630a2dec95e68275d9ffa75a87d4809a9da69434c30cd95099fa401c9e4c9ebc

max time kernel
408s
max time network
526s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
02-03-2024 09:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

630a2dec95e68275d9ffa75a87d4809a9da69434c30cd95099fa401c9e4c9ebc.js
Size

475KB
MD5

b3466ea07dc83fcce7eeba0dbc1c8aa6
SHA1

1aeee7429327e3241fccddd4b2f06b8e6fb67ab8
SHA256

630a2dec95e68275d9ffa75a87d4809a9da69434c30cd95099fa401c9e4c9ebc
SHA512

f8b4f246112071a91c125ce6384a0b86d6be1b9631801e53e9e4f2b8027b4b5acd9aedf8b4fab7c7dd69e1729f1ef27b2aeea1f940ffceaf8f2abd320fbb57e2
SSDEEP

3072:VVnNs48OW0kT97kFUxj3mKMABR3R7DyWvEXNemiS0KPMID5whT0bMNj69wrVRs3f:nbkw83zLJtMtwmIj6ERCcXhe

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
50	raw.githubusercontent.com
51	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ-Destructive.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Enumerates system info in registry 2 TTPs 36 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1101742937-4171729779-750941522-1000\{363AFF90-5D8A-4332-9CCF-103461AE8CDE}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000_Classes\Local Settings	explorer.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MEMZ-Destructive.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 369194.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
4604	msedge.exe
4604	msedge.exe
4664	identity_helper.exe
4664	identity_helper.exe
1356	msedge.exe
1356	msedge.exe
4888	msedge.exe
4888	msedge.exe
3484	msedge.exe
3484	msedge.exe
4936	MEMZ-Destructive.exe
4936	MEMZ-Destructive.exe
4936	MEMZ-Destructive.exe
4936	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
4936	MEMZ-Destructive.exe
4936	MEMZ-Destructive.exe
2552	MEMZ-Destructive.exe
2552	MEMZ-Destructive.exe
4936	MEMZ-Destructive.exe
4936	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
4596	MEMZ-Destructive.exe
2528	MEMZ-Destructive.exe
4596	MEMZ-Destructive.exe
2528	MEMZ-Destructive.exe
4596	MEMZ-Destructive.exe
4596	MEMZ-Destructive.exe
2528	MEMZ-Destructive.exe
2528	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
4936	MEMZ-Destructive.exe
4936	MEMZ-Destructive.exe
2552	MEMZ-Destructive.exe
2552	MEMZ-Destructive.exe
4936	MEMZ-Destructive.exe
4936	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
2528	MEMZ-Destructive.exe
2528	MEMZ-Destructive.exe
4596	MEMZ-Destructive.exe
4596	MEMZ-Destructive.exe
2552	MEMZ-Destructive.exe
2552	MEMZ-Destructive.exe
4596	MEMZ-Destructive.exe
4596	MEMZ-Destructive.exe
2528	MEMZ-Destructive.exe
2528	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
4936	MEMZ-Destructive.exe
4936	MEMZ-Destructive.exe
4596	MEMZ-Destructive.exe
4596	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
2552	MEMZ-Destructive.exe
2552	MEMZ-Destructive.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3568	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 61 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5132	msedge.exe
5132	msedge.exe
5132	msedge.exe
5132	msedge.exe
5132	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: 33	3568	mmc.exe
Token: SeIncBasePriorityPrivilege	3568	mmc.exe
Token: 33	3568	mmc.exe
Token: SeIncBasePriorityPrivilege	3568	mmc.exe
Token: 33	3568	mmc.exe
Token: SeIncBasePriorityPrivilege	3568	mmc.exe
Token: SeBackupPrivilege	2756	svchost.exe
Token: SeRestorePrivilege	2756	svchost.exe
Token: SeSecurityPrivilege	2756	svchost.exe
Token: SeTakeOwnershipPrivilege	2756	svchost.exe
Token: 35	2756	svchost.exe
Token: 33	3160	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3160	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
5076	msedge.exe
5076	msedge.exe
4748	msedge.exe
4748	msedge.exe
412	msedge.exe
412	msedge.exe
1232	msedge.exe
1232	msedge.exe
1316	msedge.exe
1316	msedge.exe
696	msedge.exe
696	msedge.exe
6080	msedge.exe
6080	msedge.exe
5464	msedge.exe
5464	msedge.exe
5132	msedge.exe
5132	msedge.exe
3832	msedge.exe
3832	msedge.exe
6100	msedge.exe
6100	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
3448	MEMZ-Destructive.exe
4936	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
2552	MEMZ-Destructive.exe
2528	MEMZ-Destructive.exe
4596	MEMZ-Destructive.exe
556	MEMZ-Destructive.exe
436	identity_helper.exe
4448	mmc.exe
3568	mmc.exe
3568	mmc.exe
4528	identity_helper.exe
556	MEMZ-Destructive.exe
556	MEMZ-Destructive.exe
556	MEMZ-Destructive.exe
556	MEMZ-Destructive.exe
2336	identity_helper.exe
556	MEMZ-Destructive.exe
556	MEMZ-Destructive.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3736 wrote to memory of 5092	3736	msedge.exe	81
PID 3736 wrote to memory of 5092	3736	msedge.exe	81
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 2324	3736	msedge.exe	82
PID 3736 wrote to memory of 4604	3736	msedge.exe	83
PID 3736 wrote to memory of 4604	3736	msedge.exe	83
PID 3736 wrote to memory of 464	3736	msedge.exe	84
PID 3736 wrote to memory of 464	3736	msedge.exe	84
PID 3736 wrote to memory of 464	3736	msedge.exe	84
PID 3736 wrote to memory of 464	3736	msedge.exe	84
PID 3736 wrote to memory of 464	3736	msedge.exe	84
PID 3736 wrote to memory of 464	3736	msedge.exe	84
PID 3736 wrote to memory of 464	3736	msedge.exe	84
PID 3736 wrote to memory of 464	3736	msedge.exe	84
PID 3736 wrote to memory of 464	3736	msedge.exe	84
PID 3736 wrote to memory of 464	3736	msedge.exe	84
PID 3736 wrote to memory of 464	3736	msedge.exe	84
PID 3736 wrote to memory of 464	3736	msedge.exe	84
PID 3736 wrote to memory of 464	3736	msedge.exe	84
PID 3736 wrote to memory of 464	3736	msedge.exe	84
PID 3736 wrote to memory of 464	3736	msedge.exe	84
PID 3736 wrote to memory of 464	3736	msedge.exe	84
PID 3736 wrote to memory of 464	3736	msedge.exe	84
PID 3736 wrote to memory of 464	3736	msedge.exe	84
PID 3736 wrote to memory of 464	3736	msedge.exe	84
PID 3736 wrote to memory of 464	3736	msedge.exe	84

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\630a2dec95e68275d9ffa75a87d4809a9da69434c30cd95099fa401c9e4c9ebc.js
1⤵
PID:4060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3444 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6536 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4199734449897668012,8651235209314982653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:4960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3340

C:\Users\Admin\Desktop\MEMZ-Destructive.exe
"C:\Users\Admin\Desktop\MEMZ-Destructive.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3448
- C:\Users\Admin\Desktop\MEMZ-Destructive.exe
  "C:\Users\Admin\Desktop\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4936
- C:\Users\Admin\Desktop\MEMZ-Destructive.exe
  "C:\Users\Admin\Desktop\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4060
- C:\Users\Admin\Desktop\MEMZ-Destructive.exe
  "C:\Users\Admin\Desktop\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2552
- C:\Users\Admin\Desktop\MEMZ-Destructive.exe
  "C:\Users\Admin\Desktop\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2528
- C:\Users\Admin\Desktop\MEMZ-Destructive.exe
  "C:\Users\Admin\Desktop\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4596
- C:\Users\Admin\Desktop\MEMZ-Destructive.exe
  "C:\Users\Admin\Desktop\MEMZ-Destructive.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of SetWindowsHookEx
  PID:556
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:2980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:5076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
      4⤵
      PID:4284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1812,6740756726368518751,6941230981493736033,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1764 /prefetch:2
      4⤵
      PID:2720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1812,6740756726368518751,6941230981493736033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
      4⤵
      PID:2036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1812,6740756726368518751,6941230981493736033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
      4⤵
      PID:4860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,6740756726368518751,6941230981493736033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
      4⤵
      PID:3456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,6740756726368518751,6941230981493736033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
      4⤵
      PID:2088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,6740756726368518751,6941230981493736033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
      4⤵
      PID:1572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,6740756726368518751,6941230981493736033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
      4⤵
      PID:3172
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    - Modifies registry class
    PID:1228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:4748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
      4⤵
      PID:2324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,15218235698234843424,4033607139115242593,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2036 /prefetch:2
      4⤵
      PID:4640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,15218235698234843424,4033607139115242593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
      4⤵
      PID:4428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,15218235698234843424,4033607139115242593,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
      4⤵
      PID:5052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15218235698234843424,4033607139115242593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
      4⤵
      PID:3692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15218235698234843424,4033607139115242593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
      4⤵
      PID:3544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15218235698234843424,4033607139115242593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
      4⤵
      PID:3656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15218235698234843424,4033607139115242593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
      4⤵
      PID:1456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,15218235698234843424,4033607139115242593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:436
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\System32\mmc.exe"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:4448
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe"
      4⤵
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:3568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
      4⤵
      PID:2488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,6393784307882436619,15767271208787599880,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2068 /prefetch:2
      4⤵
      PID:424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,6393784307882436619,15767271208787599880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
      4⤵
      PID:3164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,6393784307882436619,15767271208787599880,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
      4⤵
      PID:2832
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6393784307882436619,15767271208787599880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
      4⤵
      PID:2160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6393784307882436619,15767271208787599880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
      4⤵
      PID:1436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6393784307882436619,15767271208787599880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
      4⤵
      PID:1824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6393784307882436619,15767271208787599880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
      4⤵
      PID:3476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6393784307882436619,15767271208787599880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
      4⤵
      PID:3132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2000,6393784307882436619,15767271208787599880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
      4⤵
      PID:2072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:1232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
      4⤵
      PID:3812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4393999912467566475,15653875238712071569,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2092 /prefetch:2
      4⤵
      PID:4512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4393999912467566475,15653875238712071569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
      4⤵
      PID:4644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4393999912467566475,15653875238712071569,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
      4⤵
      PID:132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4393999912467566475,15653875238712071569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
      4⤵
      PID:2412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4393999912467566475,15653875238712071569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
      4⤵
      PID:4800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4393999912467566475,15653875238712071569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
      4⤵
      PID:3080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4393999912467566475,15653875238712071569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
      4⤵
      PID:1560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4393999912467566475,15653875238712071569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:4528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:1316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
      4⤵
      PID:2768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16897704642904737636,9309338028834221349,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2084 /prefetch:2
      4⤵
      PID:2916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,16897704642904737636,9309338028834221349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
      4⤵
      PID:2116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,16897704642904737636,9309338028834221349,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
      4⤵
      PID:3852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16897704642904737636,9309338028834221349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
      4⤵
      PID:4608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16897704642904737636,9309338028834221349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
      4⤵
      PID:3360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16897704642904737636,9309338028834221349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
      4⤵
      PID:3304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16897704642904737636,9309338028834221349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
      4⤵
      PID:1512
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe"
    3⤵
    PID:768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:696
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
      4⤵
      PID:2776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5953750073240441637,15158658910390346550,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2084 /prefetch:2
      4⤵
      PID:4520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,5953750073240441637,15158658910390346550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
      4⤵
      PID:1444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,5953750073240441637,15158658910390346550,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
      4⤵
      PID:2200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5953750073240441637,15158658910390346550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
      4⤵
      PID:2568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5953750073240441637,15158658910390346550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
      4⤵
      PID:3448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5953750073240441637,15158658910390346550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
      4⤵
      PID:5420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5953750073240441637,15158658910390346550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
      4⤵
      PID:5436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2072,5953750073240441637,15158658910390346550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3976 /prefetch:8
      4⤵
      PID:5680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:6080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
      4⤵
      PID:908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16259411284391324928,4617552154777132882,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2112 /prefetch:2
      4⤵
      PID:1064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,16259411284391324928,4617552154777132882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
      4⤵
      PID:3080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,16259411284391324928,4617552154777132882,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
      4⤵
      PID:2336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16259411284391324928,4617552154777132882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
      4⤵
      PID:5288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16259411284391324928,4617552154777132882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
      4⤵
      PID:5236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16259411284391324928,4617552154777132882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
      4⤵
      PID:5804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16259411284391324928,4617552154777132882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
      4⤵
      PID:5844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:5464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
      4⤵
      PID:5424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,10825951041742469171,12951904089951546625,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
      4⤵
      PID:4720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,10825951041742469171,12951904089951546625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
      4⤵
      PID:4240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1844,10825951041742469171,12951904089951546625,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
      4⤵
      PID:3832
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,10825951041742469171,12951904089951546625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
      4⤵
      PID:2200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,10825951041742469171,12951904089951546625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
      4⤵
      PID:2276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,10825951041742469171,12951904089951546625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
      4⤵
      PID:4124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,10825951041742469171,12951904089951546625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
      4⤵
      PID:5208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,10825951041742469171,12951904089951546625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
      4⤵
      PID:5724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:5132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
      4⤵
      PID:5884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,10999935577206578380,15678638413087992443,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1972 /prefetch:2
      4⤵
      PID:4644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,10999935577206578380,15678638413087992443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
      4⤵
      PID:1968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,10999935577206578380,15678638413087992443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
      4⤵
      PID:4872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,10999935577206578380,15678638413087992443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
      4⤵
      PID:2396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,10999935577206578380,15678638413087992443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
      4⤵
      PID:1456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,10999935577206578380,15678638413087992443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
      4⤵
      PID:4800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,10999935577206578380,15678638413087992443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
      4⤵
      PID:3656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1960,10999935577206578380,15678638413087992443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 /prefetch:8
      4⤵
      PID:5224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,10999935577206578380,15678638413087992443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
      4⤵
      PID:6092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,10999935577206578380,15678638413087992443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:3832
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
      4⤵
      PID:4008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14566148478168714181,17926009311948725689,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2096 /prefetch:2
      4⤵
      PID:5328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,14566148478168714181,17926009311948725689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
      4⤵
      PID:3944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,14566148478168714181,17926009311948725689,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
      4⤵
      PID:2352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14566148478168714181,17926009311948725689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
      4⤵
      PID:3448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14566148478168714181,17926009311948725689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
      4⤵
      PID:560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14566148478168714181,17926009311948725689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
      4⤵
      PID:2396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14566148478168714181,17926009311948725689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
      4⤵
      PID:1356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:6100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
      4⤵
      PID:5868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,4155174209979988006,16534140767355672348,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2052 /prefetch:2
      4⤵
      PID:1032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,4155174209979988006,16534140767355672348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
      4⤵
      PID:1176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,4155174209979988006,16534140767355672348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
      4⤵
      PID:5536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,4155174209979988006,16534140767355672348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
      4⤵
      PID:5652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,4155174209979988006,16534140767355672348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
      4⤵
      PID:2984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,4155174209979988006,16534140767355672348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
      4⤵
      PID:5700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,4155174209979988006,16534140767355672348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
      4⤵
      PID:5740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
    3⤵
    PID:5204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
      4⤵
      PID:5564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,9892894477811252754,13934396420879363100,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
      4⤵
      PID:5608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,9892894477811252754,13934396420879363100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 /prefetch:3
      4⤵
      PID:5972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,9892894477811252754,13934396420879363100,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
      4⤵
      PID:1176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9892894477811252754,13934396420879363100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
      4⤵
      PID:3544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9892894477811252754,13934396420879363100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
      4⤵
      PID:2360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9892894477811252754,13934396420879363100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
      4⤵
      PID:5612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9892894477811252754,13934396420879363100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
      4⤵
      PID:2088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,9892894477811252754,13934396420879363100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
      4⤵
      PID:3840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9892894477811252754,13934396420879363100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
      4⤵
      PID:5052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,9892894477811252754,13934396420879363100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
      4⤵
      PID:2616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
    3⤵
    PID:5288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
      4⤵
      PID:5920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14875666991526452845,10705720874726144490,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2076 /prefetch:2
      4⤵
      PID:5836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,14875666991526452845,10705720874726144490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
      4⤵
      PID:1188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,14875666991526452845,10705720874726144490,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
      4⤵
      PID:5208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14875666991526452845,10705720874726144490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
      4⤵
      PID:5352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14875666991526452845,10705720874726144490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
      4⤵
      PID:4720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14875666991526452845,10705720874726144490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
      4⤵
      PID:5908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14875666991526452845,10705720874726144490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
      4⤵
      PID:6036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
    3⤵
    PID:5488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
      4⤵
      PID:2396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11952186305047355003,15476373385764785361,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2060 /prefetch:2
      4⤵
      PID:5696
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,11952186305047355003,15476373385764785361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
      4⤵
      PID:3784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,11952186305047355003,15476373385764785361,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2356 /prefetch:8
      4⤵
      PID:3692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11952186305047355003,15476373385764785361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:1
      4⤵
      PID:5316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11952186305047355003,15476373385764785361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2824 /prefetch:1
      4⤵
      PID:5892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11952186305047355003,15476373385764785361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
      4⤵
      PID:3628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11952186305047355003,15476373385764785361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
      4⤵
      PID:2708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,11952186305047355003,15476373385764785361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2960 /prefetch:8
      4⤵
      PID:6604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
    3⤵
    PID:6244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x12c,0x130,0x134,0xfc,0x138,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
      4⤵
      PID:6268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9236701913922637943,5999058963817947451,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2116 /prefetch:2
      4⤵
      PID:6916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,9236701913922637943,5999058963817947451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
      4⤵
      PID:6920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,9236701913922637943,5999058963817947451,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
      4⤵
      PID:6928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9236701913922637943,5999058963817947451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
      4⤵
      PID:6964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9236701913922637943,5999058963817947451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
      4⤵
      PID:6968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9236701913922637943,5999058963817947451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
      4⤵
      PID:6660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9236701913922637943,5999058963817947451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
      4⤵
      PID:5912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
    3⤵
    PID:5112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
      4⤵
      PID:7156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2699169853499462641,6669629426921490562,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2108 /prefetch:2
      4⤵
      PID:5252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2699169853499462641,6669629426921490562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
      4⤵
      PID:2732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2699169853499462641,6669629426921490562,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
      4⤵
      PID:6368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2699169853499462641,6669629426921490562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
      4⤵
      PID:6628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2699169853499462641,6669629426921490562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
      4⤵
      PID:4072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2699169853499462641,6669629426921490562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
      4⤵
      PID:396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2699169853499462641,6669629426921490562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
      4⤵
      PID:436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
    3⤵
    PID:6568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0x108,0x12c,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
      4⤵
      PID:6896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,552509609324693164,15297306515785083250,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2008 /prefetch:2
      4⤵
      PID:1776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,552509609324693164,15297306515785083250,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:3
      4⤵
      PID:2088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,552509609324693164,15297306515785083250,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2044 /prefetch:8
      4⤵
      PID:7068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,552509609324693164,15297306515785083250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
      4⤵
      PID:7096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,552509609324693164,15297306515785083250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
      4⤵
      PID:7084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,552509609324693164,15297306515785083250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
      4⤵
      PID:6532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,552509609324693164,15297306515785083250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
      4⤵
      PID:6464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    PID:6552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
      4⤵
      PID:6528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,1048536936895755757,2784897570017835684,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
      4⤵
      PID:7116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,1048536936895755757,2784897570017835684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
      4⤵
      PID:6364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,1048536936895755757,2784897570017835684,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
      4⤵
      PID:6636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1048536936895755757,2784897570017835684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
      4⤵
      PID:5284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1048536936895755757,2784897570017835684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
      4⤵
      PID:5296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1048536936895755757,2784897570017835684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
      4⤵
      PID:4628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1048536936895755757,2784897570017835684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
      4⤵
      PID:6092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
    3⤵
    PID:2360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd050e3cb8,0x7ffd050e3cc8,0x7ffd050e3cd8
      4⤵
      PID:1920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6678341640263081655,10261385007660991424,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2036 /prefetch:2
      4⤵
      PID:4644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,6678341640263081655,10261385007660991424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3
      4⤵
      PID:6700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,6678341640263081655,10261385007660991424,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
      4⤵
      PID:4468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6678341640263081655,10261385007660991424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
      4⤵
      PID:1068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6678341640263081655,10261385007660991424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
      4⤵
      PID:3728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6678341640263081655,10261385007660991424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
      4⤵
      PID:6740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6678341640263081655,10261385007660991424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
      4⤵
      PID:4116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:124

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:3692

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:3172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4568

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2756

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2300

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
PID:6444

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:6492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6096

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
644c5cc5371c8ee85606ec4a4404b357

SHA1
622440b09bc6718b6fa88839f5cd675bec460b1e

SHA256
57c69757c17072466cae966a9b60c618d0ae76e7c104efb1a09186e54f2190c7

SHA512
8f6fd240b6e5bdbbf3bfa6c560662c1c13bf7965b1649cf9e205e10a186eb47246b7e48a74785fe1fda5dcee76f63a6b539a7dd6727bca9dc53ed8e1587ac97b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b06de2c2ae563b7ce245caf0ab8d4c0b

SHA1
be465bfebe04d10c3ba7f46a54cb02aeb9bca228

SHA256
0ed7b5f0089909d2165ca39403a3e1589ec9ac615ac7218db749f78cdf3974b6

SHA512
aaa8ead1d37a130aac7d41027fe69dcfecb10a4da92915764edfdbcf9de99ea826ff65f12d94fa90e898c579ab4bfd697fa4d86056d12b753f14f9170653eb9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
534d9254733ab26a101c55d9d6e00aa2

SHA1
aabeb558ce9b47b0c6493efcc7c3bf63dead752d

SHA256
cd86a80d768d751cbcd1b6c0f372e480d64b68d0b73cbc67b30ec93d8c79dc68

SHA512
8020aac49502df0436807c2dde1746676f7472e04250cbb2fcad1d207196a723deafe13cf5743c3976fd23a421a08a13166d8bae11bc2bd0267bcfba384bd5bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
39be47b118b9ac8d9a3a45dcb113d6d0

SHA1
0f0a46b6d38a7c08380fab2f60e937a142bdee27

SHA256
db8d78177c4e4470df80280662330c7aeb0a7ae2ae2746f1d2f278278b8464ed

SHA512
eb7849045c675e11fce949716d74d0ecd07c0020d8ad22dee184a5fd980e63b37df8011c917af1a8345db256ff9630310caa3062816aff9583062401b485b40e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a91469041c09ba8e6c92487f02ca8040

SHA1
7207eded6577ec8dc3962cd5c3b093d194317ea1

SHA256
0fef2b2f8cd3ef7aca4d2480c0a65ed4c2456f7033267aa41df7124061c7d28f

SHA512
b620a381ff679ef45ae7ff8899c59b9e5f1c1a4bdcab1af54af2ea410025ed6bdab9272cc342ac3cb18913bc6f7f8156c95e0e0615219d1981a68922ce34230f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e6476bd2a885491466b18d55db176cac

SHA1
27fb08e9d06fb215f79f2c2b6e7123debfed4181

SHA256
d2fc2a956f9be079e9b2d2e606dc478fa97fff735d4654ba32f80135783185b9

SHA512
ca9c8c9ea08e6d0331b6b8c8647b89f5de0541536650425bd5a0c9bb3fc1cce3c9fd97b5bd5968ad78d24c964eb7d53e6936256401e86352f2a4b04710dee64d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b3b13b32e681af4f7be816a19280036a

SHA1
e5f593cd61b3d31796e029b45a10e2924ff3f46e

SHA256
551e3ec6025f4ce1fec023c8ac1fd876cb4f0611c11a51181febfecd87e2183c

SHA512
bab0ce3fbc4eb65253839056e5b811590566425184507446f9831c71da43cc92db213679b4d257d6197f209d3fdf856fb707d57c476af945e2177ee9ff3d15a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
39a91288c0b3791c26cae5093b61d19d

SHA1
19a6146f3a8031dce7c7688c060ba556448aef18

SHA256
fbfd2440797c36b10792fd83daafebead7a9945624b6c62e56c20c45eebe46da

SHA512
e82ef3dc48f6c80e0de3826dda92a2beb38975ced81eec599a8354800f582f954cd95a682f01c2e216f8ad3a32e7f5991f44ba085e72964f50d8c5ea0069c2f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fa6c9ecca011f5f6134c51f127c115e2

SHA1
7b0051e9f50cad05b6c5a7dbb591e214b065dbd5

SHA256
6e6425be6d419290886aa7a6ccf3d9e42107f6fade3d85b96c2c29c7561a55b5

SHA512
2dd92264c78734ee3f3b7126711e79d1e127f4b52503d40e0e6c0e1cbe4e37e53759d6384057892375950ef7fb32e420855d007227608668ae33a39567dff45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea27cc43925b7bd6364ab41e72886c0d

SHA1
2bc3ce07798b5c411d6bdb46efa3863bbe11b518

SHA256
e59fc3cac00a4b8822ab730568ccc4a17b8f15fa13ad3e8786b15052808e3b11

SHA512
745c3027ed0745a7edfab9b588774d0f4f66732ef3ae0d919d8f93a38ec7c7a6aa3d45e2faac36b50e13cf8140af7496cb35af37d935f18b8d396510d4b5e68e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
224ba5f9f534c27ab81f9c87ed4104b1

SHA1
301722603e3d7976150610ef3700f44812d4352c

SHA256
f4e20ee7965dcd9859696a6786e0d02b1b0daa9a7124ed417d106b1cddf338f0

SHA512
d153bdb9317b7310ebb61a891d7dddafae00283bc59a88e14d22a068bf5033573bb3d7dd1f0d9009f859e2d69c9245cc18049c4fff096ce8e6260d69df9ec41c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
28c25d597077eddd4f2d0a9a268e251c

SHA1
9577f78313a9fcc9618a8ba159840a143db67ab9

SHA256
fbc4eb7bf6f2b0fbf9166dfae95bfed46a57592ad881ce26cd7348b07635c865

SHA512
ffcd53c8e724478353bb30a90b3d0aa3fa2bf76834c9f2a387c94deca92ee7e97758fc4bd707a349e418235a6a0ddb31534a1910517bbe29344d7424da63c1a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
67aa9c6bb71574a6cfe96739e4b4fd63

SHA1
5aff83d9170941c6846cc1fd80cd477b70892c0f

SHA256
6605653e4d5bca3bb20d030be67f9e514d15d69adf747d57d3ecfd3eba4292b8

SHA512
8cc83a2ae09b061c1d815c9b9703f16cb51a7b3c9b864b8da24d2c6efe2718e380ac31376d498a289df8043f86ee8a886b2070a7a5906498dd7cf31e85279985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4d6a17070825b13e766cf49765f1d22

SHA1
db72c7bc8de8d3af2cd5c26cf8137df3353bd956

SHA256
777b4469c74af2e5ce516f1b75111d34c479628a32ae641a2668fb47fbd760d4

SHA512
9fac0bd68dc9497fa7d77064014033184ec172063377930ed4264b9dbca199be2f64bbd12d5472aed7a12c4ee1ddae7fcbce965f0ef118090941df0fc471f629

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cacf0b5fb06b84885ec675cb7d5e1277

SHA1
0457b5c37bffa5a09fc29e752be86f1ffdeb55ae

SHA256
39e22d451f60994460f3050cdd35b04e6cbe4fd5a9a8de28775acaa36429e0cd

SHA512
2930a847fa326e3e705a45f19c6d8f80260af97e3257bb8541f4d0119e72f7c521dadb2c109d653aff5434d89936ba58907b3a20aae4ae4cdfbfe68598a4baa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
94e120542061c76e260b659d79bf1fe7

SHA1
dc38dcd069d7b5d1f3f4fc055e422b4dda107438

SHA256
4250b51280f8d254e5753b4d320b1634629ba755b0679e44a869d87295835d8d

SHA512
9873d5fd9b4997b50bc1d58257efe5c744d40001b95796680ba3edd63a9d87a22397a669e5428b1648b2b1ac844f051610fef66d4fedd4366c7bda78d5caff75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
601fbcb77ed9464402ad83ed36803fd1

SHA1
9a34f45553356ec48b03c4d2b2aa089b44c6532d

SHA256
09d069799186ae736e216ab7e4ecdd980c6b202121b47636f2d0dd0dd4cc9e15

SHA512
c1cb610c25effb19b1c69ddca07f470e785fd329ad4adda90fbccaec180f1cf0be796e5628a30d0af256f5c3dc81d2331603cf8269f038c33b20dbf788406220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ebc8fd54671c2543a33a9bf0e90561e8

SHA1
89a7a693ed6e87f947cb9cc9ca3281c6d5b89ad6

SHA256
2d60c4d3483347eefe3b331032d534e7a623cb3a66ffe18257527aaf7c85174d

SHA512
83530202bb8e774d0fe4de9110ee101ea7fc2b88c81cef50404051110b5394556ccb83d8f8d9232aec805524286d2f3b428b48ae297c3ef6951526a3578c5f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ca88d08c651ae3d1f6f36545f70e086d

SHA1
489e4e58dfdc79d6620d9c69efeb9470945d3345

SHA256
60d9d38522e421790d12f5f75c67cefd63f0c24fcd1411a0a321265ea95a3175

SHA512
1178d771707b05f53c3ed04497f7c1c8473b2f67b463f7005b8855242e3eecf4cf60c2a3c3564e4faba3a4791ad90fe887af79b3485a1a7a22d4e9cd7c11486a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f5ba0d4d2291e74bc8b668bb7708621

SHA1
5ffd023df0dbcb0bdd140dace40e470f576bd070

SHA256
b48539b3f006e6c1a8a1c2fac4441cf95fa345e661fe866fa7ee0b9a4e96514a

SHA512
5cf612d95a515469c3537f396f97b1f7e439f3ad6b7cd4a34a15920d9093f20c3e50278be62cc0a4c0c4ef06df8eee153deb2cce00739b6a9c4986ad7c598480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e5c62db1e0241fca078502971d6e4acc

SHA1
dae4c40ccbb0b6abf2b5f07380306703c6ca280b

SHA256
5735c58c74f8127e8387de36cfb01ffd2a6ab2080231ccc42509869d5fc002ec

SHA512
6817a47c89549e8c975d9d2bc7ed5a2e8d65e3fbc7a9c4782d949c7998daf2620826b13e15b0f66a74bc6af13a7495a5fa35f7e7778e2cc4e6e808438f029be9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6ca2b3f39ae7fe9a2d223215586a6e0

SHA1
0545de24b5f82f105094835aa41ab0fc3bc8cbce

SHA256
635765b6c946c7c60044c43949939d8ced48128197af33118375fb48c7ced2b3

SHA512
b99fb74d5b81e0ffd61af7765b1261ff872ed70adaac083eb85409c6bae649a7c0da8529a574bb129d30bb7aa1bf833be0c712e820d31a3c0383fcee886f37ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9724ef55-435d-4f95-a0f9-b0ac550c1ff4.tmp

Filesize
2KB

MD5
5b4a1f350736a7bfcbda006819dab489

SHA1
a4b262bb565f4fabb28a252e2879182afe148e18

SHA256
352cc53b8c5812c15268c497c589f855d8818fc06abc696e1781bcc38d680e54

SHA512
23aebf9c976dab758f20e3d17483004de9996425bcc10b71e239ada648b603cbbdd2b63ec7f907dcf34a218a3683fe5e5db45de347b5d0449f942d10e8ada042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
2f8a0b644c7bcfad8c122c5e11ccdde2

SHA1
44103cdd1fdae0bb8539d79628417a23c949cf1b

SHA256
966251c6c29f5430f4574e74b32badd523b5aed455977dc0cca92daa0a52db37

SHA512
32193f2c798ecc2cda68e0e91c1b34a18444603c7e3fbfe256c6c3a2bb4bfbb290fd69c4789f79808028a457c4028f42d495b6be69c0310750bb6a70e7ceb359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
e24ae584d1810ce709bb4fae5028613c

SHA1
d473e252717d5769928df807b0492a2243991c1e

SHA256
19bffdff356967fdd99cba81cdfacf991d9ca6cc97fb53b1f65ddaaa458aa33b

SHA512
b0067f1ffe2de0d709868a50d3f81aeef264d73f5e5848bca6d6bb711164156bcb61a07a0eb8e03011b0a176589d07d5d5403d145e1a47bde7ccb5f3539ec391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
9b11a74a05737fd25e0b548c392c7e91

SHA1
d41678a87d6ef89b40660594485a64886b31165a

SHA256
929ab6baf6ef39684c90581ba47e22cfe66df53d58b2d83cb1e889ff9fb7e10d

SHA512
6faeac3f17600578a2718ac61ce9459a789beb3fd651daf0fadd185dcbfb09ab7b23079d6d419375abf87cb4b28394f11f66c3d94abcdd5d2118df757e015cbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
9fdd84781220ee7599e90db2066cc0fe

SHA1
673c4cd54c2e2659ff4baa8e1fae744e110e09f9

SHA256
91ee9b1f8cee12bc387e88e66f05629acb263d88f044271015ed570e1f802b44

SHA512
ff681fd1159b99f4a14eb00cb656104b09a0375f89fa00a321568b473c9c5c2da0fb5c095d1faa3ecd70a679d6e318831efc0607cf325575afa99a68a810114e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
127c76f318a024987918b7a3c7742fb7

SHA1
9d19be908ac24d9d0a603d4e0233dafd597190d0

SHA256
b1bd82099954958db047a4e45a5c766a8ed11cd3f46532220ba1d1ee1d57787d

SHA512
94e581fffeec2d4689a1d6e425e1c20a48055f3c1633b9100628a1e23dffab3a2ed687402879d49ce00040dd114de8cdff0d2aa7f808a0be2752d31d6eba08b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
8e98f51eec257a5b07530ee5ba7b0242

SHA1
a9107b4530a4864cfa262c9962788a71a248b163

SHA256
cd1dcb090410785c44d417442534e3c901001a26dbfa86345f9bfb83abc2c536

SHA512
432e4e63632ee2b049515d528b79c1fe0eed35fb336b93b855fde96af0a8e7ef93cd06e4bb18c108d7aebdd623df7de2dea2f62b324bc85307cf011aac4afaa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
195KB

MD5
89d79dbf26a3c2e22ddd95766fe3173d

SHA1
f38fd066eef4cf4e72a934548eafb5f6abb00b53

SHA256
367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

SHA512
ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
da133d455db111d66e2b54f8bdd26591

SHA1
5596fa12a7f627faad75574c5b68cfa9b53aa900

SHA256
0e125c1acea9fe4eac92f696c1e87d9b875d6aa3c44e6403f7cfb26eeb2eb636

SHA512
d3721185e6796a5c2e3a872e397fca2bde917b40c02535f40d4052bb19ec633a2ad1bcc6973ed91004d67e23f396f8387bd40084a5a9d7230c58aec67167c44a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
5bc8d3ab1c0874fddd9bc5fb5a72c02f

SHA1
acb1d0715bb23c028e112858d87633844555a526

SHA256
ffbf701c7c54a77217ac49e2db7f4ce45622e7c8b6179bf4cafb4a5dae91dc51

SHA512
dedbfffe1843e2a5006f6b49b568909afa1b546bcc07a7980e3f64877996e811228aa44d13e3fd5bd5f4bdd531f7a43350fbcfe8e2c979fd86f58d510aadd695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b5144602a208eac3e28c3306c56e42ef

SHA1
e61f9cb2088f0fbe0518d0be02c5f234af7c173b

SHA256
f1d47d20032bf955739900158e0d42b5611bba803f3e4062279d7683cf5b262e

SHA512
e5663bd7e02a0f91638c52e56d7cdb69895e39107344d746eb36fdb3155318d99407135711250c0ee4048332a8861f1df39ee81ab58f66e2908b0239646c690e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6def319f374f4974f58de10dff42883d

SHA1
4e4b93d160068e46428da85e00c092b7d17bb3b6

SHA256
bb43e69ff876fc64348bc39bea7c0ad61300df0cee4fb65c78c444cd1ec78df3

SHA512
48387366bbde69b5b33088cac5965e5a633d7ecec345fcc5869e281c2bc8826ccc83e91de722c79f4393627370c368374f12593e00ed2161e180f68f85955218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d29b3d57516765124be570c97888e61a

SHA1
7a2476270f5b3b09d74fccc8eb67777fb38f2dc1

SHA256
51942e8510374c92c74dfbd4a0e29f622a30f1f200b1873dc3cd39b571af70c8

SHA512
69f0a99c3c0f2cddc93aab9d54589c10b3848e8666292afa52b758543e1deb2c3ebcae7b55b38041f746ad982ff1bdcac9bb568f839834af83e2dd826e470f36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
90a0a5e915c22fb8339bbbedd280e081

SHA1
f69761ef31e599198ad65e0cbb36006f96028d8f

SHA256
0d7d3f45b8329824c020c6405d7e311427e2687a65bcbb258519b1d823bea8f2

SHA512
4a46dfadf13713e4caa12b77cc858cd852b670cdb106928445dfd7a0a3c7ae0aa68976099b1ca2f737a576aeb0d2833bce2d125036ef19f770b1c1ccf167aaaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
39819c24aec9837e6347811fb22d3696

SHA1
c89c71f4b4f4db1c68efd34bf76753dc04132263

SHA256
fb0d5f222f95f07ecd7ec00b2f7f450e2b77b9ee53e9d37e50f90f25bc3a02eb

SHA512
d89563dd711873a0135787174cffe54ccd1850123d2837b53aefc4d7740efd12a733a18485c4c78b8cc79715a0d196532390ad563497ad6c8fad6b10b16a12cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ea411d4519d1dacf32dbb0c336a4d733

SHA1
91cc49ec7b35c0e29fc1c58e319119008b93b6e1

SHA256
9f0494d8f78210031b50782a57be0b4efafde35df745a9b2226b41fa07d42ed8

SHA512
dbb4766974eb935397996b9e9d01ae5865f7cf1cfe8d8dfbbcd5d617a5a464bbe73bd52514f2fefed1b23785ead763af08d5ab8e96aa4881e0cd796b5cf7447f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
78238530b13bdd53c9d3132741d913ba

SHA1
d1c0f07993ed3b9cf02f4fda715f4907a4bc0731

SHA256
91066dd08d50fe3e67b11a89516ceace4eba88048a93c9d8d8924e1f97d0f433

SHA512
df0d8074d93ec72cc96b3265f161be1ade85c6cccbf084b3bc1a5616ae5dcb47d05ebb7351b8d0185abc0d1ac24eee31c06d53e9437739ce577559c70d478386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a4e5044a0de90edd4953c39ea33a1c89

SHA1
8ca2dab8fe34d4e769541070d8bd5a9d054aeb62

SHA256
6f9396ce466e01aac56273c191d4064b59259f8dfa5a1f6983382afe8d3519b6

SHA512
f6542b09274ea6632b53c6cad63dd76ce2e678bb54dac57380b874e81c9d6d972d747c50d54849c2a25a7edaba0763217376f8bfe44e3c1494f29fb15541d14e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
8236c536f77fb259adaffc69e160e9bd

SHA1
5891571877d912d6f0a7a31011fb470943b5c430

SHA256
5ad45df0cc8737aacf4dbebe2fce57442409347bd22c8ad18dc0e802a391a035

SHA512
42f87938b6ac58b98ec05cb0f611f46440d68ca0490a63f42ea5dbf71b9cf7e2af826fddd41002d44dc68e4b137cf901bb664a3bd527e846979a754225a3e0ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
78c518d88577da037fcb36b727e36b4a

SHA1
5e434b67aaf35d3c06e8695480efe2760f551f3f

SHA256
173f67939631ce91cfb2b473a6b0f1e7f163d8faccec5332d5bf450c1d2142d4

SHA512
855db61dc91e865279bb8220e19ae1cfb49abcdbb021141013a6fe0a6bdc71b989e0de2f8475e51691e7ce7d3ed79211d353e3ba21172c6e2f164bc437660832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
36e374cb8fbf8966583dc858b1d63911

SHA1
9a2654d6c4e26337675e6c05bfc1f775e309792a

SHA256
c5a52bb15069ee92adb15f2a59da94b5a202c9ed4f7e6076ddd32ff3a3a619c4

SHA512
ba8763aa808c4bec009284ff3ca56f496bb5e4a7c6bfe5423832a557e7a41729bc0bc111e8aa73fbbf8f067b5acba62e1b2350679bcb60e48c8f8c5971843d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
32513fc495e568523aafee9c0fdbd27c

SHA1
a862956288a7b2ad6383563956e9394963f7b9cb

SHA256
c8e99ae46092540272a3695b64d855af8bdbf5140d841bbdd855db3dfbb3830e

SHA512
472a602cc67ed09ee63e298efbeff150e0a6c9a6aca531383228ae2bd944569d67eabe86fd2e3b074a74e65b84d198807a71f2c51fa67bba051b387aaff66b60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b39c4643f37917f0e5939230d7b9cb95

SHA1
dd26526471b1644d8fcb801076e117b410f65267

SHA256
421030d6b793565275387d8484306229b86ba93ca1fcf1258df6a69bcd0cedc2

SHA512
533b9d99837512b36fcad602e440aee03b88ad41af5576a3115df620c1b85b17113863bec0b3c38d3a40a3046609777e944d8a35a26bddd489e8bef9ab01b1d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
abd99c55d462401838e85847a854ebc4

SHA1
bfe80cdbff06f4886ade36b838e7bc1706908a42

SHA256
5e2d6297503114afae67bf73585ae352b5c1a180502abec8fb74c691be0cfcec

SHA512
8b3e721030ac46e753f3c1a6cedf234d39207b867be28f6308953df3e309a6c7db5defc268ac8e65d45cac6dd0830a89970aba34f326f3a729133c9fb97e7e4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
360797a57dfe8aba2b49a76827cfa227

SHA1
084f9e5cdc770daafcbd7580ba2c9a80877750a7

SHA256
eb1224d34af77534ad7f9aeffcf1e6d3211cd3da36532cdf131106cb06ea8a6f

SHA512
6cae308ac8c73088d50017bdf23ccda26e4695a44ab2075e607c9ec71bf7c11f176410909b1fca9d6cde0ab164701d2f6d24718a8b2e93e98dbba1f6e8b450ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7915a31ea82575b65ad0a2231b8b7cca

SHA1
a014e1fb4f917169187ef2075a533a5a2e9df06a

SHA256
72edd31903fdbaf52ae2d8981287ecab2ab273e83da0e5d38775c010c2ea83fe

SHA512
e218674ca97811739c5cd8e7cab48031c71dfb1e08aa1ae81d3f21527ce496fc255b040958c3f067a227398c8e985a532caef567ab9d673d2c3fe631d260eb6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c65c08be28002b9861221373a9d162c0

SHA1
12e29c496627e651e22ae1e6ed87b5ee5aa6b8c2

SHA256
ca0d5bd2a61526cb7f3e56c19aefc938d61359b4783b06bb4ba30a349854ea18

SHA512
8895ff5e76bd4fa9a133d285b42fee323c19ae59affc39a95a2b85c6374c1627d330fbd03f7a587b10f105b90f26f96be30c254eef2af867a06b51850a58702d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b25199e806a4161f352a9d6db3bc697b

SHA1
7be83dbf54e67e0253edf7dfa823ab1456e14a40

SHA256
5e41c84e9f760420b34edf28d33976c801ee30a7e2667186d1372a9311fdef02

SHA512
3fa12878de03d1bfae2f4ce66169383f9ba52a933cec8b9b9fe58136b283146b1f2ffe0f6f2837ed3dc9f827e2dddafb7dfb8f77afc07584f9ac73c847d760da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
e6e419a31abe7e067f9888c029e717d6

SHA1
673ca36dd36efef0e3d0a555b6892acb30d8480b

SHA256
aaf8899b96f846e8192141f97f37974679d4b707482d1a140033a7f0981709df

SHA512
4c429a8acf041ee72f9a1b8d9226b2a571a20f613a6b8dfd06a76b720f5dad58d1fd379e6f307a7de6cb2006e2b019aaabc3597f9d5f6463f9881b804a3a79bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal

Filesize
20KB

MD5
9317ac7aa116b55197ee4a27140783ac

SHA1
8c9cd55d2a474969726b2b1a3b5538cc3c9f79a0

SHA256
cddad5f21cd7986425aef26f99811eefeb819321aca661e3e5b0c0184ca6de1c

SHA512
469ce277ea959abc94927b29ced36ad96770e89a422a2b220f313f76d9ce941b294b29cbcd0038e08685e8aad44c6ae3329e02dc30bf57ea50c9fe18f8666434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
9e7865ef5bc7d02caffe7d48d0a4f314

SHA1
5035052e545e5cca9896013294043cfa6e1013b3

SHA256
2b69c9a95ac1d95782fb6339dafb7121d0220b65f1a7ac9eaa94aae53c7c2726

SHA512
f4d7767a9ded1331541ee378745cb9ea85a69bd84c29544efec8aa2b07e75a148c4e2a07a21b8b07cc51dc6f9ddf79770b49b9081ae95ff25fcbcdf203f96ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
2d48d91c7f14da48c0757f9c614fd608

SHA1
ed4e24b305a32de85283e6aea6ce00339ca8ed0b

SHA256
5c3c048f459804d3dad19569f10ba576806b6c5aed364307be16758e81aa07b3

SHA512
f23ab48e2f72dc570158bae461a75a95feae1e81bffc3c1fb38c466ff82d2deea86036b11fa82b8abbd98878866f9963d7066e9abc1b14ae924e42a508d42bb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
6c3cd81eaa2e1d601c61d32b8245ed7f

SHA1
b3f26e842f41c829a69ce0a510aaa8fe5c0b4149

SHA256
8531d5c3d6257292a3202235eef92f39f24851abbbd62887c6d7e03beb9670b7

SHA512
e55314454fc7fbfa41e2caf1aaa6315d295aa253ef6682cd2d8f9073e8d2572d2cd0670c6f14b32a9923700ae67643fc867c55f1d3e110665a47a5a0811eb5f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
10KB

MD5
abfd3e6c8a467f6791bb3edb732509a2

SHA1
8a42d3fe2f537e073498b7818aa557c5954b2bd8

SHA256
5899bc5e5be24ff71eab6a5c771fb1748ebea90ffe934c654f374d086addaf30

SHA512
31b89a8f98ffc1ff7ccbe57ef40ee42f709e57c0b9288c28c54d1619a97b3b4f4aef8caef3cc4f5977986becd7780bd454a6f34c3ca3f0cee7adc29e9dd8224a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
3KB

MD5
07231c64b06f5f8bc99f4245ba82e9af

SHA1
74c5d5057b64b51cd60c4aa7cab176a2077a8519

SHA256
a5a23929cbde9bb1fd5bf75c816c4c07edc7c9bc0141ec94d7ff9569ab3fde61

SHA512
8cd375193b55da431e8169397bc1bde5c4236568cbdcc9a01e8cfa0440ae997465c127a0473a8b286e2da32e0f6e6a17fa31cd94a208cd82c5babd7c4ba7aec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
12KB

MD5
3a733dbf9bf97134bae2bd56d7ca75a6

SHA1
a98c3415221dfd1153294a0901b0fd9ab590ace0

SHA256
8ab3e4e3912bd3876b0ac43cfb9f6ad6125e4fb929649816d2a9b2d6336bbe24

SHA512
2324d0da2eb49fcc13bf22d04b9368ca0a7efa2f2ec237de19ed95b321b1320a3efc847e3da8fa4cb0d6979960b3e73905e8e6147777b37e4f4ebfdbc251e809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
9181082b0e3cbea7fd984b483fea1d34

SHA1
da076d9028178b03a3d972db7d82bf24b56db07c

SHA256
e66532be2bbca6925835447ab913cb14db665108603fee15ba983a741474d9d2

SHA512
db210b66ed1df2421b42161116b6aee84f417919d064411e957191f38fcb3a38bb7214ec243d542fa955764e6568445013c0753e6931866c13aa8f7aff4feb1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d608f0e2cfaf1a3ee054f1617c438c99

SHA1
3ad06e63a2d2e4a8f022bb8a28f6fc346596feeb

SHA256
588f6a4df42d9d2c97126dd02af6524fcedeef3702cbd7c527631135d5340812

SHA512
1ae7bdfc9cb68f7c32b3eebc91dc203525c5f3bd7a7fa182960a713bff054153b7451a8c095d26133ac36886acacb8954f63b540b11baeb5585f0e9e7a695dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
948f4f7c7f9821aac70c5b6439a1e466

SHA1
9a1bdf57f5b3820805c9f83eaa3815f34c2b1fcc

SHA256
e3e15567b733c59172c913c9398ed0a13842bf59d9842895e1c3cf5447ca80b7

SHA512
10256726f2913af28cb5f68071d4eb5235890992bb5756abfd323df58180093149cd369c2b9f800a6e0264157d6b54facb6fc8bb5feb3a9b2b026232f2510b21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c532c4851909a7a0dc1c27f91a5494e8

SHA1
81eb721ea342d79c0525e7dc898831b82602ea0d

SHA256
b635fc7c89cb5e8e0b4ddd9ff303d47cfef121e1a6d0d5e34c7cda7c646ad9a7

SHA512
bc50f1711560fbbee58c01a8032ff505b857232b8a22c765cf837f0aa118ef861844971eea2f590eb84d059057b4e15d07b7d9db5b336672abb84cd99509c4ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1df0a33cf2700b021535e7d0e4f775d2

SHA1
3fe4c8ef0d42f365423e73de8e70a1df44791bf8

SHA256
ecb281f38016cca8e93fa8d2d548633bde3d6c070c6d99d3a464f717eeb774a7

SHA512
0adbf336e71666a5f0a11323b4a88f15d435d55854a90465e62f21ef9e721d4c8b5ed6edc1361e02d20a6271e9b58fe2e8c0b300b2eac32693aac683042e8674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e55018740e52275d2e2d6f393bc47a9e

SHA1
1feb3f41bd8f552384903ee6cb679b5e97ed74c1

SHA256
aa3fad1a784fbac6d53eaa02d5dc9f600f1dfa609bec9b8bbbb4a094111b35f2

SHA512
f272920e1309a917c1eeec8afc930a7a5cefbd91350bea5b4b95548cb0846aba912481d2529dea32a91889ef6cd87cde05d055a4e8efa5bffe7114ef626e4961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
75a1177e8cdc32b9f6f308045089dbb2

SHA1
6b9612c9a1d06448b7a74e103d3bc21d165e4385

SHA256
387272e938251b053cf763197cdae1646d7fd457de44892fc4faf1cc01119b07

SHA512
c70919c52c85be849a0032a0d83c2bf02a5be712e5d81cd9d28308fa087d948d3137efdebc60f6a254cadfb07f772e35dd7158a760cdebdf911046764a8889f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b52ae1596609be01fe0dfa330ebf86a4

SHA1
f15c89ae51edf3518f9212420725867b211a5e86

SHA256
aee75d0e826f98ac956700be50a87de50d26f7546d998eb87cee47dc69d8b917

SHA512
6b64c0c8208199ebe175cb212f413398976d6e771f650e4a2ab6fe08b8d6069af4bb268f918931ef9dba74eaf58c5a13424f7d8e5f3b246b70c56950d744e5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a108a3e05af98e52494a9be97170dacc

SHA1
240e20c913d8b84888bf455b090b1fab25966fb4

SHA256
392ffcc1f3734e85320553fb0ff7d20e0b9faa2ea51be7cddaa84badf2a41165

SHA512
388c3d5a5768f3db535aa766a6b13a7dd02cf286574224c8e683050829acfb97370a17aaac03c5435417d1800ed32492026c78cf70c5fab45a3f5e57e77e6ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
14fdf55826155750e97d3ce9a82f32de

SHA1
37f5ba67412fdb0c5eab323946ce48009dcd68c2

SHA256
58873df81868a045355f72dedf517e9783f517b2d47caff5d0c2919caebde9a0

SHA512
907ebcb4a484f752b14083f94eb9c1e18b8f5183e836ca105d8abf0a71ce030bc2a14ceae0c6068ad6f9dbcae67d7fbb2864efbe78872c77a1396535883f3340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1e8a359060cb74c01e0221acdc818911

SHA1
0586e484b875adc2abd89d66b922b9e6cc975d2c

SHA256
9e54d5489a103dfc83fd6140ae221c2316805140ca7e4b8b66bde29467bd07f6

SHA512
f628f8d2d50dda4f7821101528138b9caece0b45ac533b16dfc8b963b706c04a29084a5ac9047c3ca0ba1f3fb8e31c1018e93a8e6584e3738821c9e78f2d9a8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
58c7d5c8aa3732ee19d77665207b2faa

SHA1
ed616fed7d5d738cb18a3d93e07dbd93b72359f7

SHA256
af0b4a817e06213859e1b99e59e2a3181bf00d65cd6fc6c573229827ded7e27e

SHA512
2719619baa01ac689703065347c8bf25fc9497fc5a0e8c2424d62a441e8e99b13ecc2bb5cb908d6202a50e642432176323d93cd9110169f82f7d449e3877a59e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5886a26c1813cf36908cac2c119af9a8

SHA1
8b22f0f854107487f842d50927e8a28cde4c6b4f

SHA256
a1aff599c6d7542437bf9cbe7f99e52fafec39736529073be1f1b690d048487f

SHA512
4f36bece90f47284f67e5e3ad33d4726996ce2f1b8e4f4306d8e72b261bc816b0dd1412741e031cd88f7a564997a6ea0a24fe99ac1e1c5865b09d9b34dfc2467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b2f2eb3d25f5dc91e47de3069e130f58

SHA1
6219b807ecd37a8f5ae8edebeb5af23d07631323

SHA256
efc44fa47609eaa41c5430cc663c1cb3808e9081dc2d539577ae0db2d62b375d

SHA512
69f0a4987c107c271dd7ff6710606b4c38b249017a1592d50e2f3ff7a47ead0800cc218154336bf0358f18e33fb7227525f1fc86be5a3f82b4c72212c888aae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9738edd565c5d60f102230adb4e585df

SHA1
17f9b2b38c3d11015ecfb7d25b3622415119c9fc

SHA256
f9078d44c2dee5fb6d66afadd7f80c072d04191afd33e242e0761ad2d02f25b4

SHA512
7b5ec426d6cfcccc38dd1aee83ff6b7b18be31e7d81a4f7b69afc5959a2a6578c86be8746e0af206f4af0d8346b45445ed1b70a24f4f71aee7b14a8714f7f678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
14b1b05a95c3033958ca7e1e819809aa

SHA1
68c4740d504a6ed4f1ab452c00b28f729f712858

SHA256
93eda4c1fa612c3e3ec50513c018a4ffc01defc149fd8652b5d9a1146444618e

SHA512
03618f53e59ce495e39376cce9c2ab417528000f4707e654aa135d0ea575e6128e0bfb7b44a0991d1a016d3d71ce0ffbc46aa713c18e21c554866e808e4d518d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d3907c52c57824bcc6e258afb667f046

SHA1
cb8b5233ee1ae1ef658e47816273e008b278587a

SHA256
24eeb6bb48dfd5d096bab86a38ea645386cb6580d760a636b92f941765e2cb6d

SHA512
2ca36ca4d01d016b9af7f2d3902371c7f171037d5f17c5ef48a78176a4d90dab7b9c430a976b03a0a09d4c242f88ec674adbb18aeaec47453c6fc7a950774ad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3c81c9db498b1eb267b1719a245cc26b

SHA1
17b142bc7e46a39a632d9db44dd04023eae44ddd

SHA256
2855a79e2d0c39af07c6e584e2629e7b10be4ae54eabb37eb7914634bb963a4d

SHA512
ee212875d0a803d41dfbee08bb94ae7f19dc335784cbcf7c65ae356c9ea4e8e39b95d081b1066a934545bad8ac8f4d54941c7959558c35eef8c282cd88f093fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3792256589fb154fba470f08cdb1f5dd

SHA1
d4e6cffc5596746221de5509e4a295f9136d815f

SHA256
e286551ebb27fea7e6188b050732ba10e686774007de9b760b06d0857cfee58f

SHA512
0b715c5078c79b7935f0412880fdb7c471323ad9f0d306a79cc100bc1963a947994219aba43736fcf6d06c4382fc40be87063e53ce278d30fe8392f1b7d5c222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
71394e286db87e52368128578575b0af

SHA1
9a4d2bfb70922aed1b35e23193dd885553de4dfb

SHA256
6da9b39f9d92f35731b3695a159b681cc2786ad9070dd9b16924cc5699dccbba

SHA512
ba0b5bee11ef4c43ab80a27de5f1fd4b4ff035cd9a1bc410bdf5e41af0729eed1b2239c1b28abda813a66d8ec46dc7a94f73f6f6fc542b6667214cafe9daec63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
552519e42b6d449c20f174a3873c81c3

SHA1
8962ba7ec32ee64f3357aaeaada65e8dc1ec12c4

SHA256
f553aa27edef422d2e081b08ab6c8b5f67259c7d3dd17b7ef3aa73c8f2e5b0ca

SHA512
2e396d42dcf00c39f93ec44feea2ef7b5ffc97fcae3beb77aa5e2b58e96e34dbfb977dac9e656ba7d80d88f7e0123506ba905d13ac1838700ff4b3cfff5c1dc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
076ec4da7f526165e973c741ca552a41

SHA1
dc312a8a986a0c2a24a602f483050d960b4e0be2

SHA256
80874c95519673942b034109c1adfceeb88392065dee34ac130922ad2a5a3af3

SHA512
460f89de50950f7d2f83a14928f50becf6b4ebc2cf8425bdd6fd66fd806b31120e729f6d33c9ec0b9887691bdbe83dcfb29751562c979e13c1f42b4e8e0d44a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
18159a299429e020abb7a777a087c102

SHA1
c0e835948f289d697e082c411d379737c735d89e

SHA256
a8bbdc9e0b4582d31225af95d5b00263d0f88f54b9b8db0b3ce93ee929ced37b

SHA512
9ee00190de54eadf67199ffa0c2b2a38a2094916e29b0a6f520377b0a645676d1de020a7de0d060e1c2b4ddba05f71fd60a448a1020aef1300bc7ec95c1d600e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
805e473cbf4eb28eded83755274f4ab0

SHA1
799646ee35baf928c4797f69fe704dbac47a99f5

SHA256
371685647fe251af4d34c671b36ac95e48c7557ad57870b79cc7436865a07814

SHA512
6cb803d464b480dac1ce89e23d916599aaa9acce48869168003b62c5fb18c7a5f272b51e8e44345ab95fc584f22f59b92d6f04dc5b34c532bde3b9a0bae5caf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2889cdca249dd17347f1c23a4e554855

SHA1
dfd16f8f88cfe93373e57a1a09158fa9e7b93cd3

SHA256
e3ae3408aad947aa4cf075917879298e3e30ae3c0c72da7c7897be499836525f

SHA512
f9eb20280a32e48ccf3e2b25fd490ebebd59951e998391228d645430cc55662aa279db3d3f62fe9d9b9978a382563f011a4b7036741c89bcc05b8c7000efa679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c92bf1a295938a6bee8fb912257d5188

SHA1
275193b4e7b2a48cac581f1294d5e53343c832b1

SHA256
6f73717ca6059111d445e3b1359c0d239f67b840fd03ff0c2f66350a934ae55e

SHA512
e53a08cd89973bf10610bec5fbada016c96972199f89be49a2276d8d2fe6702ec79d13c5cc9f6c81d10f4a302359d9a6ebe540502b784e307628454e97941e05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
441ff851ce3c562382fd81483218aeff

SHA1
3393f9e227b7a6bd547b7189cdccf5101f1c8f3c

SHA256
8539986ca044967b1833f32b64c2da1b0c91e60277d42a62b0173c079c114aa9

SHA512
95fba56692d4d62f196cfe5a7177c0e2c5d02e16f292783c196399e6be664bbfa7326ecda20fd3df934b96d691fee5a8ea2c503e2e0b7a13b655758a6da9ac98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
802deb7e9edafb5cefff4522837bf099

SHA1
c35054622e42aba0d7705b4ca315a37ae2c4873b

SHA256
1064af3d4e9be3c3d9fd43224bcd0123d977eb1d4d537dcbee27a413f9ccbdcc

SHA512
d9baa55a1c1a405848ad4250bcfcce0c4d02f38e4f3c34202b5ca8afc5a89d22a42a641a248d8cfcb4c133638daf06879f3bedf4a345b9047b6c857679be04a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2ed45c88a1285070fdc88790c4b1febf

SHA1
d418caaee33401bfd344c07df211d76ffd9e6b02

SHA256
3b530d4f44eec30fb4c40d77024f3a71c681b6353a65ddb3216da9c5b7b8c5fc

SHA512
58c9a6b98faee04848a0a2ec03e945372457db1216d439593eb9c458add5e9bf04222cf2ccee00cc3817b2cc769c1a7b4b6a035fd0e0f79be051bbcbf1feda75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e2c9a784c2127780ae52303c7dccb6fa

SHA1
40ba9053d5475b57b713bd946bb719814124ffc2

SHA256
f72f0da2a49d8ce1c5b7fc74d87eefd7bc060caae40e0865354a174b2ca9bba4

SHA512
763f3fdb8999c8d5c7f5e71a8c6f251ae47dbc0b72d575a4e385906b6486c544b2dc3aceba3b32ffa7057af55ca01dfa4a5b06c40d3cc462d8abbe0c6aa27bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a6f6fb2573715702d0e9e85252426408

SHA1
7de6f8f23ac14d7deb1da0d6eb2ec0696ef3fdfd

SHA256
c824ee8b0b57cb813c1052b1ad01f482c32c2fc3f0422af87ff4d95f79764255

SHA512
e1276b230a88ec5b33be057e45e51dfbd0439267519f6a3201214103655bf00311a977028a92e32fe55fb8ba691f55dcd981c58af7f2ee0e29c9e133456d1679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a9368a74029f5c4298e9235ea856d296

SHA1
830de5533a1056ae137cb2e313025d8295ec193e

SHA256
bbba175fcfa9d4a7728df1814d4f90f5a5269404e735f1b072583f2a8b2053a1

SHA512
2b0fb47eb00b92702e38617d00eb18e737704cd6ef5b674267d91eab50abf427459d2306bef3a8b7d5448cd0c7825c4f5f34802e7853a7c3f8a4faed8571aa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1e2dad13006ee2a5c942d8142c85ddf1

SHA1
8313e714a24121bbfca97fa47be7cc5c040906eb

SHA256
898c3773267d28b0cb275aff01bfc9a8b081ca3d49cfccddc301e7cad97ec505

SHA512
a2149b80e7570fa8c11e8e775ea9c7c4aecbd00bcf792a19502f9f163a858769fec02480bcac128bbf8405eaa1dcda642be669472fb79b4cd0661dee64cdc0cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
21ab08253843d8d7102b1a8ef000a954

SHA1
7d866bb8e631a9a6617a39df0077d93f72ffecbe

SHA256
9f3bd6ef2d260d4502861f2f12944dea17300690d0cfe0edee9d5acdc71e8981

SHA512
8d18adc72767d70168c9861f11f229c14785ecb01de9407789b2c2f58ccae164c25c2b2d4fe51e3903b36404599ba6b89890e40896c74c1c07d5f7dad121a75b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6bd66117dcac45cf42101af376d0460f

SHA1
124c12de47fd5fc86a9c13a2612c83bc456e4aa1

SHA256
6f3307e66ce436a1b9d083606d82795cfa1256a8a1c39358bdfd012e44542f86

SHA512
d09d3073a1b90303a5a849b8c0649373a21f8cb14f5ab842e64e4747efaf561f73fee2b56558e2abdba1d897c2d2942ced650119c31ed505b2215bff8fab4b76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b4f4d25a402bd9749ea81f175eca78b7

SHA1
b43af5fa048b3f315e4323971861eb4591ea34f0

SHA256
308d111a89d1f14d64192dc5a0f93b16eef6db06d9bc6cc102c14a97aaf3fdbb

SHA512
476e490107deb2e0381bceada65578ba333ddf40779d64a4d441bec306bddc20638fb11398f96af0d41e3b0458fa0fd126d94f5236babc71b79448e5a1ab654e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0cc1d31d2362be522a90a8302d8554b2

SHA1
f8a9f32ee573d2bb4bf73af97e0cea25db7d7e49

SHA256
3d962348be4e9d3413442f979db69dfab688e012f5d589d5550c6fb74d3a994f

SHA512
44d3bab2a8499ed19d7eda5599ce4a5f6a2f79912c9d54078d42dcf581c729f9bfbfe7c9ac6b1dee17cdcd3be9c2710a771a7f04e623da80989509d94703e32e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9c5c9f48a3594ad43b38106efcb9b9e0

SHA1
988d430029d8f72083984c9f1a1b6132b94e2fd0

SHA256
5934ee99c19af0fc87d01dc25bb0c3c26a4aeea337afec26584823dadf5ef906

SHA512
6d86b1bbb3406352058cd16cb93a3bfa30ee16cd7e33322b41d0cb23eabedff19d44b57d6662aad1f724c8ac2c1e093a501a73f7910ec78ddcbef49fccdf56db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
836eeaafcd60da07dd5c173f1f70581b

SHA1
019bf7b1fecaf68bac8bdddffa1d0b657d14ab08

SHA256
ba80bfdf7920f94cc76488d4e850cb01fda84ce5c089ac0d09fceff973ca5b65

SHA512
908acd982fd768092b86db314f93306c23687203c05b001c4ec6b7ddd940d5a5d514afc0553c88707662883becb3c3a76df534c02a3d31456d3f517ae5283eb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f15ff125330e8ac35c85fb01759d6956

SHA1
a4d424f3cde413f7b0b2253f809dccdeade054e8

SHA256
3ebf1b82b5236a636f3f92cded8e2c50e11864dd8766ef2693febbd97aecc718

SHA512
27e224239a2ac6f86931b58a6746ed9015341be2a402c9a22a91fbd35bf56b6e94352a422826655e4bb9fe598867d24b2990e34c69da70aea8151722e0850248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cd000b2a46975bfefbda2dd60dabb145

SHA1
0d1d39a6076eda4df742ffefa8695679c09a518a

SHA256
761a0493ef54e82339eeaf8649d5a116050cbf1153971f8e7d8e069b3411a49e

SHA512
1cd3e3e1a6228a37fa51ea07c5a1b21ecfcfb8bde97b223ce58839c88180c6464f790230fa6da71724b37c5481db6c21168a447be92a0bd5d3df202877c0fe2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3a7e0acffa918d3201badc07bd3c8966

SHA1
54625727d975b1a7d1f1f20a87982f9e743da3dd

SHA256
7866064677daaee4a2038d53d8b81eb176ab42eb209bb0cb603d2d3612ee4a58

SHA512
d02f356b1877ac755d794885c1d68d274f428844152e5d394a9a4fc6c3920fbb6cb7ffe0958fe62c6021feb59b3b32b87a4565d32118fd8672bc7cba6c252de7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fdade84320aee2035063049a2b8ef404

SHA1
264234b0b3675fa6a4f25ea998e84960c8da6aaf

SHA256
5532a5a0ef330bb689cc4dac2bd8e2f4a0efb9e040b8abee919007559bfa9565

SHA512
29bc97096053e21996bcab5b2027112f619a16d531cf40234bfad648c2c7dc92742e82153dd583c55769dcec683162a02329f7cf75eee5a179a8c25e1e91c2e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a0ae42213e317d71bb544b6fb5a65526

SHA1
c2763d1621e758d28f98ec9a7f635e9cce37932d

SHA256
376978dabe2083e3a20db38c2d9ca82fe0caddacdf8a0a8b162b388a93d62786

SHA512
d8a3bd05061a7ae2cf2bf297f313242dd13d90899046666a8545b641494051789d5c4b5e5f05365e3537f53515bb1d331ca4b3dad2e11ac165c5cae82f37aeab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
881ab12a7303389fcd962c6b732e58a1

SHA1
5887b488d8dafb1d6fbd8c978b6af26b03f5d121

SHA256
e6de085a6255f90e1ae519fe4d15b498b4be3723a5e207ebfe9cb8a99d2c652f

SHA512
438a534f393d07ace07b480d99f6974f6f5af332ad9a2154a16de3b3c14182a0db903cf56a73e455103fc6eb4400078de2a6a0d13e079ea62e6e82e234b21ad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fde803d5552fdad83588d528d1f5735a

SHA1
254a3ca58d7969903469705778a7d221bbcd3d2c

SHA256
867be505149481e9613dd0c76fa840992b8765ca7bcbb6810d362550cf8c77ba

SHA512
78d261bff8d24c45c39dc95e84b735aa7ccf2f8c1b13961b79e3133ff82c431d4aa3afd1758a8f6bf2dc07aa1dfe4664f161aae4a2db8d7a0a8f07350be8d8b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
74ffed9e47f91711cb71ba7bcb5b8d2d

SHA1
9f993b19d9f459e3bf2805365bd1596f51e1c99b

SHA256
db16a16b5895c120c51996f24586bcdfdaa1c36c3f205b56db0fcda05fba56b6

SHA512
d3c49f092a05731f89c8ce43920793ec75b7e743413f6ca2a03f1b737ce6501c9cb024d9d3795708f9652b42409b9f2e1d64ec2070542759b743c8b30f1de36f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8529a07d9189617aefa1c6cee5d34b47

SHA1
c7aa4a50f57daf3f61a05ead6cffa256c2365006

SHA256
1ec0cc58b354701a1b8c5af735b984bbbdb55c8f2f31c8bf2c9a2ff6b291d4b4

SHA512
72abfaec117227b1dd259fdcc9144264e8a07f2c423e7aed20aeb9bd76d48a59517bf82232a17ae303b449fe7cc1094ab50845065624c9c1dbb573307dba0e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05e52044c6651dcd312530f8208b1775

SHA1
226bf8008afaa6321fdfeb76042fc6fd6446d1b0

SHA256
e26ef828c012bbc49b31fd4d4ac9201b766e83814dd790e7940eff45462a280c

SHA512
078af8da84527e793f043c052862e7877649d6fed92eeb26efcea240d72ff7a3cdc860088ace24ab618fa5a195459684bdf5ffe7f1ed9a8ebbfa7d03dc67cbc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5075c0e0b84c850d5d21f5751f584f87

SHA1
2c166e062d940581851e71a14671e1dd6c0deb4f

SHA256
426ec330eb1279d639b3e0a75a54e188bd692625ce58fc40738306da3760d01e

SHA512
c4b2e367c69a09e86996b467f9c19e8434325c6805937f840757355663c0e9fa733043da9a1d31319a612ea3a83c910c93cf5a5cfc4bd6c56823df8f6152372b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f215feb5445b54707eea24b4c423ed9f

SHA1
307727510a5c1d53db22063db9fec0f84390315f

SHA256
e4b946cc265d3c2b8e7ed0eada4b7b3b42e0f0af033f00feee156e2bd4e842e8

SHA512
2eaa9d559820d274e668bffb9a725cf6715b09b0644534fa1ce860c8e30662945b0becf714cb009b065c85eb484241518d559d2ab6972acc6f213ab40a960ec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b14550a2997040d5577c9ca719bd1cd5

SHA1
553f7ee7efe3e00a7c15f0f9d99aa86a213be5ef

SHA256
e2e800e2912c6d634fffaed8de78b9ac1b4942c6af007a2d20c5e6cc22e63671

SHA512
b2b188448840eb07709e9946a66448d068e36ac5666e0be1fd3fe77a106db7e597b16f68a63d0069f5e145320125a6d2054e630b85bfc4483d9d125dea2770e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
16c8baacfd36f33a1df27d62f5e573e2

SHA1
efea22d1166db84bca75ab356c2507ff538ef513

SHA256
df2a261c7f3751c60d234072b7c31f472b7a5eaf1788a3d53eb6142415295a1c

SHA512
1ad94469ced9de77722ae7cce3194c9548df0c806613ad4f30c0d52733c2e95c56ae477ae796b9d0165a291d8179cb79df3ebb2aee9c1065e40e8b65d2bc362b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5fd5705a6949fae0c7a028fc10b51ab7

SHA1
cf266857f3a5584f45e701c53231232aa96661af

SHA256
e003346e221267d72d11802409d86b68edf9127b19faafe688a016007b99bef8

SHA512
89ece065ea2961835b8dd27ca43e1be6987623a3d0e8ea71719e94f5bfd82a2beedf3fdd604dae5675091ddae3266667dab389ce37ba66c22eef53607634b02a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
22c8371bd2eac82a74e73162f1b27668

SHA1
32c3b245cd6a47eb98ca489826a4c3345e07d2e2

SHA256
702eaa485e94458fe7f353cf0bad3f96c269437bacd9a775aa470a7f258fe3ae

SHA512
5fb2359f5f0eccc15458c85137d622bf1c0bcf58027c7247e370b386dc1acff618fa5602feba0a0e1a5422f059dfeb7e23b3cc57f91d90ce4cf84f6a9fff357d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2215332e91fde19cc54592a73d9a57d0

SHA1
1b870f64c2a527dbaf8668c774799da98d85a1b9

SHA256
53ad882e024abadad8ca3bd1d07c31b8e438c99c8e8b54773faf372a2848f2e4

SHA512
ea21bf3c755eb52317b0f56e377ae97a96510a9414cdb18b32f5a0b705c2e56b758165f9703347461cafe66ef1063e20b3177d14ac4a047bbf14932110eb8ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d94677c0a767077955fb097be229130c

SHA1
fdba3ca2df3998e20d079667910aac17a943b60b

SHA256
f5c939411f305a07ede458c47f3e6d77e756af381626f033d21e9ce71066a6e6

SHA512
15b4f5f07f3c1508d50443da58cae921f5bb18c16f00c341a40d86d3eff715bdb90d672270c589ed00e4561d68c1a84e22e62f4a8b2b552d51e9113538d2a55d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
33f2c432257824794266fa7612e15f32

SHA1
4d3bbfc91a72d63c2cdef5913490aba5f2d9338b

SHA256
d8e989e08e5143eda75fc26c2a9e5568692e1c2c6e978a3559bf95c99627b2e6

SHA512
fe0d5264cdd05aa8007c545c8f531962ba0fa1174712fff9b9b450ad59159f6cfdaca46b112a3825a6402c35308be73bbfe55b233f4beb65ee993c0c335a9c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3382d47c023d035057be27db1367da20

SHA1
d359b44c5dc274c3bf7f23fcc16c63a8fc179429

SHA256
261d896cf21756cfe4d0582940274df18ca4c6b91f2f64040214e76da4ea7d36

SHA512
49f47905f95cd8f3ae7cabf1dd71043356fee8904865d4b95b8883cbde22ce6ffc1fd2314a3686f7932f62cf6a11572a63cda13279012f22efe5cc6c098660f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c4bf8385eecb24e77a7ac07681db1bb8

SHA1
44dcaaec5457b24c251065d66e8129e472d3ff51

SHA256
eb5717c4c9e428e182153efd6a42e8735acc3db279d318db16403be56a8d0bcc

SHA512
9a85423e6d8deb3de12add713db1ee263dd288023ccd348dc300b55757299fd7e0f95d3a419101bba2ee4c28ff68832443fb4fac68186de545b33c94e0837012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8f863a25edc49ef6b84b0bc615566faa

SHA1
0e11c380e0ec444f867b428d102aa43ce7ef7e88

SHA256
fbc56245c01063bdd0a0546ed3ed0efd3eaa19ca388dd97f23a45478ba0bcc9c

SHA512
327bf1149fa6c349a73f21b87162eab1a9a9e697afc5abecf1fb1c71a16941fdae645f10e670bf58136022db58179a5e6c040cd55e6ec55016dd6cc647c7336d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
6KB

MD5
af60b5b705ad2a7f44bd7bcde576e143

SHA1
ad1c1bc1f2ae9e1aa2b9e3378208992841f4da60

SHA256
0cc2feed94cfe547dddb410704f9264f18335c783beda290792d21ab9c06be1d

SHA512
3202c126c6b9830fe06900272a09eebda7519b06bc2e0e83c746da222e2fc1f8e225d10f2e86b651d36d676e97be4408a25f829f53cf5b7fc11024b92c05ee20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
5b39d3a17b852caa8c992af580447ff3

SHA1
458fb5d7f891021760694ee5c7d07f8fa8862ae1

SHA256
d6a60192e5e3192f3dd5d1c1b5711f945c056ab17d570dff63511269a0978c47

SHA512
1a6f5eea9f28a5f87eab96eaeac864f69c43438d7bd7501e89e3e4fbfb1893afa135b90ef4a97a2a92f05ceff3b198157b370d673303d165112a23412dabbb79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
e437ecbad414aa7c0b0a01c57bf02985

SHA1
6c953086710aab77eeefac8c56e22ec67605b1a3

SHA256
7e4e1f00323ac1f4d550b30947b00dd10e0a648d48e6a7864c041ce0e837074e

SHA512
2a655a2854024494f4d19d816a700459c258c9004d2132337a8ca65a796a86b2fc8f91ea61d8e2b8484dcad5194d4b1b88ab70f4f3365752d5b148f45d85c696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353846188428710

Filesize
12KB

MD5
b3535933acebf1c29437481b7c643c3a

SHA1
fb1671af82704d71c64e145526f2a9329845a849

SHA256
c1efbafaeb6f6575c1274a12fbbe9ca3919616412f1e718d3287e242f8161845

SHA512
a85f6aeb0069ece24a0b1d1046c4852eb7993366879d6933cafcdf95b7bf200ec24613d3e1517e5d4ada1f961ebc4330992ee633da07386b3dc138f5345e8faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353846450525294

Filesize
18KB

MD5
c06668b857c94ae7d887ade8a3083bb3

SHA1
6b9fc2065c4bcf4f1adc0513cba2299cbb5b3b65

SHA256
bb2fcc81a6b07548df6f8f035a5f1ea73f7b3df8f234a9c27404c14f7382ddc3

SHA512
f889909793ad826ef284b17d1b2bfa8106541f82010b1c1bef500dcbeef0afa8bd58b1475923d509dc265e881c112008ebc846c4539d18936840faf37293f503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
df7de03e0a7d5d3cbd17e9b3b06221fe

SHA1
32c221a5a7c202150139404cb59f7e7dadc9deff

SHA256
9a9e89e6d2d704e5cb94f4ead3917e2d24b0bda977769df2c673862e553eae1a

SHA512
81cbcee8b08f5de8478514f6558a17c73d62f08bf4ffa7601f3c94d97beeaf05d640fafef0184a3adc05914d3ff9bc100b1d7ca9cc2680ef0253ef082ee448b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
790cfeed32ab6abfb6843c5419690572

SHA1
89aa9f4f06b9d1df59e45470145f0d0b5a6ace6e

SHA256
fe11f35a74fdb064246f61bfcfb9571f432fd64d8bbb0245bf3026f9de7c42c7

SHA512
4806494a493cdab76d1b61902628281ae81e06a605f3f265cac629fb0b05af6a939d087811431633b43b68c4db993df668c675252533f607b8c2fddd103f3ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
320B

MD5
edcd4e85911aacf5c49fbf331be29996

SHA1
e5b82d511f2be4b56ca3b62094ecb9fddec8cea6

SHA256
37bc1126dc816969bb7ee46ed5e76fbf63014eb34da2277ad07ddfee8b49b024

SHA512
d54135b0954b174b02bb94b24f5fcd4d8b09686a4a9f6f8954c604c42c63a6acd54e2c256b7ef3c7cceff849f99fa5f7baeb1976bf20d164877c48d19ca20e5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
047c846652194c3a43d172c6619c3efa

SHA1
fa7d2296e8c3ecf958990c16af56825a2aa810e0

SHA256
c7d31f7633cf6b0c224edaab9d124583ead669e6d36e1a6b4702581bc5c7cb66

SHA512
e9ee98c93ab41da782477c43da89b51567de4eef188a316878a069af4f601b2da9c202639d238df195e329f37d122803b9f5794b33a5c50329b6de65e86a5622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
59b9a4b24fe3abb04e74a8cbb869af1f

SHA1
b92e4e16ab576d489b18c2acfc86b0d941218bed

SHA256
5f9fe559e9aaea00f37df0a376010337b53160ca817393fda68755d8b4131a81

SHA512
f8784be994ca029777106d7ae006fe8276d04d75d83e6fe7993a414ceac01a7b35efc55b2f5a45edd106066954ba283e4bac3d72990545ad3ef18cd601c56c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1fde44aa83d8b5e4249019cd99f759d1

SHA1
8827ee2cc3b3a77c4992ad2fbab1fcec90e7419c

SHA256
d594393719a78c2d7c8e2354948b1b6c59ecd61c2363a7aff6f39103ae92416e

SHA512
8eaf363b4e78ef5c9e4793edf5b31966349d002c3537d03ad7550397fe694125ea587aa98ccb1791bbebdd5b45d84081442f358abfff183d669e662609947acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
26b8082e28605d88b1560b7013a1ee1d

SHA1
15db090cefc23a4506d7f2dcdcab6c3763ea7a36

SHA256
a140de740f96b807e6e96dc98d152d2cc16e94ca89dc9a521ab25590229efd1b

SHA512
0882dbd26185844caddcd3abdd3a6209ec4d785b3c59b935f38e894c383d09e37626fb1bf2df4c724d76d2a783ad464d2326744b746c4a76b7659ee105d7eb4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581d86.TMP

Filesize
871B

MD5
e863216b02fdbd8885dca5a067930eca

SHA1
917fc98355c34112df9c6297bbf8dd3153748020

SHA256
b4c864c988118c589104b778c0e7a754b7dd7cbcaef52918972cc1c15c12d027

SHA512
8a6a10a3b3810ecc3547ec486f6b3b0f4810724bcff897dcc8342062f13af028d4baa23b5ff7f0e3269fe2cd687f4a66604dece9e859ccd6c7639d3afa7e55bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
aa7f46f947be04c84e6ce3e65c0b910c

SHA1
df01022e33640c560ebb44012d3860f697368548

SHA256
7686cd10e03cfb9e33cc4c583c7b0818e30e065596ab52ba62a04c571284600f

SHA512
15a7df876cf8399118527f13fc739dee9cac4bc43ec36f518ce5af4ffda6a51019d4f92486b39131ea5d8c0dff39ebc23cbdd3630eec0685d216eef0e5d74dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
aa063523515cf20ee7c25c9a37faa9cc

SHA1
a5f76844be4d95e8158a2d9a430542740f89cd03

SHA256
8fb92dcfb41ab246ff8aa5b650af7b72538386043053b6ba6b99a0262ea37ba9

SHA512
99e260a5b2c97718d4945398a5fa15065a48e75a291b5a5c1531cca2ebb953ddc8069d2affeb62b2a104ea7fb54dc719d1f924e052c85afe1c18bfd6b6b97d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a0f624c5-e952-4f2e-9ec7-49c2ef1542b8.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d23232cd-19c9-402a-b5a6-8458665627cc.tmp

Filesize
8KB

MD5
6630053edaad28a38b9ac1844c5003ea

SHA1
4d05ad4928a3be79e3ef2591612b48fa8da35397

SHA256
dbd2c99b72635f53cc92147ab47277e629bfc3f9825f396817cbd507ca98ef96

SHA512
a746072f3d611d15e56c5cac91516f61eb6430ab21d27f7848d59ad0683539e45b44cfb16c69113ed9b5eabd41e6b84aba5ceecd18886deeb4f9b714f1ddb1bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ab6ab31fbc80601ffb8ed2de18f4e3d3

SHA1
983df2e897edf98f32988ea814e1b97adfc01a01

SHA256
eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8

SHA512
41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ebc863bd1c035289fe8190da28b400bc

SHA1
1e63d5bda5f389ce1692da89776e8a51fa12be13

SHA256
61657118abc562d70c10cbea1e8c92fab3a92739f5445033e813c3511688c625

SHA512
f21506feeed984486121a09c1d43d4825ec1ec87f8977fa8c9cd4ff7fe15a49f74dc1b874293409bd309006c7bbc81e1c4bcba8d297c5875ca009b02e6d2b7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f09e1289-9c2e-487c-95ac-74b6837a5aca.tmp

Filesize
1KB

MD5
a54aa98a1c83f9fd2243b9609c3e3776

SHA1
4a0f06ac017260e08bc372b8f62ede2b9233d921

SHA256
be74821214403058975deb966d31f9552c545d28b772705f688617fd65ea61dd

SHA512
a33c7a4e52b8b6c4cbe69ba4f5414f0d0e33ec9aa77d39a93ac12a763b1322306d37ad37c5e76bdd82eb5c03e81a27354d417451388ce5611654ac752f3130e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f48d0b4c-d716-4f24-bd89-78a5209d081d.tmp

Filesize
1KB

MD5
1c2ab6941eb785c14c13cd115ed203fc

SHA1
2a93f443364548d308893d7e0bdaf918779deb57

SHA256
1996f47331578faa555a2499059fadea6466d8de42f996e6e5b91479a690f62c

SHA512
10e03fc707eae415caed4b1884a5567460fbb8d99cff6dd09c1e65c8c8ac5a9f07339c05d17111794cf8c335d209ed0f7d4c21c49f1689156d6f1042db60aff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
76KB

MD5
1a636cbde51e402fb3f7b89bef204b85

SHA1
98db084e8c617fec4442b0a723dd12327d2d3939

SHA256
4d228465cea4007e5b4ac7744545c6eb768bfe757fd7d3bd3a0d4b15e25b3951

SHA512
01c6331040387940080343d263ecd98cb1976e0df361524fe4d205ff89412f4445cf3a0888e4a07ea27a35445d519e78b0ac75c7fdaa8d1b58a605b499124bb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
efbb7bdbac32b8f512e63a2c0a97696b

SHA1
3c0f1e9c905fb88178cff53eab1bea21514e93d3

SHA256
333059e6f794a2d0b9163681d63f6cce0aa38bda1f8373ffa0968a8d4123dc62

SHA512
019fc35729c9b54a575c6c0c2648ce6271c9cef1fd0b7d87a1c42a7fed74cfff2b3947f95e88134d43fc50d585fdddf5d7732cd905712938b2a3497d6e87ca7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
ee52171330907750017280c8691c7e58

SHA1
6f90a3b23cded25089a1a8c52f145c37fa9db591

SHA256
03f06342e50aa8c7607e02130e6ddeb56f0292500129793dc594ef72f6ebaa8e

SHA512
56159bc43da7585edb6e38fc201f0393cb47e9376ff0eb797af5766c85244e0ae1b71501212535ce5a9ca69b6c279ccf7cedcfbbfc0424cbd9ddb1af3ae43c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
4KB

MD5
6f5f53c6960017dfbae5a2a7278b60be

SHA1
b4b768d4c235e21098a3934c0510e96d02da6cca

SHA256
3d23242ec4b2a13b469c369b1d2abe9c4748589e457668eb1ca6e9fa5de104aa

SHA512
eaa4eb1c54d0eca6f52cbbd8dd02ebf31c71c8e2fd700d81d449fd5fd0e5decf4b75c03ac3d3d2cc68e7926a5995d585a95924ded070ca29f37756465f302cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
4KB

MD5
72fbd30ea29c1320001968d51ea5c29c

SHA1
34eac76b22daac3469fe4347a6c927ff9f275855

SHA256
5f7a633bcd96272ee252006b400f1c1225706f99d740df9d3fd471f924885bb5

SHA512
a860668150d4741c8b1807e6ad13d0e4a416aa6dc49c41b5fa5299c8871278a778108dcc3790952b65cbf9a1f3114f54925f7e8180e48b61225d5f6049c0ec4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
43adc290d3aefffc0596d44d390bc5e0

SHA1
4d08c240d059da2a5d26c5b752e0e7b007580731

SHA256
236aed885286cd13bd887b35d72276294da9329924bc822aa7e50cfce08eb055

SHA512
3650940c78245366e021025159c09bc5dc4e9d2026a0925a880a39bdb9f971edaf3828f0660cdfa27de319cc94ec937623babd7d583e4fe64de0559c09c5be9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
f4630c0189d2f6bc57c9cd26531a4591

SHA1
c32f53747c16fb8c8a681b8be4b042aea51db919

SHA256
5a1b03790ac7ced6ba27635b9be5477b6c94237b7a01d55369f43d44adcf5454

SHA512
a428e9c3de8896c989a0cc997fe2b6a30e1d7fa381ce07341ff90914d278c0a650692c0af499d264818266a3fcfc536faffea7e7691f4535e992a2495cb74329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
885a9ba947c9bbf51ab1991ae775ce3a

SHA1
ac103aee906b793d95951bf67873f36aa18f4a75

SHA256
3bd1191b6a0a53735a24354f6bf1183eb6ed1a4ecbf98ffa61fa117666fd9b3d

SHA512
84fbba08266d2813d8d704d32acc225605edc398dcb93b52c08ca846a2b7465b03a10401b74c161ef2acb9230685ab41cc8a30ff61c63cd402694595cef80e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
ba18c4926c761ee7ecda18278058402e

SHA1
6aa8e504ee3a8678e601d01801835a0d623a838f

SHA256
f008b88b1ae25dfd9e5fbcfce3f71cf18c7186923b6a4f440a0b44940e958d78

SHA512
40ec03e3dcd86778f3a6146d298c90d406e3b62875f96cc9a46b36e0e7d67c46137fb76d447e46acfb8c24d76347d06d973efdda54e21fac465f79ab33b0498e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
443782ca02c0980400dbabf5e310c9f2

SHA1
f0a277c982ac30287768857f6195f73a5f655bc6

SHA256
7b5bf0cdf61fedee3ff803b7f223dff240c3e093bbddd83436d3a18e94081f88

SHA512
d484cb0fbe4a3365e34e478faf7cd1fe862aa29c8c05ac423967a175abe5277d3228d09be6471eb9b50f3e342b3b447b3df2fd674ff4fb1ed8250366c1d21117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f432efdb1d98f2c01947b902be5ebd50

SHA1
4f0822db3351cf9d8fd71c996a8dda9c19bc7339

SHA256
640792cf68f333a8792e76172fa3f405535ff77755730db33e8c5bf8098e2872

SHA512
297ff56433767515a511b867f918212a2832cfd0fc75694677290cea1d22b0609aecfed88d9788e737b8b497dfd1718b4fa574ebf880f47abb0a03d71349884d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4d99605c84f5981cd5439e4399f344d1

SHA1
3e37a10bf103f0dddaa8ae23ec0ab7c929a7cf3e

SHA256
8950f96256fd034d36c4b6f64caa7d75ef8c53f9eb97bcf83a83bf4b944d55d1

SHA512
d11b833af6049aafc35928afec2d928d61f4e4c91ca3bf63d9993bf812e79e34f242e1f790e817dfa8d65ec48916165cf7195cc7dddb277a0ff8d03c0abe2494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
786ef4764cca4315df773622683efe48

SHA1
f176bfea431f7f3221187e7986f28fdf2a00e5a6

SHA256
20f89016aa2a78ca47541badfb6a9263a9c3f467ab288e8d6bde72ad9391ff08

SHA512
60be43ed03f111abea96e72ed91ea0e0af9ee35d73748e2603c61c238ba833c572ed5049eb96d030d32ab1f6eb4ce351887f246921b9b89f321868251e68a6c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4dba9e3d96c9b32cb997f37dd19c8f64

SHA1
7f1a75f209ea2b5038ef3a5ef33dd022f954a46d

SHA256
8dc89286d4d5f11b01cf765cfed5c99cedf8485010f25638c53aa91e318c71b9

SHA512
f08301bc56e68d94fd89e534694f53b8d52a760f3e7a0c81043f435522d0d36d1996a172b0fc741d1ccecf5d00c63ae4a1a9f695789e64a50db0ba36927bd94f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
50beaad204d9aa8af4e07a4d68c537d6

SHA1
d2378aeb4decc24e09a9511a2bc90e17a3b21f28

SHA256
7ea831857aab74a8516466b263c56e8eba79b9aad4ff406ced6e70299a041dd7

SHA512
7b69e7cabc91ba857a836b57ab232bbe799834c78820b957b5c6750346ea307302eb3b132aeb7865a0eea29b67238ccefb9095984399ed941b88d7a14a4eeb0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6a0dfafcfa09ecc75a540a1a0533e057

SHA1
7854e6cbc681df62cb6912edc493fa61c5d893be

SHA256
a6ca1c1ef643164e739dc6c1a22c56ec8677c098d918b21b7664d61e34cbeba4

SHA512
b0cb908bd5ac990a5905e0b75aec091c48c32d8ed9e750cd26b2927537b19d8e0966a71c4a5ed51fc9e87456a39368780e688c8cf91fbf9582e149234fac77c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2e137f9d6c0d6a51f459f90705522bda

SHA1
86db53a2b777f6cc0b9d173f73b398792d21efa2

SHA256
d52a7b9f372c6df0b95f10ae56f71471c2d25c1ed53d3af87a83215ce9b43e6b

SHA512
ba0c50026abe6ad5debec0aab2c9f8088ec9e2f9efbe1b669c3f97b2f904d49720384fcd32f850fd3433902b9f5d4c9325c2640d6651594f358bcbbd3d143f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
515f94fb32c36e61b38e404caf8665e1

SHA1
f6fe2f435f22e3161ca7919450cd9cc3432aefa1

SHA256
c8316c3c4ba5c79a5237ad3aca9529f217f50426b8a60ef9c8a4b900df218afb

SHA512
d9e59b2621e65f954eda123fb46cf01e735634341927e97067955b9cb5421f1955c06a0bd3d1c3928017721f3fc5696ebfeb6691d4e07df5f40d91ff8d6e3eac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2826a69a44e7ea11b465fabea3f310da

SHA1
2de3e207d3607cecc4c23a81d5072bb9bd10721e

SHA256
c19ab835a4d56f7b320517fd7dfcc2e3446d4559cb7cf06b13c3a62eaf6583e5

SHA512
b1512264f81f01c61446ddb369c231aac127c41062b33ec3cef4f7a6b3bfd1ee1fc4decf62398a9e100c1f1e5075aad81aa5899f8a3bb3392feb98e1d88e6537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
15f98c6a7554f04c54fb5cb9b12cdaa3

SHA1
98e787c0284638a4568ad47399d1621bc4c65d63

SHA256
574bd57fb00442d3680771fa6636a812116bf638db7bb6fa6a9c1ed2342b83a7

SHA512
d2d50996b19d5e210a329f2ebf0e2b9934cafd5ed6d88a73da9422cd76e042fb0527a1b689377c47541c995c62b3495ab65f19d788cfac08b450990fecb0e71d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2eee0674330f7bb4b3e9d5312eee6ba9

SHA1
3a340d308bf7622c980effc53459c3feb9f5b3a2

SHA256
203bdff37fe6d9aa31703b9baaf35276a0e4f4e15bd950e7f5e1c14fe9c976e5

SHA512
32c30b75cf96700a75d8f19a72133f32e80d5ce6d08432371583c7cebe1d0eeaeda8b227798b35ff61cffce7ce70ad160ea89e621a43fd8e5f288a14ffb7d581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
16012aeb9039d97af2b4dbd926caf26b

SHA1
f6f1d5892bebe16c5553832351fb23e1777f86f7

SHA256
e9e92c48e902f40eb7a0c32e2932091228de7e0e1cdaa970fedf0afcf9db8c51

SHA512
0a835660b5fbfd6bc9a6f52603c450025e36bba90732572556e3ef6ca499a2136ce28e3e1433240c0593a532cbb7067672c8cd0509835f0b084cd5cb6f8a07e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2f540a5d8e92831c9c0a76a477388448

SHA1
305f69b029f6478aa6ccb3bdff9937612c53b508

SHA256
b77cbc7f6175b01de236386d4e0ac5dbe4f70e7953f8ac07de624bfb54245f23

SHA512
e691ada0ea898f5085c85402c67fe61dfed79a0a01ec5a9b2bda298f3e56676d6b1255f757e84169e0cd045317414b415f16cd235a1c50d505ed483f8e710eb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a9e60491dda11e361f58981b493dddac

SHA1
ccde5c614d1ec361da8a4c0d3b8f62d69fdc1df6

SHA256
1885c63565718ad0f89ceac5aadf6809637e1852ce265b5fea9fcdc6eb5428f5

SHA512
a30d82d7691a2d136f31f63cd4da7e3d0191601edf98cf1cca9f40e8d4f3668faab1d195634f84f8babee5a5bd4f9b6cfe563fe496119c5856a4ad0c00878b64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
63e09716767342f0b34d29b1d7cf727a

SHA1
8197685feb2dcd573e1ddc2918ff20fd09189900

SHA256
cd1373b541532a48d2c0e89328138c08b20a32676ee239f927b5b6022b2e4c4c

SHA512
65a777997ce21784e9757c4a2a1dfb0237387f9642295ca6dd8136264cc1fbf0bc0954a8bb7dc3963c420b982ab1cb38ee29d019307ce796e84f412ca3ca714a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
14aeb44a79dff112489f3f98eb43ee23

SHA1
4878e8e4041b46738269cb17335ea5cd56e33634

SHA256
532d54287eac8d118a6135cc49cff1a349169b178199ad46dc6378d5c5c27d9d

SHA512
c7323fe8eba40510472a9f737b1f34152ebd6c1b3506d314f93d8239d4dc46e7534c7ada8356b5da83d4983db3ac401c5c14994888087cd8b37e2cc9eff710b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eaa3c25b1b0cb44721d380c1fa4572f8

SHA1
045da9215c62dd235653d199943146f29bdd5bcf

SHA256
51c7410b5771e5429c209254f7d559d00ba0c85f3e5d7f6bc49f46cb8c8ce3c4

SHA512
e53170988892de48a09067ea8194c3b24cc9dd896cfd5314df93742eba7992096ced8a94b52dcf0a3bb41f6b90d97e733caadca21ac89621ce7fe7edf45f205c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
961878b61199e4f84c40c4118737c815

SHA1
13294023ae50454831ce921fe3e3babcba9c1ac5

SHA256
f34c348adae6e4680101292fe2a32486fd4dc059e7076e9217fa949467350758

SHA512
a39b4387e607063b8f2b41a6f193722d89f4748ac1e83681d647a82affe3455cb5ab1d8faee63dc675b56d4699cb6d039d4ee9236e8052dcdd8cc7380717b19f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7dd1918d57ba3d41c5a9fadf322a6b56

SHA1
8d05e5b64212196250a574a7dcea2115f784407e

SHA256
bc14e8d985b8a9ca262ad62a89814ee7b891340a262cd1dd0d2d1c109f7f26fd

SHA512
87aa33f30985621bff265d077ffef0ad17a001876719e2d7fdf92f40de257d6adb91c5e029e968c5b5f16c90289e02de46211e9d6d1915224d8ef2bee33a8118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
413e80ee548f76a251032cfef7969009

SHA1
b2fee436c9ea3ca05494563f3e10df6fd158dafc

SHA256
f64433846f59f20846e0479710adc5391a19dfa8fafdbb1d2071fa4f539b9e14

SHA512
09882e49dd8514c362e62387e556d9b7815854c9b21a8804e4290986b1cad20d9510f31fcdf51a2fe30b6789ded85d31b6aa232cb25900d7605e7fd04086e0b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
58373b72dd51792d7916743be51d92f0

SHA1
79540710d2111a735e55f4fd3f80eb701200c10c

SHA256
7286d76a13f1e5fc4a30b6f0a9d301be15621aa02410e59a61d0ae54189fc2cb

SHA512
ded65257251281824bc97aaa4e79812b63a63a8bd6f5dcaac2606ede5466f10f9d96b6e80aa353addb3e97d891ab1af2a695e2218dd92f5c423a27b59f942719

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e1b4864bf8d99329f7cd068027ed43e4

SHA1
76d056dbf1263e9c1471fd5a08d30f13a6277c37

SHA256
c10d9c5e6a1a3fb56dbeeb759028b8a54dd24e5b149881ba47bce2c9a43dbaa2

SHA512
a92f37c2e104f82fc74a26bd8ce8db64c63fc8b79f3d2d969989d71251c641783a768997cb3b666817e21e07b9ebde98150630a80d329c3fec7b716c371f2d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1a5c92ae0992188ee9dcd0d8e9a6555f

SHA1
2b095e3f4b72f9351b1ac3bf131c3663c6d9ec2e

SHA256
fe9445a855b7c0179a2b5b4ccead58ff90672bd54eab16d886123de33242e027

SHA512
6016be1fb9ea50eb19ab78aa6cd592a2af4c47b9b0059dd13f1eb845b06f65a735ef3b5e3849c30f9753cc47900c32ccd1a88bcfdfb89479cf5588090632bdc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4e8860490fc41c0c22298e57e4049852

SHA1
7fed192d0d1d5d6072c182274dd811201a704e15

SHA256
f519d1031fac9a845abddce6291b09cc69bd12fb355bc8c12019eea0e1635fa3

SHA512
a8db9c71d155018ec539bc907bd301ce48d4e7cb268cf62752ec1af3592e56c37b0537b189bb89c442e3601dede541c60290d31450d87b167ce40d20433d10ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
66bfd5b48661950e62e285a27e2f06c5

SHA1
428a0dbe9db0f75fae01e787ac948316a1f0d7ef

SHA256
018fcb50ecbdabc654df350f11e6344b43c2a54dc109f93b8b849f302f59a84e

SHA512
f0f52eaa994124f8f406ee6f3f9ea6df6d07e6e35a87d5eaea552830085b6e7faec45eb7ac57f4b1b58d5fe683c7ab505dcaa0070ae5b7b7b81a7d458b1cdd52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9ba6f0bf4af0887edc199d181ad2f78d

SHA1
1aa129acb6969e8ebdf1d34e382e952ee50e0f1b

SHA256
3e61c8ac7aa1843eb9ff39a0fd60897d4a464a95ead3d5e3d41ec2422b24a691

SHA512
0fe127ae08435fe8089badf09a265be8271959030d6d9f2ac853fcad0c4b97ee0c6ddfa8ac2b5ccf650b9663fdef772d9a88697cf541416d53e46fa20617ef11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
6cd473b205c0a6461eda0c8c36dcf441

SHA1
1125161638de73326bed16f6133f8d2bfd6ed91c

SHA256
e56e4900733fc41ef4c18be0be619f98008d5ca6703444fb0df9d991f43a0904

SHA512
77aeeadf24537c4f99b1718edd7b2da4557fbc4136eb20b48722143953596e248e866389145da1bec5c3c3430129a03a8e2d5900fbb94ef37c1bb4436b4c2a4b

Download Submit
C:\Users\Admin\Downloads\MEMZ-Destructive.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ-Destructive.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit