hxxps://github[.]com/Dfmaaa/MEMZ-virus/blob/main/MEMZ[.]exe

Analysis

max time kernel
573s
max time network
574s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2023 14:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Dfmaaa/MEMZ-virus/blob/main/MEMZ.exe

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

pid	Process
4972	MEMZ.exe
2988	MEMZ.exe
2856	MEMZ.exe
568	MEMZ.exe
2520	MEMZ.exe
4964	MEMZ.exe
3340	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe

Enumerates system info in registry 2 TTPs 36 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133451357508155245"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings	calc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe

Runs regedit.exe 1 IoCs

pid	Process
4920	regedit.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4708	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4596	chrome.exe
4596	chrome.exe
2988	MEMZ.exe
2988	MEMZ.exe
568	MEMZ.exe
2856	MEMZ.exe
568	MEMZ.exe
2856	MEMZ.exe
568	MEMZ.exe
2856	MEMZ.exe
568	MEMZ.exe
2856	MEMZ.exe
2988	MEMZ.exe
2988	MEMZ.exe
2988	MEMZ.exe
2988	MEMZ.exe
2856	MEMZ.exe
2856	MEMZ.exe
568	MEMZ.exe
568	MEMZ.exe
2520	MEMZ.exe
2520	MEMZ.exe
2520	MEMZ.exe
2520	MEMZ.exe
568	MEMZ.exe
568	MEMZ.exe
2856	MEMZ.exe
2856	MEMZ.exe
2988	MEMZ.exe
2988	MEMZ.exe
2520	MEMZ.exe
2520	MEMZ.exe
4964	MEMZ.exe
4964	MEMZ.exe
2988	MEMZ.exe
2988	MEMZ.exe
568	MEMZ.exe
2856	MEMZ.exe
568	MEMZ.exe
2856	MEMZ.exe
2520	MEMZ.exe
2520	MEMZ.exe
2856	MEMZ.exe
2856	MEMZ.exe
2988	MEMZ.exe
2988	MEMZ.exe
4964	MEMZ.exe
4964	MEMZ.exe
2520	MEMZ.exe
568	MEMZ.exe
4964	MEMZ.exe
568	MEMZ.exe
4964	MEMZ.exe
2988	MEMZ.exe
2988	MEMZ.exe
2856	MEMZ.exe
2856	MEMZ.exe
2520	MEMZ.exe
2856	MEMZ.exe
2856	MEMZ.exe
2520	MEMZ.exe
2520	MEMZ.exe
2988	MEMZ.exe
2988	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4972	Taskmgr.exe
3340	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4596	chrome.exe
4596	chrome.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
5240	msedge.exe
5240	msedge.exe
5240	msedge.exe
5240	msedge.exe
5240	msedge.exe
5240	msedge.exe
5240	msedge.exe
5240	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
5420	msedge.exe
3376	msedge.exe
3376	msedge.exe

Suspicious use of AdjustPrivilegeToken 49 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: 33	3900	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3900	AUDIODG.EXE
Token: 33	5200	mmc.exe
Token: SeIncBasePriorityPrivilege	5200	mmc.exe
Token: 33	5200	mmc.exe
Token: SeIncBasePriorityPrivilege	5200	mmc.exe
Token: 33	5200	mmc.exe
Token: SeIncBasePriorityPrivilege	5200	mmc.exe
Token: SeShutdownPrivilege	4708	explorer.exe
Token: SeCreatePagefilePrivilege	4708	explorer.exe
Token: SeDebugPrivilege	4972	Taskmgr.exe
Token: SeSystemProfilePrivilege	4972	Taskmgr.exe
Token: SeCreateGlobalPrivilege	4972	Taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe
5760	msedge.exe

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
3340	MEMZ.exe
3340	MEMZ.exe
4752	mmc.exe
5200	mmc.exe
5200	mmc.exe
3340	MEMZ.exe
3340	MEMZ.exe
3340	MEMZ.exe
3340	MEMZ.exe
3340	MEMZ.exe
3340	MEMZ.exe
3340	MEMZ.exe
3340	MEMZ.exe
3340	MEMZ.exe
3340	MEMZ.exe
4708	explorer.exe
3340	MEMZ.exe
3340	MEMZ.exe
3340	MEMZ.exe
3340	MEMZ.exe
3340	MEMZ.exe
4668	OpenWith.exe
3340	MEMZ.exe
3340	MEMZ.exe
3340	MEMZ.exe
3340	MEMZ.exe
3340	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4596 wrote to memory of 3760	4596	chrome.exe	84
PID 4596 wrote to memory of 3760	4596	chrome.exe	84
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 4420	4596	chrome.exe	87
PID 4596 wrote to memory of 1224	4596	chrome.exe	88
PID 4596 wrote to memory of 1224	4596	chrome.exe	88
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89
PID 4596 wrote to memory of 1372	4596	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Dfmaaa/MEMZ-virus/blob/main/MEMZ.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd60059758,0x7ffd60059768,0x7ffd60059778
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1788,i,4345986210295123290,17101104280937592229,131072 /prefetch:2
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1788,i,4345986210295123290,17101104280937592229,131072 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1788,i,4345986210295123290,17101104280937592229,131072 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2756 --field-trial-handle=1788,i,4345986210295123290,17101104280937592229,131072 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2840 --field-trial-handle=1788,i,4345986210295123290,17101104280937592229,131072 /prefetch:1
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1788,i,4345986210295123290,17101104280937592229,131072 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1788,i,4345986210295123290,17101104280937592229,131072 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5344 --field-trial-handle=1788,i,4345986210295123290,17101104280937592229,131072 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5332 --field-trial-handle=1788,i,4345986210295123290,17101104280937592229,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1788,i,4345986210295123290,17101104280937592229,131072 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5100 --field-trial-handle=1788,i,4345986210295123290,17101104280937592229,131072 /prefetch:8
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5368 --field-trial-handle=1788,i,4345986210295123290,17101104280937592229,131072 /prefetch:8
  2⤵
  PID:3060
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:4972
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2988
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2856
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:568
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2520
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4964
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:3340
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:4912
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:4756
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,7629801897236777560,10395897433787499660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
        5⤵
        
        PID:4564
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,7629801897236777560,10395897433787499660,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
        5⤵
        
        PID:4200
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,7629801897236777560,10395897433787499660,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
        5⤵
        
        PID:4916
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7629801897236777560,10395897433787499660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
        5⤵
        
        PID:5104
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7629801897236777560,10395897433787499660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
        5⤵
        
        PID:3488
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7629801897236777560,10395897433787499660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
        5⤵
        
        PID:3372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7629801897236777560,10395897433787499660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
        5⤵
        
        PID:2692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,7629801897236777560,10395897433787499660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
        5⤵
        
        PID:2508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,7629801897236777560,10395897433787499660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
        5⤵
        
        PID:2836
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7629801897236777560,10395897433787499660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
        5⤵
        
        PID:3492
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7629801897236777560,10395897433787499660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
        5⤵
        
        PID:368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7629801897236777560,10395897433787499660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
        5⤵
        
        PID:3884
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7629801897236777560,10395897433787499660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
        5⤵
        
        PID:4724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:5760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:5772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
        5⤵
        
        PID:6040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
        5⤵
        
        PID:4884
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
        5⤵
        
        PID:3792
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
        5⤵
        
        PID:6024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
        5⤵
        
        PID:6016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
        5⤵
        
        PID:5416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
        5⤵
        
        PID:5684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
        5⤵
        
        PID:5692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
        5⤵
        
        PID:224
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
        5⤵
        
        PID:2436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
        5⤵
        
        PID:1544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
        5⤵
        
        PID:2280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
        5⤵
        
        PID:1192
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
        5⤵
        
        PID:4692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
        5⤵
        
        PID:5364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
        5⤵
        
        PID:5616
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
        5⤵
        
        PID:5056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
        5⤵
        
        PID:2768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
        5⤵
        
        PID:4140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
        5⤵
        
        PID:2980
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
        5⤵
        
        PID:4880
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
        5⤵
        
        PID:3540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
        5⤵
        
        PID:3496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
        5⤵
        
        PID:1248
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
        5⤵
        
        PID:2068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
        5⤵
        
        PID:1076
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7446404865269479607,8755952600248248161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
        5⤵
        
        PID:3960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:4280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:2392
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,17496714605974466850,12772600843746404775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
        5⤵
        
        PID:2892
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,17496714605974466850,12772600843746404775,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
        5⤵
        
        PID:5416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,17496714605974466850,12772600843746404775,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
        5⤵
        
        PID:5228
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17496714605974466850,12772600843746404775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
        5⤵
        
        PID:2220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17496714605974466850,12772600843746404775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
        5⤵
        
        PID:3752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17496714605974466850,12772600843746404775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
        5⤵
        
        PID:1384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17496714605974466850,12772600843746404775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
        5⤵
        
        PID:5828
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,17496714605974466850,12772600843746404775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
        5⤵
        
        PID:5968
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,17496714605974466850,12772600843746404775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
        5⤵
        
        PID:5976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17496714605974466850,12772600843746404775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
        5⤵
        
        PID:6060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17496714605974466850,12772600843746404775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
        5⤵
        
        PID:6048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17496714605974466850,12772600843746404775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
        5⤵
        
        PID:3444
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17496714605974466850,12772600843746404775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
        5⤵
        
        PID:2284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:5240
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:5548
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,137810579456390553,8776521832326063113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
        5⤵
        
        PID:5368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,137810579456390553,8776521832326063113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
        5⤵
        
        PID:5104
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,137810579456390553,8776521832326063113,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
        5⤵
        
        PID:3064
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,137810579456390553,8776521832326063113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
        5⤵
        
        PID:5700
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,137810579456390553,8776521832326063113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
        5⤵
        
        PID:4404
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,137810579456390553,8776521832326063113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
        5⤵
        
        PID:1508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,137810579456390553,8776521832326063113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
        5⤵
        
        PID:2396
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,137810579456390553,8776521832326063113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
        5⤵
        
        PID:3200
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,137810579456390553,8776521832326063113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
        5⤵
        
        PID:5296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,137810579456390553,8776521832326063113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
        5⤵
        
        PID:4080
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,137810579456390553,8776521832326063113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
        5⤵
        
        PID:3540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,137810579456390553,8776521832326063113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
        5⤵
        
        PID:4104
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,137810579456390553,8776521832326063113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
        5⤵
        
        PID:2792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:2412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:1544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,8228514050420561464,13403636995389888892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
        5⤵
        
        PID:4464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,8228514050420561464,13403636995389888892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
        5⤵
        
        PID:5992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8228514050420561464,13403636995389888892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
        5⤵
        
        PID:6004
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8228514050420561464,13403636995389888892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
        5⤵
        
        PID:3816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,8228514050420561464,13403636995389888892,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
        5⤵
        
        PID:5896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8228514050420561464,13403636995389888892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
        5⤵
        
        PID:5664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8228514050420561464,13403636995389888892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
        5⤵
        
        PID:2088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,8228514050420561464,13403636995389888892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
        5⤵
        
        PID:2580
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,8228514050420561464,13403636995389888892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
        5⤵
        
        PID:2016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8228514050420561464,13403636995389888892,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
        5⤵
        
        PID:3684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8228514050420561464,13403636995389888892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
        5⤵
        
        PID:5452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8228514050420561464,13403636995389888892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
        5⤵
        
        PID:5924
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8228514050420561464,13403636995389888892,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
        5⤵
        
        PID:2924
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8228514050420561464,13403636995389888892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
        5⤵
        
        PID:3380
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8228514050420561464,13403636995389888892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
        5⤵
        
        PID:6048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:5420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:3912
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,18104971812508734462,2542351843693034046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
        5⤵
        
        PID:4124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,18104971812508734462,2542351843693034046,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
        5⤵
        
        PID:1680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,18104971812508734462,2542351843693034046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
        5⤵
        
        PID:3188
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,18104971812508734462,2542351843693034046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
        5⤵
        
        PID:3956
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,18104971812508734462,2542351843693034046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
        5⤵
        
        PID:996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,18104971812508734462,2542351843693034046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
        5⤵
        
        PID:4960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,18104971812508734462,2542351843693034046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
        5⤵
        
        PID:4236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,18104971812508734462,2542351843693034046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
        5⤵
        
        PID:5124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,18104971812508734462,2542351843693034046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
        5⤵
        
        PID:2060
  - - C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe"
      4⤵
      Runs regedit.exe
      PID:4920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:3376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:2508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10608991048532333472,16701893515406150281,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        5⤵
        
        PID:5096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10608991048532333472,16701893515406150281,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
        5⤵
        
        PID:5228
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10608991048532333472,16701893515406150281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
        5⤵
        
        PID:1980
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10608991048532333472,16701893515406150281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
        5⤵
        
        PID:3752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10608991048532333472,16701893515406150281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
        5⤵
        
        PID:6140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10608991048532333472,16701893515406150281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
        5⤵
        
        PID:184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10608991048532333472,16701893515406150281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
        5⤵
        
        PID:3048
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:4752
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:5200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
      4⤵
      Enumerates system info in registry
      PID:680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:2192
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,10442360024070158174,3037065227085460779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
        5⤵
        
        PID:1684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,10442360024070158174,3037065227085460779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
        5⤵
        
        PID:4036
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,10442360024070158174,3037065227085460779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
        5⤵
        
        PID:2184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10442360024070158174,3037065227085460779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
        5⤵
        
        PID:4124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10442360024070158174,3037065227085460779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
        5⤵
        
        PID:2256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10442360024070158174,3037065227085460779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
        5⤵
        
        PID:4348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10442360024070158174,3037065227085460779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
        5⤵
        
        PID:4288
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,10442360024070158174,3037065227085460779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
        5⤵
        
        PID:1840
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,10442360024070158174,3037065227085460779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
        5⤵
        
        PID:4024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10442360024070158174,3037065227085460779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
        5⤵
        
        PID:5920
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10442360024070158174,3037065227085460779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
        5⤵
        
        PID:3656
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,10442360024070158174,3037065227085460779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
        5⤵
        
        PID:5604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
      4⤵
      Enumerates system info in registry
      PID:1584
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:3832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
        5⤵
        
        PID:1760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
        5⤵
        
        PID:2108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
        5⤵
        
        PID:5712
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
        5⤵
        
        PID:2924
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
        5⤵
        
        PID:5452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
        5⤵
        
        PID:2688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
        5⤵
        
        PID:5000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
        5⤵
        
        PID:5256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
        5⤵
        
        PID:5340
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
        5⤵
        
        PID:2928
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
        5⤵
        
        PID:1652
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
        5⤵
        
        PID:5272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1
        5⤵
        
        PID:4200
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
        5⤵
        
        PID:5220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
        5⤵
        
        PID:5492
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
        5⤵
        
        PID:368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6088 /prefetch:8
        5⤵
        
        PID:5012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
        5⤵
        
        PID:1300
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
        5⤵
        
        PID:1660
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
        5⤵
        
        PID:1416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
        5⤵
        
        PID:2244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
        5⤵
        
        PID:4972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
        5⤵
        
        PID:64
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
        5⤵
        
        PID:1300
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
        5⤵
        
        PID:5876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
        5⤵
        
        PID:5452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9811422382539086549,17327914402007105251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2472 /prefetch:1
        5⤵
        
        PID:1840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:4740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:5128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      PID:3348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:3964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
      4⤵
      PID:484
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:2292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
      4⤵
      PID:3032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
      4⤵
      PID:1056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:1084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      Enumerates system info in registry
      PID:4388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x98,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:4588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,1919340109134745652,14630550256075565574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
        5⤵
        
        PID:5692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1919340109134745652,14630550256075565574,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        5⤵
        
        PID:5664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,1919340109134745652,14630550256075565574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3004 /prefetch:8
        5⤵
        
        PID:1832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1919340109134745652,14630550256075565574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
        5⤵
        
        PID:2664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1919340109134745652,14630550256075565574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
        5⤵
        
        PID:5556
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1919340109134745652,14630550256075565574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
        5⤵
        
        PID:1864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1919340109134745652,14630550256075565574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
        5⤵
        
        PID:4948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1919340109134745652,14630550256075565574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
        5⤵
        
        PID:3492
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1919340109134745652,14630550256075565574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
        5⤵
        
        PID:5612
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      Modifies registry class
      PID:4504
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      Modifies registry class
      PID:1208
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      Checks SCSI registry key(s)
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      PID:4972
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      Modifies registry class
      PID:1720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
      4⤵
      Enumerates system info in registry
      PID:1740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:4960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
        5⤵
        
        PID:5072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
        5⤵
        
        PID:2308
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
        5⤵
        
        PID:3124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
        5⤵
        
        PID:1976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
        5⤵
        
        PID:4184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
        5⤵
        
        PID:5576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
        5⤵
        
        PID:3860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
        5⤵
        
        PID:4268
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
        5⤵
        
        PID:6112
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
        5⤵
        
        PID:5204
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
        5⤵
        
        PID:5584
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
        5⤵
        
        PID:116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
        5⤵
        
        PID:4840
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
        5⤵
        
        PID:5356
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
        5⤵
        
        PID:5816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
        5⤵
        
        PID:5268
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
        5⤵
        
        PID:644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2788 /prefetch:1
        5⤵
        
        PID:4392
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
        5⤵
        
        PID:5736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1076 /prefetch:1
        5⤵
        
        PID:5456
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
        5⤵
        
        PID:5244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
        5⤵
        
        PID:5972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
        5⤵
        
        PID:3516
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
        5⤵
        
        PID:4136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
        5⤵
        
        PID:2348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
        5⤵
        
        PID:4796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
        5⤵
        
        PID:2516
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17680665056367591725,749042209609129874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1392 /prefetch:1
        5⤵
        
        PID:5604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:5944
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xdc,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:1684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
      4⤵
      PID:1656
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:3968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:6056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x98,0x134,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:4896
  - - C:\Windows\SysWOW64\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      Modifies registry class
      PID:2752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
      4⤵
      PID:3500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:6076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      PID:5452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:2060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:5692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:2876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
      4⤵
      PID:5932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x98,0x7ffd597246f8,0x7ffd59724708,0x7ffd59724718
        5⤵
        
        PID:3204

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6000

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x43c 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5616

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4708

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:1216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5912

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
47c38486a56dc8a4014f3d217ca44e72

SHA1
7793aa58f8d287ea32a42f4ed7ab7862a6008d98

SHA256
94b1a50b70b6be25193cd77915da91dd3435c9ca9f6992cca848b6381bc5f372

SHA512
575bed383be504d612f359a940d10a7acb9f81fe622323dac14c614c74b5874e0714fb3f1a2df4d0b1912f55181bded3a7319794c6365084e324cc61c4e1ff1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
18896c275be500e006e8caa6a71c6154

SHA1
6d8773668332a018eae029faedd85d5d095c86d2

SHA256
a28f71fc6e078fb9d4dec81752aaf813bda4d75b586a1e87a9b082501b55fb22

SHA512
7de0678b1b244382a432beb086a4d85e4f5eb0c2dd40702ea7d85a55b77622dc8c762f8e801ef5cd934d1c2f95d1156813f8e1747e40a830e697ab7391b3a1ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
61a92a5fb4cb7fb3f97374a99214ee04

SHA1
aca6f8e2631ab9691d3133697bb2cb607813bf41

SHA256
9c02aa42e41862cbbff97130b3195e28e9c3ae6760ad3143ae96876e2d59e98b

SHA512
b65ff0ad7c9bdfcfe03c7014c28558397c06eb104fc95a3f92d19a7f7b1c877f6a23475fadef685fe8633619a634efd50052b1e7c3a9190dc09605d8b85b81f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
05f02d340a4e2aa7284e8fe1bbda8629

SHA1
44df50638d0588a8289e899d72e8ba136a25cb88

SHA256
488d54d75074d7afcc17849da9faa3e369266a06b4d212ab45588f45dab52294

SHA512
886890d967f7161b7643a70e2ae8d52ac1bd3c8c6930661133ae0b41c097fbb51211f016c8c75597694662ac5417997ab40f8309637a1047e66b177bcf831efc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
07ab6fac7eadea0e81d37a46bc007e67

SHA1
c6d65803afb72cad57b9414117d561ab896381d6

SHA256
e8a6b36d266c9a8f7af201f67aa02ffe28e82ac0e7b7adbb033eadafb7d38d92

SHA512
1b23f307d54513e8ab625a98c8adb1de71bd4669965eb6a6952eb83927209cb3717a9e7c7c7009435c348cb14e6ffdfcae19a7e49a990ad4c3db69a201a8b058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
f1fb42d473b8d05bec823b8ea1b1f5da

SHA1
fbf08ec676c61312af3146438da2b29507e9b624

SHA256
dd0e727b1c647b1fa4dabdaf872274f87e30f41085faf183fee58d7a4b990181

SHA512
7f7cf45bb6822e54b21e9882e529aac7b48d172b3bb5ecd9e812719fc902b1862f5b2acebacfe7a3b4f7536808311fd410ed23ed5fd80e324c6812b952d978c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
63ac94503e82e16f9fd1264e3e6bed64

SHA1
dee2d4b634573b428f0731d881492f889e9b95c4

SHA256
f2fcc18550715ddd39d36e54a88e78a120b0ed00d7fe769c410e1a37c9e61334

SHA512
a3d35e78c1cc026d9a6096d41318a98d451eecb15fe921e981a46123700010dfb98a0629a234de67d522fce9b400a1a73e8dedfd4b5f3ba7ba56995aef9b9aff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\06c03db3-617b-47de-83c6-8b87c5490cfd.tmp

Filesize
12KB

MD5
61c0dc819d08d9d322f056497fd0c61b

SHA1
c5ce5715597a071c9a46cbeb5138c4cf24cc4e08

SHA256
43b001658de979911ce0706bd11d53bac98b5e4111402a7569e9ac86f923672b

SHA512
353644aefb50a2c6c3d3af9c730add8c1a5f6fdb4624ea9bc4e539ac3cc1d3bf87452f6ff478040d45c7485d1df23ff0c838e7ee8644ac2b7b992afe8bfefbde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb6aec82eac8120e07ad46cacd0b1767

SHA1
d0c6e8c7c7ed80b787e57dbe9ac989b042053e51

SHA256
34379e41ce7e277fca8650e35660d597906b42d09cd53e353d601e2e411a07f4

SHA512
b3778ff51d5b8cac4b4d6bcbfca393d4d39330081562c2eaff033e2850945e97a6cd49c9e85b93d26b6471ed908b27d88337ed365af019b0ac35964bc838a6d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e115caa5188aadbf420fd9bb7595f2b1

SHA1
75e27a19e5d1cc054a77edaf3ef5b6aac9396d43

SHA256
c7e921da31f42c7dda096afa1f09309dc911fcc01cebce001f10f2d786e03905

SHA512
e4b52bd99a887a4094a4bf5ec6de656bac6c6f650073697d74685451153ec25578a5f63d8d74ebc6528aa5f589c76c5c2dc50c814eddf326dfdae83621e33073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1be057c41c3beb57c4f8656b36d1bcd

SHA1
4c7066ffad768e69a9b3bf4b4b72b06a36fbcbf7

SHA256
e51d191b43c88e5ad71260bea5e97909623b8079151c802ab2f7d4870034de10

SHA512
cc3050522f05480bb86d1decc646736371335e7d73321a79751b8ba65487494c31f025abc76e988ec41f0319d054527c9545f60a6b8a3dcbd6cd53d5675d94b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c45fed02da52d1a4fad5d0eae2abf024

SHA1
1887c23c3aed7f875db869b7c657eccff11ba63e

SHA256
2e12efd0c74dd174e59aa15f83c6761eab0352a29041602a6b5b7ad94be6b52c

SHA512
c6d6be3689514e6352553c3847b40007265ab9072babc70a23158a0b7f82ebb1b5a2045c8848cdf65b46b7832f98525025d08eb84bb9efd39acf2af7f1673e6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3cc0d15ccec8f38213068ead91394043

SHA1
f7676feb6369785bf8b33dcab2d879ad3408003d

SHA256
f930678b2e9b70c2ac62e278ebd7b115b29c9ae5fc6f278f6632fcbb956e9ad7

SHA512
86465d76c81bd1400c7cf97b421c7188e06e167842a673b99ab43490b57a14c9cc7407e10ad36f62c9cb707228ff5d9d766d9e53a58a64f7be2a8586b7ce12ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439cf11a03eb4ac86d0095472493cee9

SHA1
514ad7c47abad83d35e108ccc1535cce5ace6a77

SHA256
1a86f3f401bb8059686c7b57aff3c5c3c44b948d267bf0aa51fe35dfe8200d3c

SHA512
50040ee8d71d2f8c782b699925dc54a0ca9e6d2f7d5189beafd917d5680011c1fe386a655d2da864c4a16afbdd7dc432c48e4e1e8eed4447abf2688b67341e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2460dac6bc4e2f97fbdb5d9ae64d7c12

SHA1
7b5d42d1d1d438f996a36fe07bdee8249cb9bd22

SHA256
4e61aaf834c41384be7862e446ec5e71663f5505ab0ea86a1d5273f3c72f18e6

SHA512
5827920c6f5775e8023b00b24567ab01b1e1e99f82add5156e906c49da5c474e8dab60cb314977ac6f1a55a5180773ebcd9dd9098e1e6029833d613ed675df7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91eb1e634ca68fa870f1749fa5b5c161

SHA1
fb3b9ff917e16452a0705e612d85bd0cafa4059c

SHA256
06e472c3be7e4f9611409598c4878742f72d3ac6dd72c11087ad34994310b979

SHA512
8e75a76e9fb7bc403ddfbd897a7ca1654521d128899cb3492c025526cd7affb1d3416059b0bb2d2b29a57b25a1da6a4c2a8f040dd639cc29e88a3d265473fb34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0ed099163e621eb467dbc8dd57cdba96

SHA1
5626f5932a788159549d964f048330eae5ad8ec9

SHA256
d7c109138fa1149d13983162ab4dbaed3ab8c74477984cd1ccb3127260c79740

SHA512
eeec9f61e8d8b4eb76ee6cbe79b94eb9ef8aae4fb068e0aa5d5c98b2f7440157a4b193fcbd90e678a5e59703970ea6789e4b9506769c5b2c67ab1d5420de61b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce05385cce8aa7e1816d24e55ebeadf2

SHA1
4610738c1c7948341aa2c0a9626425696cc0b457

SHA256
7019fa25c0450ecfba034f97ae1edf8d11bb98feba2e3e6b9e3cf4d01a73900c

SHA512
b3531bcdfb9faddd38799d289f7f814ceaedc079902e285ab64dd162aebe3b71ce86f3b8ee6bb4a538ef63ebd14189211f3e5a2a05e81f14d16195e95c8999f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d891b094b1a8a32f67273176ebee189

SHA1
93ce1e5d878971c56cf785c4a20e62fe172b758f

SHA256
e9aef1eb4222f54aa3d984999e7b8830257b614cef7a9acecc17fd30f9413aaf

SHA512
6d4b4bbb072bbbb87dc5e86be151ccb3292394b4073ae8a446f654046ab18726f9420e30b67ab35ea427d8649b1a7a287a6265869881d896156ba1fd33f5f4ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
e6b4361247f6d6bbaa675183d5ede566

SHA1
61c69e4bfe138a2620ca7f6e7ca6925906440203

SHA256
4d385a74f1442a3233f27b9089080956f742bb627a5cb40bb380b2b7b85b4383

SHA512
8e24bc0aee38fd3569afaae5910323d2c19e6457db091a48d1db0e838208ae295ace550c506613175bff282223bf277bb26f2a6c4c925c8dd42e1c358ee35c05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
69d428c40a3ce08743493aca784236d2

SHA1
fcf6461eb49acc8cd51160c0c22215185cac1bf2

SHA256
1b016dc0340c817cdaec50500e5e2b3b1c245e31572ef2617fd57d588357b6d9

SHA512
87d8dd008b46159fb547d0e7f3957771b82940d2b6d212c5c7f50d9cadfb971624138b9e92a3087bd3dfde0bc8ac7f8c52447bdff855689292093949361a341b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
251KB

MD5
97870c208cc147431c16dd09eb6e6765

SHA1
48fb6028ee7d355f1da5d3780892c17ee0aee157

SHA256
39ff6b04f9bf6c328e0e8559738099b929bf6cd6804072de6e710bb3bc3ed1c7

SHA512
9a5f71c4610b35f1f4270b74711964938d4cb34f1d16ef8df9dcaecdaba19164c18b6e271eb3260790028c2639e8cf401309d118efec156d8234946714548b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
521KB

MD5
a0724931963e0175306cadbfb31a09e7

SHA1
dc44006cdd9b89efa22fc173826482d1eeb2804a

SHA256
7ecddd12d922b6aee19bbf4a88eada1a0bb1ab3dccec3c227eb3e100ee667aee

SHA512
c8fded45ebaf2f4f7301e481baa442f4b29b4e90053ce1113489dd0c28f1e4fc3de067e7228823bc3644c945ae15182dc12411229f1ac990d0eed22f8a0f20e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
134KB

MD5
b34860e28156fa9d978ee48e699f0328

SHA1
a7c410aac79625dbab2f938a5a720d60e2c38741

SHA256
4d996a43647563d2a696efa51fb90a855ddf0e62b9d3af5db7960eabffb6e0d7

SHA512
11b7530f28ee2e977a60f55ee1445653a87c8a4f9fc6109e7f67726313a1328ac616cd1d7a92e87612d6b9bb0367bcbe96cd22359135368de202452fa1d1d6bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

Filesize
47KB

MD5
4d4b28daa30bbcfb5df4945f4a88d5bf

SHA1
6a8164de4de8721201dfbe46731954140bacb37f

SHA256
b044f5a929c22d84f69d774847659846f3b250b09a9eeb1a1a9ac7f485b62471

SHA512
a77f90bea58ceb9114db0b52af0ca5f4aa8510c16b383a9910e3c96a449e1ee9475761bfecf172ed197d18acadd01bfbd48e1a3e2bb3514e742ffc78a2a5ad41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
762KB

MD5
0908bdba41cab6e5b853d264614fd79a

SHA1
8d3446349aebdd43610d342987245f89a7f089cb

SHA256
f960317b0ae19aa76f4dd7f6629e96527b5acea3e7b53240da533165637ffbd4

SHA512
b461fadd793a813a41757e2baf3558d7f114a0ec667351bb253be51de5884a77110e1cb255de486d08e9b4fa01d63e867728b95f45d5780dfde50a4d3faecbd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
32KB

MD5
bedec7fbeade1048087a72580e001068

SHA1
8912dc5d38e6687f0f5bd1965787a5bcd760dadf

SHA256
1516d82d25c4e8d7bf1a8161e96b39e027b6caad830717f982a0c9d3ca774237

SHA512
8eeb17a47ade7d7c0cb4ad339ff311e852b957d7234a8c1e88d68bbe954b71e679d266decd4f873b1275706fe1af787b9fc1f3bb217c40ba60c76a8d33642ac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
55KB

MD5
9fd59928ca97e5f810f7e06af83e2cb2

SHA1
51cc8ad11b355b98acb1bae41c5a7842b1a3d4d5

SHA256
d04a4101aa738b4bb78bbf0cb310cdfaaa247e51098e28080ee2bec33a13efc9

SHA512
f6c404edfc8a146ac66d1ae3d66acc5a64a1165545862287edf9e83834dab34847165ccc1d5b3cc63061ba744206a0a339e5de0f1a2f55206dedc2abaa09e832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
116KB

MD5
cd97b3f904ae2752306ba9327342682a

SHA1
2361b614eec7a0f91265eba120ef87869b2c6a7a

SHA256
8b79538ab98390e2e25f35e911e029367005a43fe8f933b914e8c9faad9a4d45

SHA512
e293f066d8c8fe35d2e0f701d7ec25f0d8ddf02db9a4d5442d3361b488d20e5cc22675c2a5a0dc506b2d52a12ed619d92e42fbd867e91befe7ebb40452a63fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d

Filesize
160KB

MD5
a2fc23493374bf80e72f32d3032a01cc

SHA1
5f0650b23f6cb1368cb811d2ac677ebec5c011ec

SHA256
05e88335e67c427159e28dea62d1cf76b6a50c9e001ad11a21127ddc6bd23912

SHA512
f1708705e30c15ddf3a37b4442d5b45376bcc4086989df266e190aa23b8f40bb5726a1cd3b6c5e39b214be6743ffa8135dfa9daf38f8a10717e1a19ecee1c7c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007f

Filesize
255KB

MD5
5ef72733f6e7679d08171a8ebc7f6e17

SHA1
f27fad5913f6b1cd38928c30493e38b2b58b92f0

SHA256
438c4159d6deea6dfa5158ca195434d14c0d8daa0f268ca7e14a8d2ec024e9a2

SHA512
084e883e971b05b674545f2ee479439c2efe5b1ff760324c742ed5a6d95f2c6439672641e0c1b4ea6e2590a7ae0f040e08a472f8bef703d69cafde388fb9f61f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

Filesize
103KB

MD5
13e2f4f63a19c0510f87f9761abaab45

SHA1
7c98d8eccb2ba4e61543fd3ec2e044e95ad36948

SHA256
ade8b316bbda420407ef79071e04e56f7b4c6b9f68904f6e5d661b2c7486366d

SHA512
fefa13df9d8b44bc9001cf43199115fc550c0a1b31eeb8d4bbda4575f1e8eeb0861c78974d03cdd13510488807fafcc5f55f0f366c3b59390756dfd493a9d7c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097

Filesize
533KB

MD5
960913a7c50a534a410653c086d6997f

SHA1
f65e4b71bc5afa10e65cc2d7e85497646a3850a4

SHA256
3e999a1d47a270c9f57886a3f9f3c9500b383d5e54cdb45604bbfa11d474415e

SHA512
8f68d8325f22cfb86735c250322e2bf62d3cd483300ae74b091826540797359b8f52d637f807144d6948ca7b52dc72c5ca890bae0c2e4c1a14337e06e2708641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
833b68227d96c752ab8b0f8ce6c9afad

SHA1
13a5fc9474d935b8dd82f5c74952cea939f36cee

SHA256
42dea3d10142757f01166eb47a97f1ac319b5c4abc85f3544f96963dffbc237f

SHA512
95c93f79faedea0489c3b70c4f44543a65d6b24f5d301da96133a0ac25aef26c823c0972720682aff762d63c069da2cde56107641dcfc8715c7ba9230d1d6dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
67ac50f5152e6428c73c76fd38af55b7

SHA1
a318e3a10806e710f7ceeb6325b5ca2dc029b627

SHA256
45e3150e06cc54b855518db668f89226c8d63cf25a21329e2004f5a9c5cbdc5a

SHA512
45a695abd4e4650a0c357649db33950ca4fdc2b8fec2e22c81921b1c88c1b00fe4909e8ff2f7fae42369634bf4f4c00cff4400075d299379022ee6a4ab0f648a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
67ac50f5152e6428c73c76fd38af55b7

SHA1
a318e3a10806e710f7ceeb6325b5ca2dc029b627

SHA256
45e3150e06cc54b855518db668f89226c8d63cf25a21329e2004f5a9c5cbdc5a

SHA512
45a695abd4e4650a0c357649db33950ca4fdc2b8fec2e22c81921b1c88c1b00fe4909e8ff2f7fae42369634bf4f4c00cff4400075d299379022ee6a4ab0f648a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
59dc1c0be452d289529bd0c4aee24b49

SHA1
7156d737b8c328eb379009c5b963c2448afbb097

SHA256
3899f28125049945218100c42c5aa6bb224d24cb4d12fd90a364670ca78c4e4d

SHA512
db68155c539984f8afeaebbbe935b1bbc778b543d41a43b1b1f135ae768d7727de428c023332e20a453a175e9de19a667b0ab5cd3380f853d11aa97ee0c8d9ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0409832a264a645e56321976bf87e276

SHA1
1ff25ee24fed3c17cf18b77f9ed802c19d5fe382

SHA256
73994cae5ae17755d9abeb9a2fe4d8b0fbbfccb79bd0b9cd2cea0cc9d397de76

SHA512
ebba141e7b16c9f196a136ef49816e6e254c74552c195770cc76172d50082b8f97cb1eeb8fb69837420d2e5dd42397cdd6b26c768ac7a0cffd8ce650932088c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b66ca3b30dc1f5bf33d6d599b7bbf28a

SHA1
98110e06c276377d382433318541bf0251ba631b

SHA256
a3a560fa317615ad4ec090486a00dbac825476c18943f0b149dc138a1117d4eb

SHA512
f05e63a4139231781e3b8e01e7eb486c142c358a613614b56a08118f4882286f577b09cadfebc6e6bab57ba1eab89cba69769c267e7be43a1b501a525c392452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
852837339f2744f64b73cb12c1df7b3e

SHA1
c7f31923c44ff49d1e0d5e323c73e0885b9b9f23

SHA256
9ded5b2f2e15ab22fe34dff94cc861190553eb7419f345241fda43a06a9a019f

SHA512
c669d0d19576c6f8455a0638ba414244de133ca9b4af5cf9bb505c669db103d52bc4ad40ccdefe6aa2a53f42652db620ebf3e4bbfa8ba69ba40393d6c84fa6ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d54914068471af41aaf3ca850270d38b

SHA1
80e1a78181d9ba1b747143025f13e1844eb7b7f2

SHA256
58b10d24dc7ccec83dc09e248f7d15146e8b8c634613949d2039d4056c4822fb

SHA512
570a8126e1715db863dfc89c1270c6d9c733e034b65069c3c1534da0461ce8944968fbac45487827c75c339f04c7cbfd27b312ef439a99dc6fb9d29e2c4a99ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d1b76cff6c8b4df0af1ebf2b7e1c5758

SHA1
cf32f8adc08922e750a4c3d2d95e97a98bcab4a4

SHA256
ac14b6cf59fd8c981d6c0d73233e5cda898fec71e68d166198356d0284841780

SHA512
6b32ccc5fe2a1688e86947a8595a81c221233fe474d8eb52937ed73f5ae2172b9fa50458ea12a19899d4a520fe015b17425cc1e0d87237e57f9a622134ef7e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0a823b5b1600c9df2ec0001dd3c54056

SHA1
fd9f98d698247680eb4f0b14fc782f4bf73d5572

SHA256
fef8b9bbab4636eb1aec5eddb207a830dc171a1b1de6c26e0fd0b0ddff4b1830

SHA512
4b440747f2c7bd4c73ec760a31e87a1c2f08bc4b7ee7ae00abf8dfd0435393fea7ecfdae3726b51d570d2e4950eb4d5f201c5aacf9f189744c6a128e2635929c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
476c653add11fe01247823efef5a7e02

SHA1
72da936c738180b57ea96fbcb834fa9bc01c32d2

SHA256
47dac941638694f1a13418581c43c48edd45930960b5fdbf2b487b2302a1261e

SHA512
9b4b81da93a89e6754b267569178e03627322a71fef34b7ce9a21780cf26ab4370216b423ffaea865e23c48a430701afdf4a43651bb6d2116d72f1e3bf4a6187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
2547ec0b3502c0b5e4d9734d051e77b5

SHA1
527e2649ca0cbd5e826f5d804893f8e6f57f7946

SHA256
334d47183f1f5c9728f3ffb7a4d942b25ea4358dbb92e37df8bcc750e3f4ae06

SHA512
6a2026a0f792c2d5987c863e415462607d8a4a6561e25086a97b27ff6dcddcf1244871dfe08690d78e337cdd35d62b0378ced65208d34ce1b8ea316be92ce41b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
80b8c70b3b3e7cda98252f148782dc19

SHA1
17cc3b0a3c76336b0bc572d1833627d61883559c

SHA256
9c12b57f372810d63bfb3ecc27146253706243a93101856645d66d6ab6c2872f

SHA512
74513b255e9c8ef50c5d24c5e5f54fa6d94bd0b18515f3666a4db8f0b565c27bbbe726e6ce3edb619afc164ed61bfcb474168bb9a5d301ce5bf8f965fbe01fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
6c680581fe7c8311307051982d700b06

SHA1
be52646d3db83e9f03a01d9567e18f9ccd86513b

SHA256
27ff968a011196271ae11eeb24a6a639f2535138d907cdbc01b8a1b815125a59

SHA512
7596c1bca381ed9fb517d0f13b0c866fa765d22404d91d4b131368d7c72d2553e5533085aeb69add89cb6659aad17c29f1a074cd1b87782c697fa7d89dff4938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
ee98f498e90a88590c4b1ddabb0146de

SHA1
639615ec594d41b6c9d61eb81a142bdaa6a35492

SHA256
ea22c5156a1bc21f86841a538bcb13ef88773ec00916d7959d560012ae64106c

SHA512
2b95b6fc6028a359488fefe991c12b5a5b2a95fd9b604678054b2287d8d308b785bffe65998cd6dae391fd973ff4d89bfa4bfc29d75499fdff564dc76fe4bbad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
1.6MB

MD5
031956f71ab5a0fb39f58eb4b6b47d14

SHA1
8fbefe2723795aa9ed9f4a9fd73c82d7ddccd01c

SHA256
7103f897cb1f2dda781c777be5bf4f9bdc2f32887fc65d2c4b907e093d0efbac

SHA512
0b05547d7fdb742ca7354d35737fc9faffb438b9549c83324a5954c0b884e928e76c7cc023e1c829963cb8deaa7302170f910c6ec92f2fd9d4f89fa0a26f487d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
11KB

MD5
05bbae4d09d054e5abf6a78911fe254e

SHA1
63455f8e7e8095ba3f2ccc2d00a07ff1a3c6282d

SHA256
d3ba5795761dabffaddd1f89e1f5f0517f9b4df5ac224966cb980a3c107f8340

SHA512
479bee82ab7fd659c0d4345eac4cac3db0a13c622886a808b433d533479f9948c09d9ceaa0c35e6f28bda6cecd49da1130f02ffbfc1853adb8f3ecb24eafd001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
a1402a801ffcdc10a4f6dfe67f37e339

SHA1
4ef6b3249422c056eb58b6828a8fea28aa1c6ef5

SHA256
47b62efae0b4525e241edf7a922f09453c2256212033d7271c7ab5c58315a1f0

SHA512
c1c8071a8b27eb915424f489d8e03964666311226a1abcb1816a286abf3deaff12a906b032b7743332dfd878ea10438d9ca1779f986f359a1d588b1d5b810219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
18KB

MD5
0944b604f856d1e481004328844954b0

SHA1
bf96955aa8835eb348ae780e278077951df220f9

SHA256
d1ef2b753f0362add375fd2bfb81644c981e8a043c680c54ff08378c294bd8b3

SHA512
f23d721581316b8b8611e5c0564219e66fadcb920fb21d00736857883e2305421c9588bfc072c65282e425283ae71be931a627a52dd9abb3ce513b52be5ea3c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5c1e8ee6e9f73b2e7c75715e0b1d7b04

SHA1
bc79de04fb68f5a3d8925c1047bccad8667f339c

SHA256
905dafb7fdbc699f4878d34ecc799d0bedde47c55ea9b54aeb8d320c5048c00f

SHA512
6331c268860a03af17d516416c23a2a578f12c949296438202b9cff19b85d8259022cb8dc11d7b3604e6f74c4920abe769df41f08e3a1947f530454541f2edea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
18KB

MD5
74f1ec398edbe57341e0ac9f2ebc3efa

SHA1
32476fc427f1f30af7fa442d51778c40ddf3a1cb

SHA256
000e95bcae55a71097c023b03cfc7fd65f0242b14ebee8cf4e4366950a542e14

SHA512
3549e0be75ed568711ebc07fe4c1f696754d3fd0efd17089ebf97c623ba6ad6a0b82f5e7321cc4f01c776d1a53d96f4280d0716b2fa67e96bcbb1ecae0b5911a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
19KB

MD5
8d0606572954656ec748731a99e3a328

SHA1
d042838e9fda483c0754b13b17eb34d9bd8e74f1

SHA256
c78e618f73eca7e9a3e2e59c654a0e474049325ac54fa7d4e5482f5e0a5d73b2

SHA512
e7465768f6f80452936c5e14374dba7277799049906358c8ffaa34fe16d913ee6678c0e330b5ea059d2f695bc26bb4474542a78a21f9f799d8558d02b2ba0657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
21KB

MD5
350baa6ee239b2ec0c5dca4f647bd1ae

SHA1
468357e7927aba481855b312c0db92e9a0cfbeca

SHA256
5887a18c0d45ccfbbff2036ba4ee43e5ea8632b1e249b457c68cbb370426d791

SHA512
cc6940934f828d10fec400d179f1ea9ab7f28061aeb756e1addbf09b8dcd9f4c8899cdeb694da2ecf14289aeb385da51f471fd9e9750b69608193983ba512cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
21KB

MD5
098f858f3ec713533b1526d1fe55bd37

SHA1
a507a4d2765ac784432141acb87f336a1496b45c

SHA256
adc5d7cba7f8948abbf575e06420160e541da3cfd963207e5a9a795503421760

SHA512
a013d7605bab113b1cc18d9c83e81d98e1be2ba7d04c96745ddd6e137e75dd3998d418366805f4ce67b0d94cd557cbf7c0bcaccf8f78a913e26249eeb81fc7f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
19KB

MD5
3278e9385b5667ce6f450f6ece2994c6

SHA1
cfa4c8adf7bfa9ede338384ab4cfd03e83a415e5

SHA256
845d03197572fb9bab158896320b1812cdf1df0f8f3009740853328abc65170e

SHA512
74ad179d08dd75e60956ff39766aa9f132fdb29cea71b5ab96a738edeeec8c2ec9eb431cfb2980ca5de2b65dd573b7f0f1fb868fef8ca09e2305b2dcade5323d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
19KB

MD5
bee07d325446fb9ad23b91e913cf3d99

SHA1
ef9262c530896fbec5622d52f205aec851a3fd31

SHA256
718fec890d4c71279b604bd88615879ccb4220683748ed43d3182972ddc704c7

SHA512
8465b3756f54178ee6886351c459f6a90c78922fa7bc082fbcba3dcba1c4cf25ef8d237522b0190f5bcd83af7c696035bbd07164df4c86e07168d4654bfacd56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
19KB

MD5
7d1637499730b88a3c28b085df3c67ab

SHA1
ee8e34ef55262d376fca16b01297dd312171fa10

SHA256
ff7543971d85c3f1027dbdd4779cdeafe229421de8f61a84551a99d20f1d4101

SHA512
0fedd7a5f3eec190d5081c2815591c2c3f7ef81a35acee24d682e61a250c26b508310c429ed055aff9a120bc57fc0c0af2799a1dbcb1789035c04656852de122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ae0d99c8fbd668293a82fd116cd2060

SHA1
82a72b1bcd6a8fa8cdcff7a8f1ae0a5dbe15d2b5

SHA256
f238d854b00f507af374d7efb41b4fc5d7e242d9c9bbbe9db66acc3c29e3b46a

SHA512
1265146bbc9af3f684b262fb7c825933dbcd56a8f86be8195e98612103ccd4840d8ab1ff7f8f38858ac4c649e5e502b7d31e4f9158aad7bda9098401575fe98b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
22d549bc2fb534dac6adaea7a067a2c3

SHA1
61b58a72f591ef6a342cd70b65b8cb08996d4a76

SHA256
f1e1c5c3af86e75efa7f823ac09032898eddcfd88a4fad5d3adc7d7d3ad230f6

SHA512
2a1b184c97c94300d974419ec32cdbcc770ab2f5790445b6f898dd25263fcb7f39f3e7ffc0954f988e4d375783284692120ec1dd0df5674003c4a36eac40443c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
ba0c77abcfcc9ba20a1c3c0fa4d6a0f1

SHA1
1755cd89c791de5153ae252f1ff8a846cdfd9d99

SHA256
4d5d5961636d1fff316b47e055a298ed8c41ed88a685b485a66a2e6329cc1f11

SHA512
10530403c88c28e06ce684d9f1380837caedbb89efd41ff3e10cfd5f5eb3ee27511a02b4c0f48f628589f43dfe9ae5d1c2b82d0e646c1daa0e24224d47671679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
34462be847c8a957c541513505a5fc79

SHA1
b5e9f1e6995cce6a4e2ecd1b0a8cc0ef5ac624a7

SHA256
ec63c97d5c6ff3e5fa6aadf08ba3007a80c76fac0d7c186873b03cabefdc0ecc

SHA512
111debad7a9f8bc0c23ca292b167d4ad84cfcd58f8eb19526ef806035e69827f3c40df36e40602276de02d8132e0001b1f8a0676d54e47b66761a9ed49813e16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
f6237855a80b22069e3b610a78c6a86e

SHA1
b930e1562a783e4431de3a9f27011d0ead482500

SHA256
a36057f5e78b89efc75c43fb24107895fb103976f46e4c210a3c33ab6ffdcc9d

SHA512
f334807c2bb2be3535fb7601aa81a9aad1a04fb9f2b9dc1a2c9ecfafdfbe1c597c8e5572b161281b2274ab73723425030a4d5dbfb304a58e855ef91285d5bc33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
eaec27661bcaeac90f624674b99d8952

SHA1
13e468a71f461b9abeeda153b58e76297440d0fd

SHA256
d988a95ec00803f5498cfcd011553432579b8e81bdf12a7f9344fefe597dea87

SHA512
0875b53e22ab01888813f9bee0a0f50d3a3756efbdf85622869c3628c79a2f3097bf9bd51e1a505d88b55a3cd535c6eca6a8281bf626bdaf244986d3c4ff2820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
98fc21c42cad8246e1eb1eca6899bfdb

SHA1
a333791d75be6ebdc8bc83b7c52912d781be4a99

SHA256
dca84677d242f372341aea45037baf2e985d2653f61690d15b45ad4111da384c

SHA512
28c4063cc0c8495e0c223a5324c71267e7fad17a71acb17277bd055a2cba77ffa88a6769624543848b43309aaeb7d13ccca6e3c569dbbcb0c1eb4ebee367baff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
6bf6c777b2da31401d038b82cd7b9d79

SHA1
06167eae6df5ab42692124564c0745b0eb5b26f2

SHA256
6baac01241d457c6939b96b95824e73267b032f4098ab303cf4f8aa401316516

SHA512
abf5fb563607aa189cb63b5d5c834fbc3ab4302d158fd8c603b91b54b36c36dbf35e781131c668b1b5eade36d0ed61925d9954a3c910cae6ca92bf3af1b5902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
b9b187ba2fb4ade175eecf165839458b

SHA1
2209b3f2ff63f1d7028bc2bcb83d0cfe2e384464

SHA256
2de12e4332db4be8f26893a3953b9236dcac0e882be6ef27886a2f718fdfb228

SHA512
ea9815fecf44951857c5dc12a828a1884c4e12b46b27c1c497a375a08c122a7fbde166ec16b83a95407b161f959a7d0028f61ab9fbc5f3c12ce1bf71ae7b161c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
45cafd49724206140a2a792ecdcda884

SHA1
840a5941c0e26e16b5b3731912e52de543853e02

SHA256
857f8bb4e9795faef063b19e1ae281abac482739aed4c0f566236637d49888dd

SHA512
f55b6109a988a883103080f49122cd3a301bd25c169688d25d660f2ddbca3d35b09f3f37c84e25f1843eee82c7ea05da4d359ef769a7ced85ce50495e67b2d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
c7f5927870ac53ea0d2150c12ba42abd

SHA1
d70e460e9cd5f0b67aff89e6622f558f175404f6

SHA256
9e8bbfc412afa01c3eb853c5a490ff60ba7e00b6d87f27efbd4ddde5cc9b869f

SHA512
2732d7f8d4eef19710546c7ae7e3781cc7a07022f81c46634491862eb3a9cc83a34a087ba3b9e2898865279d08aee2e959763716e71b9af2d267f0f468b7bfba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
f51cbee93858ef736e32892df0816265

SHA1
d5ad6b575c93c77638d17059bf90029833ed7eb6

SHA256
f0b88eb15b7b76085bbfb96cb9205b6741579dfd9727ab5f88693960e073e0ce

SHA512
03ccce4cf2046b1e14a6c4488526cf3cd81823adb3191db9f1c58f5e508db2c686fb844a84ce8364e2fc8599854960004e87ff2d4c75e60585eef65dcd969bad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
bb74f3113ab69104a73a104cb7e38094

SHA1
dcea7ef9d8607d403f503c80a425e215c8e4f20f

SHA256
8a7d7837f86045fc52caf2221c31bd3965b1a4a6c70d7f4b44165d93a2ef13bb

SHA512
da4b49cb82dbffd9662dbfd15a38f91929696edd99747630dd26ab18a92c75ed627b189cda3205dc52c3ae4a069c51f65cc3eb561e8432ae555649631aafe2ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
3d3219a0ecc8fc4663d2cf17b7a4105c

SHA1
291867aa1b0eddf0f8c91bc31434097cc106e661

SHA256
7ea9478fda3682225bfc9ff9e76d7057a825cd293af98668f4cc2d3decf740fa

SHA512
9897475752cd63bd78464378f5c749d0fcb6984aa2b6a2c412b54a7bb5e19de4c65ba79d965a5bf91031557077d9e730a828e5cbfdb1b6379dc59af73c5c70a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
265a463ae6899580ba1ab47b5987c5d3

SHA1
bb26a4243cf41fd3ef066a76e06ef86e90a9767f

SHA256
16826b4d3a67db51cb15a0e1b439b59d844a508b19804316e90d0a8110a597a8

SHA512
ad399926e2f5a692440816cd5396d5013081bf3e52701ff9900e31f097db83632048c5b19ad3f6a687c2631b0054d80acf3a59dfa91f3fa9f00648c58ce764a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
1bee8d6acb56a2c0bdc52674a101801c

SHA1
e595e2fe6a3fb152888db234f317f7383850d68e

SHA256
d89c56febfc0b77522f1ad2f4932027b2d60c42bc377088d369aefb75ce3c180

SHA512
5c2267e5dc7f358598f7341cea5b7e81c1e7973d695273e138b439b87dd28ec6c93ad5d790c2a59d15cae4dd06c22df1a2e65d8154ec002ba81c75fcfd14a777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
b690b90a4732c29e469674a6c3baefd4

SHA1
062190194c3505d1d18d8e3f166bc3e3cde4dfc2

SHA256
914fffa4b4499f31a820f9ed94919b61769e6db1e7340f9d20903c5a21ec10b3

SHA512
0bd7734c7ace835b2bd983efb30478d91c404f32cc00523261844f46794ac23903376ac65fc9138b3a0a8875b9b79af2de5ab960c17669723b8713c79807735f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
1bc72ba053d67138afed728be6afd166

SHA1
4dff7067a4b84b388c04c56d4f8d032ff53591d2

SHA256
216e678000b4ce8c8044cfd41f33d4d6baf352177b6c19997f503a162003506c

SHA512
f2052ff0c46026699d62c9e066ee572b8a9b8916a16b012c2f4f86c6a55df0caf25b94cdf9512623a1a8ff2d403efc0cf2600c8880dff076cd88c83080bffcda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
869d60e7c8204913930d37d12193f463

SHA1
401569230decf6e499dfd410b98b0c81d47c3a26

SHA256
d399d99288367a4ca416c3551917e95f7afccc4dc5472e5647786e55cd9a7ade

SHA512
68c0ac284d704a14603a71b8a7953777e07d2d20ef92ea23af86ac3c48a429828057438da712d2664fc613536d1ce22d908e946776b84720a752e7ba6db577ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
869d60e7c8204913930d37d12193f463

SHA1
401569230decf6e499dfd410b98b0c81d47c3a26

SHA256
d399d99288367a4ca416c3551917e95f7afccc4dc5472e5647786e55cd9a7ade

SHA512
68c0ac284d704a14603a71b8a7953777e07d2d20ef92ea23af86ac3c48a429828057438da712d2664fc613536d1ce22d908e946776b84720a752e7ba6db577ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
f082890f96d666d8a9dc3312958612d1

SHA1
c31a47012474886e658d1d7781536d836b2b5d7e

SHA256
b117e0ffb2625d48b7b03919a6942f438fc83fe9aa3e95b6b81e73289ee34a70

SHA512
0d766129bfb46cddc1adfd2e5c795ca1d35ffa881a5c7da0f53dfb702fb4fef916b822b895db9010040ba6c876a4dceed8d61e03eeb65bd47124ed1fa1f8ef5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
c0a47b3b449322d271cc3e55803b6d31

SHA1
a8d5f199d530d5f703009582dfaf19befc193bb5

SHA256
d256d6f709e5fe28a9cdbecdea2bef143dbaf187ea823fdc90b3a72f9b998248

SHA512
ff45b04ff0c8dc66fb22ad3143bd0e5d8a2bce73251cbff4e5c325d5a7956d22671fc1f211d20d7e324ed38b408a7542b87c6f5a6dc0a680d8d16121a0e48013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
79d6198969219c42284bf9033ae21bca

SHA1
baaf37115e03d1d208dedb388d71b3ae980ba89f

SHA256
21d1853b755d9f6b9d3128c50529ebe1802061126c99ca9eceab27e063438fac

SHA512
c5a6ef4a7a4a08e109e6f4e2f19bdfe96904d8c021b20355d60212cc86edce362f80e6747769b81316708799c19a20fa4cf23fe1ae68dcf105082a3c5bf69dad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
7723282aa54bb70dd18738d054484e8c

SHA1
58e31c89867b48d4d0efab0b293e91f23dac3728

SHA256
834be6e91d8c6ad0faec3c29619b0865700e15479de836f622b2ae11087273b0

SHA512
2974a76dbe48d11fabddc4060a9afb93d09524589e88e98e632216e36c42743ff7f2a4b7047229c515018ad66f843a9ab9f7714028773ecf702a2c5acbef9be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
8eaa9ccc07de68ca3dc8a6c3bfa2fa45

SHA1
89c4de0a570fb44a159e7d0d54e5b890aaf2c417

SHA256
1f81a487a45b528352ecef666f4b17323ecf701bd1fedcee9501293fd235c3fe

SHA512
c410927e92b643db03622a1821c85c01234413606c39c2ed1529e4392e1a7db9c2e1e355e7a79932cc8abf2716a8a09b6444a656674842babc4f6ae30889342a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
fcd0da599343ef8c0c2df43019f0e47a

SHA1
d49ad847c025ce1a26c1f792048bbc0c96105c69

SHA256
166b5c1e337c04000def3d531562aa270fc354cafafbe19b59b60fc6f17aa259

SHA512
bef26ab3bc975fe8f5d2ed9df6da4d2c0cffd7312f2249c3ac431d574edd76bce5c3493418055c9ab6a949d0312239f79a1437ae1b2a28f7225716b81b0d843c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
34f613438b83bdbc6ea8a36be3615851

SHA1
c381712a93f3df2e58204ccb4614e2fafa54ae50

SHA256
bf04d3ef2c65faac89e883f1b52f3cc5f09eedcf8b8de7aa2c7d6789744c92c6

SHA512
979d593f859ce89041092308a5a422bfb7df0d4835c9217cd7d6518e8deb50d0d05720a2d80dee631472e10540fab0c8d867091a3f4195683a27f195be5b89c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
d47f41393ecc0131839ce0df171769b8

SHA1
a008d206b8f4538bf00c2f2c94639bdb899647a0

SHA256
3619a1bcde93b435ee2b9fab94d355bb40a62e25c4ae69c4ead86f7578c7a20d

SHA512
f6c9492566d51d9f51b0a39f430dfbaf7c121c8058113c0baebc08ea2037dee008142733e17002494ca728cde77cc03b11527cfa83d5d0307c4cdfaf71f7b2c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c20248d3206c057719bb162fb6f05fd

SHA1
bc6ed44f5256a8d7888d4ca774fde9a22a8d894d

SHA256
18ea20920b308c373d75fc33ae3b61c7742645f9e984eb4ef91a134bb56d3fb3

SHA512
36b94114879e0571866204d5470537cfec07cb5fa59498cc9a10168a1cc655dfd94d8e6cde0e276ab80019f724ef52a51818e7c305cd53dda111d972e405955e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
9ec7e996042f9a37270c37c6ebe8d805

SHA1
230833efcd58c10ade981f844d75922a53b37867

SHA256
f69725630619a5260ad8afa456036931a414383bcfd79d5c112c705755889e93

SHA512
fecdbb6a7228451e14e7910c837a1936a0cbe47dc3313ab104cf584fd1ff25dc669dfa623a7c626f8ef5396f2a4219811b94c066c348a348d6733f530f73998a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6e6fa819ca8ae4d4e054d8a9434d952

SHA1
4bdd2e1d8475677fd1ebd7a72597a4cff1aac750

SHA256
4cdc351c46a9244a3b3b553b23dfaa6f43d98d921a0556fbb6aa5b33eebea83d

SHA512
3d475276c842696addd82616fda0fa191d0fb1aba2c312bc36b4965113511f49a1e2382bc384dd403d760e0deecd83f16b060005e6c7f2d570ef1b178bfd659b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
5ded6cd1da5175563f81aa11878cdbad

SHA1
8e306b42157e9529cfc83ce397d6ddfe93a4f4da

SHA256
bdb7e94fb9dbfecd94e9252ae24a795d7e81705f70cb36fd9964207fe05e5398

SHA512
c798ed6fa161bcc4c4965c96a17eccaa1c6c98f7f854f9b303a2a3dc17f3b5f413a53dff8028fd6b71e9dbb684694162b459d258a76fd814074b042713abd68a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
e6b41fe0f2227e4c939ab69579860052

SHA1
1c548d79c8fcef2b0b3d48f0b57c96fceeed2ce8

SHA256
302cde224717309940919caa109be51c530d9e77f717805e792df35a709329a2

SHA512
cf4ab71370ef80fec649265fcb3e5a16067a4fa9a55bc7e62dbca33e62319ebc91293cf5186de9e0d4d74fc078cefab487de29011103efac5a78b02b743d6ae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
4a4adf44097e50728461ff96c17d89fb

SHA1
38379f3235354bbb2319f0be845adb832ec8f08d

SHA256
b5e68e64e295273969e162dbb2b9166769aa90eb516f3e9c80e4c81df57f74e1

SHA512
d2b901e97b57a3d5ba6f6e5e9f4835a7daf52e362f50e913b379d4d52723149a9b2fc30755b077740ad6dcad2a47c23d0586654f0350a64e43660c074aac1448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
a66b24a0cceb66df3c7e895dff3ec8ba

SHA1
7fd7953862e377d01936984038db6436fd5876ec

SHA256
26e9fda1232658ba27f9ac9ed3b41381b2140db3200bb204ad081483985b468e

SHA512
1a2c3b07a673a894884a5e06184ecf5628573c2c0e37b90ae79724fc89df894a62c78776739f44753b46311a01f42a1d517c4ba279d5dfde916d3790f6032983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
c17a1303a0cfba081d924bad1fe208af

SHA1
7c72bae60b5ee6e2849a894a143c0a95740b5bae

SHA256
e0f5f9fac31ade2d708673f3d1a0eb3084f72b3aa6873d07cebcd4265943ebb9

SHA512
d8b1eea6c18b5786cfcd015042af45090af57b0835d4e1289e08bd26467045d81f77c30081884bce0607416c006a3b8c95174e79021e3b39354fde5e3ceade90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
0d7318b0788e82afe6ef532cbeb748de

SHA1
99e8a8305645a7b6a9203ac55c1d8665d32075f7

SHA256
863c56dfefd085427732a170787c2850adfffb43d79e2f994cb84d279585fae2

SHA512
503c655f7c4dc26253673648594431eb19c8ececfb012bd5496e1c1c12805f88fa2d132a6ff4e5bbb177383ca509f07f5bb728e5a0dfe1158b452a5f28296e5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
91e87b578910ffb933823b73de163e46

SHA1
453e7bf6bfaea797cb1510f0b295429d9ef1f84c

SHA256
5495d42d02e101306c2ef4da21c6ea612ffd01f441b5642364be635e5762d6a3

SHA512
93bb45b0ce4f3d9a0c59494413bcd818012c664428c3116dbf6082d2b022b39c0d4a5af30b8540db2c42cb15fab1c875665092267908fd06ab983530d439a7dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
734c065f7dd359177b0a1236c21be0b0

SHA1
1d0e9661cf71813a2a2c3e59303528355e45eb5d

SHA256
bc97929ccaeb58931bebccb3bfb6c37a464a41dda35a435c9d5a9a89d21f2b8b

SHA512
66730f46a9b0f481d9e9df10d880108e6120fa3c073d32c6b51a1e1771afc2961b893e5804169bf05e1ba9cf6dbc15cf0dad8da02351605d0b45b21ed92f318d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
df7240f9ab1a609ac7cb15a45de79d7c

SHA1
da319547e2ccfd3ba95eee59d2c079db34d617d9

SHA256
0f6ee902c6de5f9ea32819df728437721a94ec18191274731bcc69eb9a320ff3

SHA512
eb1b3cbff4a0f00351d8336426d7218d48ee6207741e91108bdf19f28512843362c02baccedbb3d7ce5e51f3e9dd06ba8c22c77a568cd16d4d71f7151947970b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
d85e942164989da5e21b322e118907b1

SHA1
dc0630eb417058698044b43b2a648dfd7fc784bb

SHA256
5ba858e738172ddb8a75a2031c39d5b6fa4149d361c819c62ba37741b923dd1b

SHA512
2dd77f23f356562183db7adec9da1a006b7d6ec2c18039c15b7f8bef1f246741c7375c0cde89a83eefc4e08dedffff91c8d43703092916a3208919ec850c9f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
f412d899aa4bfc4b15aa61a26d2aa46d

SHA1
0567c3c11f54430d6080bac9a715974bab91c8d2

SHA256
7f9c8d099065726046b15de5479d8fab1c4684279b0eda2fb5eb34aa1c68b12f

SHA512
897d77192bedf5875563547cd9bc7a9046604e6786af07f98ddc85e20b7f1dce801b8332259e36d764af49fd1d0a6c1cc3834a99a794766d1d50f9d9fcb96632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1c706d53e85fb5321a8396d197051531

SHA1
0d92aa8524fb1d47e7ee5d614e58a398c06141a4

SHA256
80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932

SHA512
d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
94e44331f89666796c9a2e747464c537

SHA1
d903a1adc8ab5e5a2060f478b9bfca84bb51c5c9

SHA256
e99234f5ea772264e4c66670fc13d97634a05c1e5e196635db6cc457ef088aa1

SHA512
7c0bf579bac168fc05e1509061f0a632109fe00c25d07b6b5f146621e2924580a6133372939282d8b686b0bbbf141c830c6ed87888f581f69272f66d364c5edb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\30552b8a-98b9-4b88-b1ed-1f7e18887b06\0795c890eeaac682_0

Filesize
117KB

MD5
47892b57fb3ab3ffebe5640bae886cd7

SHA1
9e452d9da73bc00628dfa779e8a8f3e9ab07bdfd

SHA256
4cfea1c9935c53e5718858de9f0a938e158814f216afb3c3c9bcce7059eec86e

SHA512
1038ba536affe18b40af37362da2eb34a7469f32b412b0f59dd9ba192bf31f6f71d587d1946c07155b41dbc651cf6178ac87d56ae4a979b1e485d1ab2e83c293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\30552b8a-98b9-4b88-b1ed-1f7e18887b06\a8cbb288cc2e2ccf_0

Filesize
2.3MB

MD5
7972e38f46a71f8f4641dc2a2c95057a

SHA1
f698244f4d5e7b03e628a950aacd980d7c352b8c

SHA256
dd94452b89cdf7e30416d8d209196c3a995d97c806002370f2e293bfa3997b9d

SHA512
0ca9df2eef0dc4d8d69e044ac03b8e3d6880a7d01863789d63df517e802c9fe21fc4c278ff612aab0de4896c53af162a26fd46dbd328712b8a23b390da916265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\30552b8a-98b9-4b88-b1ed-1f7e18887b06\e751127ec28c583b_0

Filesize
378KB

MD5
de348289cf8dec4aef36b012f121386f

SHA1
4d25e53075fe36ca100c664357ef96b81c649945

SHA256
748836997e0c4d2b8080590e4d9f4049a4fade3a88ece8e12244c8ef1b0c65d4

SHA512
3bb661fc7246115b14910aa8e334c4aa11a9ef1c47f7387797db0e47317ae9d179b4e9c901a480a781ab994ad23f911ed997e5105b6affdf258ad3927793bff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\30552b8a-98b9-4b88-b1ed-1f7e18887b06\index-dir\the-real-index

Filesize
624B

MD5
c672167d53559c7affd0bb413cbaeffa

SHA1
22d89a1dee714bbfb99f54f0d942f58ce1dde7ef

SHA256
742fbbeb20764821f990a9e7db85c262647b1487cdd42e12be929b6b5d991ec4

SHA512
f4c7feba758c5bcfaf17d2da521a918584886cbaa28a9d83d0e550036595e107919762c618eb0e426e2595f9f66402e30eed2de6154d1c581bc0fc7bd3110625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\30552b8a-98b9-4b88-b1ed-1f7e18887b06\index-dir\the-real-index

Filesize
624B

MD5
f55c29f8a327454b8b3268bf53fd3cc9

SHA1
ec9c335e13849dcb3c063ff2080f948acc6d4d72

SHA256
fe2fa9c7985db0e7ec155c16920930e2c8cfb3d7526109c347216987a383fe1f

SHA512
b4852c4ce34b1f8696672c243ee980295c56c57de8f0c58999ac0bb69b83b8397c36035ec966d3fa772890afce2a88713be9bb195624db8e0a969f492a0f58c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\30552b8a-98b9-4b88-b1ed-1f7e18887b06\index-dir\the-real-index~RFe5cb686.TMP

Filesize
48B

MD5
fdc5d4de2b556e6c5416ba89555f1400

SHA1
e541f04cf7ce0e362f8836fc340a33dfcdc0bd54

SHA256
69028169bad4562904abc75520d98ae3006ef8e8846c26ab5c27d1a9fe8c9f12

SHA512
800fb2223cf0e42ec539025afad6b0dd275df2bfc9443d8a1795f9a12cbe3d7b583d2dc2a8e914126acd83fd5815b5e9f415653bb4f9e499f222723ac926726d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7d59b649-a15d-4bee-a314-907341d87b1b\index-dir\the-real-index

Filesize
2KB

MD5
2c0be3ec88050d9dd12c530137cf4a66

SHA1
1375403501b303f7628d200b166290de4a20ae4b

SHA256
33f1000d941ee0d714a56bf248f160469b6611b05e9e55b6067ef047ced50227

SHA512
36a6c3fbaf91212b7a06571c319d52954901c0d5c8b6b81c89e9da907ec80b3d3adfe2ca69b1aa6010fd839bd8a9a2219e8c2a5710469c4412a23a0e4b7f3b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7d59b649-a15d-4bee-a314-907341d87b1b\index-dir\the-real-index~RFe5cd75c.TMP

Filesize
48B

MD5
ae324395a70c30637a086ba774c2d831

SHA1
5aa60f1218a4bd4d6c0907e5932d87b19106bf0c

SHA256
803d65e39d9365a514486351a88d83f1a7a1c45b5b66bbdffb52e885a49b9e5d

SHA512
58657c6b26656791064baee31a6f7a02fc132f6fb89eabf530e08b58b4a53db267655667eeb91ac15cac334b661c4f9322af51cb9682a834cc7305f09b0a641c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ea5fe0df-87d2-43fb-a605-dd40e7f3f5ca\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
2f374cfbd9fa16d85c001ca8aa0664ff

SHA1
29adbc6c4ae15b355810af683586452c4aa2e53d

SHA256
684d7633fe754925e5d9469cec07033558d34132e6a669bcd64c89189ce6bcb8

SHA512
2c79074ab791c2fff62bfc2a5652191200f6de548709c770530a2a2b0072e7969b52986c340c98a0f7a277d4df2f4d30e745ae33ac6dec53e40bb08ca14c0a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
6194e7acfba6002dcd44d7518d5c4500

SHA1
00ac08e0a7f77db34655d9a281a6f052aa0a4231

SHA256
39aa75fb15b52d0af484e31da7a488ab50f070d5c8e3b91e34cbcd108ba7c950

SHA512
6144d1b167a23dcbb3244af77ed51f8539505b71cbe61cf354f7016ff12d0fd2c17d9857fc45d4210375ebb922f42fd9455a6ec8a3256de31ba9af2f97b08877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
ad76b185c5e777eb1ef8fb3b173e1770

SHA1
e72eda720f635863a1f0001041425fe706861e3e

SHA256
319157298bb3874f85a876d454f29a6a05c61083d6c468252a4d2ef9766a4b20

SHA512
9d334792a61a2dcdb0b31e877b6e44233c0f9f17080cce68d949e47fd25429bb339bdf5741603b416c69cc53309e2a587f74a87e63f1d70bb423424a13b2ad4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
94484dbef83f5fbbf6d58057214d444a

SHA1
51dde0287a8710fe645cd4737da026fd3b48e0cf

SHA256
93e936cbeac3237131802b8638f1e6f4af8b2cda86abb9721eadd4b6093d36a7

SHA512
95eb5f5feadb3d78c3517ae75c0341f06eedf107b3d3ae769f9d20df14d476bb4c9110977316f568fb24138b1fef7cdc18ecf6736f967c67c97fedf5adae8662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
635d12848fde28b96da33f716aaf6a17

SHA1
fa04a11634d7b1b22eb279bc5aa29f4960c907fe

SHA256
33518f24228bb9d674a6e827451da4f01013c8551923f811606599052ffb33a1

SHA512
2603790a15b0d2710ca20c149ee55e05cd3ac4f3585bb646e517758c3f2fe42d609ab1152f30d7d51db3a507ef781429b72f8bec95cde10e65128ea5417a5745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
f1b58b11add0f1156f0769047b4583dd

SHA1
50c6518874c8f02d469877b453ff743ac358368d

SHA256
6d4fc432979873e45a993365a4bf0f684cca74b8aafd9b6395040fa55ed86714

SHA512
34a5f3dbe8190ec2d5712f14a68814b32661532ed8a9f336ba27bc4a999449a5045b4d8d7beb76afdc0a96952a0ed7678571d662a35dcb1d99277e7355fe07dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
fe010dfc070dc6a7d4f1685e7267bcbe

SHA1
3f2dbb519c277c74868b884997c4ca8a46d498de

SHA256
1440c501f6500ee26c035490daeacf0e105a3382b901eb1d5df214d0d5a53450

SHA512
91d641fd33fabdd604d2ba39f87ea5911a14049b8835b25ecc4138f9b98953cfa6fe9caf5f29e77ef8b6d9754e7d302e0608899b171dee1e370dccdc55228f2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
ef7f7b85a2e03f9aea0073d03fcf0db5

SHA1
c7cdc63208b0220de3b32536dc6f0982ea97ed95

SHA256
5fd2cf0346150526685e55ac392c769a31dfb811a15a2536fd419b3bab229360

SHA512
020a1a7a6426f1e4a9c13192fd9218e847061c5c1060d5caeddca77f90373988873f72c9e1669f5ca621f8fa8148911f04da5a950d44900d9f109e802a7002d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
84656868623b5525dc49021e5cd2e080

SHA1
a2b9f04b67185d40989733bd1145b7458415d8ab

SHA256
8e154b1fcf99749857dc2b9477bfd22ca38df70bdb2e344eb0d2adb1dc72dbf8

SHA512
b1b50d51a008ccfa0e0bc30c6c56e23f5b24b27ed22faee07eeefac7a01adb6c3139ff1898afc03976270760efd705affa7452d852f5da560fba0b1a93b33742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
c7a82a642a8c6ed39985343e3ae45ecc

SHA1
eec2b99632d9d0d1bd6c1646773302280bddbb71

SHA256
8f1e212396591be7a2301f4d16d2d96e43c16e5803baf6a0b00685d8c2869b73

SHA512
7611946dc45963c6da5aad020876a14fc61cc193723b6e623fc4c0bbaf1a3edafa8b43953d632c203f0288538287875aba19e2562ebcf8531e0ff2e2ca0f1430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
47300c3db9be843aed37cf2ceaff984e

SHA1
8ae782a4c0b73709b7f47e583641a36a79fde8dc

SHA256
302fadbde337563fa37d50f8e022488de49075f55140a1abb17a7f39edbe5219

SHA512
56e3e7c5dbfe3fe10e859282cc831bedc93c9a4c0c196c938026f615f4749a66c9ed027cddb21012b9bef27b166ceaaa4b650ef4aa74d88c02cf7a61157a84a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
ab22e610f59b92e38c9be7a6ce37688f

SHA1
5c85597b64b08ced8d17144e6d2d566105cd7392

SHA256
d1ed7314a80915174fbbf8488503ae5478a148c4552205a18cc7082bb4295ffa

SHA512
6666dc912c8311a683937d7accea439b1dcef8e3d9259251a66034d0bb7f66b91076c21b3499e534083c86998ca2048678b132ec1ca0db70f5391926997bf5cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
524b99428951f040e07f3ceb7c9290a4

SHA1
c8ea2dbe11d35b6a7f5f5f91b8a3db2186bb5f39

SHA256
b05a0bc3573fba34c37bb98d5848802260bcedf1491873d1208167008cb9a51b

SHA512
0e66122931f369ce667e1e6f9a98b0804148a7291d1889f4b1f81d37c2eee0d7a1b6a17106cbf72c6f424db5d7dc0ab7c728259171003b61c2030ad9285a12a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
4cfa9548c15ede9cd063c5e1f7b36146

SHA1
85646a7b82635084f2fd55400d1ab6fd07547ab4

SHA256
ac9999183a032dd86c828da5ea48ca5ee41d732d6f37451c26ee14f1c1803b7c

SHA512
c58493bd58a5a4b980d97e6a0c6685bc6c282f419e02fc956449d3e20f19dc9d338e17a4aa4d219150e69ae5af7d058eb14e5da21c696b759a6ef3cf7532c4d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
c0a37deecf10d8d8a927b1d4b80c6cbf

SHA1
e2becc6616a91d3b751605a69f67b8a62af829b2

SHA256
058f55d961df1c342b5448541c6cc75d1863aa4e2670ef414aabef97827874d9

SHA512
104b7e2b298cfdac37fa6335ac5aa866cb85b67b257f5e3ae3dd58940a8dd24b0af27974561e41e4c037e334c114fc0ba2d7d2241ec316a41458774db4e416bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
00b7befb4832d42dd6dd1b958760ca47

SHA1
db3ad14c58f10f9d5f5a3097ea634296f8e046d9

SHA256
27901377448f504ec340705b6a2b67d6ce54078ec954ddffe02a1c1e08890054

SHA512
0c4bebe493050be7a2207b11975e8134bd218e4887886b6afdb378e0c8488549c211c0b592b3ca12ff363c672ca2fd01e1155581c8ab22b941e3536417333cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
8b8ab3f7a37c72bf9aabceac97eba6e9

SHA1
cc220fbc16424497edcdddcbbac35e5a57fbb02d

SHA256
7686c28fd9c1fc7acbc1520ee75c1c1bc041156fc8b628e0472730d33c83d632

SHA512
ecdc7165cda70ae11388d4073b15525fe9f41eb5decd5f1389df0fe8e77d3f925a522fb90de86be2c7031dd2a9595e30dd74447b927853a619902015dc7bded0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
42f48fd5df122452de3fe7c286b8a01a

SHA1
7f863a696e73bc8b1f87a4a1c0344040deaab065

SHA256
a93cf765eac3fbe03a44520ade9bba56c2b462840cbbea71c2004d4087daa22f

SHA512
3ce9493d3b22628a87b3d70544719e43faf55baeb6b4a578bfe8f459c5699ad60f23d8f7096a926710942ea09ad2d3daf9f2c22bb492ccf4231bc641251eacdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
93e17b1ff068537713d8b87f3355e374

SHA1
6142edd4f038cc5dde0d44bf79ffde235d53c619

SHA256
8680848f588959267252c7f838bdc751e54308c78bd623e4304512d6113b4195

SHA512
a80fb3da0af41b856a3b1d279d06bddfd5e765fe8de5bc323f48f53b6ba038fdde175005211ea3165987c02f5f5ecdb4146de21d2a2eee638f763fd767c828b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
d2912b5626b9664db5d4526cb8f089e2

SHA1
45c4a077167856aba9f019510a8accc9edf6c40a

SHA256
770e8a4b42b0cf66f5dceb35bd4f915252a6d849f1b54fe2f2e365e642452374

SHA512
4f8baf70890db2c373d2c50e92cfce54c48b56cc97404f43c389763b6408079c77b66954d8a7ab2c330b25eb92403283b17eb247a4566c06f4b1c1e00636dbd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
5933e5ea2989f7e4d02243965f576942

SHA1
9eb8c7a70c202c64e5cb9f28041411053743e8ec

SHA256
4f6d86c1bce02d0ae006ff2ec72d873ff5c13de817596fb2bd52e159dce256b7

SHA512
ae8e60f55f1acdb6645968a1f86dd7d8e498d9bd616db051622e617ffac296e7151c45d0a57e8e0c227a86e7b2cd7851a62796011694fabb299c88a268af1a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
935a34e229d5368e5b5e41c3322089f2

SHA1
fa31fdc362eaa3dfaf0c8796a5a73ddfc425f406

SHA256
80a6abb71ada6c13f70e9edf64fcde85ff92f3381fc3124056f8394de74383f6

SHA512
d9992c00be3b5e2953929acc7c8f9ad62fd715855d03390915ee72bdde574eee84db05353f19be860d35d54d3aa2d96bcd9f291b4f2a7007d73de95c3d4f88ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
722489692fbbce1f56b7bcf452040647

SHA1
adacd16fb50b1dbb84b53859a2248e171534050a

SHA256
7948ab7e7f3d581e500cae06672f17dfa8dd2d8468b3dbbc10a7e4be8268947e

SHA512
a774132ec7e13342abf3426b8b5774333e11ed23610ddab83ab6d0104816301d1ed102e9dddb12ea81a1568a0e63e368010b3efe3976aa31c86481282cb0e76a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
84e94da6dd176e1ea9a56ee007ef22de

SHA1
4b27609f15d144eb74076473f2d1ebe06ebd37c9

SHA256
859c2d557e4282f24ad273376eedcaa475f8a38571ee1bf297b9b7dd61b6b1aa

SHA512
08ac810b415e020fcfa3df9a6e5574d828338b16e9917d4d0323e8635dbc0c36a154aaddfee7d2ee18887d440975a38cc5353b475bf6de3dcf4aa394cd981c1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
049a68c1fee74792c03640fc370a32ec

SHA1
f3413931827f0641978e060a41f7b615456e5fbb

SHA256
f6eb3fb1d7e50cd4e6dcc56c114f9a124201f4669ef990495e831fa3c823675d

SHA512
82a6d48f413250a14aa662fa5bff3ea72408dc5b878beeb5055f607e7d5a8b6fe9629c839eb3e81e08b09b8f6ea396b3ec4bf1e6e87eee600da5a0e06f37bb42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58722d.TMP

Filesize
90B

MD5
530761c854e945ae2032ab0cbcfa21ab

SHA1
9a61318cd65fb786ba92de579bc9ecaec44e366f

SHA256
fd65228589efac9b348e7eb742c2ff585824d05bdcef83be3620ff9ac1a1cf45

SHA512
2db730efa21a32cbd99d5fa137722507dea79d07bbd0ec068f3ed329332c85489a9c223af90eb37cba2fbdc184d73cdbfdf3122603332bc678cb628f61ad37dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
16KB

MD5
f7afc11c43f8bf83e1e9ed502cd418a9

SHA1
9e8c9e3252d13ce20fa1924a944c4458988de79b

SHA256
0babbfca4e8bd0498324660be1dcc9247c45b3dc56df42765013055fca40759e

SHA512
940af9b58ee233c50d7ed0de0fc64f99e5f6a387ba7928b0205fa1cd2adde499ff21b960b7f5b58d799b8462e5106dd9d3f8bd632002998a0dd6261ed9f5f0ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Filesize
10KB

MD5
8517400c444521c37318b4f210389869

SHA1
a35612323cf33503c08389d7e22f705dfcd8977c

SHA256
6ce3a62f2363aa23cd9877a7cef59f846fd51bd9377cda4d4aae3c6e81be4ffe

SHA512
3ccaf8f7963ceb6121f9be999009e3408a5ba2a373531818d6f2affbf3df91ac5a7ecd731ec62bf16ac8ccce22d01f6c7ea2977d31e4262543a95039aaa055d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
161KB

MD5
1b1c28032479aa811c3370af469abc42

SHA1
d92e93105361d1517d6e7edc5d1a548e498db217

SHA256
9fe9c42f898babea4191576cccab583019550b57d454eb9a42c5e14d1c5f1128

SHA512
a8f5b42d12ecf0794f493c8baaf5a2ed588ff1000ff760ba7a9decdfe94451b21c2b3edfa124bd285460626eae350160368f217ab2ba1104d3e99247303182ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
390KB

MD5
6095d0111e7f23d2d2035c0f1fcfbfb1

SHA1
6c894a3514395d3868fee3b5c01cd139061e28ec

SHA256
6901f83cecb178b3afccc1695336eccfe8412863da6410bd56bdf266b9032b6d

SHA512
b61cedddfb8e7cf4e8b7c93f77fb67ff00254decff83e22b2eb3189e9d770233cad0282ef2b5eede1892242c1b6bb358f5cfd1d4e2813f9c13be2bd780a5476f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
2f91a81b27058ca7801f27b55f9fcdec

SHA1
34d9e7756f13bf5948d956ac6ba3575758d388e3

SHA256
a4785e7be9f9485e4fbde823fe3fb6d5d0818999960349ec35689fe48eb84d4b

SHA512
55df8f13bb51126c308acca4920cc93d28cc7be54f2f41055af46e54badec046892a9848a8b91e39caf4a1478961608008798c742f0468459894e0ff81548e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ca5fc.TMP

Filesize
48B

MD5
2e18f8c3df8c327dded38d4faa02a05e

SHA1
f665c70f097c5f27333532b9a63d7c97a52569ac

SHA256
51efa697755e7f6de619c287cde2edcc7c669b74e5fbc68767ecea5d77b43073

SHA512
b5aa4b4c252cf3b9206f28ec1ea1891827f57a7e456bba390f80473c825f6385fc5c7a2e7b16a51bb75ec60579291e73d5e4a92ab45589b1f4a71038b8be37f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
2KB

MD5
dbf6b3d67daca823d42a1340cb3028a3

SHA1
4c78931365ced4757a6063f195caa9f1ef508ee5

SHA256
9ddfa19207f01d178d243d442d001f17d13aed012a7f19d264528ed1df9ebc6e

SHA512
0807ccc2aab62a21770884469c964ad3bf2b46f56ff2353df147c83247b7c3df045a9b1a667101c25d643489d4af996d80d2586a455b5d513c4ecea7c82fe2e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000004.log

Filesize
295KB

MD5
9c470e9a47c9520f9c4c70afddbbed84

SHA1
4799c67e25912c5541b6a2d412d3bf29daafcdf2

SHA256
ccda78be67a8e4c5c321a8045a688e460901cd2672e3dfda4b6a6eeefce7c6ff

SHA512
21566c9750b727344d21f63c3d56f0149900919c388ca5ba8dd0a00f4f5d088941b945b08e5a35483cab235de1c8e54eefa01de92b698e855a84f382496bb576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
16c8f20c98aa98e615d5915579dddaa5

SHA1
60de4e2e1e996fa1e405b3d2ccabbd57f3bd4f22

SHA256
8ec06465d92e8b3056eace5a5141d639a750e80d4feb055d8fa11f08a48f4ee6

SHA512
304a1fc180cbfbe28d4f877f756d1a945098d56ba7596a6ae77ccdfae5f31a26c6b473ebbfae63ebdc5569ae33e4e95f62754425bacb6acf2a1f79eda9864db5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13345135797871298

Filesize
3KB

MD5
64f81d616827bb5d4457ca6a230eed82

SHA1
64c11e7a16467d70e6b7343efa5220ba036853f0

SHA256
43617762f6309acb738b52a92f650cfc9ae54b8da67f9210a936b6422e7dd618

SHA512
6ce603cb53cc0aa49d375bff531d2cefa22153dede67959aaf8c5100d62fcd7036e95ad9fefd98030d4774c18114f3efde1f93f1bcc43cd4c006e35684d02e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13345135980448762

Filesize
79KB

MD5
1d9404b5e9301b868177f0f6ad7ef2b3

SHA1
f717e0e69c1b2922a1b951166d5f965d608ea99f

SHA256
eda05450000cf100f33ca712283e7bb9bd191f1194a9721fa969e6354fc26fae

SHA512
264be943165e6dd03715a3d35b778e9969a85413781e34d4ae9e1c08ab2ec320c3334f5da7a505305d69931f47a504c6702405ebd08807b63e0ccb09a7385ef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
e977ecc95a8dd50feb46d7a730f6c4b9

SHA1
666f7e4878b4652db5a485b6643c22262871a70e

SHA256
1c9bb92df8e84922db02fa32c44ffd2db4869842d1799a6e4cf9287b503901e1

SHA512
07082c17685ef16b70b9a5aed15190f802b6c5f159f1269a6e49851b406b3ede57a39a904e8f3e3e8267118c922aac6d5a8272a2ae085e7560992e07299a6540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
04793b147ee4bc7861e42af149975327

SHA1
bbcfa55c28f983830d1cc61648cbd2ad6f168d7f

SHA256
4dbfd250cbbcfb6c144dafbcf3527b18864c01d055e49448bdfee91aa47f98dd

SHA512
2048442d4ecdc4550f0d32d3abcd954653c7ae04cf75028b25dd765eb94f38f1b095a425dd9a934c5fc156bba37c07c3a5a087f5b5a61b3398a2ffd7c87b32d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
d6c696cc85cd876e190b2765d0fbf1c5

SHA1
9a6a2ab8645be38289aba26a59d364fed4874b47

SHA256
fe0c69d50554c34baf278b161cd4f284d28fff00b9d93ecdd1c26e6c5b5c9970

SHA512
2826eeec8d150407263f00a2e524cc2fd85f96888a25a92794f860390b5cf9033a98f41b2dbf62ec5109b8bd29e54e3c607e3880bc530413f668112b61837914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
839930cdf8ebec5b8efed28e45c1426e

SHA1
4ec5725ecc8cc8b1b82069aa3ad103e8ca3d4148

SHA256
5204ab3494adf64e41f56c81428adec207cccc8f82b65bb3b0c7b81bfba3c788

SHA512
01506ec09645a282e6843ddb74f1ea24e2401fc32928cafb38939ef1babe0827095e186439ecd5826520cb15e498eb11ec3a0115b85177e56a5a37a2ea7df0cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e8510302a8d6ec41aa13122b974dcfc3

SHA1
abcc7b82f9aed9994e34b9968f424ede2f3a3c4c

SHA256
7ae6f6742031021e07aa7ddb5c2c6a5a1e230641ab85ca1345f9e4d2dd2bd9c9

SHA512
05dfdfc647584b435d96126af2ca983089ae920baf14dc60a13b54ef34658d43bfc91b4dd9af3ea7e1869edd0b051946f6dddd282576c55ea5665b5c176c8b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3092f9cf09de9b576e476c39f3524375

SHA1
864200c0ea915cbdb9df0f0031a8fe4d8f888a3c

SHA256
4697b350b499bb893ac128cb65b2fef364a2d7217fadc65022bd259ad1df1c25

SHA512
099f9265670287fd70c65af1f5537e0498bb6a17cdcf834428a9ffb1c640c415c2b96004cc23931955c7985200777a8b1757ea25530b22ec6c6eed179a2db331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
18ca67ed50933a852b5ebff2b15fc267

SHA1
ea8735eea21a58a44c4f9a17cf2812862dcd365b

SHA256
1757ec4b0b661ca01bc2fb2f95de67b447b91a1bee77343ba2863b6442f1d7e9

SHA512
1a27a246e06a022d23dc8918a0a1a81935611425d4c759b64294f9666b850a4a33c8f3a61fd063b36717efc72f263fc56f6c563d51c5f41dac067494b7c0463f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7052629344ec31d02987e7d23f13e7eb

SHA1
bda52ea4f0be72a2a5f83ff7aed894d95df5430e

SHA256
a2a1404a3b5c0e5556767ab5f8aad01e35215bebda6147755382fced0261b78e

SHA512
1b92c47fcb67605c26b60cf4f6942b0c135b2742c2f3ef451bce687ad6eca26839a85f8bbebc8efe7065271394f02b2c53bdec75d8528e419fda6b758fae77a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ab56aa1d59c746d67c5a5683e05ae3e6

SHA1
e7451134511fa38b03a5315c4b24cd9e8917fa67

SHA256
95d663e1c70d18b558e6350af01d21154f1daa6ec43b33593f04e1d2e8aa2a5a

SHA512
10e57e3abdecdc4d88db28b1c091b4952d652cce4451ef01bdc05aae0f41548dbc727cbec6effd8c5502bed8575733b0cc14873397c430478e167f4947f0ac50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5d46d0e3407f6a1360c886b9dc2defb0

SHA1
409f98236fa23beeaf38b54fa3df1b09e1a6ad04

SHA256
22a6c973230aaa72ae48902b491369e301d6f9755edf34deb95a086e762a9463

SHA512
cfec194652b81182f599ae9175fb8917c65da65be6b9845bf8198585a7c78dd5cf9890437e9295ccf10788438180ff2bb01922dee5c9fd541b5907e15c171450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ed2f84a5b6dd18a672a18ea0ffe0eb2a

SHA1
42ca60f986ead0f9129486d7e00d9ebe620c2c3e

SHA256
b300ba0632a5055eda2452be7c9d84d56f67643bdf24eec00e0adce9265ba091

SHA512
5f7f9c4f70b48e52fe94407ec3f57448492e97ee4d0638697079c58be56ccf9e0ae81badd6aed130088bbb1715d168426bf56bdc124c7ff407216aa060264950

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f82753f60081fce1592c0d797f57e952

SHA1
472eb5e4a0d7c3d6503624fb821a24159b985bea

SHA256
9ab7234dc698b41f70376e578e1918546a0488695ef362c7559e8dc4f8987ea1

SHA512
5f782a535a20bab51ebbf7d1af46ff499efda4320d064e965984214000a844e9a18416008404340dc06c5892aa008a19b12c29835dd781694e02b398a096204c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e001417b8676189d424f38d1e38d8a6e

SHA1
16e9a01f672d247bd244cc0ea5e518cd47528a5d

SHA256
5898869f66875c903552737e9b6df6c3ad614eecdf8c640bea6dc19a146aa6af

SHA512
f469f4c55c9db984f967fcf108ebda7f5fa3b668e17d9feb834d871d57b40ea0371f24964e1e8b3c56a8d4dd825f3b52a27080ad0f929dba76c4da4ed34ed593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5169d825d9909d5610dddbd45db3a3c7

SHA1
4417896abe1d9bab366bd88456535697253a6b4e

SHA256
a9f62530ca6941d286c52a054d4c558142a73ce7fbb662748e5b5d98cdd9bf37

SHA512
8872ee0c87492b9df740534f08d028a3b43ea975c241a527c9319de37b6fe4c2b9856be262d48a7a29c8b6cbaaa6375b5faf0f2c2d6fd13dda11397f404c9c3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b26e30c6b2a299c3e3a22cb910979e14

SHA1
35f1c698776189a05dd5c55439bfbf37027f87e0

SHA256
d0484282e4aaf9e77869ddefc5761bc52ef69e8ea8b661787da3f1bd56336469

SHA512
30cdf62323fd1a7e57b5bb66afc41d0b26e28e7a3546989373d5c00f9ca2216c38618f5d1d2f932df60a3970250679c19a38d19b7d642f7de6f7d7190f507f1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9cebd4583093749cd257d9cf92f8f208

SHA1
d3e42ab9ffa937748363c231b43ee8fe41a22a9e

SHA256
188b2ddfe8ce6b18078b62bd19123a8dc23e7571daf053de2edc6866985a3b92

SHA512
37437eae24c0ea83ab3bedaaabb89a9f68c810cd5f7ae7af6395b1806048bfe06d34509d7425969caee2f92271024bee66b52adeb650e58a02ef024ab73ffaf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5ab73336ad68a2cf3b86b1ced9a52d24

SHA1
c0c77bed68dcb8d32f2111aa20248fbfbd3ec194

SHA256
1e79d641cfa5c29b12d61aed2b79886fdf0bb88a1113bb7b2c1a53e8d43d1b4f

SHA512
43d63035c6b79c85f2265b50c2c60b26386ca9898896eaf6bf2e4397669711322c5de86d73b0903be0fe0c035dd47e6b08606bc1d85474164d1aed1ee9ccee10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0a98b799c718dbb926e73fb725971dfb

SHA1
7da5cd146cb7d10897b56dd8b3188644dca9f33a

SHA256
2d59a21c90a1b2b8aa56f840b58c3e17bd4ee681bbccb7df30848bdd090d843c

SHA512
3c7660bbb279d006e22250abb63b347a841eda0dd5917aa6393ff7be73913348db1af48379765318b584f154b627cd2576ac1babf86b4e5262db5b82ae132d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5eae1676340ee5e2dd31d5a905eb103e

SHA1
0e347112b68269548c79f1b1f14e5d8839fc6fa4

SHA256
9b83a2404b3b68d091ee46d580d9d1c7522bc7720b23b23bc049b9c801fb13fc

SHA512
a71bd9784af49f8ebc7e1307c80681cc22fbf5ad2236c863aca5ee3f1a8c01cde880aea08928abd7eb8786908fcd6c63dd5a2441b8936dbb3f96b8371f49b023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
fde5a144c5cea02e7f2d4f73fdee4ff7

SHA1
8e23b8f069da76592f9cd36cb7fccc1c23587411

SHA256
70c392700c30dfe7e33fbfb3e006dab1ebbaf1fd7274d6cd41ca6c0d4bf7bdbc

SHA512
7031936c2667b61fde6034651c31525a2c4103713ab10d2795f5a8db61df0d04bce9fc4eaa3872c3f515c73129c4029aeb43b54503c501319730c9eaeaa37e19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1a8bb71a344faaadc359e9ff02047637

SHA1
fd123f8cc6551ed1a5bcee78cd1f57a15d26989c

SHA256
297534d44c9dd66105487e01b919e518a59cecbd2ddb62d78d2105807a2c17e8

SHA512
9a6c53ef369a7453883619c5cbaf1b24b2cbdce22577a15ff8fa2aca6254f941cf3624bd455cbca0c4adf60ceecb34de98731bd5dcb2474dcab6da6e9ae19de2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3c1258b7280ca7eaba61bf80a55d8588

SHA1
f63263a48c20b026cf7aa1cb5db2cc003def4207

SHA256
836c2e239fb9baba2742834d733e3a5f4b91c8396492246cecf7e0b971c5de32

SHA512
a49f38d3231a03d5efb279c106e34851e570920d7f23c6e97b8937d41997377109c6daf5f1d8d8f310c024108f3c838c6f432a6bee0bc0ec3d4a96508493ee77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0d8117dac204f807c65075e39a501c9e

SHA1
44f2da525fe3df2006d1d1b8089189d2625e7947

SHA256
a64fd993692085d91fd61a78cea2bb3f26e8407ddd18d18bdaa9bd449c01bdfc

SHA512
cfafe98449e5d492131f037aef01f8fb1ba5dd1addca0556c758e8270db2b6f570b4e00b899e3d08ce51bf048a7b473c7c8948407eb6311d31ee95fa64cb60ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
38a6f36826c8c0249bb7aab98da16bcc

SHA1
ccf0c284ec17ed9cd7ddc02caa6015e85cba7e19

SHA256
7d360e60b0a0f534b21dd014186bf819bc38631d308ebb9faf7265e7fcae9cb8

SHA512
13e3f7c09b74018e1550c408eeff8b41d7b5f01e7c93227271c7918fb38ad961f1ab10bbe555a068ddd23ceb0a9c71e7356ed62366f501b7fc64f66dae442af5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f9f7973dd626a09db550a2c5b400cc7d

SHA1
8f288a91c6cf1de63dbf5385ace847b4864b8b5a

SHA256
c831f126c716b5bad097a572c994390e26761dfb02c526ab8ed9ecd33dd382f8

SHA512
2765148fd277a62ece34f2c9f746d078606ea036e9f2ee45bfbaa5439085ae1028cad8d787bc608455b7fda54b9d49b03ed1702bf049daf408583610e634e8f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
cd48e3c72889357882ac24ae21aa9633

SHA1
87c8843f01e018ce6ad339bc4ab38376a48ae007

SHA256
46cc2f3529721839d72e50bc6510ffe928ff85b0223aedc2c1eacb2a9fca8546

SHA512
f1c3664fce4c1665d79d1e719b54e54b224ec8b8c047cc7807a34e8db70ec20c1ee7322c05a43b3ab8fa0c475161c9238a67b1b252dae2b7bd5b467343f0a26a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ab6ab31fbc80601ffb8ed2de18f4e3d3

SHA1
983df2e897edf98f32988ea814e1b97adfc01a01

SHA256
eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8

SHA512
41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ebc863bd1c035289fe8190da28b400bc

SHA1
1e63d5bda5f389ce1692da89776e8a51fa12be13

SHA256
61657118abc562d70c10cbea1e8c92fab3a92739f5445033e813c3511688c625

SHA512
f21506feeed984486121a09c1d43d4825ec1ec87f8977fa8c9cd4ff7fe15a49f74dc1b874293409bd309006c7bbc81e1c4bcba8d297c5875ca009b02e6d2b7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
904754a73eb4f8a75410a92b2b7a920c

SHA1
208f9e70a93742e8ca1f5e2537690172971209be

SHA256
c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db

SHA512
cb251f3f6679b9f339c3697f64ed056ae53caf22aedbf37fb57dfe47e8c0e95f295cb180c342e415bc540a9332c0aa9253af7fd2ac17b3e80ad94bcf2cf29469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6671db8c02f3c234bc5b756619a0ed77

SHA1
ff451a14cdd61df48cce4448f118377af77da143

SHA256
f7858098c26ef2a143b0e7cafbc03040c3c1c3185f446517108a7bdd2a6d9c4d

SHA512
1c6182196ec6086d5316c741f974e6ec4efcedc3eb835ade8df2762d2ff245f055c05ed95e06fea3e04fe3a08e9582846cf2588c31fd69fc4978440039604ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
edd71dd3bade6cd69ff623e1ccf7012d

SHA1
ead82c5dd1d2025d4cd81ea0c859414fbd136c8d

SHA256
befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6

SHA512
7fa9b9ef95db0ce461de821f0dec1be8147095680b7879bad3c5752692294f94ebc202b85577b5abac9aeaf48371595dd61792786a43c0bd9b36c9fc3752669d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
a874f3e3462932a0c15ed8f780124fc5

SHA1
966f837f42bca5cac2357cff705b83d68245a2c2

SHA256
01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d

SHA512
382716d6fc0791ca0ccfa1efba318cff92532e04038e9b9aa4c27447ac2cac26c79da8ee7dbafae63278df240f0a8cab5efea2ee34eef2e54e884784147e6d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f2a5e561-6f2f-4a82-8b91-d9f762590227.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
728KB

MD5
f655cc7056affa24d5d2282563ab47e2

SHA1
980522607e077da831c28baebf8b9043acd5f077

SHA256
86b8737c159ca83510b1f4cc7222b673f7c72f01abb9ac86bd71affd96169fa3

SHA512
5c7fea16d16901a95c5b3ac4db98adb39d456d9692cdf7258e0f8ad4ae4ac6699ccf1be4799e8523a3fd6fa313f11438fffb86218036113ee06353492cf24ae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
15cdb2a21586c7116fd48b3b87df8ac6

SHA1
e525eb05ccf1c18d00ab989eee8c0b4963950e20

SHA256
c974ac5775b2e0001d1d92771fe8832a8fa3ee95b7feb8ca03f8463a19d3da4e

SHA512
6b8b7460dd2091b50a06cff5bab0cf6044ebc7e92067d3df229f97a487be7fc9c9b342ea897a12cfe50a54f6804d6fda858999a635d35d8a1c00c18c411c6e4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
e6575438bbe36cc6c86b796716990318

SHA1
183dbf67d43fe550f426654596881e0d22e308c5

SHA256
636d65d93a4733b433ab331df8a78002b7ed39ba6e913e82b26c6efa0f7ca796

SHA512
0f23aaf8fadb1c813415cff96050ff1d8a9dc7520d9b243839c180c080e194ef2bd6374fc1aa38e0d756f487b2424814783b6301767020da675add2ec3b1f76f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
d918c3d3263d9653c5b688b8cd690d60

SHA1
76797df5cf19c5b3b08cb7b99e57e16ecc034f11

SHA256
51fb7f731d90d139a12ac75beb12e8d1804b573940adb694a98f3241cd61ad8f

SHA512
fffe1b6d58cf20ebd37067702d722ccc3636674c34de74718a60ae5536291384751f4f4b68505a89c18e079719093c8cd9d01de2a827dfbca4608e97af882e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
9655b025bde2a9fe641134147c6c9fd7

SHA1
e5107de1935632b1c169f293f1b60c61760efa56

SHA256
67390ca73dc6463c6ac9a8df3451ff3c39714ed8b65861449b8956c0afc14fca

SHA512
1a32415786d7abca4da577c4c76e8324b11177069b5f39f69ce18fea308e7515eefd4be19d2c627888ba2c32e155571380cdfe0f3de09ab9dba5ec9545d1d8ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
c2fcae59a6f3bb9b5ff675a152a22647

SHA1
899622d688c640ba2a80f44b40e17d97a14c9469

SHA256
53ff19d291cfaee83e1c60a49517039f87d515cdcceca0b44ad0938d33b6f11c

SHA512
47223cc0e05466c1edb52fa26b973bec0ab29229cfb2cf62ed62ea306bfb6dc881373c4ffa9d558c5116738e31384571f506f26387a0a0ce4e42c96089f88f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
971fe425ead3b23532dd0fe92188be56

SHA1
ee8886f31517f9534bdd02fd2ced418f5d2a6575

SHA256
f6a6be836a85ce054e9232bc9a708391dc7f78e6503bbc6815129824bbcb0aa4

SHA512
0b55d3ae188b7f7b3b282d605fff4e5eabbb93d6be86bb9c305ed45d82b3ea16d31a9dc2c5a588f0d7ba4c48f51c851a43d797fdbff83b0e239e52b7ffc29ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8810576c5e911de8c06e36e7e22c311d

SHA1
009307fe5b9896a5fb99c37272caf45fe49cab21

SHA256
ae24be9ec53d29fc61ac1d44bf488abf1a10a785491594b4f372710d291b8b81

SHA512
2caafede2aa55fcbc13303aee86349d49bf3eef755c5499b49e93bea3c5bda41ac477fcbda2fa7ca8a313727fe411591fc055bd7795938fa5ee87d46b87d21b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4e4c0ff35c619da8306f8c0dbb7d9bb5

SHA1
9e6fba5f1fbad107761cc8e83769cd4d1ff17413

SHA256
b3a9326481030999e6808f3b096fd95e2455f0c8b0cf5441aa1ec97914818e4f

SHA512
31c58b828250809cfb1b1cece4aae0a5765bd22b1f0117fd388f39faada263de8ccaeff156bdf82852867f9193806c375c18d7b05f4b75e04ac58cc81f0e1d1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
53fa8cef54f71e426ac8853cd3db6457

SHA1
5e9486ffd8505f953b4c0134ed696b5209b54440

SHA256
2f56cba9118faa53ce26593f4d43bb42c61f233318c9ee87c7055e6703a2b271

SHA512
4ace099d37de183c8a6fa3e5fece27f652ac0007d9a41f1909e3c7d9c69de16d5d12661144b180b264f917ab2c7ad384a6c4e1bcc5930162208c38255b2d92b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f7b3d1256af848f4070f41e702a7dba5

SHA1
e6abee21d7e7cf46f85fa3333f71851089dd8312

SHA256
521313c5a9d5475dfec15e6485c0aa92b257966971a91161b26f19926dd71dea

SHA512
1949757177bbe41e8016f6bafdf14a3c468917c56211ec6b2e95ed249a460d9502af7b31b68ce15e543f7e3aa12cc8abe0780c48900e89ba10ac90187a0c7145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dd2189295cd1aec99c7012123a8b234b

SHA1
e5d630ec55f3fbbb1bcf289167b225e52bc7a156

SHA256
56abdd2d140690f3d7f83927cc5559489bbcc8946fb19e1dde5ea418d17c6871

SHA512
4bb7e82009302a01291a8a8fa0355608e8c0537dff4c7fea492cca1067e369e34282c2c4265fbb9d4007dbfac8a800196b04d4d62f9b888046f41030a266ecb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a012253850b1e1b9479f0e1804cb20f8

SHA1
4163760cb9ae9af485823a07da232863e37b27af

SHA256
056e2c835ac0814ebaa9ecd74922bd0b48165f383be0ca77f36481befb681c04

SHA512
ce7a2b468b3bf2cfed7a93bb65d4a1ae59fc0c13dae6e0a535532ab1dd39f4f7c518db1fa81dcee3136514d614aa310293c2f2d0bf2b30159c18b8d6b59739bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
95b7115b9062f8a98ddd5d5a4c7a0124

SHA1
cf610a8fba6fa6d87e68343c1da77415c76c733d

SHA256
bd2e59dd47f3a6f89913bcdc76a26f2dbb894ac1c92efc18849e89482436811c

SHA512
3f55f598abe98e4613272647bd0cbea03490ee2230869e508b6626e17d566b3351d6aff7b873eebb7b9627dacf94734ee5942685500706b39fd5a8efcd3ad8e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
104cf31755f1182f881d391b58d80bef

SHA1
d0d314d6e686d82004d67b44502f986a86dad3e6

SHA256
263ceb8d4e046285a35d626a1f781c92add0ddd022b405f405456725c2b97fb5

SHA512
0195ff6bc1e7c19d2ba3d00b7af81c80c04e4220c167343e80406c821a814de530263a1ead040fdc77e41c9abe55be96342600161c965c370d0f0b220b511a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
53fa8cef54f71e426ac8853cd3db6457

SHA1
5e9486ffd8505f953b4c0134ed696b5209b54440

SHA256
2f56cba9118faa53ce26593f4d43bb42c61f233318c9ee87c7055e6703a2b271

SHA512
4ace099d37de183c8a6fa3e5fece27f652ac0007d9a41f1909e3c7d9c69de16d5d12661144b180b264f917ab2c7ad384a6c4e1bcc5930162208c38255b2d92b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d8ab38acaecb53ccfb52d8b2fffd3899

SHA1
7e33e502663b8bc1b17c2f91637460ca8fb2e090

SHA256
5cee0e595784e43e86a3a30d2f9c092c643f1d480228ccb156165fc7508e753c

SHA512
da2bd4ed37ac511581872428b25a662f5b2cbf6327b2afd4b953199ce369ee6156d2531b12be2cb58ca9ba1ac9ce5698cc0d1083f7e3b47e36ca3666632f0ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
daf805525a8bf61d7529d69581596159

SHA1
ab72f4d0a44632441caa2a7483fec6d3f4045282

SHA256
7b4daf84c9d00d5c834bcb2e57d286224e0d8742674a5a1718d1286034da24bf

SHA512
ff1301880d803e59e3157df09d45a4420e10cc975902f6c10f9441b898ffb426572ed295ead310461608571158e856000bc4d1fa656a0967a1c5420ae5ad0aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
775a77d321e1aac9ebf8415642c570a8

SHA1
0dd4518222b8222e157cfeae2ec11e46fe56cdd9

SHA256
d7bb27ff66c7a743ffd14e661ee0a21749e3a7787173fd19df871d722b34e5f5

SHA512
dcc73d3c1ee9b4fcc49afe74cdb8fdbf5a3e5302192f12844ddcb53e9bc9956d85b1d0b6875d6287421cc2096efa6fa9fcf9107c17c4443282eb3ffee775069b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a980efd7b88f48536334f167c6a8fd19

SHA1
61251492bbea17665c60eb30d0d9de735d017b84

SHA256
a3fceba9ee95cf14321b8d4bfcfbb110022b18dd2447c77aa0ff5409fdc21de5

SHA512
5940939436b1063b515b46fd9728c1515a1657a44664d899b2046901657946f022d3dcd7db8e4d4613e3f1200286362d21d73a0f24721da8db6818f58bbde75c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f1d606608cb9dd3ddd0ea5ebc8ce7a39

SHA1
0f60e13feaf943c750065a2879d12cd5ccebd4f9

SHA256
c06a3dbb825106ba4ecba042dd62f78be4eac35bfabb7f665edf46abb30968e3

SHA512
5fb4ab0193271e3e5f6f974a025c9c77c78cc2bc7eaa189203049dcecff42f04b17c802887c294d61d3707249083b0286b6dbd4b7f500ac125579b9abc5c67a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4aa7dc7107f563a101c201eacd60dbf8

SHA1
87ab21b86932784d2fd141ac371cd627245aab6e

SHA256
25554888271f8a43bf527b5aa515f12599ee59fcafd68759b36eb2542fb9fe73

SHA512
e3b630d88367b64a244093d2f9c244c3b9b0dc73685a8d06d6c9be67e7da07263d56ef654e3d00b3aee9eb2ccf4824d42a0706d4ee17ba588c534fff7f600be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\eb1c902c-06d5-4699-8dca-5232d662af72.tmp

Filesize
11KB

MD5
c2063067406036c49eed5b43593d292e

SHA1
407da790754b7f90979c708f9645da41e703cdcc

SHA256
0f438aae1dd205afa54b81d957bfa30e503e6217e6ac71c9b57c3ede942ad3a3

SHA512
8c01402c27640bfd410ead255a35e6562a6ae4c23bc07a7b4b8c5fece540ccf5ae019b03184033f2401bf790b982fffce7ba82bcf542bb24b30c6ad1dc574d2d

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_4912_LFKEOCBBHIMYRHQH

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_5760_DIZHLYWZHRQSWQFK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_4596_JPATNTVYNOLUKSWD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4972-3354-0x0000000005B80000-0x0000000005B81000-memory.dmp

Filesize
4KB

Download
memory/4972-3356-0x0000000005B80000-0x0000000005B81000-memory.dmp

Filesize
4KB

Download
memory/4972-3357-0x0000000005B80000-0x0000000005B81000-memory.dmp

Filesize
4KB

Download
memory/4972-3353-0x0000000005B80000-0x0000000005B81000-memory.dmp

Filesize
4KB

Download
memory/4972-3352-0x0000000005B80000-0x0000000005B81000-memory.dmp

Filesize
4KB

Download
memory/4972-3346-0x0000000005B80000-0x0000000005B81000-memory.dmp

Filesize
4KB

Download
memory/4972-3347-0x0000000005B80000-0x0000000005B81000-memory.dmp

Filesize
4KB

Download
memory/4972-3345-0x0000000005B80000-0x0000000005B81000-memory.dmp

Filesize
4KB

Download
memory/4972-3355-0x0000000005B80000-0x0000000005B81000-memory.dmp

Filesize
4KB

Download
memory/4972-3351-0x0000000005B80000-0x0000000005B81000-memory.dmp

Filesize
4KB

Download