61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc

max time kernel
280s
max time network
299s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
15-12-2023 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[email protected]
Size

14KB
MD5

19dbec50735b5f2a72d4199c4e184960
SHA1

6fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256

a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512

aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
SSDEEP

192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

[email protected][email protected]

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\Control Panel\International\Geo\Nation	[email protected]
Key value queried	\REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\Control Panel\International\Geo\Nation	[email protected]

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

[email protected]

description ioc process

File opened for modification \??\PhysicalDrive0 [email protected]
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	\??\PhysicalDrive0	[email protected]

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Runs regedit.exe 1 IoCs

Processes:

regedit.exe

pid process

5732 regedit.exe

pid	process
5732	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

[email protected][email protected][email protected][email protected][email protected]

pid	process
5072	[email protected]
5072	[email protected]
3468	[email protected]
5072	[email protected]
5072	[email protected]
3468	[email protected]
4524	[email protected]
4524	[email protected]
3624	[email protected]
3624	[email protected]
4540	[email protected]
4540	[email protected]
4524	[email protected]
3468	[email protected]
4524	[email protected]
3468	[email protected]
5072	[email protected]
5072	[email protected]
3624	[email protected]
3624	[email protected]
5072	[email protected]
3468	[email protected]
3468	[email protected]
5072	[email protected]
4524	[email protected]
4524	[email protected]
4540	[email protected]
4540	[email protected]
3624	[email protected]
3624	[email protected]
4524	[email protected]
4540	[email protected]
4524	[email protected]
4540	[email protected]
5072	[email protected]
5072	[email protected]
3468	[email protected]
3468	[email protected]
3624	[email protected]
3624	[email protected]
3624	[email protected]
5072	[email protected]
3624	[email protected]
5072	[email protected]
4540	[email protected]
4524	[email protected]
4540	[email protected]
4524	[email protected]
3468	[email protected]
3468	[email protected]
4524	[email protected]
4540	[email protected]
4524	[email protected]
4540	[email protected]
5072	[email protected]
3624	[email protected]
5072	[email protected]
3624	[email protected]
3624	[email protected]
5072	[email protected]
3624	[email protected]
5072	[email protected]
4540	[email protected]
4524	[email protected]

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

regedit.exe

pid process

5732 regedit.exe

pid	process
5732	regedit.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

Processes:

msedge.exemsedge.exe

pid	process
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 5704 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 5704 AUDIODG.EXE

description	pid	process
Token: 33	5704	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5704	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 59 IoCs

Processes:

msedge.exemsedge.exe

pid	process
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

Processes:

msedge.exemsedge.exe

pid	process
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

[email protected]

pid process

4868 [email protected]
4868 [email protected]
4868 [email protected]
4868 [email protected]

pid	process
4868	[email protected]
4868	[email protected]
4868	[email protected]
4868	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

[email protected][email protected]msedge.exe

description	pid	process	target process
PID 1836 wrote to memory of 5072	1836	[email protected]	[email protected]
PID 1836 wrote to memory of 5072	1836	[email protected]	[email protected]
PID 1836 wrote to memory of 5072	1836	[email protected]	[email protected]
PID 1836 wrote to memory of 4524	1836	[email protected]	[email protected]
PID 1836 wrote to memory of 4524	1836	[email protected]	[email protected]
PID 1836 wrote to memory of 4524	1836	[email protected]	[email protected]
PID 1836 wrote to memory of 3468	1836	[email protected]	[email protected]
PID 1836 wrote to memory of 3468	1836	[email protected]	[email protected]
PID 1836 wrote to memory of 3468	1836	[email protected]	[email protected]
PID 1836 wrote to memory of 3624	1836	[email protected]	[email protected]
PID 1836 wrote to memory of 3624	1836	[email protected]	[email protected]
PID 1836 wrote to memory of 3624	1836	[email protected]	[email protected]
PID 1836 wrote to memory of 4540	1836	[email protected]	[email protected]
PID 1836 wrote to memory of 4540	1836	[email protected]	[email protected]
PID 1836 wrote to memory of 4540	1836	[email protected]	[email protected]
PID 1836 wrote to memory of 4868	1836	[email protected]	[email protected]
PID 1836 wrote to memory of 4868	1836	[email protected]	[email protected]
PID 1836 wrote to memory of 4868	1836	[email protected]	[email protected]
PID 4868 wrote to memory of 5016	4868	[email protected]	notepad.exe
PID 4868 wrote to memory of 5016	4868	[email protected]	notepad.exe
PID 4868 wrote to memory of 5016	4868	[email protected]	notepad.exe
PID 4868 wrote to memory of 5020	4868	[email protected]	msedge.exe
PID 4868 wrote to memory of 5020	4868	[email protected]	msedge.exe
PID 5020 wrote to memory of 4272	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 4272	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe
PID 5020 wrote to memory of 412	5020	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1836

C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5072

C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4524

C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3468

C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3624

C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4540

C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]" /main
2⤵
- Checks computer location settings
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4868

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd9e1046f8,0x7ffd9e104708,0x7ffd9e104718
4⤵
PID:4272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
4⤵
PID:412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
4⤵
PID:2472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
4⤵
PID:4404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
4⤵
PID:2088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
4⤵
PID:3996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
4⤵
PID:2972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
4⤵
PID:1244

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
4⤵
PID:2284

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
4⤵
PID:4476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
4⤵
PID:440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
4⤵
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
4⤵
PID:5252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
4⤵
PID:5260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
4⤵
PID:5824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
4⤵
PID:5916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2708 /prefetch:1
4⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
4⤵
PID:3124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
4⤵
PID:6124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
4⤵
PID:384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5276 /prefetch:2
4⤵
PID:2700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
4⤵
PID:5532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
4⤵
PID:5940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
4⤵
PID:5168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
4⤵
PID:1888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
4⤵
PID:6036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
4⤵
PID:64

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
4⤵
PID:5596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
4⤵
PID:5132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,603268154836163890,8275845286274819484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
4⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
3⤵
PID:5756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd9e1046f8,0x7ffd9e104708,0x7ffd9e104718
4⤵
PID:5768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
3⤵
PID:4196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd9e1046f8,0x7ffd9e104708,0x7ffd9e104718
4⤵
PID:5544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
3⤵
PID:6072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd9e1046f8,0x7ffd9e104708,0x7ffd9e104718
4⤵
PID:6084

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
3⤵
PID:1140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
3⤵
PID:2188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd9e1046f8,0x7ffd9e104708,0x7ffd9e104718
4⤵
PID:860

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
3⤵
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
PID:5732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
3⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd9e1046f8,0x7ffd9e104708,0x7ffd9e104718
4⤵
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
3⤵
PID:2476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd9e1046f8,0x7ffd9e104708,0x7ffd9e104718
4⤵
PID:4632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffd9e1046f8,0x7ffd9e104708,0x7ffd9e104718
4⤵
PID:5480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
4⤵
PID:4192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
4⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
4⤵
PID:2788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
4⤵
PID:3228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
4⤵
PID:2712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
4⤵
PID:528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
4⤵
PID:412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
4⤵
PID:3560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
4⤵
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 /prefetch:8
4⤵
PID:5700

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 /prefetch:8
4⤵
PID:5312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
4⤵
PID:5360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
4⤵
PID:4248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
4⤵
PID:64

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
4⤵
PID:1724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
4⤵
PID:3764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
4⤵
PID:1564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
4⤵
PID:3652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
4⤵
PID:556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2820 /prefetch:1
4⤵
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15388252136275687222,10665914876089359650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
4⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
3⤵
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffd9e1046f8,0x7ffd9e104708,0x7ffd9e104718
4⤵
PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
3⤵
PID:2920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd9e1046f8,0x7ffd9e104708,0x7ffd9e104718
4⤵
PID:5700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x298 0x470
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2256

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\460d2eac-9484-453e-8b27-3cafa29ef943.tmp
Filesize
12KB

MD5
27ac976fc2e8e2a8fabd74bbf5b0c876

SHA1
74ea4391e60b85ec20d7ca93e7b4451708e81e34

SHA256
93346e81e9e948a91088c0ac89cf651eaeec36dc43466842930fe56df63d8df1

SHA512
3a465bea414dffe3aa87588f7da540e553da2621d43a64b3ab9de622d04008fc9bcbb2ec671cf3a3e52de777dbf4a0a19f6765e5db67e6b794ae6decbbfa60ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
56b9cf6c617ba45b4f10622549ebd641

SHA1
fa9b33f75d10100594f53da20595da3d33b1162c

SHA256
6bb9bda92152137a85968bbe137edc4b33f2c78174501cd81ed795454625e94d

SHA512
6efc0c3a73cef1890be620cfbc509a258f52940db682662621ee7addb6cf24f1b7d6a55f2892dc4013a6a7a7b143ecbe2d50eacc9a5ad06cb2a13b43f12600e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
050b28330a355aa4eb2703d2dfd93fb3

SHA1
a7c4a5632d488e041290fb9727db09a844b5e612

SHA256
647e26947d6a451bd7603d26eab59ee74b2fe159b45e1633d0f4efa4c10c78f0

SHA512
ed13f95d27f93a20fd14ce8d2eff9d1feef64b6d463efe2aa8ab411f44bff80e15ac5458f3356413ff56d638dfc5d4be065f18aaaebbf885ca4d3ba79e170df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
9757335dca53b623d3211674e1e5c0e3

SHA1
d66177f71ab5ed83fefece6042269b5b7cd06e72

SHA256
02f0348e2af36f2955efda1613dc6480f1c68c8e55f19590b7b58e9355c6a940

SHA512
f13351398f5dd5b6cf638b174dc50ddc782b690c6d4736d48941923a3425b5dff4a9aa0da22773e9abc9559d40f020f268018db902e0a7772b7b1f4d21126f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4d446be9-de7a-4217-b62c-a6b17f1d97fe.tmp
Filesize
2KB

MD5
e437e6f0b0d377ffe45822fe7a17ee04

SHA1
2bb2c6f6cab37c51072d7c3bf79fe10679c95813

SHA256
4ae4437d3b8b9576f786ee756ac9d5d34739f74b472582ebfe7e551a1ea99cfd

SHA512
a8cbf245e3d085a2527df44917903ca3514136d759b1f3de42756a0fb14ecddc9a7507fa8fe4b3c4f9b2074ef753868c3c4b5837482fd147c9810dc5a70b15a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9daa2e83-718f-4fd6-8b28-b889982cd827.tmp
Filesize
2KB

MD5
96f957a3fe1e52382c648cb488d1600c

SHA1
ac2e55b705668bdcb40038735494bb32b7b3eef0

SHA256
360c2668f4af87cea9ed98e2755820bf6393f4753523eb4dd44ffbfb71308bd7

SHA512
95e6a60e779c116010887ce2f2dadee3439c3f6bc80db026bcb344249055b73e4aaac440a228ebbd6658dd947d8c7ca3bff743bfd8a6b05b703cb9d68112035f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
576B

MD5
3e203318a0ede8800be43b487d775345

SHA1
9e8625f9a68aeaa9ff2ac1ebe90fa3d52355a940

SHA256
608010213815adcf5034aa7149e098776e0adc8cce92632916907c979a18c431

SHA512
9adadc3703e4d3f504bc9f5b414a19122a598478cf381faad4846b4f8a1dbcbfd1cba0a2a349ba791133cca403a6196a111fff1a2f9b66030f8f0f9ce3eaa8ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
a65dc311ed6f871296761dba464418e6

SHA1
df5511d18b62c4fc438f5af8eecd92e1b927ef84

SHA256
748ebcb4cd6fae91b92b092f5e999ed11161dd1e6b67facf2f7923728924cf0c

SHA512
15fbf4277e1d5737a2ee95a40455754aacb115e3eee4f8eed79ea1c9cc3004db077000b43a033b91e9bd595cae5dc2bd9f19f63e46c96956cd0f3c38848ed4b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
319B

MD5
e6009fd0433c10cde5a0343c2d6ddd81

SHA1
8cf0c89403705c3085964156fce95ec994716fc8

SHA256
cefeb4e8c6aa469e488fd414c670089f472579a0c681a92792156f13d4c98c08

SHA512
2c34deec5e2bdf9e7ca4356cd2d50a71df91ff521212922a9ac70cf094963c72dbdb853d6b2a56482b116a69a2e33a5c748cc1440a2a7ea49f9255d00d7f486f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
28KB

MD5
1b55c0a35ef6c216b9825532cd1e4cfe

SHA1
2bf9274773b14b8d6196b3f19ffe780d9179b77b

SHA256
9c1c0b53e2e2544e9024d830efd44764fd7c130ee319ea0c7e946f3788077e91

SHA512
cd5f92c106186fdaa6ae5b69bdafdbe29debe745536ba1ef19df3d16448ad2812d5899f5984991058bb53d9b083d49a206f14a4a43a052970fc3929965dcf9a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
e6fef01a20e57699b650ea4c4cde1d47

SHA1
eb43a67fb419c652026c3633cd307c2e49c8c6e9

SHA256
155c9c6a7d110718b43737aab0d78397eff4990d20f0f8cbfeb943c7f546c3ff

SHA512
316e6f8e75c83e9b906f08b90f0cc003271ca519dcc7b127c927d112916217008a0dd59d4d60c284138069430d2f1332e47a734bf0ad430bbde59b188e3bdbc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
5eb7bda56542d1970740ad39f6f55520

SHA1
901494ae87fb4b912145a0b78291caf48dccb29b

SHA256
0ddfa05f5181521ee2c06fa5e4527e71b5c3e1756e2ad6141da5364f8b1f48d4

SHA512
59dccb05ec3e86ff983ce1cd78258a27f130467da42bea11a8370edad88f1fb6b8f0f3860803de55fea6f90a4e7ae14b7b6a4b92b95e46d5834c856f9f1e878e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
5KB

MD5
8a5359bfb8a58193f19ccbd1fc4ae170

SHA1
5f99b191f6c68a9955098fd7d8e5082e4d45b1d0

SHA256
6244d1d03cc00db577a028f9f999cb0bc520fdc009cd100a56b2fd0256d3aea7

SHA512
e5cb445d947a2c56a33988ab61f549a5272801707920be90369394ed0f51d8fb897b08ea5e60f65b1b15246279ce23f2c00fce4364478517f40c82a6caa52683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.vice.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
864B

MD5
b0b854380db98cb468b38189f86809cc

SHA1
6c29d08aef26be1dad02636cf3c194170f29e321

SHA256
0099d172848008961cfcfdcd40cd51563fa1cca72c6c60587955aa410e6db222

SHA512
09221a74647cf14a2b578ee52154e27065c046c407bca288bc102f040110b9ae3916355046cbce93ac32d5c3f54a2bedb8800a6b5205009c35705a407547aead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
bf8361d4e9958b832f323a9393efdd5a

SHA1
cc98d6735be410e6fedea04ac55daf29813f3e27

SHA256
7fa6c719e8e2911867200e1e4eb466101e4298e345176ebe687180abf8faeee9

SHA512
9aea464765b9832981dd0f65b5c129fecd5a369838e46345ed0a8215113c54a41e8da0b724b64a6e68bcda0c13f039396e700a4632d54a2156b36d6d34519b61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
4fb398f758e4bb95252e109d392ad676

SHA1
851269f950145d22e4929f92cf46761f44483415

SHA256
f081576a5fc569e6553bca2bf2ba8359e98740a1bf6dfeaf334fb448be1d6aa2

SHA512
ca5ffb709adf9b7f63932e2be1d614038a3f1acc65242ca7dfaef3cc2328c4a09869c1a4b5fa86122fbbba56f6661e29c1fce93db880dd486046567c02c66607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
2d0134fac226f014961dbfe53138e05d

SHA1
33c51158904fc210e171d64e605ebfe8cbd5dfe2

SHA256
fd603e90dfa87f52f14e72eaa35c5c7ec9816fa5aae5819a5df599facf9ea8ce

SHA512
4a1355bf4ff8bb68688faec52e40585a282a259de04b2464a22b96d9b2a89328f3d1f8dcf2388dfad8a1a0f1a7ee8aad59387ce9ce70f24234f1244b2fe6043f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
4ea35a250f7cc98c0ba85e0c11737e8e

SHA1
08505212a34ec3b5b77527465112f9983349e32e

SHA256
24f1936c9898b8823d0986d4f53a9235996c2803eef6b1fe6f36c7b31f61763b

SHA512
97e9ab5ccaaa84c961dead58fbdd5c3a345b43589d2c0b9366d508d33201395385c23ae8f0946a72f8ac1e877a4fa3d8bfa04f2a2fdd8ac70b79d4d3eeedc832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
93286c1cfcb3607b9fcd2803b4c4dc74

SHA1
07b327f81650ba5584d38ad6fbb8fa1ddf03861f

SHA256
580186ea7a3ee0e53d146c9fc2220f591c10b44c814a8ddcd4942f4ebe65c18d

SHA512
be73b2e1f1b9ad9cbb7c6e9ffce2eafbdd5c172c10e12c007ed7d86f5770cebd8c40c73526dc523a9606205a010682fa2ec4cf0cd3bf6583680e8f5ae2b1c46a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
2c5fd064d68aeb5383dbcec69d260ba4

SHA1
4b341d2e75bde2cefc0276093989074fd99ffbf6

SHA256
d02a3bfe2191922e38673cac63489b4793f00b19881b57002c82b6ed417a3f45

SHA512
b1600838758c901db188da49743fd14733648138876dcc795101fbe2f7a2629d97c569702b338242aa9078c681c2213bdd8489951504ef9927cc9ddb7e5c3f20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
e6fadefc965b882923a7cf21d3336423

SHA1
e98bd25fff89545c8034c6c3037d8c61006aa925

SHA256
3e2bbd90a7a9eeffc90376ed74999b7b7fbdfdef2d1b40e0bc003ec1a198c9eb

SHA512
a49381bd4fdbe0d7c54c723c3d5c057b69126d13c0517d2cc347312b1885f1b50db9ca029e266fbce8de6d4e25b9d1262b4760bbd22e422ebe58980149ee9207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
3359d172a1e9cbbaaf6f9059dbffc491

SHA1
868331a7864d94689fc926ffb75eec0be6b0a395

SHA256
b71f16364f9377070ff095856f1c0481fe41dac23fad08f49a537ddee1cab472

SHA512
9d9fc969fffa40fd4258060b0884301943e1ef0b8248c289669867862241fd0a404b447e7ecf42d0fff5b761f3a39b3e70f7028f2c29e54feb5fd7cee23da440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
42858e67dfae36a66d0503c0c5ce175e

SHA1
9f0fed919eb4ab659d9a37414c002146bd64996c

SHA256
8d9270ba764c6edcaf43ac036d568dc6a4e17a5fa21cf28464589dc87865de46

SHA512
0e11496c56a015295e44ec7080e407836dd5f9182b6418ece798b77619fcd97116ca3ca46fccb46be3794777d2979f34db1e2f5c273279d73dc0118240f8ed19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
d022e80f3a3813361fc881aebf54838f

SHA1
f6b3b44ab123154deae52f81466f9f89f5d3f978

SHA256
78aec425f64ea4c33021ad0ce840d79b2efa76f8ce16f0776ef3b0dfd627c338

SHA512
4d13c94ac0a24508cead14cec58c59d5aedf1488f03d5e112cef1e7e097f654dff3c168a4b56d5a1d3c506cc5a0e6fe65a8746d85244a9e39b917720dd6080b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
8fc35d5457e8d5669f0204f043fe20a1

SHA1
d97d41fd7b5d64719ed35798f02ea48283171eea

SHA256
0d06aa0840c5712c320844435cfd165b7f5ae383e34dabc46dcbc321b41bd8a8

SHA512
f2c9f0e792dcad6f78491f22b05668148cdc5b0a200e2e3c514a18190794f33865cf589d80dbcc732ccc46624c6f1c08366c479c941823d3db2abc2fd3a5d2cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
7e0e69c937ac434aa75c5096ffb3a517

SHA1
8f4eba4bc4a6fda47f43b8dd8b1a80b75ccf2861

SHA256
9b18321bd07e27a2d53a301705b97a3f7bd1030da39c1ad65a1ca084cbab2642

SHA512
667802670d57329648ff273ed1b9185630e93f074165193a879fe948c27c9efc5127afbee904789db507e1964f8e4d1a7cf75cf176c0b2ab89290a8427f7e689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
2ddc32d5008d25be2c5aa31351144cf8

SHA1
cb548cbda4c9b3afd2c3049e15ffce5f57b3f2c2

SHA256
5a6f623834a18b2bae8bc574f71ec3d7edb5b1966eb9726207ee28a9d94d8f86

SHA512
d1b811c752a57ea344bda512b6374d8cdd68e875fbbc3862d99ad87f4d1b6628f09bb05f79998afdaf97b4de283da23e323ee4d6aab51f1d8eb3e52ed262fda4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
a87bbc86560a02d16b2c4a017494bd1f

SHA1
ceb321403f00f0086da5b4e601aa8272138907ba

SHA256
d68341b5b3d82c5eff3ce6bb12cdf19260623dea62b3b582e2555a9d15b08ad2

SHA512
1bbccdd0d5575e97434a96a281781502e0e8fbb1838061f7d236555c9ccc0efcd36fc93ae9bfb6c9289b67640f615577bdb6243dd25118b42ac0a207f0413f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
3562a132ca3be5bd2d3e1961d542ec5c

SHA1
1f9f1ccabe66cb90fd09a68703916f4be6764db8

SHA256
8fc0a908680eaa92ebe459e9affe6058adb27254ecc614572aa6966eab36bcda

SHA512
3c2428d5fbc8ca897e0d84f896b9f35f533a3d07b2454e1ea7c1ec1fced327034209d98a58a98f45fca68abd521329d7b8fa4475b77f180d4ae8b3f82908cc6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
163a0fda51c8b101041b9c23c202d050

SHA1
ad33f6c7e8155f535437eb0a011e03140f7308d6

SHA256
c33096afffcdf068de3ef8cdd406ebf8b12440a5e34c0ebdcf3b39af67c63278

SHA512
76e64a39271dbd40df430e66ffc861bda2ccf67c1d3c7a784fdb6d12777f8da2273bf5e033ef147c7c29b3aa4f1a226cdd1ff0387d0e0f94ca40672c3eb50120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
c0499655f74785ff5fb5b5abf5b2f488

SHA1
334f08bdb5d7564d1b11e543a2d431bd05b8bdd1

SHA256
6aa332a4d21802b2dbcd08e153764da60f538ceb0daaaaf7504ba8f67c08ef03

SHA512
5f0cec6dd823f2b3ac62017383dbbf71ed38893724312ec75e73fb197e0bcd5418bb70fdfe9150f5ca495d5f8547d8a08618bdacb5010514a3cb1101437d698e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
e65dce818fc141116534e5427da6da76

SHA1
0601ffb3dcd847b77234948ab2bc73c95aa539ae

SHA256
fd904eb023d74dff9360ef2cb72f293981d3257142c8a5ca3814b7cd4d98a743

SHA512
6ca90ed208f4c004089e9761d6c5ea75be29101d16bd5e4e6d3dbc93f841bca7df92f0ea556dc1ac806a41e98a6b1b461770d7cc9eba0a699db41842c7f02250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5badb1.TMP
Filesize
90B

MD5
ad63cdad1840f558c0962ed08fbd300b

SHA1
95a6911336c02c37366b1c592a1015ce2aa3eb3f

SHA256
fffee79c0d33c15b306c1982137e6bbe9c753f74477a8042ccdd2508b596e1c1

SHA512
0daaddb0261b5b02397f4d4f49696214e1d5d844391c03529adb283d30b6f86a2475d424e0c627ad3ffec69f87702090c4f4ee5f9671ea80c2f04b2701ccc6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13347126055281975
Filesize
10KB

MD5
3c8bf686242b63794cabe25c8ed6cb34

SHA1
9877142ff364e23d1073b673fd75679eaf633dcf

SHA256
4d65c1b7af6f424e0203982c9d42a2b430ad586191fd4f737887a279ad853da3

SHA512
041f052831d90b5df384913498502157255b0f59dfd49a45d3f253f43717e0beef8d25e764741a64e67add9d1c3a3f6c81cede61237093b2a21baf8bfadc1a1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
262B

MD5
537101c7eaf8d92d45778b67e8bb1c34

SHA1
2e1a4eeb444b0b443d83a78bc127b873e03ff9b2

SHA256
38cc4c6987fbd669a29d5ce74bfea12c0c9d0a81f1a0859faac9b87a26d65994

SHA512
bc03305d0916def215e49dc14d79ed028d2463983a749f20fb6d8cb2fef05109e1ce76eff883df4fef48d9a6b35c99c649e11ed28491e6251e64d2638c839bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
1a52fbe1bee75c24f7b13f6a4d4f6bef

SHA1
25b4e49191bee38ee9c7f5cb99a4ac251533822a

SHA256
ee215d44661a825852f5a19609a95c6d152f526ed1acf90e033b8e169938bf09

SHA512
3a417d32ccab436a36c757213bbd6e882648e1fd5f0fb51ec779769e670bc216e900851b36f4331361edfed55153a769f0464b274ccc387de46745471d6c2045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
170843ee945c671328c227906862b18f

SHA1
1642b4c397661891052ecc287c7c99f3ea2cc985

SHA256
0ec4f7bde377684d5bad26c837df4e636eb839a902d8d3d9a201e1fee7ee7354

SHA512
67737d5007ffc7970f3964f56c19f962a38cd17de65a9b767d40177a0dc242a93472c9cd3552701f7567d478b59e261080fb303dac099deec6b4cc430773b05c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
baad3fdb80b0f3d98ac1ba1fd7afcbf9

SHA1
b9bf416d8b41676dc5038b37bb6f1ddf6f146fc0

SHA256
dab641ece7cfdc0868be79acbf7cca0230a9be39faf5999f8eef71a916817cc8

SHA512
885c0024101f4fbfbab8e07b558964d3f433e611a26ad4f5cce4a3d329ccb0c98181fae8ff7bea3da4e57746b68b85458fd8fa587b016db44399d3094f7f1507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
2d1b6767e7a4e1d09c175f216fa7b153

SHA1
24b745de337d7504ad96a9022d8324dca1546f16

SHA256
e8c6bedcb0ab113627333905f3e1a0026139c4c2d6a5829ec174152a2ed2cba6

SHA512
feb6afac409f79b69e56846681b1e71157232ec6eedb74a787f7662b6659451f7645f04a8fb038121a6dac4937d64190b6c0acd922ea95601a472564827c96fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
6fa8ddcade2ee5cb6d1514779352b40e

SHA1
df9263e6eb90d2837c6ab309d09c6ca3e4e36008

SHA256
84ee9b152b6ad4d942a5feff4cbfa3b4ebe2caf05ca13a7313d134d4a93dd289

SHA512
bd5695288daadabe758a2926b916fe2797e2db051a9e1d2aff00495b52d263aca428ac64fbfe7cf541a88b70a0157d4f97630399bedcdfb7f69ef87b2a034ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
a9dc05dfdf6cb080348ad70d172b99b6

SHA1
2bd0cd8bda5526d7214861e09e12c8e6afeb00c1

SHA256
e4599bd2f8985f2b014be1254f5e6ab05ec1771114a44215da0111d814526683

SHA512
75176168cd7c87c573aefa125c3b6d5270e05154f449e53cac7499748e2fb9dc400666f74067e60caa8c35a0e7771c6baf32979ec6535b19f0610eae86f0971d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
4709674495c8f4b5ebc57b61f30ff878

SHA1
76c3bd25afde2e3c002eb34781d0c1eecaa83dfb

SHA256
8474219526c5aa19a738e6f3b56fe37fb6168be5188ae8cca5db0619ad8401e0

SHA512
599d3e3a0ba2904dc08b7c957a109fbd7a9b9d79c7016c9c74bc18d0c57583622250c07081a7d190f5600a032f8ea7a7b1a8af2d6f6ecd03221579b9ca59b9c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
1eab02a10436e036006af02d18d36185

SHA1
c1b3926a9ccfa0e1f0a1258669187a5a6e246088

SHA256
5bd97d3eb90c3497c94cfc87649a4ed3be72d0e27e12d3c9e872083262164963

SHA512
c90eeae4f9f10268b2b286e4870cc3f7a2cece41d16adf1ab3111eaf03d7ad2fac1516e00790639816aa404c673db674e30466f64b61562f75929e748e7f9f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
894c5eecaace5a3ad80e5d781dfeae65

SHA1
e05fc1964ff718057aefdd5889adc08c1360d6fa

SHA256
f960707a129cc7388b1abfe9883772b1459befc0042b898a91407bfdeeccd646

SHA512
5e8fc9eb5b7ec74280045634b88c3f8df21f0822e92c691e1b97226604bc0558493e93b3b70745c3e73a48b4aec7e0a417282771c8956bfd707312de3fc58d2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58db77.TMP
Filesize
1KB

MD5
b935dc1fbb788b86dff9740faf9caf01

SHA1
627d8f2db18b0bb049a6d9833d906324579ad3ef

SHA256
08c53c0d6f1f125b49d2c2a38d365050344fe0d346c1dc8885513ad258e2e036

SHA512
8046c377ea39b3344dd44b73cfc4c559647a991cccbae47b22fd3996ac9aaafc7ccbc791bfbcdedd8c818b41083cde2a97d207e8c126cd87670b9b703733baeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
7f64c69007ef348794aaccdf64d1ad31

SHA1
4446320743a4f7651b39eb955ea2bb37588618e8

SHA256
f8016bc977aa11ae7fc4acef9f28766f9be7a05995c1e66e0bdec613029d5a86

SHA512
71d05b2c511b6befbedfc84f6b3d81f64358163e4aa6686e4f94494587500fba67f194b4c8269113fc2ae7781944a74490d57f81c2dc1be1b020ea325f394d7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
Filesize
2.3MB

MD5
a03397ba492259706a509d498d59fb94

SHA1
4a1d1e76f54ab958c489066309103af3f964a6be

SHA256
cba5b68ba65099ecd7dfc58409a7ab0179031be128adcdae208791761b245129

SHA512
adac1370646b17af774079ae27c607523761b7461d86f3d595d1f94f9dc62ce1e550ce5618c38b037353f3d58b062f6a179f1d47e03158a2974b44912c5c6027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
263B

MD5
3f52d55a65a655bfc177404071f4f4fa

SHA1
1e278cca402bca5955e04fa9a7f7f12580b1017e

SHA256
5d42415f876979c6ced40b9a00d915c2d47c13b0729f9d258e81b9fa7d4f3331

SHA512
0cd00f310848064f23b6c02ece9b02806ccd9d0b315e1097a06ae1f121b62ce8c97f9f283b16d3ca5197d9710fa9a31285ed0ef1a94c1b7b88a07daffa6fdd3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
322B

MD5
ba920653c62196cf92a74e0340a6e696

SHA1
ac2d83ea61d2a42c6dbd1a94c2fb8a7af5fbe811

SHA256
c4683ea58bb116e1d0ccd6144ee09eeea096e11c6cd7e77ef64903f8bf50a23d

SHA512
9dce560dda97f18b1bfb489d1cc55aa4cfa905fc86f2b997a59af6ee28ac8b307ba672d0785fbd70c24c9ba4d67bf58fd33ed34eb23f20bdfcaf4f65b0f09b66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
594B

MD5
b4b066b7279da35cb4aeb2bbfe8390a7

SHA1
5cb304830a7762792f98f8dbb3721a9e4b16f84b

SHA256
a66495eb94ed852c29358b4899a13769e126298d1c7f2b13ceac3c83e7265e92

SHA512
d8dd96264148cca7a7843b064603a187ac65d32fdfcdfca94520da4b79eaee4457b062ed7e51d1778fdffb0e7a6a2f3ccc1641d0c679ae1b53a34525156d6764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
340B

MD5
403f77a736a99f539b7696c9f2a2dc7f

SHA1
5c0e2b99cadcddcb0bd790271e993c9f03b503be

SHA256
fd66b2b20d748efda4c6e263d52f4b8cc712b4399c5384c85547e3d196d81c09

SHA512
e2b85dd5533c1149e77eca0256acf41f8852be92d2e2040127d22d9cfdf73d4cf95a9eb4fd36e53fadef804dcb8ad2d061e853e0e0ac679ca7cb12d260936309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
db47943f41b23bf00745d313273dda60

SHA1
53f910c8cacc0d98c08ab58e47b096e31e66499d

SHA256
168755e9955294a20f20d74939dfd2505dd009ae38e842fa7727a64e7321e1b0

SHA512
662a2871215f7a0476947263b0fccb44c93f20ca81ae2d079cd706686c1e93f9e451aa4ea66afaa5f247fe31c4e07c19a2316cf2718d50448c2e2afe1e37b92e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
806f3a31639c8b0bc006a8843474ebfa

SHA1
51f25875605a3dfa5f8226a308e7e8c6f13f3e68

SHA256
75c9ef7f22789bf5df4f4797ef6ca7ce274af4f89d288045ae0a59e9d0a377a6

SHA512
a3459461f51e144e2392239411139b97df99f768f564942b7772c46c46575b49a75fa6e1964b3f891d8e9bd537330a9aff44badff4b9ede080879e599538dc47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
79126ebf4def75f6cda70c3d9507dd80

SHA1
b1761ccaea5810f7679cfd3ceabd0927284b324d

SHA256
811a0043cd3aa031a0b6bd7e6410e37e15e9451558285ef7cc93e61ab87f7759

SHA512
9a940d98bbcfb7fb8eb009fe99e04eead981f02a106f178e7f6748ec3c9b1e9570295bcbafb16164a7beed18e091ab7a023cc56fb35815ccbfe8c730d579b0ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
c709619df998e046fdb2bd0b0a60a14c

SHA1
d02cc78374747f1efa77e6154999f24205437955

SHA256
c10d020201e4cca2ce9e0ee5b0337321107b8be2337b464635261de62b34a4c5

SHA512
63b63bf63e31390b2d1de870a0cc6a4ea36f7f21af3807a9452f6c94e188f10f623b12244a3a4753038e810e046c53a87fa4b40e20f9015fa547b81a48945f05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
fee5eae0b51bdfd9bf74425e3aa555ae

SHA1
db3311e135b50ff1ecbb70f984ebbf3843d70ecd

SHA256
4cb061aa05a633494d9b48fe18f080941c1c37eb87cef3953c693900094b6ccf

SHA512
89e3259f2c8c7f67ea79324d5b2be480aff6af41e9ad8dc41bdd40f84fd72dfc64d8692eea778a7b6ce2cca527bab55e639f684d1bea18a6d882b683d84142dd

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_5020_VWBBWFVRJSWCOCJD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit