
4⤵
PID:5784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7041201888022777703,7435488229603177462,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
4⤵
PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
3⤵
PID:5664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9846946f8,0x7ff984694708,0x7ff984694718
4⤵
PID:3972

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
3⤵
PID:6068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
3⤵
PID:1540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9846946f8,0x7ff984694708,0x7ff984694718
4⤵
PID:5460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,10902461199642619468,7100550975654331733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
4⤵
PID:5468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,10902461199642619468,7100550975654331733,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
4⤵
PID:2268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,10902461199642619468,7100550975654331733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
4⤵
PID:5828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,10902461199642619468,7100550975654331733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
4⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,10902461199642619468,7100550975654331733,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
4⤵
PID:1300

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2804

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x504
1⤵
PID:1408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5696

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
9566582f0aa0145274cfe25a5c0263a1

SHA1
787de1e43d6e742cb3deb8667050f57499af0356

SHA256
1aa4a3cd82cacc4de560646d8ec651d8cf3cd3df59abe34e924a22c89d2d42a1

SHA512
0fd189ee0708d535f3e805c860a1de8105b3ab1c3d67e26d0681cdf1202279a54624abb77f5044c9bf9a418d71718c617a48d44a0d55bf2a0ef812126428aeaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
cbb79e0da967cd879196bcba28e19910

SHA1
82844aa6f79ee91da7c07caac69048279138674c

SHA256
6fab503a8b435a6181cf1062531fd6941f0d3f00f178f1904eacc27da4846209

SHA512
d3b3582fb8ce453049bb1a1d6cf1f2be50f5d868db2dc2f9d8f1d3b19e8296ef984efd08589be92b4b81ce84fe4b27d1dd1b9d89bc0f2c10d3dc617dc9b9aaa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
25732dd02c3fad9f2f3b38c897869440

SHA1
8a105af2087ac7ef65f867522c5af470946de2b7

SHA256
2945ea37d43e15df28c0fc954e2b1db7e81d743f77cb667137659e25f04d4db5

SHA512
0be127eab0e13b83b6e55b145cab011e33da4ec9dfc4f82108f362903d3fe92c460d010b4eafd7be238c463db572ae6651c90dfcdb33d072c4432277c6047fd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
bb2b173c07ec85aa30d2a0743a80b0ef

SHA1
2ac44995513bd702cd1e9d229a9d5b8cf4e40e74

SHA256
33ddab1f81ee3786a828e83b988b077a19495910fe1b98ef9b90a2bf4b66636b

SHA512
329a1688c4b8c78af3bab78c06e1e3016fe3f73054a240a47099eff79a47f054ad05c9080d1de6bfaf4f3adf5a5ab8daef1c530e2d60bf247ce6153eaddf3964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
ebab1e2864a9fb27d445eaa9dc6ffe2f

SHA1
8c325daafd76a2419a6df25e8002dc87493eecd1

SHA256
92aa6a6ee4f50bcef8b5be789bbb354e397150e4f3377af38b80bee35aab6e94

SHA512
9f86131f5b5a4206d2bca69c78e085ae79d3e228b1244727b9895736976f5a548735f6e313ea396e14501adc21bee8252788eab7ec8bc54ca8d35d91f162baba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
a0304b472d2424adc143197e53d85d4c

SHA1
c2c6947113a5e7b72204d4dcfc1049f2caff84c9

SHA256
33e64b50c3663b52e3c509819d3d29dc94ead136aa802af38915fff70d82ce29

SHA512
e06807ee7f7586701e6f4b7916da44c69c36fe63fbcf75afdec0c819b9f16581db7b319e35880945f479074e60113bd14f2ac4253359cb607be922d3037efd8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
901de1cf259648c860eec02b124730fd

SHA1
d0fb4e9f8863a4a9b5c9fada7e31f83297371e53

SHA256
fecb2acd1373f58021b72d1bf2592c8a6069671552c819f9795a49c42e23c3e0

SHA512
1914ad2bc0002ba2b81fc622508862315e218061822a30cf2023bb73d7c8d28a6a5a496faf0a0956fe6a69a5765308b13ccb04e844fda2122a188ae4db4cd201

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
3c71a00ed50221aecbc3077d5d5f6710

SHA1
1918150944203173f291c045389203d13c9cde0e

SHA256
a2d6f05fdf3cf94934841e41adcb283868be4b96de7d162d8bf024bac424678e

SHA512
a6ed9342327cad2035ba6716cb5a2c0b76b564b26cdda6d178bb6708f80503820329d57035c36fff36dc3eefd7e58a48884b6019c593b1de3ea75bae7589a3ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
456291e8fccb1ab634d8078634529bcf

SHA1
a34c45f10797c39d0719fd06bb388776163dd077

SHA256
f9a6f53ff772eeb5ff1c52797827d6d2dc481e6a30e7f45d7dfea1c816a7522a

SHA512
8cbf0d598be35da007ed438339251c6341f92e77dcac036945487617c6d5470a4cd3738a835a004a9973e03f6faf055e927de8e7deaa0a07f90ac493042c5ccf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
60cb23c357fb2a9fa321a7ddb9b109c7

SHA1
a04c557a0a9d1856f4eea38c160252010a6041da

SHA256
6aef7cc67638d71ccf87c0c24496a4a70056547118ff5b9668f609e1018b325e

SHA512
814e06692207cd1e77ce31005f191b9bcad2eec926fb3f6ac4495f66d89120d69604f04101df3e430af95f1e6e1f7f0ef2b45b05fe382c5687309beb3614ab80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
5f62142e3e317c138d7d16ecdba5c525

SHA1
681cdb27d95514fd7a5881fb2df476bbc9ed1add

SHA256
19c0becc66e07e28d3aee1ac1136d48b24be6a99ad32a13b12dbc2ddd4fb7abe

SHA512
b9baee4837b7d4b0ea7d36bd7162596ee1d23dd2943e0b412fefb39839811a00a3afb4f2a9223e81dc9dc8c98ca7b8f1c776184b18fda13cc922c11b5d7d9480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f9a008e00cc9d7b6b71e9c3d7a696632

SHA1
c5c864040a0a43f9a56e16690058d4fe031503ce

SHA256
69b7f805c8eafe93c470aa5229f28c029e81f604f31df3b15899e24e988a7983

SHA512
93873b5d002ccf00ee68adf9e1ae58042aad8f1e288a5bad83d930b0b2fd8cc2fd02ab01b1ac2a151b19135455c315c808c704bb7008f80658e7aecee0725418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1c1eb51176158fc628f236106d21cf29

SHA1
1e109c28af0414b815251285d0fe61547d83d2ee

SHA256
79efc432da18536c44a2bb414e2de5b85a70e07d8fced95ccb583131a11b9856

SHA512
b4c316c7d1652d9fefac2672adb139da1eb1eaecc2d838ee1f9d0e749e71b49a48493a6d0cffaf25f056f2e91cf6cacef290b2cdd9c97b3273d8c0a35130692d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
1b2719c519d0ff6c2aeaa1adb47a07b3

SHA1
27737e233547e2f773c84d39aa6e022f03f18183

SHA256
34d98aea9729bc121ced282aa2298164acc94318837d0309efd805a3097715ac

SHA512
6a90745fdc09a9e882f2b846769c78935dfaa16cc1a45d20bc8f8fa0ab221627edf87c8f945620ec075d8067c27955dbe12c40432df4b961175f6e9516097b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
eee7b046cfa7d5a7375b1f42698856ac

SHA1
45369d42834469367c2a88fe9d495d0292eddece

SHA256
a65b84e4a45b44d761f95b54f4977f6e22817b845d10a4f057d65fec41f65808

SHA512
e7a2e3aa461597a1ffb7ed387cf6335a06e71235b38f4a4d08792dcecd78680b7db16d8f496bf7a9dc4eb2026bf86759c8d6c63c8b5bf5d5537c0fc855b23b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
200KB

MD5
4ecfa1fb8f76d8272ba82cd620d80fdf

SHA1
6ac6ba6b51ebad88a7a35bd80e00520002f7fa01

SHA256
fd42e35abd7abe73e01e7c59df0d44cb0a8be60a3d8cac17707223ade011e506

SHA512
f7d082bfb7b768d3233f798c182a850b4df2572eb8ac8a482c03cf9093e478835e77b12f430d28a9dce40cdc078fdc4699dba669874c0e3d9ac3729d6ccd35b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
200KB

MD5
4ecfa1fb8f76d8272ba82cd620d80fdf

SHA1
6ac6ba6b51ebad88a7a35bd80e00520002f7fa01

SHA256
fd42e35abd7abe73e01e7c59df0d44cb0a8be60a3d8cac17707223ade011e506

SHA512
f7d082bfb7b768d3233f798c182a850b4df2572eb8ac8a482c03cf9093e478835e77b12f430d28a9dce40cdc078fdc4699dba669874c0e3d9ac3729d6ccd35b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
105KB

MD5
a9e6fe6dd76716e8a5197d5857ab9356

SHA1
1dbe0546285ebb3a36223a525d30736833ea152b

SHA256
e1d2e384295be567326a1d19752e8c0645c46ca34781a6f2b71694351db0df0b

SHA512
b224e0efb1387c6d15e04110b88c9dc6cdfde6d403709d276e4776fca54b611b5b7103ff173ec52e0f1eff19ae377a424accf2bdf80b0418a09227e92907e990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5776c6.TMP
Filesize
96KB

MD5
c5ef8223b17b5054e1bc3c0cb3c4a55c

SHA1
15d0cb781001ebcbd4aa53be4bf8cb68311adf59

SHA256
299fc0e2d33df95a4c25a85dc1a04fbed8dcd006a1edc3d9be4d9bf6d2814261

SHA512
c361e256c261eba093795dda33efd27e45f860b8907566bb2a08c89c47d6e89390d810a532b0dfd6ec961a0345ec04416439de7ace4c753c6492e9c05276621b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
223237b7a0e7ed6ce4cb45c2e1015d24

SHA1
d7edca756d3d74a44ead1e2bcb4628af3dc2dc87

SHA256
5ca0c580332968ae7dbd50113cd4d9b2f60d947f26e6b7750bba2c86a44bc3b2

SHA512
d521c727c22d2454df10b210f033773bd514368a590971f46d71854714ffcd4462cd45fe9d16787b307261797668d8cd591b6c6ad687836c2f9ee5fe1c5cfa34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4744318e5fe32cba46b383ffea79688e

SHA1
47f7e9c4d01dd12f33aeeac674fc1e718c610e60

SHA256
fd35ea80b48e2c68ca91310e4b2f18862397955704ea44c3df70519dd70fb392

SHA512
67cc0fd71f423465c1bd5f26dd6b1758b6ce1221749aabe78df0e8b7ca8c4ed0d8a6185ce1ab608389ceeb9fe8dede2d531eab27ced2246b908782c2d308695a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4aa31bfb3e6b2ae0ecc0d8042aafb6ab

SHA1
d298eb1da391e888957bfd049a4c7af440cac865

SHA256
a597232ad5efe22f26080231f8761f0cee96ec6aa3713cf603f93af4db50c477

SHA512
7127695eb24a577d9c90e7ae0374523a0b35e1e45e7e961116751ec19b373973156d2a144ed93943c21da057fbdf99771ea187210698ed685cf83c8ace371a7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
75b2aaa35305093c6b15357f06824159

SHA1
56ab4361e2268e11e7533787da5e46c61634ae90

SHA256
642dcbd39bfb5151245dc56121697df6f3b945e1e8f8af52e29926d65d5535ee

SHA512
2e8a80a636cc3dd1d9760642937ee469bad16855be9d07d7d68503c30d0812e12cc1bb7c821ecca5c23299d99e43738e1ae5aa513e59f1ff0b18f6c5c76eed25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1b78209c-1563-4fa9-ad2f-32cae99a26c5.tmp
Filesize
7KB

MD5
193a9973011584834ce5a30d00cefd0d

SHA1
ab4a6d94f4cbc8ee5a917dff3ebcd743d7684a88

SHA256
7b1a439de08994df292df28687541501297cb12b151c7c8464c9a897d202a754

SHA512
d63fa44e21ff49d2223e14bda89a763012ae8a8903c5eb36b949f6187e3de3ede49ae933013e580ed28e30bc8a74db36b13d5b2325d9f01e597e4d72728c826a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6748b4b8-6a70-4374-bd47-07b431f29d96.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
4.0MB

MD5
20b73fbbe506c10dee8df97d4eec1b5c

SHA1
4aaac5e0b0ddf1f33970f5babbedf6a393b90ef6

SHA256
501bf7312c9278d89faacfe8e5899f05c4e01c549dd9314f7feadd4d9a0aedba

SHA512
db78a765453c0df1cd54f8b81a66d27eb423710ddcd19d433a5f681efe7c7340e9d4d25b96f8d415ce7e72bb64cb98670c00ca6e6a2e7a786f06bc76210b0bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
162KB

MD5
b81d6636c3ad72c63e532e5180eaf7f9

SHA1
ddcd059999fff6218e98af62dbe3fa9c885a0de8

SHA256
2fb4351c49b47b7cdaa9516237a8b1e690e4448339d09d70a84c658729e461ef

SHA512
4f0b87bbf60061a8efca4906554f958b7c28cf582452e01a8316d8c5ea8c98beda6c3230afff207f0b92d316c4c2e0ca1b4631e7d7364344b4a76394115af06b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
4c5f3146204f4dd6b38560b6900c0d9a

SHA1
1d5f2306d2ac2c00b710c7f6839bdcceb0945b64

SHA256
e8ba779acc0c60ded2a37ce62b31c1ec87c44db1b2cd43502dbf0a095091f6eb

SHA512
8ced366a3d67e390b300da9b0c6d6ca08d7e155739704850888f6673919ae84024c3ed2c1abc2f382d8332a340ff8f74b743f137f4b488ba84273139a7356230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
b0b9009999a7d8bf6fe99c5d97795102

SHA1
402ccd7f5e9d47beae547706840518d57e7efca1

SHA256
52c61c54ae2134d778f94250965f8ac93dd8837b47213e2df62e0b936c548674

SHA512
c6d7ab6451540170dfb6229a757c129b622d5cd3ff2fdb0808b82ab6580edacf11fa3d38d33f6238cfd4ba7ae054e5d930e79c2ef739158aabb8b7e20b3983d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
b6c2bc5810432d27c5bf4a29e0e4f36f

SHA1
9169ba42bb9fceeb2fab70fe3d117932410ca3eb

SHA256
24e45c8bbec5d9ff464846f33c8667fe558059ea2e58e87c414b769ea5341dba

SHA512
4a2341b63044e320d0cc1d2ee268cab2d4cb2b47d024083bff88c4e0753734288986a45844f48ad2c2de34b6f350f1d9004d2ef87faf44c9dbdd6c0f6785c80a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
adf77859869837be3cd9e05d1cbfe89a

SHA1
2aa458f08580f18d5932c1a0c9b6864110ceeaf6

SHA256
4c741e9617f1dc32b78dd0ac92ef0348034d9017b1e3078aeee8c58c8b43e90b

SHA512
7d9ed9b12d47233b6d175bc21dc249a44e27eb57074f112a69aaaac7312078679f4755bbd07039833dfec2f6b3c8b4a4412a8b69084a9fe466f7fa80aabdcf79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
35d71489aa47bfdfe4e8feab7c201755

SHA1
4eb4771db6f6e1d0c6ece58fd7dc633136d05cdf

SHA256
d870bcee04f4f7c7bceede53e30c08e0cdefc97390d32ed15e79191443437197

SHA512
ed30c31dac48496c7fc9f5378191f4a586526c9245f4202ba1412ab943515c21e765a61395c50391f629e36e519364e68c1f01e230ff045dd662af82f3941978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5f9c29.TMP
Filesize
48B

MD5
2bcdf60fc41daee2cc9cc7c504760c6f

SHA1
86a9cc09b9e504c881d10c92ddadc96b91a84bf5

SHA256
3f516869c1edd9afb33b902a8f8f7e939a7161c6a7e7646a20d8568fa50d6cb1

SHA512
4485c1b5844171c7b7b0d7ca68ba0ba95973f6c1563e9884478306480292b17a4a69f81ca7786e943772f9777a60f9063700333dfd0121cdf42760df50a5a26e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
5cee8e2ef3f42d90fc721f78a849afc2

SHA1
2f5a5fb0e43cfd3c7468eb5acf27e7716eb57fb3

SHA256
293e3af26015f26275d8b3c446979aea64b2599c2b3514b1a1831a64f7e7da4f

SHA512
1c7e87ca8075b2edad65c0cfc57e0c953c9ec66300dd1a701a3fd1024039a2d68b7bb8e95e83930d55fbf4a21d1b9a432ce5b78fd9b064ba276263b4789bd3d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
c35a8ebef6fff91c0612d4bea352c060

SHA1
e81e9187eb4fe875fcba3177d1404ab1e4a48579

SHA256
4555965ddc723a7cb707e91e5134f704116f5901e37387aa1e75d76a1bdbd25c

SHA512
2aaec535162dbd5b7b1bbe71ee457a111f339deea879f3acf9fa75474732ee5784218526b92b20097be254b8715275abb165aae53510058ff94c0f3638e6c376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
Filesize
256KB

MD5
812eeec100ecdc8b93fa58d570a36cec

SHA1
e291ddf0754fc91a2d1c0ddbad524c35d27971aa

SHA256
7e5567c170c9f97f41a5984567c7dec9de9ac7af5e5e2687877beecd69ebc57c

SHA512
4bddeb9771004e2759e100ea2c7839739e3a2aa0d4b997fccd6155d88e882710ebf88f175ad25a6012aa90b3ddaea9371a5262a248a83e063582148fcdc08cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
dd32caf6c6193c3919e031fd278a17d2

SHA1
7f321af52ec43f393fac7545d4bee36bcc4f79c6

SHA256
fff8324c8a71a78ddd07871edaa56063df6f4eca99585889ef8b35fbcc1f16a1

SHA512
2790dc4504d47b7b34a843316c38fb9c0d4d65ea8e67b69af37b9d50560104d80d564be157bee88d2f03d18a33ba45c17ba61c73016bf9bffd84a815137713db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
539bfeeb0ef392d4d1bc3bcae863e345

SHA1
8dc182c167a1250b1b2e926de0d2b26dff009cde

SHA256
3803ac2fddf25fd81655538bac5c6fe3ba0210ef940d6207985ce826e0e40878

SHA512
697a5a0adf5e44438eab30badfe2b44be9897c52535dff86136920ed20da1151b378aa431f52e51c33ab73ef4ddff9247401e745c285812c39b1352f28bed8c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
a2b6ce1971ecbf230c571813b69d2ca7

SHA1
9fe7670178d9c79942786610179735618d2c271d

SHA256
f77990b6ae31fdea6a683617ca4d450597836656f0ea42edf06190cd62cdc685

SHA512
f6518e0c17f4c706d57882dd81579eb1672d808313b92f74c8c0e53c71efc2e60faa7b1b2ab3e54a49e78965e00e164fd99506e86dc4167ad03e50b781966f60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
964B

MD5
f2019476bf0a7feb40de65931e1a2f80

SHA1
70dbda4aeb64a40ea63b5aac376b3ce6d8926bf9

SHA256
1e3fde8b602dd75f00ec0575ae6259e51471281de3ca9c1306135624f87afbb6

SHA512
54c93c7392d2ad2922a89e7a2c6da4bb927dd821082f82cf0a7ea4221324d951084a24c39314a5e29a6156e328672a2d4e0d9fb581c18e699a52be5089ad380d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
30ba6b2e483dcbe33102932c9f9bd4ba

SHA1
008a9a7d6ac150ffe20aab1a6923c163af38ee1d

SHA256
879df15a15177c114214a6dc5a6a7c5616c19ee586ef22a221f46c8465da0448

SHA512
09b99fe3f94ba8d4ed320e06d7996df2e72d59db4bb4cdc3153446b8063952557c8086793d81417ee27cb8e66ab7e3b383748be54ca9bebfc4573e58602af020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
72523990fa8e8755275a21edfa5962e1

SHA1
3816b76ea4e248a9fde86b568117bde8f5ddeb31

SHA256
ee29d4021aed650d2a478e5aa40ffce1974b69fa03d745e9574b294356d7745a

SHA512
f437fc965cf3162aa83f0cd4a1f23e474c32341482ad1fba3279d8202aaa1fee72b931ee5d9dfca4873487ca387922195ced5c4791c8d8ae9d0980f0bc43c8c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
964B

MD5
959069fc154e159f004268673c0e1866

SHA1
ff998f085d0871108019a81428f57a6dca0ee65c

SHA256
7cdb1b424ac3cd9458aa8cf027dd58f2207c08e57ed19a9cd991d91f8a0e94f1

SHA512
434a0bc3fd93c568e76baab841afef427c3820448529b41de19bad9e617ff8b629da0a9577381fdf22dc9a8770b5c55e8f686299f8b121975f7b105f93d8a208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
d5a98e967c0f734554f92fda53b9be8e

SHA1
fa654b60ff5802c0241e473a5a716e93c81ce8d8

SHA256
c76e683b37d5bee1081c405e7a2bcddb5c7df864a3f48efc94d65a848d86f464

SHA512
c4d8ce6b090c48ebabe6d38c58b1be0da5973b2f33707cb8d8a4677f225a35e31a5b1fe4d8c073f25a07a9590f38ddf0c950dedd531419fe7616172b5dbe7eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
706eb28868a44c293992e453bf354c92

SHA1
c8364ece962e48f8a714f2c777a334d6b38f4993

SHA256
c5de6e7c98d5be6817ca4f2fa43f8689eb28b8421dac3ab8881234b5c1e4f5fa

SHA512
aef15f35217afa07e77944d21ae2d482fb66c32e3a950e2926c43f0cf0dfa091c8c3d12ca9af9a7dd114bf028cd9e0e1a7115041b1ea2559172887808d15b65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
c9c206254179c104d78f2d2262c6f182

SHA1
57cdaabac2eb9980dd962452eb004b90d7a8e0d5

SHA256
537460bc8f9a40b81285c815fe72c7206e4b17c3e2b0fcfa3adb42884d3c6770

SHA512
9cdadf7d6ffb111cf13c8d1d8e2c3b8a6590a762dbeab671b2996ce02e9d075cb57c2156a012406da4fcfc82296d774220a4f6c773055c46181a652790a84a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c139402d29edf04377c33a2d98256ade

SHA1
468021533ea0be6572dede20e46394d922117803

SHA256
d48b5b38cc4d8f3a87dbfaa8e9118b67dafcc549d598617934e2204485099345

SHA512
f9ddaa390007234f65d4a77851b9d2409cc2237def35cb5ef1081e30afab7ead67b523190dd6750791f370b2dd9bf9edd23ca43faf3bd415c53d9da507c5ee3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
7bb37fb5acec5c66b5d9645c3b829dd2

SHA1
59afb73888b3ff58738e57c31e76d6c3d04ecd9e

SHA256
09f537f54523cc632163e0c825cc6ee37d6b081a9292915c4298f2205572dce8

SHA512
85e49258d8fade76bbc024aadfa88c5489430709fe1d179dd9b338d29bfcf554db873b39b8f49444c21f10d1186938ac7682be4ed9684beed732c3a2d41060b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
f02cc457c599bca522f5f8f8ee0cbb76

SHA1
2bfe68e7b5f472e57b58334b58280fee71ace0c8

SHA256
5ae9c13313a154fd6886ad67478005a5ac2d7b1537a1d636581cdd4a093e1e69

SHA512
767fbdb45f6d80fc23f6deb2d523aae81e947ca9dfc5ca16c131adb40abc09deab99c6cf02e38619454264f1c518d79f82ab1eba8221d66b4c7a882c53b71b6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
85af42e4b3e4970010757c95ddad9fcc

SHA1
7e7430c6a105a405f6d89cf4905ff134d4fa6617

SHA256
066c482d591411c32a67a8b32b307424ff809db5649ed15086c3c8acae016ace

SHA512
e47cc1c7e414871fcf44cdce7056a05c3beec3689caa8c8283c5ec0c12b6e13f0d31890e1103064e6db6f939abe94bc89c7bc0ff6d6a45b7235e99939d1fdb24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
3cedfc3c6b73a839f311b00cb3b9a5f0

SHA1
f8f7869a812231532f9ebd0cb5c3fc8e54eb188b

SHA256
4ab11b2907a6cbec28c9956bd5adfb7f002518c323a1c99914e3d89378f1d845

SHA512
219ae2e754580c64c35dd1b11053c613c82e63ea4c6516f7c7b5e6f3fa958cadf14ed54fb84aca532212d4fef1613a10599d2da928d74aa72a67cb7f7f085715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
b6fca87b33ba56e6e5b4d1a951c945c7

SHA1
fc5b49e324f463f69b4b85fec4996d5171145542

SHA256
ccbb5e7d4fab353a70fddd6449fb7f6ae381dcb60b7d47b9d461f87b4be0fef4

SHA512
81333d9a11f90b35e13b0ab607fad0d956ebf6b785408d91be49caaee103819e5be4f8757863c096d9dee9aedf4a8f04ecaad9a6f29b2100fdd37a320538c5fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
6e736d1bb5f35ff6d2c82f9b96c06496

SHA1
48df5767640c294aa03dcc87acdf79cab927407e

SHA256
d478a1e36ce1dc1e81d4c7eda72727d23de82af4628d7b66ce17c4635993ab3c

SHA512
b89c6f9ddade66c14b0d6189089d4fcde26313febbe5fe634096c574d3e8c2efce04bba9da726a8d31f24e3bc58bbfb5c9c563aa5109a88ee96908638b013fa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
c011c0f97c10018a69deaf7c820183fd

SHA1
79a8767dc173256fd5eb860604e74a870a922080

SHA256
a844ba0c2f2efee31d1ebb913ec5f26ffed2346c4da87948247f68bd2a166089

SHA512
f6ee8ac1e0f30587dd9b9f2cab9d88d86a2a2e6c3ed40ef6f70b4e91a2bc6f7d44f2a39861fd4ed6865d229df17c0c5f59e07e3aa9ef9694df3775730cb07fdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1021c0f8d2b1fbe7ed9bd7959d068dcb

SHA1
6fcb3adeaccc47da8f7b62e3850d2fc5ab592d12

SHA256
c89c311c9a160bf90c1a721234de12bdf1e033efb8de8dcbb5fe8916d83ab295

SHA512
bf2dc26bb063d9e2aff17e132008846d0f9367f6d38018f3024815d4f1894b5d92485f187e50c896623bb66d6b403e9ba4ab70f80d408d87ea5c5911e07c2c7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
130a19d4dade6e4e16deeaf634bcccfc

SHA1
f89bfe37047930a7598fb4449cec9671b946b6b3

SHA256
a184eeb396fff9101d8177e5b642e7a97835eae59f191078159ce1fdc15cd17d

SHA512
5042f32aa66c08892672aebbae21e24dbe9c0a301063b7d1969d1ce6652f97d0e13b9534251aec33737dc54832c96a3d9441ef9203838f3ae4ce9b8ade01c824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
777ddf450dddfaf955c94ee9fb353fbb

SHA1
dcdd44ed53bc4cec4d96a1d6b42c9500874f67bd

SHA256
e0499fc8f201df5e76ca1f2fadb483a26c1332ab9e0d714cace5529febcbce07

SHA512
9ce2b4a5760415b93c0554df4a830c9f8e3bba686b97d2c3dafbe151c7c7a4703845427a6db3c9d50e7222321ed1798a62d28f650ca642cab0fd88cd89b71d0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
57e9979d12e0aefb867a4f74b4048a25

SHA1
b36c0d9a8d029d7ceb342c541da2ea83605e14a2

SHA256
c1551e76bb5a2cd9bc42319a5a93eadc2b195c15ec8afabef6914c7142f086e7

SHA512
dde7acb15e2c4cd97ff3dde952f364c4fd6aed677e9ca83c9f4a24fa0a81d5529f7e4be850d457ebf6d3fa930f71e46503c37df4a137da029fa85df7f74f17e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
57e9979d12e0aefb867a4f74b4048a25

SHA1
b36c0d9a8d029d7ceb342c541da2ea83605e14a2

SHA256
c1551e76bb5a2cd9bc42319a5a93eadc2b195c15ec8afabef6914c7142f086e7

SHA512
dde7acb15e2c4cd97ff3dde952f364c4fd6aed677e9ca83c9f4a24fa0a81d5529f7e4be850d457ebf6d3fa930f71e46503c37df4a137da029fa85df7f74f17e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
a2fb9dfc1bd01718f64abb3efb96b0eb

SHA1
a04a92be9e02d195e8b708f8d241b800e48e416f

SHA256
090faad8895c37b66c2c8b82577ce21044917454c32b692813618f3c953835be

SHA512
dd717037e440f39e0251a304a75da80b9d6536c875e7fd01ee3f2554f63cf9bc2ee7f60aab2435ba38f6c248017d16bd3afafd7c77ec56b723dd523d3c6d0f52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
fff93f49dca2e029b0ab2ded691afde8

SHA1
5e7c0b09fde8409e6c3f9bf6b389d131640e1c9b

SHA256
66fb2a98d7aac2355cec85880f7b22fc8a898a5ca1e3890d3faa9aad9acc5ef3

SHA512
1f0214f08d6889458cc793938b0e3e3a54976464a5e02d0a867ec74bd180e56e1183e0cb37fc168904f2646a7a36fb063570cd0db95d12a6221810b319a9cb2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
b3a2524f73b869b2a06334d76e2ac7a2

SHA1
71136ffd8347c13eb1a6bbe0438134bee380d063

SHA256
ffd481bda0f1b58618a624d2c11e0b3e5ccb88d55202f5a81ba794debb1c71cc

SHA512
f3dcf2365b3629944137f69e08e4618a1db59dece1e237c56a198825d784580742438987dc8e12da52d2ac1f0d3548fefe27d8e9bee91c16099fd0e5d2a9eeb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13325278745202385
Filesize
5KB

MD5
1d2ff299f9933d2d55c3008545ee0669

SHA1
7ab44f46e30b8a8d2d427ddb998154440b0ddc2f

SHA256
e712195532c09593a1f9e527c3a57c05ba99f43b2b4d58b972d75aa8bff2ceb7

SHA512
68a1727bd0cb643565b66e5238103c11fe2b79105a6c7c4a18f4bf99d0e887aedc78239d97c0e4e58368f15fa74c4e8a1b7c7cfc8793f13adc7ff00f636eafe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
5eabbe7813ed376463e68d6ab4113f1b

SHA1
a18696d0f2104cffb252c4cf6ddcc31160bae951

SHA256
eb63cf5eadd38c74b09ae812c7a4212b3cc6799e273534438654302cae28d271

SHA512
bac9d3e102a65a117feeac8cc83a3fa18726f9432385d646351e86e048673bda95c468af7e30391081187303cf37dfb1418f3435a0e539db075a9d9f29f471af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
dbc9d2865d8fdc338499d7dd78946417

SHA1
dc1db0f7368c2a3d923587be8d695c7e7efecc01

SHA256
80496641780aa5ec26d596757ce50a60848883e865ffc02252dd87fbc565503b

SHA512
218b1d84504ff92b864f172b0e203d307bdf8f6abfb7f373d083836f7725b2ca5b6794a82c47dd54b166ac0d2e9cb9934c66d3381e90be169bf7e3ff2d77ad44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
13becdfb9cce90cef63e8d752bc4889a

SHA1
d2f236d6d2eab7ad2456f188f54e14922a2ebd7f

SHA256
28ced37cc6a9a87a808e1cdeeef6c4b683016b9ddae6ab634ae75d0449333f96

SHA512
4ebbf2d2da04c5dbe16e171a6b54b8742d00d78bcf88a3e41173efa548731e30e536c887e72835b0fb4945e7caf38074173f27a615a95292325136f9c2bd0892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
1e2eee0a0f6eba86e0ab41d73f45f8a8

SHA1
606e1692e0718ee96f0d91afd4dcbf9d9c4eb956

SHA256
aa3441f6a2bd71be52fbc9e5a658625cca10c0bd41d6fcb85987b7dac540c150

SHA512
f989e260fb518090acbe3e5c597ef61966aa40db54e7f7ababb5fe2ad60d74527f1cf974633a646b11814c44875d0dbc4eed71a86f94ba167fe70d98b678f22a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
4cab7ffb493f7d5536235a5633202260

SHA1
abd12fae8368b0ade2d9350dadfd64ba4276384f

SHA256
295b4e04c9875dcdfe9a80185b8088d7d0dad17f038809105c0b1e34cd10b243

SHA512
ff30415a72383d9bab459e9c6544b4f29985a759645d335d511047ec3d7c8b6563014bb0be2b8fc0b24bed0c4ade93c66ef8652e977a4c98a43c36e424b443a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
d093944ec236121d428f7a68b6912b55

SHA1
59a55a614fed9da20390abecdb5efd0f2eea541d

SHA256
accc503dac352fabbec1f85cf1339b4d4791fa0c63a1e5ad519fdc9c414948eb

SHA512
6a7a793035692b6af627c6802e9536efaf329889811afd5dceb514262163f011d34999003aea68d7fce4210f3954027bd0014d3a538a490bac2eb3d3be29ff61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
d093944ec236121d428f7a68b6912b55

SHA1
59a55a614fed9da20390abecdb5efd0f2eea541d

SHA256
accc503dac352fabbec1f85cf1339b4d4791fa0c63a1e5ad519fdc9c414948eb

SHA512
6a7a793035692b6af627c6802e9536efaf329889811afd5dceb514262163f011d34999003aea68d7fce4210f3954027bd0014d3a538a490bac2eb3d3be29ff61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
e6c6efaff18147a2cda6e9ac59571acb

SHA1
29afc12bdcef116c5af5c46926572b510ef2b5ac

SHA256
1eed3e760e2f1f36464a962028d6c7e5ef7521086b62c3bd19605886b348fb17

SHA512
de37f74e1d76d82e384feca421f2d54d1f1f2e342edbec6aa374fc14f8705ccad7814475d86c6b250849b32d340e8a21f257dca06055bceac9771e93db19710d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
6d980ec1dc90c04dbb0143959c600472

SHA1
a485ad00e21cabb27659ce7d6ff7618082f9554d

SHA256
3f094b613955bd291fcd199ca623b722d94cad578f1b72195c0a2925768fbfb8

SHA512
c5e12fa76b20c8a9fab9b98024f6472b888825ac1f5c721006d97a06802feced167e61a0dd6ecfef7ec11f355e1d9eb320548d3e2696e8cc515edaf8e7440156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
5bf6bf24847807d404ad44b1d0c99df2

SHA1
10838f25c79ed0d1ff8a54021bdd59b552a83fbd

SHA256
22187b20f94e95e0c55629f4e7fa9fad7a53fad9f895811e7d70ab6bf5acc46a

SHA512
8dffc192887135fc16bdef58b051c04c1d505cd6e29d8da9b4539c854ae05afcc6ee09773a598794f9232065dea9405e0537670d543939fd35381f3e89514330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
e5b8e7a1c6dc502bd6b56e167c084c22

SHA1
9847d48380cab6e5a227d06ababe2918487afad4

SHA256
ac08e265cc85fe018fdc12f06344e21633532931904dfc5371af9be7cdfb724d

SHA512
5c0b15e1b29c68f24d66147b27b0d7375ec351da68997b81023895d46fb66c4d53709b39519ce05bb46b5bbd48c777aed7f2b59eaf8cd1b50553e63c68c10542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
eda8e0d28dd39b557b41d2bd39dbe49e

SHA1
918d85470084e1400b1acc7494e8661e3a71d1b1

SHA256
4629a485d6fb8e64d921682b7d8b235af59554a561d3dc1ba3f8d236cbc2af81

SHA512
26ba32c1b92255aa4f879368be0596b43248f7836ec061febc7006f34036ed509f7efe8de6391700971fa3bf4594f5d51ffb22f5af1df2dfa946ef12501043ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
e54d3c8bf0d5c2eb8b9bd2b7410a6264

SHA1
2585e8f27ec9ba66f84a44a6575bf862b9fdb362

SHA256
9e74956b4b87950fc4f3fe09b0ffd468c986c3f1768766289496be5d658383ce

SHA512
be2d156fb5e1a739b8049801bb75dfcaff7703cd346f67388bd20c0b38d952540b80092d05b7cbe98a7bf713fc7952e18d8de05c49508f6100b5105c5aa588bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
e5b8e7a1c6dc502bd6b56e167c084c22

SHA1
9847d48380cab6e5a227d06ababe2918487afad4

SHA256
ac08e265cc85fe018fdc12f06344e21633532931904dfc5371af9be7cdfb724d

SHA512
5c0b15e1b29c68f24d66147b27b0d7375ec351da68997b81023895d46fb66c4d53709b39519ce05bb46b5bbd48c777aed7f2b59eaf8cd1b50553e63c68c10542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
29a4486605a1d9b681407daa509b81f4

SHA1
f6d02a7fb39886a7478c4f5091789e064174d743

SHA256
449ae9fd6b740f345f6669932d18509c03205557b361cec373538676412bc926

SHA512
e83c6b68fcd8d9c16e07baffeb3b093723104e56f02c7adf63a7369f87421d555ca644f0f1fd18973412da4037ba0fa9e8ddc4b78261ecaaf84703e03a31c19b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
4fd05a6400f14c1d87e36d6656c08d2a

SHA1
9891825af6207e6707f406bc89562517b9235cfa

SHA256
af7e7c95fdc46333bd8aafe70840b2c1eb24d78d5caa7e026e422d3ef405f0a2

SHA512
99fe0f19ddc74cb9e2b57709b76bea73bceb3e4c575ee71c0a2457886b8969704e4d4d6514352dc7eda7548f071dfd46ae5870442e2ba1ee5aca99e0786b0ffd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
f86cc3f67a58d24caf4415a80b6ae53f

SHA1
b85fb8a241f690900bdf5d721cfb6114666abc06

SHA256
025e0d511fe0c4fd03cef4b2b3a44cce3604917fba9fe7e52af97b3a8de6b643

SHA512
ae710fe631b01e66ec1cfbd6577300f1aa5bb21595feb3975707c962c6a862f1ea393f67a19eebe076f55bb33367e12176c89f6c2e7db2320fc16c0f919a7c82

Download Submit
C:\Users\Admin\Desktop\[email protected]
Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_3492_UFCSBASLKDVMOCFU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_4932_AANWXUQXPKIOPEYY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_2164_GOMUBWZVFHJWLMGT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3364-380-0x000001F2C0640000-0x000001F2C0D97000-memory.dmp

Filesize
7.3MB

Download