2a45e44be359fba4c85591e7b13d1ec772ed181adc41254d8b00d31b2d15878e

max time kernel
463s
max time network
478s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
25-04-2024 18:27

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-25T18:36:19Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win11-20240412-en/instance_13-dirty.qcow2\"}"

Report Analysis Logs

General

Target

Memz.exe
Size

14KB
MD5

19dbec50735b5f2a72d4199c4e184960
SHA1

6fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256

a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512

aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
SSDEEP

192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

Processes:

Memz.exe

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Memz.exe

Drops file in System32 directory 1 IoCs

Processes:

mmc.exe

description	ioc	Process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Windows directory 63 IoCs

Processes:

mmc.exeUserOOBEBroker.exe

description	ioc	Process
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_nvmedisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_primitive.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 35 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

mmc.exeTaskmgr.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

Processes:

Memz.exeexplorer.execalc.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000_Classes\Local Settings	Memz.exe
Key created	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000_Classes\Local Settings	calc.exe

Runs regedit.exe 1 IoCs

Processes:

regedit.exe

pid	Process
2112	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Memz.exeMemz.exeMemz.exeMemz.exeMemz.exe

pid	Process
4020	Memz.exe
4020	Memz.exe
4020	Memz.exe
4020	Memz.exe
72	Memz.exe
72	Memz.exe
328	Memz.exe
328	Memz.exe
4396	Memz.exe
4396	Memz.exe
4488	Memz.exe
4488	Memz.exe
72	Memz.exe
4020	Memz.exe
72	Memz.exe
4020	Memz.exe
4020	Memz.exe
4020	Memz.exe
72	Memz.exe
72	Memz.exe
4488	Memz.exe
4488	Memz.exe
4396	Memz.exe
4396	Memz.exe
328	Memz.exe
328	Memz.exe
4396	Memz.exe
4396	Memz.exe
4488	Memz.exe
4488	Memz.exe
72	Memz.exe
72	Memz.exe
4020	Memz.exe
4020	Memz.exe
4020	Memz.exe
4020	Memz.exe
72	Memz.exe
72	Memz.exe
4488	Memz.exe
4488	Memz.exe
4396	Memz.exe
4396	Memz.exe
328	Memz.exe
328	Memz.exe
328	Memz.exe
328	Memz.exe
4396	Memz.exe
4396	Memz.exe
4488	Memz.exe
4488	Memz.exe
72	Memz.exe
72	Memz.exe
4020	Memz.exe
4020	Memz.exe
4020	Memz.exe
4020	Memz.exe
72	Memz.exe
72	Memz.exe
4488	Memz.exe
4488	Memz.exe
328	Memz.exe
328	Memz.exe
4396	Memz.exe
4396	Memz.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

mmc.exemmc.exe

pid	Process
2036	mmc.exe
5448	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 58 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	Process
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
6928	msedge.exe
6928	msedge.exe
6928	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe

Suspicious use of AdjustPrivilegeToken 21 IoCs

Processes:

mmc.exeAUDIODG.EXEmmc.exemmc.exeTaskmgr.exe

description	pid	Process
Token: 33	4960	mmc.exe
Token: SeIncBasePriorityPrivilege	4960	mmc.exe
Token: 33	4960	mmc.exe
Token: SeIncBasePriorityPrivilege	4960	mmc.exe
Token: 33	4960	mmc.exe
Token: SeIncBasePriorityPrivilege	4960	mmc.exe
Token: 33	2208	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2208	AUDIODG.EXE
Token: 33	2036	mmc.exe
Token: SeIncBasePriorityPrivilege	2036	mmc.exe
Token: 33	2036	mmc.exe
Token: SeIncBasePriorityPrivilege	2036	mmc.exe
Token: 33	5448	mmc.exe
Token: SeIncBasePriorityPrivilege	5448	mmc.exe
Token: 33	5448	mmc.exe
Token: SeIncBasePriorityPrivilege	5448	mmc.exe
Token: 33	5448	mmc.exe
Token: SeIncBasePriorityPrivilege	5448	mmc.exe
Token: SeDebugPrivilege	5456	Taskmgr.exe
Token: SeSystemProfilePrivilege	5456	Taskmgr.exe
Token: SeCreateGlobalPrivilege	5456	Taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	Process
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	Process
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
6928	msedge.exe
6928	msedge.exe
6928	msedge.exe
6928	msedge.exe
6928	msedge.exe
6928	msedge.exe
6928	msedge.exe
6928	msedge.exe
6928	msedge.exe
6928	msedge.exe

Suspicious use of SetWindowsHookEx 36 IoCs

Processes:

Memz.exeidentity_helper.exemmc.exemmc.exeidentity_helper.exemmc.exemmc.exemmc.exemmc.exeidentity_helper.exeidentity_helper.exeidentity_helper.exeOpenWith.exeidentity_helper.exeMemz.exeMemz.exeMemz.exeMemz.exeMemz.exe

pid	Process
1916	Memz.exe
3044	identity_helper.exe
1132	mmc.exe
4960	mmc.exe
4960	mmc.exe
1416	identity_helper.exe
1916	Memz.exe
4140	mmc.exe
2036	mmc.exe
2036	mmc.exe
1916	Memz.exe
1916	Memz.exe
1916	Memz.exe
4268	mmc.exe
5448	mmc.exe
5448	mmc.exe
1916	Memz.exe
2296	identity_helper.exe
1916	Memz.exe
1916	Memz.exe
1916	Memz.exe
2496	identity_helper.exe
1916	Memz.exe
1916	Memz.exe
1916	Memz.exe
1916	Memz.exe
6444	identity_helper.exe
4812	OpenWith.exe
1916	Memz.exe
1916	Memz.exe
7064	identity_helper.exe
4488	Memz.exe
328	Memz.exe
4396	Memz.exe
72	Memz.exe
4020	Memz.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Memz.exeMemz.exemsedge.exe

description	pid	Process	procid_target
PID 3684 wrote to memory of 4020	3684	Memz.exe	81
PID 3684 wrote to memory of 4020	3684	Memz.exe	81
PID 3684 wrote to memory of 4020	3684	Memz.exe	81
PID 3684 wrote to memory of 4488	3684	Memz.exe	82
PID 3684 wrote to memory of 4488	3684	Memz.exe	82
PID 3684 wrote to memory of 4488	3684	Memz.exe	82
PID 3684 wrote to memory of 328	3684	Memz.exe	83
PID 3684 wrote to memory of 328	3684	Memz.exe	83
PID 3684 wrote to memory of 328	3684	Memz.exe	83
PID 3684 wrote to memory of 4396	3684	Memz.exe	84
PID 3684 wrote to memory of 4396	3684	Memz.exe	84
PID 3684 wrote to memory of 4396	3684	Memz.exe	84
PID 3684 wrote to memory of 72	3684	Memz.exe	85
PID 3684 wrote to memory of 72	3684	Memz.exe	85
PID 3684 wrote to memory of 72	3684	Memz.exe	85
PID 3684 wrote to memory of 1916	3684	Memz.exe	86
PID 3684 wrote to memory of 1916	3684	Memz.exe	86
PID 3684 wrote to memory of 1916	3684	Memz.exe	86
PID 1916 wrote to memory of 2208	1916	Memz.exe	89
PID 1916 wrote to memory of 2208	1916	Memz.exe	89
PID 1916 wrote to memory of 2208	1916	Memz.exe	89
PID 1916 wrote to memory of 4464	1916	Memz.exe	90
PID 1916 wrote to memory of 4464	1916	Memz.exe	90
PID 4464 wrote to memory of 5048	4464	msedge.exe	91
PID 4464 wrote to memory of 5048	4464	msedge.exe	91
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92
PID 4464 wrote to memory of 1672	4464	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\Memz.exe
"C:\Users\Admin\AppData\Local\Temp\Memz.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3684
- C:\Users\Admin\AppData\Local\Temp\Memz.exe
  "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4020
- C:\Users\Admin\AppData\Local\Temp\Memz.exe
  "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4488
- C:\Users\Admin\AppData\Local\Temp\Memz.exe
  "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:328
- C:\Users\Admin\AppData\Local\Temp\Memz.exe
  "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4396
- C:\Users\Admin\AppData\Local\Temp\Memz.exe
  "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:72
- C:\Users\Admin\AppData\Local\Temp\Memz.exe
  "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1916
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:2208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa96283cb8,0x7ffa96283cc8,0x7ffa96283cd8
      4⤵
      PID:5048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,14667285420598639944,2653577699269089769,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:2
      4⤵
      PID:1672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,14667285420598639944,2653577699269089769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
      4⤵
      PID:668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,14667285420598639944,2653577699269089769,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
      4⤵
      PID:3760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,14667285420598639944,2653577699269089769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
      4⤵
      PID:4400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,14667285420598639944,2653577699269089769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
      4⤵
      PID:4880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,14667285420598639944,2653577699269089769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
      4⤵
      PID:2368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,14667285420598639944,2653577699269089769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:3044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,14667285420598639944,2653577699269089769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
      4⤵
      PID:3276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,14667285420598639944,2653577699269089769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
      4⤵
      PID:1256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,14667285420598639944,2653577699269089769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
      4⤵
      PID:3492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,14667285420598639944,2653577699269089769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
      4⤵
      PID:4272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1840,14667285420598639944,2653577699269089769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8
      4⤵
      PID:3308
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\System32\mmc.exe"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:1132
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe"
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:4960
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe"
    3⤵
    - Runs regedit.exe
    PID:2112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa96283cb8,0x7ffa96283cc8,0x7ffa96283cd8
      4⤵
      PID:4696
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2108 /prefetch:2
      4⤵
      PID:1528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
      4⤵
      PID:1984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
      4⤵
      PID:4300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
      4⤵
      PID:2444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
      4⤵
      PID:868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
      4⤵
      PID:4828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4288 /prefetch:8
      4⤵
      PID:2792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
      4⤵
      PID:3260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
      4⤵
      PID:2324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
      4⤵
      PID:5084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
      4⤵
      PID:544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
      4⤵
      PID:2888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
      4⤵
      PID:3044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1652 /prefetch:1
      4⤵
      PID:2828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
      4⤵
      PID:4476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
      4⤵
      PID:3680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5912 /prefetch:8
      4⤵
      PID:4384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
      4⤵
      PID:5148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
      4⤵
      PID:5732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
      4⤵
      PID:5812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1312 /prefetch:1
      4⤵
      PID:5328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
      4⤵
      PID:5312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
      4⤵
      PID:1296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7448 /prefetch:2
      4⤵
      PID:5716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
      4⤵
      PID:5100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
      4⤵
      PID:2140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
      4⤵
      PID:5812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8817928849601866141,2420209973458066673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
      4⤵
      PID:5488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
    3⤵
    PID:3644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa96283cb8,0x7ffa96283cc8,0x7ffa96283cd8
      4⤵
      PID:5060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
    3⤵
    PID:424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa96283cb8,0x7ffa96283cc8,0x7ffa96283cd8
      4⤵
      PID:5116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    PID:5652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa96283cb8,0x7ffa96283cc8,0x7ffa96283cd8
      4⤵
      PID:5676
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:4140
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
      4⤵
      Drops file in System32 directory
      Drops file in Windows directory
      Checks SCSI registry key(s)
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:2036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    PID:5268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa96283cb8,0x7ffa96283cc8,0x7ffa96283cd8
      4⤵
      PID:5204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
    3⤵
    PID:3260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa96283cb8,0x7ffa96283cc8,0x7ffa96283cd8
      4⤵
      PID:6072
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    - Modifies registry class
    PID:3428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
    3⤵
    PID:5316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa96283cb8,0x7ffa96283cc8,0x7ffa96283cd8
      4⤵
      PID:4852
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\System32\mmc.exe"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:4268
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe"
      4⤵
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:5448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa96283cb8,0x7ffa96283cc8,0x7ffa96283cd8
      4⤵
      PID:5216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,2434605369565115300,1983478256599434584,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2060 /prefetch:2
      4⤵
      PID:2696
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,2434605369565115300,1983478256599434584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
      4⤵
      PID:496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,2434605369565115300,1983478256599434584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
      4⤵
      PID:1068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2434605369565115300,1983478256599434584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
      4⤵
      PID:5000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2434605369565115300,1983478256599434584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
      4⤵
      PID:572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2434605369565115300,1983478256599434584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
      4⤵
      PID:4844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2434605369565115300,1983478256599434584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
      4⤵
      PID:3884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2044,2434605369565115300,1983478256599434584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
      4⤵
      PID:5296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,2434605369565115300,1983478256599434584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2434605369565115300,1983478256599434584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
      4⤵
      PID:1360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2044,2434605369565115300,1983478256599434584,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5588 /prefetch:8
      4⤵
      PID:5248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2434605369565115300,1983478256599434584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
      4⤵
      PID:5528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2434605369565115300,1983478256599434584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
      4⤵
      PID:3856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2434605369565115300,1983478256599434584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3004 /prefetch:1
      4⤵
      PID:1168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2434605369565115300,1983478256599434584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
      4⤵
      PID:716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2434605369565115300,1983478256599434584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
      4⤵
      PID:5520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2434605369565115300,1983478256599434584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
      4⤵
      PID:3620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
    3⤵
    PID:6080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa96283cb8,0x7ffa96283cc8,0x7ffa96283cd8
      4⤵
      PID:4884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:4112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa96283cb8,0x7ffa96283cc8,0x7ffa96283cd8
      4⤵
      PID:1696
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,707868357506303208,14975786912268060893,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
      4⤵
      PID:5904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,707868357506303208,14975786912268060893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
      4⤵
      PID:5232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,707868357506303208,14975786912268060893,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
      4⤵
      PID:3568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,707868357506303208,14975786912268060893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
      4⤵
      PID:5312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,707868357506303208,14975786912268060893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
      4⤵
      PID:4332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,707868357506303208,14975786912268060893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
      4⤵
      PID:1556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,707868357506303208,14975786912268060893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
      4⤵
      PID:1144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,707868357506303208,14975786912268060893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,707868357506303208,14975786912268060893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 /prefetch:8
      4⤵
      PID:724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,707868357506303208,14975786912268060893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
      4⤵
      PID:5788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,707868357506303208,14975786912268060893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
      4⤵
      PID:2132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,707868357506303208,14975786912268060893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:1
      4⤵
      PID:352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,707868357506303208,14975786912268060893,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
      4⤵
      PID:2176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,707868357506303208,14975786912268060893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
      4⤵
      PID:3232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,707868357506303208,14975786912268060893,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
      4⤵
      PID:3720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,707868357506303208,14975786912268060893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
      4⤵
      PID:5712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,707868357506303208,14975786912268060893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
      4⤵
      PID:5520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    PID:4008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa96283cb8,0x7ffa96283cc8,0x7ffa96283cd8
      4⤵
      PID:5556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    PID:1464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa96283cb8,0x7ffa96283cc8,0x7ffa96283cd8
      4⤵
      PID:756
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:6660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:6928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa96283cb8,0x7ffa96283cc8,0x7ffa96283cd8
      4⤵
      PID:6944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4348416557185579185,2729211064291300808,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2104 /prefetch:2
      4⤵
      PID:6260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,4348416557185579185,2729211064291300808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
      4⤵
      PID:5180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,4348416557185579185,2729211064291300808,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
      4⤵
      PID:3212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4348416557185579185,2729211064291300808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
      4⤵
      PID:724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4348416557185579185,2729211064291300808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
      4⤵
      PID:1100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4348416557185579185,2729211064291300808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
      4⤵
      PID:2412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4348416557185579185,2729211064291300808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3540 /prefetch:8
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:6444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2096,4348416557185579185,2729211064291300808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
      4⤵
      PID:6836
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\System32\calc.exe"
    3⤵
    - Modifies registry class
    PID:4940
- - C:\Windows\SysWOW64\Taskmgr.exe
    "C:\Windows\System32\Taskmgr.exe"
    3⤵
    - Checks SCSI registry key(s)
    - Suspicious use of AdjustPrivilegeToken
    PID:5456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:1272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa96283cb8,0x7ffa96283cc8,0x7ffa96283cd8
      4⤵
      PID:7028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,7623047108930236886,5686471902038243635,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2068 /prefetch:2
      4⤵
      PID:4932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,7623047108930236886,5686471902038243635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
      4⤵
      PID:5208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,7623047108930236886,5686471902038243635,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
      4⤵
      PID:3828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,7623047108930236886,5686471902038243635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
      4⤵
      PID:1136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,7623047108930236886,5686471902038243635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
      4⤵
      PID:488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,7623047108930236886,5686471902038243635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
      4⤵
      PID:3692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,7623047108930236886,5686471902038243635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:7064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,7623047108930236886,5686471902038243635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
      4⤵
      PID:6220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,7623047108930236886,5686471902038243635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
      4⤵
      PID:3788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3780

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4792

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:496

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:3696

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:5456

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54caf18c2cda579e0dad6a9fc5179562

SHA1
357d25de14903392900d034e37f5918b522e17c9

SHA256
28d77529de92eb605d8afee0e133a7d08e13d4386e5e38d63e2da34623eaad6b

SHA512
88da5a33df9d82408afb8344ec7dbaf7686435fdb55eccfb85d5560f39861e84cef5d71949d5efe7a191778e6be755a8448f3fc3d7043007037f9f5227e10210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
249c3b0349ba60250aac659f79ea86f4

SHA1
46ccdf31c9003c382ccff7d544e256ae5d25757a

SHA256
3c6bbda19b5d59190edc891144450e1a07c3bf7d32d6b7d0fa8a2a2c3f2250bd

SHA512
cad0b488717715ee9b72d8c766ada188a75e15c32c87dbfb5e59e62acfd09afd6dcfca54a06703a8d6f4805ca553c6d998c51b633affe90c06cedc4f01ce8e81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f96d9397d7da29e679a78d19b53a036

SHA1
d35d99295eeb3de1a1d18f115edf16af14e9974d

SHA256
37251d6c59c1c432588c725df374e849a7e7cf2dd7a382d10a30a6d772d0c9ef

SHA512
99e45165f24ab0f40d614b712082f8b45854175c86b1d9c3b6beb8f9316b9d3eb8c82eb7c52950c5a536d65f1d7f034cc07d6f1ec05b39a8a10ec7db87de768a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c559881d10df131d96a0fbfd3b648c0f

SHA1
2239bef56f22dde31c92bcc68481e111b4371e57

SHA256
78ea9e5638d8ed0f4a19dce80e15d8a9fb296f6d9c14bcc653f05fbd290f9031

SHA512
b5997fa4c6fdb6bd5cfb5f12c55e6384abdfc5b85252ab82ce6d4a84e19e9dac78c33c135522a7b806b51357e9d1038fc49096ab1ccf44e5813f8f96c4a9abef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1a907b0cae0943c87ddb3d5fd59fd250

SHA1
ad4608cc68307f0f0244e3a3cd03091e007d33fa

SHA256
e72910978aa298e15170030ec386c36454d2e63eeda0a9cdd7a1206150d5b28b

SHA512
355f44ff5f4ae8b75a263ebb1027f93494e0649af0e03c7b29e9ef2a336d319c0f53173f2649374fc66c8ae912be4f5809cc120851c0da23f650b60b854962f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
658012d1794bf96a0748cf933b5aff82

SHA1
d694f298ee5b35250e1fed96f5f8f92a2aa68b25

SHA256
2a1b9589b48445a243fe1a513d85286b29a62b366abb3ef47c0c9f4273f94ffe

SHA512
8fe8128d76ef75b4492a83cfdb9b611adb1e060e6601caec750127a403482c60a1e19938beb2494c0becabfe37af2ea6e8f9dbae0d8c8a96a97a67706216bd3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc2e55a32f37c02e173ca0e7dbefc536

SHA1
cac47b85eb28e8ad4641d509283cffe76ab25794

SHA256
d124af6f5def502e96512a7fa08ace779f365bbe0cc25cd24f2607ba4e6965c0

SHA512
c95c21420385b672dfdfea3f09a03b328bca630d61cbe4e446788767ab349e58f9545fb74b5d5369418ff91df797279cc14f3f11138da87ef65d14c206bb5698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
696ffba7b83ecf008523e96918f200d9

SHA1
970d90e22c8b3674fc33cdd1913c51ef28514255

SHA256
dc6dacd725d7385b2e4db1f488d93f2840d2289efdaaf3737849304d1ab9ba34

SHA512
f8528683b70b58376f3eba3338fa6b462c9e9248c72524573005cff6397a0556bdcc2fdc2ebb020ba8218bc8174ba552002f223a245dfe3d3688826d24d63237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9c33ac48-c8c2-44ac-8ac8-b4a02e52a996.tmp

Filesize
6KB

MD5
66f38a83307e789166d51746ea2ea177

SHA1
0779441943f714c6ddad55ea97362535ac7bffc5

SHA256
28a79e97b0cfb578e9e9f79a76faf2c837bee12369ff1f70b57bcf63c952adc5

SHA512
8ac3b4edc15add92bfa4a4647220cf7f247d769f0fe86fc6b204b9399a86baf4ad0416b4ab668e2ecba89a39f98d0c781cc3395d293e7fb2291fc7b7ff75d167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
7456c298ade9717e736f8e1575394252

SHA1
727873566d9b372cd3af5c0fdfd41526bb61a329

SHA256
00f4004b4ff08ebf319e72279af034512a467f63d33b61fdfec95f0b7b1625d9

SHA512
6a8b9e1fec4176d49b243f3161ceeb5288f5368bb843aa76eb76e6dba0b27e483fa1cba7b208b90eef8e0098e1431df065ed89a4a36515afc86ef569d53c8c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
07dd4e03dda7090690d9ff262e2aba39

SHA1
d6b5793d29942b6dbceb252544f50b017fcd285c

SHA256
2e5b5508fdc94ecb82e679ea5ed3e6b2a3907ba0d64f9934846921ec2fb541f8

SHA512
909b96d47a7645fcc78b583f88b5c8ecc65087323b87d1be2b6fcfe70c95c9a36bae7624c1170005bb07818b503c693a96a80f39a43ec65ac2d52c0529988b8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
88917a29155fab612e1661e108a3e50f

SHA1
84215ebe3942f3e0a826d8e2f8225e86bac5128a

SHA256
fc741343b0666b143c5fdd5660b6785b1ba10fec21921481309eb359bcebf513

SHA512
59a17fca49e24562aff78abface889fd1e08cee43f67a146c7e46d1e2f5f3cb4bb7ea613fed3e2404872de108093a55e8d0c292447f2bcd6042f7135067f9f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
e2b7e3eb54cffd48ca9c76690f218e93

SHA1
165e33701845fe9f708b50e82bfc95263be6345e

SHA256
7274cdd7a1881d4b0c2781b4b85f840a8114431a62acc7f9334824b55ee1f220

SHA512
6beed2f020a5a7609f1fae08cea99deecf0750058c6bd8ba988bef190681d31b9c3d13f9edcbdf7ba8836bf4ea6638cc66bf41c1242702a85158616a4e9c15e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
86862d3b5609f6ca70783528d7962690

SHA1
886d4b35290775ceadf576b3bb5654f3a481baf3

SHA256
19e1a1ad6c54fc29a402c10c551fa6e70022cefca6162a10640ee7d9b85783ed

SHA512
f0746c23a06effd14e1e31b0ea7d12156ff92b1f80445aa46e1a4c65cf5df4bc94f6dabe7aead01f1bd6a6c7b851b577a11697a186426a2c8dca897c48515ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
250KB

MD5
2f4bfe5264d2dfb2c4d1d5c825d8a9a3

SHA1
3dc4c3caacec145965c25b69ce39264dec787351

SHA256
77b76364c0a9562fe54f0b466f7b8d9565bb390548bf416e53a36117d6e3cb5b

SHA512
cc3a16120b25d47ca4525c57af2e70d89cb51afb659e2e29fea404d3aa6cd4a5687a07f60c631bfcaa5337a09e37952dc07ee94c587cc4795423053e3495766b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
172KB

MD5
9c7fd8a24c2449f691ca76b56b9f1ad6

SHA1
314718e5913b3f2ae237f07ca3478ad87636a92e

SHA256
3ad285db612d12852338e01375d1db7038841ac8580fabcd8c71d660bf50f9a2

SHA512
d586788722a3d8818388b314705b0a136b61e3845ddbfbbea224c04cba4a2d2e771871590029313c4abdf53cf420fd10ab16c1c530905a8a718e9be09a3ee5db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
216KB

MD5
8832fc28ead82c2bab6bf5581d2a77cf

SHA1
92e8ea293ae83cb738f4d66f789cb6ed02c31f0b

SHA256
80e5d7a3a96a77bec9b729b5bb0ed56488a00605aa668ed7aba14376b9c7091e

SHA512
a8604507b1108c7364e498a5a14fed03c8b0df502b47eaedbc392774606c07c28e6b992f06fe6413c0c185e9f412daeb97e17ce04de0e9b714e209a3de46b9e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
41KB

MD5
8b048a3ab85b69666780fd714d77d43c

SHA1
c38a9bc6b4e3e97daf13becd30cd6e2eeec1c83c

SHA256
e409ca54c0479d6d6669e21ba90cadcb0f7d6b09f83c36968fa7298c1763eddb

SHA512
cce67b9d7ac2aa8935ebe847687dabfacce8449463b0885f25e879d6720a39d098c95bcbe975a918274cff33d21d9afe359bdb7ca82440e60ddd143a26a98f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
55KB

MD5
7b9d952751c9c5a1b6d9e97e44394f93

SHA1
6bc918796ce4e23e5d2891d1a5e691e3ec952de3

SHA256
9be20c7c16abeb434a8c37014dcad6f567013a581309e0a800a05fc117854e5a

SHA512
77316884fa9b6016906b98ccf285d4304bdee8b037e321bbf9d214e0a933b20933172f480a56bfdd7dcff6827731480a4f5a37593d5b498957ab1dff2e265522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
349KB

MD5
46c05e7e1e2b8e90d092ef1c2658d3ae

SHA1
dd04da169b26133a414589d9e855361cdd89e430

SHA256
91e33cfc7fa5ade09731e55e7c4529e00a80f41c109a104a66e21c23e5b600d9

SHA512
ae56ed699f3799ec18df4f13d36eef054e2d05c8fe6eafe274c58ac8677b7a77313dd70682d408c8a2316096531f2c7bacbb3d79fbde935273533454faf9dd29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
138KB

MD5
018e1bd9742101e2dab7d38c4472453b

SHA1
d281d288124f5c346d86729fa2abb4c742edbb34

SHA256
6d0faf7433e2aa5e3418b4dfdf594952607e8fc1e49411bd81d8b8ce5ed518ce

SHA512
d06e3a01caccc4c2d0b4f542648c1a57955872ae53ec413af33bf61914ca8931ecb94a0646fa9bd9f0d0e4185e83eb446e063e22f3cd3329bb963a82f532cbe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
66KB

MD5
c8e40ff28cefa80342ea0e35a7f6e641

SHA1
a75971552516e2d053ff79ba5918eed2b3dcfce2

SHA256
b178f5be39a50c3b4042ae323a9e17179f2c6de407402b5d2528287d97675b97

SHA512
2b71c3b37bbba3d2ed50d0b372a4fe5954e87eb3d7d427ef8090660c2c4081d48159afbb78a9d3cba2595b5dc846545aaa29955c78d8546b1292a920a77f243b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
182KB

MD5
66a447b2dde57e3b74dcb295d802b188

SHA1
72938bdd9574df131652e4a820516d7d561f8fcf

SHA256
1a22608abd46bc07c4212a04d96e4822271bf96a80be49653dc4c2c479ab15b7

SHA512
a34463cf584af7ed48cf53fb566edb427741a1700c78b8dd17d2131c185eb89aa5b46a3245e942431f0895fb48e63e4dce4d384ed78082e2420598cce8a69d9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
151KB

MD5
899036f5244326f3e10d2a918e7e56b1

SHA1
61f3b9e5457c014d83b7030f236afbb54a42d530

SHA256
0ddb54f08470a52c6ea3d310e687db7ab0f0bb9752fa0fc01e0dd4d6726463e2

SHA512
8a5b9d7f62f1820d6a78b344657dff5688b3cfcfcc5d4724598c3240acba29dbaa3d05bdfe98516c7aadea8887d022e532cbd9c6a16fc77278b4f5ca4fe13f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
127KB

MD5
fe09796d05579f04014935d7feb8b0c2

SHA1
1bb24d2cae82feb9ca1ca50dbae9b8d580b7ff98

SHA256
bbab29195239c748fbf3daa76da39bd466d6dd65017155ed94437d2a38a4928c

SHA512
087a89f6373bc867e9e6bce872ccf9db59806c26441baa3679b959c77a40712e08cf8ac3e6850ec8fb7d02404917b81c7638a7495cd3fc9e3dd3c7139b103fd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3d2db5709c56fece_0

Filesize
349B

MD5
e803239532e4268eb93b4c99faff5517

SHA1
d3d625ad79e39df41517a2494a472115362f7e84

SHA256
4a079f7d23800937b44053df48ba74fad8bdcd0c29187d35e9841cca00dd80cd

SHA512
b2f4329720e1e08a87a83b5f0520c78700b1bb000f74465b28386013d0af407bf5efcd7b9263737c7ec6f4e352587f40a4ed076f207c6281704f7fc7dd1c095d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3d2db5709c56fece_0

Filesize
301B

MD5
5ab39c7db41a576bfadeb39f6d58c2f6

SHA1
4892d5846b0733c116509457b0a52f9befbbd8f7

SHA256
9ed1d03b9d00ae2e96630f7f6837ef837f5cc6d2b795f2ad73ccf76178f8a839

SHA512
4ec872b55b734b50f7103e9aeeda13d35a04012cf250c8f8c4e068b1434270739aa5982573e9ff6acac484d195cf0f9908bd82d97224c8f96f5a5ea90d5fbb6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b7e98017345b0c2d_0

Filesize
226KB

MD5
be4d2f92bad95c17ee9f8a2f58b51f66

SHA1
1fab8b5de6edd4064045745308d7f415f1bc05c9

SHA256
c15352e2f27df7fc44dccb1f9d9fb9dd964496a056a0d3e868430784a053a432

SHA512
59b3261b31bea5a7faf5024d573e2931c37bf839b9706e14ec00a08d1b1a6256764642bc8f60acca20cd06d9a4fd268a6c9d60629d9ea4516e667d214eb9afbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
86f46f2041e2e94d02ba5b86ddc56874

SHA1
d5df7895610d120adeb84d8df9a3f39a38a79ca5

SHA256
3779a7946140bf92fecc6725c87057aa36156b540c9f1cc0d05465a32fd6b52a

SHA512
3fdd08a34e015653a3763fd803bf519e3b7da2743b65de8cf8ccb43b98d24c3b9caaf6c0841d2b0b49c5237f148d9989cf157eff7890852bfc659ded064fd65b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
b8be1a61d9f313e236d7603e36af77cf

SHA1
56d28e3bd6e836703b7f59a67e81924a572cbbbc

SHA256
e56803e563ccccd70dec7f7e0a595485a2e39bf38127c2aeab803d2d6c8b9e78

SHA512
37eddfa75b6d2ba95d02e9f9369ae986966c36de4d975a34f4efaeb6d7b715d5e5d3bca85f8b2480eff8a9e40df7264efd37285a39288ec98e0c5df0aa0d038b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
26c40e7b64c1afa815c9ebe572a99e91

SHA1
9174e303b488396e4bbb76138fc2930d7d3217f3

SHA256
dbd0dd37bf8bcdda14b3f30e27e40784f7d22a39a4ba2917fc80cc05c016e434

SHA512
d5e499aaa2f42508b723a98aaf83e4bf90ebb074b9f0ecb7e00692e16231606688d3a81fde1f9164d5e45778dc03599ba8f04d0a7d4bbdb57152e70b8f73d8eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a42ffc92c8727245651d96ade66ef25a

SHA1
9d9d5992b842781173a585b61c94f3bfda6fe53c

SHA256
cb3a035bf1940af81e6712e884b8fbdce441d267804ec0b483f8227ec1afc401

SHA512
4fef56036d39c8c197122c0cc6de29bd8122ecd3c0d145dd2d7c4936016646b81ce9599349a2b9dbd55ea9f52c529692af97481fd9e029662deeb587f3850f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
6da6ae294c9876d0064606856a36e355

SHA1
43b2e466d8a8591c77d361120f53683dd20764ce

SHA256
1ddce6d259e4424f4441add685f7d9bb77e1c2a2f961a496a94e8d68ad429ebc

SHA512
581633437ec0f49952f15e4eca16c698abb17d0cc75c07f35704bbba6e5f9fc72a2ec2ed55697c7ed3748f838098f7404004068815f726484a36de79d9293b5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4722b4f05cb5b27da831725af52f0edd

SHA1
cbe2d1ea6f9e2939fc93ce9741fdb648ffe7af8a

SHA256
46b3c2ee3338ed443744adb4982bda68f7111eeef4f5d36c114ed4add833e47b

SHA512
b176797b0823bdf4ca441faebea0be6ba1cc33b930bc508b3fa06256be3b85a1f1529c95f9e4b56b46d3947ffea0a90a8f92aeced324dace1966db89f61ddd5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
26728aa9720d66c56f835e10fc95574f

SHA1
dfd6e5eb967a3d3898d8249c90c953545aaf7958

SHA256
51d9fa3e3115be344f763ace8bc1454a442b0f2d6b45e91fe11c79e9e3b68189

SHA512
ea5ba0439b2e75247df5567d1335e5aaa4a04b06f30dfba576547ad553586ba74c5591c33e6d4aacd494a663c767160bca3b5a67d567bf01798e98e4f8de54c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ccd8864074cf4ffab27eecbd107e0940

SHA1
a0fc9fc1de02d31e468833890a1cf5ff537cd9ab

SHA256
09040dd387f9abfcc0b6efa645fa0653c07e163eb503d4c17b95e6c9bd19079d

SHA512
2f4ba8ee6c4870b032c243f766f7f9a02d0134e6ef84e81325130f7081219b28c0af7b8069e165ef3ba1ad86ec02dc04424fb51d234e226def87630d17c12421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
183e5c245b0f1ce94045235afb9ebffc

SHA1
e82a781406b9902cdf26f288a428847036646526

SHA256
b49ffa49d5588ca5cf10ca34d3723552e90a68b176270ad1225a1665eccf23a8

SHA512
e98346476353be9afc77e9af33b7aa8ddad114d5795704639df6f39d28553cae504445971013ff9483ee5030aacead7b9b5823ee5050691219e7f991b2c527a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
5026a328ac0cace23030e3a31d1ebe52

SHA1
f928a09df4c3acfc1dddf68415d5b6dbb2f51827

SHA256
6d7c70a5c7cba82bf485627d5c7cbd03289065bc1ce7b113a5dd82a8ef92a2bf

SHA512
ffddae43e867b2b0a2fc7b6bab328aa06e7da98417edf859f066e237d6394536612a5450c387c157cd44408a26137bf954069dbe888deeba0b3f8dbdee6a2cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
c1052e68d162cdbe70c87a9e92717052

SHA1
aaefc2cf833157d7f58abcb69d7de1b4a5e48bf1

SHA256
b2dbdccfda762a5c88fa43a4b7b9f3f946b534e7b1c131ad7552fb350af62b54

SHA512
e236e71e382f1ffef811fb954f669bea01a1f14cec516098d3b38d520431438fd0589f3d0b47cee86186a34486e668ed3aa519e3f74c704c7316b9260fafc65e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
895bf9624a4bab53bc746a0c6e065aa0

SHA1
7d4c75b788cc7349e47968ede27d89784e1fc6f5

SHA256
91b7e88fff2fa8b5254b4075aed0ff59e3fea76b06df7bfecc96e55a18c9618f

SHA512
4709c6918c8168acaa56e8375383659f1a5f16bd1bfd7bb30b8e970058076aba51013ff21d524f72c12f6e7fae98a09d60406e8e7308ae47d3b18f7485af82b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

Filesize
6KB

MD5
5459e64f27e7c1026b058a4e5f50ca12

SHA1
deba269f87c0ba0111529ad298f1707ebe414664

SHA256
549953ab6fb7e1a416a066bec94c5deb91171381e2bf1d146589da292b1c78f2

SHA512
3666bc82e3b546602870af7891e2e11875fa57c04d53dacee3492ee3ccb3dc8b629dae80136fbb35e8ca27d28b23c09488876f83cd2c4d5631a0189e4888d9fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
7223a708e4d3873076fd9da050af1de4

SHA1
b19a17f59d3cea7a3b142345b4c45c79a9cdc876

SHA256
b313a2ade658d3aa04d6fa9a77bd4df36e073ad6fb2b2dc0cf58e59e604a7a6e

SHA512
a2ddd834b0f60227c14187859e0b80d50a83ab06c61a151c360d25dd6ca83911f257bbe153c5ada3e966f5ce8dca5d32b618a520675174d88e643f056e6ba739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
947B

MD5
44ab97c2982eba6394df653927ea70a9

SHA1
17ccf41f27a138ece2f77f4b6d5e23f576113967

SHA256
8b4fa7123eed6ff2e1c13dd55dbaf321e1ec4c12d16ea9bed845bb59c8a64971

SHA512
31a35c31156a16f816856aa45836979df736d925690f5993a5ad94159465d2ac506e05d5a6f565154f0244bb6e2e7c316c0add1e3a11f44fa96981331f71a73b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
03783d558b5c01721094b21ddbfbb030

SHA1
ac86227cb0578b2fe8027be7b72827c0f107e3d5

SHA256
5ff2eb0892d2df5f72e0317266e8fdc96f4575b7fbc95979bbc31266f583f7ff

SHA512
0359ccc69d554108fca53ca3c01f782411c763278c5d0a1b1820a3f862960ae7d5ea91a3aa2cdfae206b7b5b0700ebb57f9eb4dc05e1ab89cb4f71360c46cff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
961100e149b412f6b51737df0e12b8f9

SHA1
d40e2bdf4f3a03f4f4f49dde15b6473f429a2f6b

SHA256
f16c25c77b19aa9f51ed8812e22bb67b236d1910ad9ac4eb69f71348425d97d1

SHA512
4d3447e6d378e4c27c3cecccec4f0f52c057dc6f0d09def7423e69c26103b6770bfb085ae3acc516c194c747725470b98105ae36620854a214a0c47a9d7f23d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
785B

MD5
145727c9ed31e1516bbc131c1491f003

SHA1
0ea32af0cf174622d1c06b84e19dad2e0da2015b

SHA256
6f489d59b633bed6670fdc5392c9b5ee0ddf56c47eb6a7e012d571da963de6f5

SHA512
43889db5651fef912b1f68b00c3ead40e5b218cce0e0e2deded6120eb0b4b6046e6973d2ea7f1df464d3ccd61d2cd919b4791de38b72fbc587770a45ce551a47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1c493053a38144507d0999f466ba39ea

SHA1
e452d71bb0b345931d186799972ce7e45f7fc76e

SHA256
8540f69592139cd03cd263ba503e1b5ee26eb75622a5b78abc92b7363357db6c

SHA512
8fa07202182034db3553405b6d61e8328de257c4c85eca5a16191d32c7d7028c0eb955608cfc5ad0398c0b6ab2e893d43f65868172624f532982345be9a1dfaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f20f73e7583e68c8fe0882d43d41bcaa

SHA1
b0d16e170e9e5155442b516939c0001b7752cf70

SHA256
f6eab2c6ee3f4dd73c5e3946e862fc1c629729ea4aac8c5ed17a301dc73f1c82

SHA512
c239ae5cb18d2c92f5bd68626fd9931701e1158517ca4d13899da715d767c7732ba3cfecdd32e951655287887d6e04d4fe3e06120e6da8a30a468cafba468f60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
dd93d28363be4359431d50bc65c5463d

SHA1
70d7a958df50ff055f50a6860ba1c5d1dc183ec6

SHA256
8c7e9dae97b80c1f7a033dad9c121d6543b4b5f96619df36e86c2fbf3e9d7c6e

SHA512
44f8440fe26dba644fec17e09638d769ed0b7108f0663d0a5c57858033d527dc372faede84d54962670d7241e8bb82aea4a5c0199dab2825b4b9f1e883b54c2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
ef65fc7a168651c773d0b25fdc35c697

SHA1
738b7a10663c0614c000a1e3e23bf4cb6bca27bf

SHA256
7615124c6b87ab92829e431328ecb0a7aa8817a6ac7dd8943bcb97fbdf1009a2

SHA512
263f72a12289a062178f9045eb0518e1e64171975c87a8ba2d8878f6768b87351626255cad978f664115e103c0e95addc725183222cfa3c13d64d70513422118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
4d84e86f782f6e534f6e461d62671da2

SHA1
f8e67b72a3a1837dd6f9ecbf5ec79e525260a59a

SHA256
f60ccb7b727fa0e9f47a074d8b3a0373f99ce0102d253a5071d4ae9cba1d0d74

SHA512
80e4f796350453247bb23826466d337bc79e7795fe9b7cb655f04500a3ce4b6350c6ac49837da3529ce5a24018e66f8fffc6584092261008e7d6a00f54a73232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
d4af40a89d0b05a9ca6ad918878c8759

SHA1
8b4d2149f75d8f4bd94779ea4938ee206bacc03a

SHA256
63ead8ecc4200d7ee82799f2772f8e07ce53c88c44958213d8e9d5c1e041090e

SHA512
e6a184ce1d520c965b362e40b3bbdb7c11dbe33c781c99a46202a24aa4bcbdc5dba35b86e49c5c08bf0d1ce18cb172b6d986b7b65bffab95401335727f312612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fffa182142ea12384e710aa3419b8c06

SHA1
8834df0b657e6d6ded3bc0da1257023b1ab9aa1f

SHA256
a06b8ab6b3fc436e5f64c77c58871831cb60debea1bc41af4811fa60eb3ef1bd

SHA512
515983c2b367f608f774152623d1fd5f50327e10ea9d8f6fb3f3ef7b0866f320366d61f5016ae3474143178c6a4d1d820bb3935a8a503b26d67f6028e01d54c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
15020149acb030047fb0aa99dc307fda

SHA1
b69e6ac616ebf8ce822beafacb10e76821a356cb

SHA256
e2557b5a79d829fff58f9f1dcd3847bf56805b896676275915fbbc45acc33f1a

SHA512
7f86899795b8c3708ab26510eee0204b1d767c507cd59b79d956820a965eca396d251077f2c97643b83a50de6a55123953e3488f7e3a1ec488a135b523469205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
339bb29ec2f8889c30433ec705cdcd36

SHA1
f30a20e51f98527582009e292ac8b783cb56d03e

SHA256
d99cc8c338f9caae481a9ed7f41c9cbc5de4460713c1247f97edbf83e8e9fb85

SHA512
e06f1aa2620e17b50081911692b01ac1d4ecf9c1e4ceeae8ff932dd346f11bab044b792e33922b5d7ec363846bc52da7f0773491a1f5348f4a20f1c7cc64be09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6996766c647488ca9db4a947ccb540e7

SHA1
58d5bb03ee1142f5b319a198e5108593d8f5d180

SHA256
774f9564ab9914a169174e417ef4b8ddd049db635f812c9efd44563ad38d0cf0

SHA512
f5e179ee92102d2f5ddf95e1821e4606c106d6041f14686c10296b1e759a47f5151a67d4dd2eb53138f64dc6337cdb4cf870766a37bdc14dc9949bafb05e67d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a21faa4d8cb913905f9145950e9865ae

SHA1
caae15e43543d29b8475c2326d82419ff94aad29

SHA256
4515406ac50a09475c34812006d5c7748d105d0330bc391b1fab648d869a25de

SHA512
5012de3c81d93e2a8bf888ef0ed6c31c6e7a28825ef1ee9cf601153fb0f925922a9476aa4f0edcdfa5f6cbe0ec76a044a1af4b1f8883acf8919d65f33c595b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c1f9bb0cb03dd2f9cc84c13127542d12

SHA1
4c3bc7ca426e47569d6fb3abfe4422ae08c50cac

SHA256
bf7c69202bfe40ac4354889fd67993b76c806f3fae63c9030264387a22ed6871

SHA512
79db3b4f9b1493ca56f6e10d85153b005eaf2aadcf7ce72bc57008f380263cbb253593135e7dafd41f0140ca26479c2713270f1b92264906d1126ffabc6be662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f263da95c1266f06ff8542e0563558be

SHA1
5ff3b4bb281ab8be2160648f7adc88f04c7b3063

SHA256
bfe539e4f6c68801c74144283a6b997b99f6e2dfa8c7611647807aaa1ae50486

SHA512
2e84b8bb772f7f5cea284f1006f8b505ad72bff4782abdd6516d84a0589d5d57a826e59b10b56f658b1e7b5817e4bea9841693b15610af3138f9f2bcbb4abdf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2fe31dbbedcc8fcf120e32ecdb9ef872

SHA1
d3b15a8c7bd6d7c4e06352df72ea71d25c0e001b

SHA256
510d2b5820a4596aa2387989dee55d0b5cd9a758b705a389a24e1a13a76af701

SHA512
7a893667f8a8621d8bf5f176f9f8c02742bd84dbe2a6b8d25dfc5768a6168b4a6c097505a02d0a99daeeb5c8b96f801492efbce5413b7f511750000e4c921338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
18c630f45f7904220aee8ff2ddd0a6d3

SHA1
2e6ba02b346bc00a7d2fa13acdb185eec4a6ea52

SHA256
68903962c1502ea813e4a411568d344ef2a030d0d91686e283180ac635f1281f

SHA512
84ef8ccc8b9f5d4c937851dcb73457e45b88e92805e7d313e6dcdebb61316b65e943c8ad352e6ee829911a69f697cd8b8f6585db30fde4487598099fcd5826bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
296f8918ad0a7da6ebdfc21fe795e95d

SHA1
a1c74982a03cf2fc56c296982eee2ad8ed0ffe5c

SHA256
972b893d9bce80686bbc85a691ace2efe2e96053d9209abf5528dd5537ee5cfc

SHA512
847e30842e997df2e4ace15ad6793e43d7782ee586f7905a71de73b39db881c32e18edccbc6a05b44e6cf10d995c3fd6ad2bab0d3bcfbe70b60c58a05a08e2d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3a784440eed3c4acea29e3dd83d863cb

SHA1
01d4d2e78ee9302a90bb8d969f3d5644a1193b3e

SHA256
2816cd274ea5798529de4bd661deda7217de8092c6ccfff3dd746c752f37dd9e

SHA512
0a73ba05250c80123f73e7d8a24595bb789dd0febff5430196c9c439fa0e1a92636140cb9b39d08e04cbee4fb30184727ed5a40c70665f39b82a35eb1f6cf4d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f81fff9207577aa05871eb6dff523b69

SHA1
977ac57e904eb3f9a9cdab6220e83011e90e3345

SHA256
737a5ce09201e5d1b9c38738d9557c452e64f734882fda4fce8db898c5bca4bc

SHA512
6f3db00be93906753eec77528e15767cc42aeb66bb8d0cc1a80c3a147a15097c0c4f25cccb786c290a0aa37a528ba1973f7936f02e97d60cb2b8105ee19f3373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
361fb5fd123a41f4e654bb7a2253096f

SHA1
9c1e5140570d7ec113982b204a3e5900ee271db9

SHA256
37f7361b91d0c200d57656fd558619ae8a1720c3b9e39e7a21e73b93f5c65bf2

SHA512
9144c4ed175a0b995ceebb87c3f9caf5322341b3ae257f7a29c38fa34ff04a67b58fd2171266047bd0449fb5cdadf32345896880bc6af3c0da07f93bd0061212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f3f09968a006dc73af8aec02afbae747

SHA1
5634cef466ec618f9499939534e0645bee57a1ab

SHA256
3f476e6f49b7f002f1058fc3e1abbeb319f5123da694a6c2e5183ebda5ef2417

SHA512
6ce0ad7ca46ff10ecba86b2188fa471c589d4d179f7da790dab726e070ed991131cf4f389852fc0da2771426cafc6f25db76481850f00746abac75ba23d84806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
776307a323d9b3b2b15774a1cdd133f0

SHA1
00309d6dd5d601618733058fcdb231a629edbc86

SHA256
e2238c000af9e044366f56805a4030813d2af8a6eb481ec091da15254ddea1c6

SHA512
9cd40cc847f9feaf4fd4fbe838e298c9a57e8bfb7321ac51cdee8c840552376351f767bcc7205947895cce8e900e75ea9123ea389ab43fa4f1bd15c33962db5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e6735cd56015ff5adae57bdf7479bc4d

SHA1
847f35c8e4946bda6fc857c9788b9d7887ceac93

SHA256
1105ab017334b1c668d100dd3af62d419365f0216df2bd6ccb959476cd8635e0

SHA512
427928c1b08984d1f5c1364d2654932b93e33bd7089688e88d71b12d1836c73d74924bb2e0f66ce690db249dd58b4e4b52dc857897410ec0fb87ce6b9a2fd574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5485d66ca7e97d64a4da69a0ba35b16

SHA1
3669259d0706d0ae4d7d17afe2f6dd029c66fb09

SHA256
76c5cf9c931840506933191c8789d019457a2f13efe61ac7a34f2b8e0edfc9ea

SHA512
a8576d6408d1ff6238b347a46179aaea11ae1ee817510d9f8e52b828143689f9c9e33f7ca387bf9602571b7ca7e7e296028c4c734789ef2d01619c0cdf0aaabd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d1c12f49565330faadab0c7e494f2340

SHA1
a999cb05b9446fb16262a2bebe76b60e9ba5aad5

SHA256
8ed5bf8099a6a723d6460a1d0cae205cbd541792b22aebd051867a42bdb6a349

SHA512
cb53f311bcb8ee0853fdc46e5f15c47d2e384b634549b73bd9f859908dcffa03ec4869b9f2170030d3a70950db4a280af7e4e3d48ae9e02dcd5c55edb4cc164a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
762e99a3ec9c03b430b04e87447a1ffe

SHA1
f661d68173ba02fbbd2a694db96a925337bf5d06

SHA256
3f74e5c942a05c1c3fa53aecf0a44fc8266a98485d09a1addcf975ebfd68ef1e

SHA512
c6f66c5d3851709a060fbd34202d1cfe7a0b75d43aa0a6a90062d5678f1f7dd7e1842e00ee940382194a89a11db564c5b364911eedcd943fb986e480d744201a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ba63bbbc4fd30b4c7ce0b02decf06762

SHA1
9d9f04907cb42d46dae3f50ffa9e10595c4b5f76

SHA256
b8204c8ca34623181d2e82ed3327141e9b84ef157fd5b65f6c47aee8a768fa50

SHA512
a7676fe6e89f5962e3f34a485eed655444f99e321bc19570808b75e5b5b13cba06efe92beb6bcf0aa7fdc2f0fa5a2295adfeee6fd637e7af8df8fccdd509b17d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
10fee33073d402621b176ae38e05050f

SHA1
fa222ab7b346c5053aab6f0edd8924a10011f9c3

SHA256
29b1c16f61974939aca1351b966a2f710c99199837dda38cc34f3c9812db0fe1

SHA512
96d04e51c548d827a961e72fc4e26a7643c231541d969c6df39dfe75db83d6c9254d15f6b14f5e03ea6dfbe75dd8aef4f226c6407c4a5f5b3ef015f53e727f84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2b439d21ea12443dcdbf16e8d7a6b049

SHA1
7db4296a663648443f7a9a6b3b38fe0d89b609a7

SHA256
6c3e5ae3406728a276ef21cb47358a95773bbfc4faf52d1c7fda0b9cea0e5a53

SHA512
e29fd22d9b1bc6963e810e6156e655c372a1775e1ff1d503371b5ed5ec1fa21422f9fa3f9cd7e2e418affe3292293ee0dcd361849b1a771a285413e0fc45625f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
84e7b59c5fd0af90edfa377b6945d2c0

SHA1
0b08bedaf33d054b6698fab5ab9ab36f81d48e8b

SHA256
ee8b99309a98c19d14a31387df0b7d090c811cf4e67ef0d6200ced4e0535dc58

SHA512
a547aae33fefa8aac8e8a2961468d4ea4b844bba29939b6409643c7a91953ef5abbfc4349741622a15534597f9a0abf333dc0823218950e4863cbe36e66d4e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2b2d5de1c724b5cce33c72f50645de33

SHA1
96ea7c647a65fc08aaafef6b67507a29a019560d

SHA256
f5d459f62b4164fee62613a010e6c0f16520f872d467d46599bda133c876c1b3

SHA512
42d3ea9f23f840f77aba6b0afb384840115f562a478a34717daa73a6020f9abc554c1bf0e20e1ff53d9bb1bc255a592bfacaa1d320c75f4ea6289eea33538c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
ff133b40ae3b240c32986b918b6121aa

SHA1
e5f319ff0d1daa84287955889b3a0da1d7fd29ca

SHA256
5fffd76e67d070b0d0a82b36157ca087bffed89a6d643c0918357ba41a50c4de

SHA512
29809e0685724ec4ca8e133e967394f1659c39837e9a3a3e8d0805d632d297ed773a95118b7a78925d1f502d893b6a687cee2cb514294c2fbd5cea61ebe23872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4face20f-3891-415b-8b93-880ca4fd3995\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b4f543dd-550a-4886-9734-090ec89216c8\index-dir\the-real-index

Filesize
2KB

MD5
c0b7cf259e1661f74299058a83567190

SHA1
9917e7aa73e6879707b3cebc34d6e807fdba7639

SHA256
1b5893b42694e041207b69984d1ce1d254602825e13bc492e1df66c0c98044b7

SHA512
0b3af4a04e2335e08fed9e0635b99f6a19c23ca53ac56a1add19f76dc735f3d9576762f0f19769236a2bb2b10de73074941bb94dda134790357d87b147b7173d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b4f543dd-550a-4886-9734-090ec89216c8\index-dir\the-real-index

Filesize
2KB

MD5
3a685cb0c4ca52dfdb9d7e5f4c11f480

SHA1
9f9735f19fdb29578b0fb37b045bb863c4e94a9d

SHA256
468fa759aae6c1ad67f88ed3848c567b8748d2d2fa5bd5e85aebed5cf5b5ca79

SHA512
62b78badf14270e34f56940549d568d25fd6ea0b2da8343389a9be85ce392a9810c6598eed3d6a9197a0cddaeac5cab670a4ef3c17d056137ec77133d0cff2bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b4f543dd-550a-4886-9734-090ec89216c8\index-dir\the-real-index~RFe5a35c7.TMP

Filesize
48B

MD5
dee3e3b8485f1a182f3d79e7614d7fd0

SHA1
f2c5933986ad83c3cfc23acc04bc1f07f1e083be

SHA256
7ba3a5891449640d5d3b725cb32271b7f5c647432dbdf690b57db92f827a208e

SHA512
96b3a0f13b61550fa4d75581fbf55614c391c0cfd5052498e12a50606051ff3b6abc04b0992857a1b0d2d9d309f6ff71d907b321128ebb894ca931e87945db3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1610ae4-946d-40e1-8a47-3fc33813667a\e0004f46fa3c6e6e_0

Filesize
373KB

MD5
952e7b7c3fbf1fdffd6ab1982ea0588b

SHA1
de04223772029914060e341ac481722ca7927fa2

SHA256
6a6cee50ca97c0fd21866535b843cc7900b2a3ce1fa8da8e9b3efb12836c6fbd

SHA512
ff9013080616cb673afe0976e88e50fbf7aabe5bd288efb483fe7e14e4cf7270c8d4760c86a2881e748c8638f538d0985a02a9a86e877e57f372649003acb478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1610ae4-946d-40e1-8a47-3fc33813667a\ec36fc246a3f8d0c_0

Filesize
118KB

MD5
71c723c6fb7c2a574a277ff0cf898686

SHA1
d31a9f53709f24c4d96aa4b81b2c05ebc4a1021c

SHA256
ff5a5f0d1d09d9e7f9236f5a8827497c5ec63391f65070f8e2324af18bc2b559

SHA512
77ff18001214938195b4b682ce675a1410b998a181009b76ba4a7774bae3559438514cd505e07e0049c58f8a453907dad7b4d196822e6ae621b909cdaa52a579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1610ae4-946d-40e1-8a47-3fc33813667a\ec36fc246a3f8d0c_1

Filesize
271KB

MD5
aafd1f38816723235fb207617dd6c445

SHA1
e9cb14ac1d5f24ce286acaf32d0453ca4ab3899e

SHA256
7641402e196ef501aeb59e0cd2ed4b1f4d317d405c11611bd3599f207d6045ec

SHA512
09b0585b7cffc0251ea337a40d48884a40750770e9a96819d198daf9d5baf49d95855bf4db6337d82fc6dacb28ef7365aae90822a1819d1f67b1d19fd545f347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1610ae4-946d-40e1-8a47-3fc33813667a\f2e34dc5dbcde3d9_0

Filesize
2.4MB

MD5
4411cc2ed3d5724aa51f0f55b47520bf

SHA1
f057649cd2edf658890031912dd76383ee10d8be

SHA256
e15a68d6667833b470e6ee6d5abe0969d81c4dd864c7f3b32420bf975a229c8c

SHA512
b95d9bd3c738993742ead726bf7fe08036d09a57ab152aaf21b8364e6753e8bfd6d91e96a5a4895e4ba6cd7e368940a1b3cd507aa1b8febbad3fa5f8ccff1a26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1610ae4-946d-40e1-8a47-3fc33813667a\index-dir\the-real-index

Filesize
624B

MD5
53ec216c426adad4ed6fa3d422ea44fa

SHA1
9959233c0eaf3e213349c22cd71152bfe32c0782

SHA256
7038688f02fada77a406cc1ae71debde24f158596dda46efdb47123e34c2a114

SHA512
47e4fd2c30e23ab3c0b32e9c4d05d1d82297d9bc002be4c94a8074f582230ea40242cf181d5724aac3aeced60af330854fcd46829cf365de2f98ba510f26559c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1610ae4-946d-40e1-8a47-3fc33813667a\index-dir\the-real-index

Filesize
624B

MD5
8f0df5b56411d68ca69288f40cc98ec4

SHA1
dea4f31f49467ca23f7da2e2d383ed9eade7546b

SHA256
75569d2cd9395c67dc4c2e8919b9ba407f359c283a67f1fa57d7a8feb8bf7ca9

SHA512
4f030c844692945291deec51bc0ae547939aa16091b987f9d28ffc4217023fa2901bd0394462ea98e29071f10df92d0e125aeb5cc6568ec1bb369782defa7b4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1610ae4-946d-40e1-8a47-3fc33813667a\index-dir\the-real-index

Filesize
624B

MD5
26df2f2f95f9e2776b4e4fd57a7dd45e

SHA1
aa8600ccceeb4d70d3d2e2c97e41f2cc6e9cfdf2

SHA256
a327589cc8a9d9666aa33de1ff80333a91ede1b14f8452a05dc6e391e3aca6a3

SHA512
15fd8f99ceba17418c68a754098f759da647e7165ee2c8081ce996f4c64f4da0eb3a72471813b908d6aa1a73420086f632da62f1644474acf1727cbdf7dab1fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1610ae4-946d-40e1-8a47-3fc33813667a\index-dir\the-real-index

Filesize
624B

MD5
6f82ffbd78ebdc5bcd2650112108d04c

SHA1
d24d823e5c819b6fe0a07dd4f2e14865d8dc20d0

SHA256
bb6ed765aad94968e3cf8eaeba3ccef20eb628f195278fd748fdf05c979a2650

SHA512
2e5b9317b2983b640a8d0c49994ad4c00d21b1fbde61f91f547a355e04b8ffb897bf4686cf8f008c0df61026264f153fe80774d3ae868176525bf34be60454b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1610ae4-946d-40e1-8a47-3fc33813667a\index-dir\the-real-index~RFe5a37f9.TMP

Filesize
48B

MD5
73484f8fb6093c503fb62346dbce6248

SHA1
1438cf5436ceab5d186a5777ea95f97451fb1eb7

SHA256
ec74a38725b5b5d8a7380d00975df36f9b5032ea844cd39be3a46344436fa3a5

SHA512
21821933095036c1e13e3fd6fd53d15c32e3e46ccc7175d598acce3f0e8c8e9363d50636d62ea58aa00b34f15876e740dacd769fe1b44e21a8005a80dada78cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
8d4ea69ab109684b721e8691d7a2e7e2

SHA1
d72d909e40e8b344d8c5363b71f2477546a8ba0a

SHA256
c994368ff1455cc42b6760f82702f0e2ace3408e4eae058c8c7ddc1f8bf93c41

SHA512
b0c0ffc9e468583946b5540f221ea97ca37e723c4b2daf714a558d8225ea404ad1106c99328a7e2f9e97bace85de4de8b458aef5e6430ee711c96aabad1daf30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
8c4ea8264d12652b0a0bad8b008ddbfe

SHA1
24dd002ea8d0dcab3cb6b5c3c8ab6596fdce8c5d

SHA256
acd779c92f298476093242ec1593031d2ddfc107359060a1964225049199e8bc

SHA512
01729b98b7d583913c7291a6c55ff39c9712dc2e2cd3206874c2a3b2f112af2c8edc24bebd557176bb66d5c29d71b33941eae55c233389331efd46d0b40cc3a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
17cbffcaddd64182ba467c98be8206b2

SHA1
5305bd82352486aac4f3a398217737eb36a610aa

SHA256
d27149d8a240ca9500d6239943f072e8f153857b1db814139a304bf6475bfe47

SHA512
1592a8cd700da64a50b0edbc11468c67c94037527beb92eda53f8bf96b3936ff8267edc1321bf5c54408aa36156775a2d2ce4e522eb7e367af28f096976e26f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
f579214637da7fd4972946b000e1edce

SHA1
d0c960c8660a933372d7afbbaed6b63f35742ed3

SHA256
a503c3a648f615bc8d0aba12be1b89008adacd5ceeb286ad4f36f3e272794a92

SHA512
a7e20f28df8668e44bc3db317d006e7f643871779e4e979f9edd73cda28a2a01e0e0c1d66f28cff00da35121a3e3f3ac2276f9f136749bd7a6eaca0c685ad5e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
2f8936e73b05a7bab1f70eb0eed55e58

SHA1
7d9896a5ecff5934fe7efb52d7d627198ee3acad

SHA256
846090774112df2647a230420ac5c90534abfd9059973fc3d68f7bcd7f261dc4

SHA512
8035ada83e9755920db9495a4ee7e2e75567ac0438900c54ffc918d810866d926fc4b872028ba89f6c06107ea7944236ab0a2efdc1ecceb1fe737778607fcefb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
3d70031d001cfd1b309842055c11a8c9

SHA1
7aed7ac51c43ddfc1c5b7257c43aa10d638a47b1

SHA256
2733d32e3f202fbfb6efcf0b39486a9c434bcb4c77b3f0ff6d680dc0c22b24b6

SHA512
98dbc768d565c17936e141e27b028f29a59c8b608020dcba049ca533c411de0c85fc064f13d2860db322adff1a9de4e255a9473360824ab62ba0407964548dbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
b3ac7bf2565b1dc031026ce044191dcf

SHA1
55b71c0ebf01e396c1e6f7bb8fb5c7ed6cdc6025

SHA256
d6b9f4e53d2fd34c7bfa7da07ea9f3dc5411e70d82c7c0a5e86b7c893d3a4e4c

SHA512
37da65fea42064b766b4b4d514ffbfc638a062455926e60143effc8120c99933303e8eb6275ba9c1b4bcb9d7744c9c1015fdc99f220ecd09d67d71a8a48b5e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
0dc2af8bc59b7d8c3c12b3452bac269d

SHA1
01df396900dc78b5a6fdd239c5f0a56032327191

SHA256
fe30174dde50485e290c7c1307201aafc59a9b9bb9b8c74c3438d36cfb9dab10

SHA512
3cbfea02e9091ea8616d91e8ed13a7b60b0e9a3cf089408d6a0e020fc946e035a6abcb234323b378b7e0994adfdb086eb3f95645aeb4cb3eeb92a62b4ab17e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
36eace7f139bc01bbf6f9098f74fe49e

SHA1
786649e48ce2bd4db03d3fad3ba967c0d4368c89

SHA256
1c91aba9a03960fa9380499875a8f18549037ceec3752e6fc7175ac0794126e6

SHA512
2dcd4b0a23963d0e8afe17a06ad0cd04f59acd4731236e16c747340c13a30777195c007ccf7b5831580044aee2d4e75ddc03018bebb9a030ea861efa55bb7e08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
4a80db6f558cd5c877eb9d69c00e3c7f

SHA1
a36da47b8ab4665317aa49423569cc3cd1d3f621

SHA256
7aeb595f342b29ecb5baea9852e5bd1a58b5085ba389b6af7bbf5b6ff4928ead

SHA512
7a7100abef10871aa0695424404942d1b9c35cc9f36dcd07e10fd9abce42fe02680f20bb1aa23fcaf7821971e8d7749e94f267d0f5b585541efb5b74684da878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
a2d34a8e0504707d4b09a9acdec16a6d

SHA1
f6e3beea734c8b7ca6f6e61eed70e9abf3b2e1f0

SHA256
3d4897691706642689f86eeb99c21a047e32d6ccd3dd2cacdd6d4d1afaaa05ae

SHA512
61499a074c419e6af4a63672c6f5fd10eb4cdaa137dc1d63910c8b65ea437813608f71447215e8ff92855519c31d91dd8e79a431eed71c8707294ba54e81789c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
428bc6be39aba0d115cdee8ca28d3f43

SHA1
866f7a7b1e317cfa94e5f5bf2319ed5d9186600b

SHA256
716aff9f28a13b1c27c7c35eae20e1ada4ba0bab8dc19a69f65a046931704fdd

SHA512
00d938fcea57640265382af9304ae9a432a0977cd7bc2dede437c3750b74610334d409c713f3aeb5d41f8b9e8762d5bc1bcef2ca0a37d8419204bbfab5933817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
8c60e42688eb68919c48b7583e60caa0

SHA1
0819c6060a51a23cdf2c87a9c297fd8b0a48839f

SHA256
e7d72f66075e2b2d25576ac6343de24475d236ebed88ab02fcc09271cb86e3fb

SHA512
fa6df7e7e19b633fbbd063b03ee462edd01e6ef833843b98bba84b23f57f912b5ed66cab19c9de1ccf8316e7d77eb00baf5198f76192dab8df71df7a2ed947f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
89a8ccc1ab34736cd9a63990ed4cd8b9

SHA1
b82d07f7ffaa43ca544ed948253c685d0f5cc30d

SHA256
1e6b6118d185453da46ba284a33861b965832ed63e739d4b0a6d77faed717cf0

SHA512
58d0c8d1ff6efac39a02b770ffa0a675ad9d7f4a33944391c281eb347d774ec9b79d139288bb0738ac1f29b1e6fcf80185de4ed6925f6ebd9ae60d78e446433b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
1ebfc1e2888a5c95bbf80f9159a4e04e

SHA1
9e3074dcd69f988d8eefb6b2b1fa66aaeb1d3173

SHA256
2cab22bb6be17f786185205c9908dd9a5f1cddc22ba6145722e7cca6e8d58c1c

SHA512
3a1e78a00d5a826545d3cd6f2813eab2a07a4ec6ead2dac8968a76597932bc7319ec1ce7baee98bdbe7a8ecb3c6f7554498f3d3b3e5496449bc30f17e6157150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
4fa03b330fe7b41250634f3ef21a3195

SHA1
cbd95eb9b74ce2c21a3ff6a260ad96ae2d4094d1

SHA256
5b92528e3a0b6a3f1b71da44e1235119dc082769c9f899d668a28a677394f1ef

SHA512
60335ccaa93213d95d90a3b551f171a89770391cecb282dbfc412d55dea1c368df4acdfced40ec8f48bb67d3cee184d0bcdb8682ef06b2dfe84ab13b0b91642c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
7d2f0b16f678bfdb0b696f57546e7a17

SHA1
985bf335b325886253447edbcaedb771bdd99ae4

SHA256
c1aecf550c9cd82631e34c56cce1a34e4e2bb1a28fd7b02c7cb3a3f6e236eb3f

SHA512
f9a68a15f6be5c3413a4ac8f95d39ea8747b0ae2033de4e3e14fa7ede87c499af0b728333ae7e6ee5840869e1ac8198877a297c5917114bd266eb06b6c911efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
215531611c5b7280af42f30123a3369a

SHA1
12840bc003bb9dfec8fa9bba15ecfc42c35c0b4f

SHA256
f0891a5a8148025924f3fd65291ccbd2f9cc2624d3403883272cb233182441dc

SHA512
4ea0fcdbe5772ad5e44a334b74687846ab39013c3e329b400eaac6620a1f2535e35d5d479da1863171e0f8ebfe794a7d0c345d361489309f270a0f2981a448fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
16KB

MD5
0b89962b52720539e1a7576f9918c924

SHA1
7e062e8f2571304ac39fcb495cebad9a7f3246be

SHA256
8c67cac5ec6f14c20a76aff3604f7128c73677ae34b0526c00fd532fda5650f0

SHA512
271ade6940d34734a15bb39b062ed2eda3258ee64d5d83d9156a79d6f11ccf0df4ffb9ced402c18967a722a19b6579ff2025796b6e01283fc31ab7754aeb67a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Filesize
11KB

MD5
b4d1c6dfbf3f3510d5fe47a4f21566c2

SHA1
08d73d151c5033b7db42a552aaad3923db184037

SHA256
43282e916dc199888d803a42acd7bc5c360bbb8f4a2aa963f706ec73826bb16d

SHA512
1b47ae9d2fcc8f772b696bbd75e008e0b9ce65f8d7e1ae539b972349a042a97b6a9be110d044f70b951e0412670dd58495af305aa653ddff579cb935b0844a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
161KB

MD5
95ab8d4bd45168de60a9578bba666754

SHA1
0d857a040d1bb1fd397cb5d229342158c04d599a

SHA256
309657bc5ef4f694b1bf92960118b237195cb664dc44757820623906a9d34f61

SHA512
d0fccf041f3d66e577742e2ceee76b66a280189255b911836812b4ccb52750fe683e499939d30c74a0d8587a2155746735e22257b3c523e9da769fbac0c0849a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
397KB

MD5
f691b6555f803a91a9c83f6b7a8a909c

SHA1
10d23a17cc44a2bb1c43fc38050664000bf1524e

SHA256
a21bbd293b725ece663ff25ece8c790c92be699721870900998269559a9055f0

SHA512
fd5b0dc6c88840b27455a5731bdc2a825e5b898e54cc25acde3955eccc0e2596197aa41723515affcab6943ee7a02968141560493f9048988ea60af850046d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
8815f2d6d7944eff0c1a89935102f52b

SHA1
e1cb38102e424fc97a0a217bb33d8823a72f8424

SHA256
dca0661c7cdce8d13feee4508680bec377ddd07cba02257befa452a3334abac3

SHA512
3914aadd210f3deb9f8def8cc5b66fe4aeb391bfae7ea4123518f2460e593417403b49a196f8332327fd5c5bf31fbf8a56efaaa8da0576362bc65d3a9a72fc97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a2414.TMP

Filesize
48B

MD5
e0ad2a4b69f25048e8dcd0d17fbcac91

SHA1
dbe6e9ec04584985a21fc80026e5ef2a98c3ea36

SHA256
5debbba5474d5eb8c24c97a8d79fe0fc82f0aa25a5ec550da4972e2b427c133f

SHA512
2e3d03a9519c0fcba9949120e9c445d06e588741edd90cfb8c10e539220b8f7c1195dc21c2f339ba01926b00e249f6726405da5a1479f21a199774ad406fb5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
064392d79833299e5d41c5632e44670b

SHA1
40bae8f4de7d158940ec02a269caf0c59ceb2e85

SHA256
5f4d0fd5a5b31c2913c73076b564eb2761b65416260dc5e58f755b5b78d6cdb6

SHA512
ac0db9c53efe724c2c04604e6b264d89315b19e9c0e73f74f736bce0465cd3bb3e6b069e2474caeb2724e7d2814f2185496b798694e7805dddce642f22d22b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13358543348201886

Filesize
1KB

MD5
07f43d97e20bec314a07ba11d2386668

SHA1
b3094410bfa842188c71204c86a6e83c2e90a50c

SHA256
e9e7cfa0acffec13af39650161f863b4945e12ba46c41d17fedcd0b163f47534

SHA512
c4a456ae3d7c8b2851ffcefada84a2517da7b4797d5907b1bb59237902d465ad49bdd45d0dfc62566761cd6e91b9784cc47a9149e3dbf158c777c51c16fe55b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13358543348435886

Filesize
1KB

MD5
17d8f3cdec77709c6eb8adb902df54a1

SHA1
995d85381bbd47d98e7797feca7c150921ccddf7

SHA256
5276c5615461a92197fd28341994b1a647dc6da4f14fdf59e8fd6cff2524a649

SHA512
36f3b1d4d28a2f9e93c571e18db668b432f8fdcdaf616f0d678503ef544c0848ac86fabc745cfbcbd8948cc0084784a525c00a21abc13aafd649c1125da84d41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
92b57d03984c725d217b3f67cc3ecbb0

SHA1
3ef9feb607ea5a4d1824ca2f7f752d2831ef02c8

SHA256
7ee147f6788641c7b12f5f5bc65d08126cebba5bc321b021ac4dcd5b272fd285

SHA512
0875f1198c8efdad75d181ddaf41824e30bf6c270821b6de3e344eada840b64b576d74ce0db81cda2b1a51a8c4bfff96c793ea7cec405ba51ad3ebafc2884fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
fc3d4334672abcdbcc72d4259f2be305

SHA1
77127feff4222197072c10123872d5bacebb85bd

SHA256
405de2768ecdab8ffc6fed569bb42b2277527919e0674ab05db3bd3b25b238f9

SHA512
0203f7f3dcfae568e27b8ecda1f1af6121abf3a694ccfced59179d5bdba712e9ad807be22a7fefd860cbcb2bf995073f024f6d2916194ad35bc950f3aeb913d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
da2c8f890a267664e3dd1b15f3512adf

SHA1
5901466d55a3b5eeab1238d51266013b6fef4805

SHA256
112055cf73a215cc013281145f8df1fa4ff7ea255443d1290575faca38b262e0

SHA512
e97b739f84cfb141f3f4ece5494c1f235e8395697d6bb4a10916d8ba404881dc9f8ff4cc3337cd216fc8d55b5249588d871377dbc03a11c8e07992073706bfc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
16b59c32ec2b8db688c9cf8f0ad6be81

SHA1
8dde2496d28ad721bbb94e75e65b1822a07d5ff5

SHA256
88fd3720c8a96ccc213037d0911cabaec81e519fae5087069d66a0c19790a9b3

SHA512
0b394f180565b1c520c903e20ab42ea97b38599385e8ac5987e2105a59bb77df0106d1825b28ceaccc4b9031fe7c5a31cc122edd034ee03db3e64198effacb36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
c8d0e72f3e8a727474c4dcb3679a7201

SHA1
388c360afa56ff88922fce76d238bb22181d7800

SHA256
48cd03c845e7ebef05d747985a7101b12cf3f71ee9a23de2af3a8e769d213373

SHA512
4ed4eb8de0fe35cffc67f03eaf544a2e0b877d426b9d31fa576ff3f3890c952ece29ae3c5c02d8ce6141477dbb7202c8b563978c5e4076c267f193ba1dd8cbd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
5162801750f7011ee7e792ba5cf58d56

SHA1
30786c5d07031c1f1e109d910e6e96c96d3f257d

SHA256
fb0151fe07d914459d7d782e97491cc50609ce972507a07edec1ad242126f5f3

SHA512
b431ea44a2a31bb3298fc61c1472a9bf7eb39622fd1ee332dda3208de5f37d72687b6a534a0a7e077ecbeffd886b7b5b09b9c396a32fb7ee929a783eecbcec01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
5afb475c2fad02ad7b3e9bd84cf8c409

SHA1
949424ef6cd0f121ecc66dd713d23c06b849fe08

SHA256
7092248ac974a465a9c97422880a2fa714e849199eb72952e836402a93b6f73d

SHA512
dee0efe0ba8ee872039bdfccad1c50bac8b1985969cf4c1e008d3291f0112121d1e4f4405510443ad0933341cf301fa8ec13f05e5d578bdffd13e9aba0ac440b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
0f436f661845ad94b88b3e9847ae3330

SHA1
2590d533326a063a3cd84d97e2946db07b7ab11b

SHA256
8be20d5f27b8033e9325d4038d6f83180124a0958f85cfae4196f161d8c86fd8

SHA512
b9adf829689a82a8b80f2625f10292f536127b25d2a0af541c35a4da778fe62915fac2d3818bb24dbd8d7e9601c097d64f11b6ba7e79d46824530be2e7b9ecda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
5614742bc9c73c58c95cf72ffce28239

SHA1
77669e14033fe0c91dfa4e4f91b63008dbc3d7e2

SHA256
870bd5813023eb5c362e6f721fd4f06db32bad7fa6bebd89abfef3fd5eda16fa

SHA512
1e6b7547f23709b1cc8d5445d0c9644016eb8524206b24dca6a65566b811fee21d449ab4fdff622c91f94d4a397b6b1bd073206c014249e87ae90622d191329e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
e890e449e57cc1178fcda782463d6ff6

SHA1
aa9646185c6066efc234d1033e47ee7b68d1f89d

SHA256
3551a95e3b86cf44e7f3bd24f3a03850016f59e98b36536854e37e6b99d3e416

SHA512
1c982225997b3f6333d21ce79fd069dc904571b0bc253a8e055bd2ae962b75dad133e6963fee71fbb1ba9113547269def046960003c635166d787a8d072e65c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
440f759fc80cceb52124cd7829cc2200

SHA1
c54f2d6a611cfc45c1e38209fe55c5cc744580af

SHA256
20a7a505a9c377701e8634b88612ff3962f2d6ce61bb63537c198993220c4627

SHA512
039e6354e964bb1e20c2c6545b6c31590dae8c3edc70c736f0edc365820e9cdab1f39ffb2da502aa9bb00aac7b283d79841907ba97dc88121edc9343dda802ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
162573001a0daf793b5e132eee9d8f5e

SHA1
922a20eb559535f4ba0ff7738fd3b79eddaa51ca

SHA256
1fcffbe5b85711519d09d2c0160ab3290f14c7064d602c3376f74e77830673c1

SHA512
5609c2f50d6e75e56fbb336ea15074dbd86865c26aaca668f9e8b660b5713dc83dcda73e411bcc9e15ad3845700420d489e426a7d0be7e20fe590248a146a5cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
9112cd996e61e0e2d6ba90a760b4408d

SHA1
94afc6c03f389fedb81fc6eb8c54ba9e5de61eb7

SHA256
dd86592be80a200b2ffdd90bf500eefcf5a38b0017bb31de0a16fd61a54955d3

SHA512
240b67b89701bd9e7dd3f72aa0c84b8ac309faff8276a6828bed260807adf98f8610e2297ed80d1cada4f273d984fdd393948441fc0fd2784984e725faabf9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
350c9e258d970c258c5a1f1c6bcbb72c

SHA1
ca89c1d0cff2764608facc38e92b769c76f75bca

SHA256
cf64bb2e22c377fa83d8c643fc24370415683e88fd8bd74515ecb26f17c1e861

SHA512
2741fa2c8beadd148eeae69aaaa1d117a42016320b1460576e07df09525c943ca06acca4366bf3afee450dc9bde462ebbd021cd0d4f35d1e6f658295496dca06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0e6182a706cbb618fef3865504527d93

SHA1
22e9328d03c97c2b9ba7d7fbaaf6b8c068a81570

SHA256
9b3ad9f88fdbf0c49862cddeea21e43db0b2431a8fc462eb8f5c7d38ae1b2410

SHA512
c1093b8faf2471aafedd71ac42e11958e0115c990caf5740e65f0fa1012d32ec6b39ed05d03e3dca94809f185d052a161b39347cedffda1aecb99dfbb65ca595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
09dbd8f1b5778ef0252af427312b87b2

SHA1
25fe58efdf86357971d96bd2cd2947b83513b9a4

SHA256
bf5e91198880eb44f378297b89872ca46468d285d7e9527e52d8f7ec0556d079

SHA512
9038893db609bddec36e3514a9580192b18d0c99c5208042ed90d4bb0c209c719198b14fac702956ef4480e714914896425922b161b12ff9c91e27d391d6c186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
5cb70967ed6a1ce6418ca826b41d61e0

SHA1
a4f1eaed5ba8a7212c3ef86be66c0072baee12b5

SHA256
70b61323420357135b33f379f60ef0fa267c1093250ab353e2d0c2cf8e8307bc

SHA512
e41b26ec934e050cb0727c047d7cf1cebffe73b61dff42f0fad07f84ee8ed3e1dc3aa1e4d10b97e134958f6ffd3d2036b5353096d35b31de531e284a58867cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
751eb3a594cc6e5e1ca8a35a223401ff

SHA1
e34307546b80ecb88e4c5a36bae0dab0d9d79150

SHA256
909cb16396a42a327ef0738c7737db4588bb4cea3e24ab6b8f2b0d96eb9d9e8b

SHA512
c4beb3ccc70e5bda59e8b3fc012cbf674617c03914486baa4d98fd199e7b893e45376b8e668d318edf8ebe1f5e7d32af284a632fc79ab518e06fd746f3af2585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
74cae692770e5405e6d3f49630cd8379

SHA1
cf50043a28cb7e86d858a57d18466a05bc602428

SHA256
a1e16a30e2b54385dbb6ea4bdf4b3d2bd3ad61cd1d3f1591b3d0ff0101b5af69

SHA512
45640127f1a0acd85bf54f0081775334616d348be08468762f7f8c6ba98ff1f8298b2f2be57d1beca7564ef99c9e11f8c67b1d4d8626a050ecdbd8e84ca317ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c81d6f51-aa44-4101-9382-62bb37c14b77.tmp

Filesize
6KB

MD5
b8760bd1d3b53e66303d69b5ddb63fa6

SHA1
efbaad1d9375df6c354a9acc27e0755edb9a755d

SHA256
3133abe4aaa1c9681430731f687375b6621f1989a7a56cb34577a5e9f1acd4f7

SHA512
a3ba3d79383fe717f5ecefd0c93f55ae55d8dc967efa8a69b18fe4b28a4b85c4fc8e03388911fde9d124c0fff81e5902588f8c270d6f2d1a753dc6c4548d42d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ab6ab31fbc80601ffb8ed2de18f4e3d3

SHA1
983df2e897edf98f32988ea814e1b97adfc01a01

SHA256
eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8

SHA512
41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fe87f3b4-19c4-45f9-a007-03d29bdae6dc.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
04717ae74dd0806b4725675b3d475ee5

SHA1
7ac7f662b2e8661c05532ba0b49f336177835d8c

SHA256
728a80d653c5949cddf3810103ace71fa7d8916e5590b801379eddcb05a33797

SHA512
0d79a7dd9fcd30e5c7f2d9f32e50cf18c549da72ec110b39dc85645f67fcdd4512ffe3294c22cf02f6c55d01b7a2566fcac71cb6ab77f3c845c1cbb29f41d941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
6864c183c2c070f8681c9642363d84f8

SHA1
1401eb6ed1acf9ba28aae5164ff8d85c863608f0

SHA256
aa055c99a005d412c6af8abf4a54fff9cd127f58982892c870265b954f86fbc4

SHA512
3f3e8b0bad3cdff51cc601738bda2994ddaf4f2e775decf240befa5cad3e3afed159f6905ee602de98b7f7c571b89c9c0945c1b53a79f5f85353ba68a6442ea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
ccb671a16c98b3b166a2b9eac10b30f8

SHA1
a888cd976ec07fa31ac028bf81272f16f7846411

SHA256
32ada2fe18d53731572d1a93674a40ab42df4705120b77db8f6773aca879167d

SHA512
31c7752179cc0ea895b085d78676a8a3566aa94078ea054a19473dd583fc2f34bf9ad5aa7e2a6bcba4afc7830a15cc69abec9f9c211eb411aecc6c3304bbad17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
933d2512303db5d37647c717559a3189

SHA1
13c3ed25ffd21b5d902333e539d93e4f224de9d3

SHA256
e5f3bbe6b8833b391e06bf464174a1c452bca3c1ebb6e17b302d88c041f1bff5

SHA512
f3738dc00f8a19f6146281cdc27d77d3cb7b9ab00ade090b1d1cc5e870c17f968ee8d85c017b40e3f9396419ec63ac7024c993b14e965f1eb27a3f750ac143a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
d42e681b83b88fe45a906e386a8287f5

SHA1
26af854e48d474a5d17e4ba55ee5638a8881ffeb

SHA256
29f4524c0879d5035da91114301e4d9a12b7deadaead6cd7705dc9262b6e9d40

SHA512
65a561a5a57599e6fa048f7313504e6421a8e6a2e8791c4a4521a7f31fd449e57d8387dc97906de2fa84013d1a725d8078d9e00a9e0249221446f10e94168164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
084258949fe68085b2fefadfd5b8f847

SHA1
3d1f3d4ddc617e7e3a9270cbb8c87aefc9f185f4

SHA256
d5f76a42b8e63b2cfdf7064eee0b9c2e3b304134b25d72407431fac3456dc874

SHA512
8d384615a6e0b64e90d66d098106a70d42041539e320cca1cbe63f4900b9115ae901eb6e19c32b9093c552cb3733af5ba980f78f0fdeff4aa5b389978016d29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
1d8e8419633ef2cbccbf80afbdd23d4e

SHA1
d40a1462f880b61a761f0cadbcfcca981b97fb25

SHA256
a4ecda4d35360d0894e21a5bae0430b4afd9255eb7234a95fe795d1bd92c9642

SHA512
0a269d9d7371e63a5fa2493d0ee17b7884d36c9b39b9d2d854c1e033bea58cedc4a0f36f477bf6ebd9adc86a4a85f4f40e5dfcf039eab8923769ee1cff9b347c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
16KB

MD5
80012647668475a8fb5b738a711cc207

SHA1
da1e6a6806e501931da49507d087f18ca1cccfc0

SHA256
3e72c1c40d80d6be468f4febfc1c44a85085075d081eeb36e16bb4f1c2725835

SHA512
83bf46b67b03170f6d749977c4186481f366e5376da0317dae13b69bb4a46015975df56689abc78912741f6f84b13d966deef8c35d85a4b1ca427bfd3b64f927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
20KB

MD5
7e86d5c1bf2ff36b15bfbd8fcf748b16

SHA1
59a1515ddff8caec85c4f27ffb17b69a42ec6226

SHA256
82f03e141e82546b261c1a24cd9ae3cfd4b19a7b4f343a296428deeda88cf856

SHA512
943fdf966d2ca4bfb35e01431e7bae1611e86d4bbf9c27524ba4502a9a93b8c0bb39e7760a8ee76993c4099da1ff49febe0b48468f134d4121f22a0ffb41bf2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
20KB

MD5
2a029687e73114ebcb4fad10c0114e8a

SHA1
f09cbbed46b9f8c731568bdcee13024e89bda397

SHA256
fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b

SHA512
211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
58c246822fab79e17ce408c2900b082f

SHA1
2e245d0498a9c495baece34032e06611b56b0fb8

SHA256
8311a903175e85d2d0b2bc667bda51ff8c7b7b1f70c2fcb8194c5abedf513ec0

SHA512
a19435ce3c1880438d771aa94e5868a217d0283b4500f1db8e1cdec46bbc8ea1287c2dcab5f4ab51974dcd5288b24dcab133d380d16d7fc5063689c486f483a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
99cdc2e295a98ca2cc99b54a36aae129

SHA1
fe64f245ea5209298b65290863f18d54918e936f

SHA256
cc6cbfade2ca0851ae03f5682069359003c9c20beb46dbcf1bf4e654e3c897ad

SHA512
0d184db675dcd425f1c3ce10eede1d031571802f0dbfd8c25d444033a9fbeb5401bcc7aa4a7b70b6467410fa9e33a4b1cc207fda1033e4c539f99c405451507d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
53758ee5ac6b44d5023ce1f6b900efc2

SHA1
d4e18b9550e1eda79819bea9bc39685cbbdfd671

SHA256
bc7de6314c4124307b4b6920a9dccd60c31ecc2dfbf830e19590071ac8d56144

SHA512
8110dd96780402824f9c4e45727bb7488a1fc7d51c8cbb405b8a72694413778aa9423e905bbd9e05a1d102060ea4955b3f3e10df4ca5b7a1a7721a60f37ebba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1e28dda7a793fa29b3cfefb5fcc65b17

SHA1
b4ad1409f772cfa8db2def1f0e74eadf5171d87f

SHA256
564c4c9e9254ea5dfb17c149da17698e8e29a5c1bc820571d7cf95c00d458b24

SHA512
8765e206cc816e701bdb5382e4ff91d51e2a5ce3b9d3de8b4f95ab023a6d88eaf6eb74e0c893b54a916e4782771a256b5b424abedfcabe33e75e2a4d3b609f14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eee4fee5a0e51fc9f2ffcd9b5f787d89

SHA1
92c15b50d7f22be2b118c0700005deb59ac45f4d

SHA256
23ebaa9cc1a44c3471e296d9ea74958659cdd10bbd20bbb35f7bbbe1b39b21be

SHA512
0e6318b5965cc37f0293e720932b958b4f42f6ab116552afe572d0d48f764cec12b654975d18c2b85701ca33e7cb169effc035a273c3bc5b0d578fd33d4a68ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bbc72940c8f1c065ea3ed61f52aa2eee

SHA1
0ee842d8981867c98d4969adf55efcab10d879cd

SHA256
02729f3a4d677af0af835f015c669ce40b5f203675c02f7a30b6af63bd974a8f

SHA512
0f52aef08afa02da5257f10aadc354d5b2e190391a7fbfc9ec9dd492b2bebe2a778777b998edef96597148db30ca26f2c8eb738f51f6d1267f55f17412e7c9c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a14940b15f5c57b303f4aadf3231ca3

SHA1
47d49981c3f6e786efff5bfce45f1c28049d31f9

SHA256
49e3bcbfd46372d8c31df469446253aeda94ae34b7d411d1395b6626ec37c718

SHA512
3788a82d5f75dbf3d6f09a7475ed98819b8b5187c018c106c261fc633560f7252e06143718ce554a92e28855f01516ab7c9eb829e304fb22d9bd8c7e4c403741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
24868c43a1ed19a2fa280aad476d9cf8

SHA1
4cb89ea9e4b543a90ba5e850ea68114b3e45099c

SHA256
3548c301935ae8c64b7427c1fba39fe3163bab134a01636aa912243457b14167

SHA512
6877dbab7916b8df843109c72a4c20e6a02cc737ee9d5c2a3ef64e18de3090211f2fc741d686d5f6f6039ff7593d7da108039d28a00e92dcd6188fb44e31610e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9f94f43c6063f1cda1d097f6664b17a9

SHA1
60e8fd1ff54eb089c4a109179a3a0ead6d0cdb24

SHA256
bc1139ac7dd8edea6c1089b25815486e62452b5aab923e1ff715f0e70ea2a30a

SHA512
957d0b2416a45f100576bbfed6030565a28a94a1059385ef11ca4e4ad1e0a903fccce003efe94ead3459dada33adb5462ee231da4bdfaec405111647ea6ed2ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
602b85c12546e5ec18c01bb0c08e8b72

SHA1
df459bb1b3e7ee890965155b16738a226de5d158

SHA256
e187d70cd6aa593f359e08b343b03cc4c683153c9c8303bb86e36b934f6eb797

SHA512
f7acb57d26be6a35839e73dde69edac6ec0a32ebdc825960d351a0add45407fef44aed411fb7d1f7aace7a4bd4bedfdc5d4df9fa464aaa009422c32f7a82aecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
bcd79590e6cd75eae43c4ac46d81105c

SHA1
e677f2ebd09a2645dfa752a4d4f2ee8482a8dfb7

SHA256
1bdfbc80e31d26eb4226464e8124a5b3079d9d2e7f1b81c55ea73b0958dd8989

SHA512
b3ba37e1748bcbc798560e1f661d65baa0b9b425d338d51cafc93983d335e788a0bb4990650338429aa5f0439398f933002372c7e97cbdbbaf60f3e30a4a2dbf

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_4464_KZCRNLRVMNARVSVM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5456-2634-0x0000000005130000-0x0000000005131000-memory.dmp

Filesize
4KB

Download
memory/5456-2640-0x0000000005130000-0x0000000005131000-memory.dmp

Filesize
4KB

Download
memory/5456-2639-0x0000000005130000-0x0000000005131000-memory.dmp

Filesize
4KB

Download
memory/5456-2638-0x0000000005130000-0x0000000005131000-memory.dmp

Filesize
4KB

Download
memory/5456-2644-0x0000000005130000-0x0000000005131000-memory.dmp

Filesize
4KB

Download
memory/5456-2641-0x0000000005130000-0x0000000005131000-memory.dmp

Filesize
4KB

Download
memory/5456-2643-0x0000000005130000-0x0000000005131000-memory.dmp

Filesize
4KB

Download
memory/5456-2642-0x0000000005130000-0x0000000005131000-memory.dmp

Filesize
4KB

Download
memory/5456-2633-0x0000000005130000-0x0000000005131000-memory.dmp

Filesize
4KB

Download
memory/5456-2632-0x0000000005130000-0x0000000005131000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads