2a45e44be359fba4c85591e7b13d1ec772ed181adc41254d8b00d31b2d15878e

max time kernel
599s
max time network
602s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 18:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Memz.exe
Size

14KB
MD5

19dbec50735b5f2a72d4199c4e184960
SHA1

6fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256

a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512

aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
SSDEEP

192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Memz.exeMemz.exe

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\International\Geo\Nation	Memz.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\International\Geo\Nation	Memz.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

Processes:

Memz.exe

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Memz.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

Processes:

calc.exeexplorer.execalc.execontrol.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings	calc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe

Runs regedit.exe 1 IoCs

Processes:

regedit.exe

pid	Process
7536	regedit.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

explorer.exe

pid	Process
7492	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Memz.exeMemz.exeMemz.exeMemz.exeMemz.exe

pid	Process
3524	Memz.exe
1408	Memz.exe
1408	Memz.exe
3524	Memz.exe
1408	Memz.exe
3524	Memz.exe
3524	Memz.exe
1408	Memz.exe
1408	Memz.exe
3524	Memz.exe
3524	Memz.exe
1408	Memz.exe
4732	Memz.exe
1528	Memz.exe
4732	Memz.exe
1528	Memz.exe
4732	Memz.exe
1528	Memz.exe
4732	Memz.exe
1528	Memz.exe
1408	Memz.exe
1408	Memz.exe
3524	Memz.exe
3524	Memz.exe
3984	Memz.exe
3984	Memz.exe
3524	Memz.exe
3984	Memz.exe
3524	Memz.exe
3984	Memz.exe
1408	Memz.exe
1408	Memz.exe
1528	Memz.exe
1528	Memz.exe
4732	Memz.exe
4732	Memz.exe
4732	Memz.exe
1528	Memz.exe
4732	Memz.exe
1528	Memz.exe
1408	Memz.exe
1408	Memz.exe
3524	Memz.exe
3524	Memz.exe
3984	Memz.exe
3984	Memz.exe
3524	Memz.exe
3984	Memz.exe
3984	Memz.exe
3524	Memz.exe
1408	Memz.exe
1408	Memz.exe
1528	Memz.exe
1528	Memz.exe
4732	Memz.exe
4732	Memz.exe
3524	Memz.exe
1408	Memz.exe
1408	Memz.exe
3524	Memz.exe
3984	Memz.exe
1528	Memz.exe
3984	Memz.exe
1528	Memz.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

mmc.exeMemz.exe

pid	Process
4480	mmc.exe
1756	Memz.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exe

pid	Process
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

AUDIODG.EXEmmc.exeexplorer.exe

description	pid	Process
Token: 33	5640	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5640	AUDIODG.EXE
Token: 33	4480	mmc.exe
Token: SeIncBasePriorityPrivilege	4480	mmc.exe
Token: 33	4480	mmc.exe
Token: SeIncBasePriorityPrivilege	4480	mmc.exe
Token: 33	4480	mmc.exe
Token: SeIncBasePriorityPrivilege	4480	mmc.exe
Token: SeShutdownPrivilege	7492	explorer.exe
Token: SeCreatePagefilePrivilege	7492	explorer.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exeexplorer.exe

pid	Process
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
7492	explorer.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	Process
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe

Suspicious use of SetWindowsHookEx 31 IoCs

Processes:

Memz.exemmc.exemmc.exeOpenWith.exeOpenWith.exe

pid	Process
1756	Memz.exe
1756	Memz.exe
1756	Memz.exe
5676	mmc.exe
4480	mmc.exe
4480	mmc.exe
1756	Memz.exe
1756	Memz.exe
1756	Memz.exe
1756	Memz.exe
1756	Memz.exe
1756	Memz.exe
5696	OpenWith.exe
1756	Memz.exe
1756	Memz.exe
1756	Memz.exe
1756	Memz.exe
1756	Memz.exe
1756	Memz.exe
1756	Memz.exe
1756	Memz.exe
1756	Memz.exe
1756	Memz.exe
1756	Memz.exe
1756	Memz.exe
1756	Memz.exe
1756	Memz.exe
1756	Memz.exe
1756	Memz.exe
1604	OpenWith.exe
1756	Memz.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Memz.exeMemz.exemsedge.exe

description	pid	Process	procid_target
PID 2224 wrote to memory of 1408	2224	Memz.exe	99
PID 2224 wrote to memory of 1408	2224	Memz.exe	99
PID 2224 wrote to memory of 1408	2224	Memz.exe	99
PID 2224 wrote to memory of 3524	2224	Memz.exe	100
PID 2224 wrote to memory of 3524	2224	Memz.exe	100
PID 2224 wrote to memory of 3524	2224	Memz.exe	100
PID 2224 wrote to memory of 1528	2224	Memz.exe	101
PID 2224 wrote to memory of 1528	2224	Memz.exe	101
PID 2224 wrote to memory of 1528	2224	Memz.exe	101
PID 2224 wrote to memory of 4732	2224	Memz.exe	102
PID 2224 wrote to memory of 4732	2224	Memz.exe	102
PID 2224 wrote to memory of 4732	2224	Memz.exe	102
PID 2224 wrote to memory of 3984	2224	Memz.exe	103
PID 2224 wrote to memory of 3984	2224	Memz.exe	103
PID 2224 wrote to memory of 3984	2224	Memz.exe	103
PID 2224 wrote to memory of 1756	2224	Memz.exe	104
PID 2224 wrote to memory of 1756	2224	Memz.exe	104
PID 2224 wrote to memory of 1756	2224	Memz.exe	104
PID 1756 wrote to memory of 1476	1756	Memz.exe	106
PID 1756 wrote to memory of 1476	1756	Memz.exe	106
PID 1756 wrote to memory of 1476	1756	Memz.exe	106
PID 1756 wrote to memory of 4224	1756	Memz.exe	109
PID 1756 wrote to memory of 4224	1756	Memz.exe	109
PID 4224 wrote to memory of 2460	4224	msedge.exe	110
PID 4224 wrote to memory of 2460	4224	msedge.exe	110
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111
PID 4224 wrote to memory of 4296	4224	msedge.exe	111

C:\Users\Admin\AppData\Local\Temp\Memz.exe
"C:\Users\Admin\AppData\Local\Temp\Memz.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Users\Admin\AppData\Local\Temp\Memz.exe
  "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1408
- C:\Users\Admin\AppData\Local\Temp\Memz.exe
  "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3524
- C:\Users\Admin\AppData\Local\Temp\Memz.exe
  "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1528
- C:\Users\Admin\AppData\Local\Temp\Memz.exe
  "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4732
- C:\Users\Admin\AppData\Local\Temp\Memz.exe
  "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3984
- C:\Users\Admin\AppData\Local\Temp\Memz.exe
  "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /main
  2⤵
  - Checks computer location settings
  - Writes to the Master Boot Record (MBR)
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1756
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:1476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:2460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
      4⤵
      PID:4296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
      4⤵
      PID:2964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
      4⤵
      PID:464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
      4⤵
      PID:3380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
      4⤵
      PID:2720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
      4⤵
      PID:2444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 /prefetch:8
      4⤵
      PID:4612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 /prefetch:8
      4⤵
      PID:376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
      4⤵
      PID:5160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
      4⤵
      PID:5168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
      4⤵
      PID:5340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
      4⤵
      PID:5348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
      4⤵
      PID:5216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
      4⤵
      PID:5592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
      4⤵
      PID:5632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
      4⤵
      PID:5984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
      4⤵
      PID:6012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
      4⤵
      PID:3112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
      4⤵
      PID:5140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3060 /prefetch:2
      4⤵
      PID:5228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
      4⤵
      PID:1796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
      4⤵
      PID:4472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
      4⤵
      PID:736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
      4⤵
      PID:3612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
      4⤵
      PID:3648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
      4⤵
      PID:5652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
      4⤵
      PID:4820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
      4⤵
      PID:5552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
      4⤵
      PID:2820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
      4⤵
      PID:4588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
      4⤵
      PID:684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
      4⤵
      PID:4392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1
      4⤵
      PID:3280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
      4⤵
      PID:3680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1
      4⤵
      PID:5460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1
      4⤵
      PID:5444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
      4⤵
      PID:4976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
      4⤵
      PID:3820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:1
      4⤵
      PID:968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1
      4⤵
      PID:4744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
      4⤵
      PID:2464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
      4⤵
      PID:3916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1
      4⤵
      PID:5488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:1
      4⤵
      PID:2792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8576 /prefetch:1
      4⤵
      PID:1580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8760 /prefetch:1
      4⤵
      PID:1732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8864 /prefetch:1
      4⤵
      PID:6648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1
      4⤵
      PID:6656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:1
      4⤵
      PID:6664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9220 /prefetch:1
      4⤵
      PID:6680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9332 /prefetch:1
      4⤵
      PID:6688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
      4⤵
      PID:6336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9860 /prefetch:1
      4⤵
      PID:6992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10000 /prefetch:1
      4⤵
      PID:6460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
      4⤵
      PID:6416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10100 /prefetch:1
      4⤵
      PID:6996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
      4⤵
      PID:6516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10360 /prefetch:1
      4⤵
      PID:6456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
      4⤵
      PID:6552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10172 /prefetch:1
      4⤵
      PID:6152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8508 /prefetch:1
      4⤵
      PID:6464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10156 /prefetch:1
      4⤵
      PID:6616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9840 /prefetch:1
      4⤵
      PID:7564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10736 /prefetch:1
      4⤵
      PID:7500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10328 /prefetch:1
      4⤵
      PID:7236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10744 /prefetch:1
      4⤵
      PID:7320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
      4⤵
      PID:7988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10768 /prefetch:1
      4⤵
      PID:6884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11180 /prefetch:1
      4⤵
      PID:7872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10640 /prefetch:1
      4⤵
      PID:7600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10884 /prefetch:1
      4⤵
      PID:7416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,815335447637698007,16489391390087021609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11428 /prefetch:1
      4⤵
      PID:7480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
    3⤵
    PID:5316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:2164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
    3⤵
    PID:5976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:5904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
    3⤵
    PID:1668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:1940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    PID:180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:3920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
    3⤵
    PID:5804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:4348
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\System32\mmc.exe"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:5676
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe"
      4⤵
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:4480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
    3⤵
    PID:2908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:3980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
    3⤵
    PID:4768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:1720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
    3⤵
    PID:3520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:3388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
    3⤵
    PID:6100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xf8,0x130,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:3056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
    3⤵
    PID:3816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
    3⤵
    PID:5188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:5416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
    3⤵
    PID:5008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:5292
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\System32\calc.exe"
    3⤵
    - Modifies registry class
    PID:1084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
    3⤵
    PID:220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:5920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
    3⤵
    PID:3328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:2316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    PID:4032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:4932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
    3⤵
    PID:888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:1040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
    3⤵
    PID:6312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:1056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
    3⤵
    PID:1228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
    3⤵
    PID:5788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:2672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
    3⤵
    PID:7184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:4392
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe"
    3⤵
    - Runs regedit.exe
    PID:7536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
    3⤵
    PID:7868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:7840
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    - Modifies registry class
    PID:7424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
    3⤵
    PID:7336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:6668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
    3⤵
    PID:5856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:7356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
    3⤵
    PID:7420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff7d5146f8,0x7fff7d514708,0x7fff7d514718
      4⤵
      PID:7400
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\System32\calc.exe"
    3⤵
    - Modifies registry class
    PID:6292
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\System32\calc.exe"
    3⤵
    PID:7772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2796

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x240
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5640

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2184

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:7492

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:8108

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e36b219dcae7d32ec82cec3245512f80

SHA1
6b2bd46e4f6628d66f7ec4b5c399b8c9115a9466

SHA256
16bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b

SHA512
fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
559ff144c30d6a7102ec298fb7c261c4

SHA1
badecb08f9a6c849ce5b30c348156b45ac9120b9

SHA256
5444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10

SHA512
3a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
86862d3b5609f6ca70783528d7962690

SHA1
886d4b35290775ceadf576b3bb5654f3a481baf3

SHA256
19e1a1ad6c54fc29a402c10c551fa6e70022cefca6162a10640ee7d9b85783ed

SHA512
f0746c23a06effd14e1e31b0ea7d12156ff92b1f80445aa46e1a4c65cf5df4bc94f6dabe7aead01f1bd6a6c7b851b577a11697a186426a2c8dca897c48515ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3d2db5709c56fece_0

Filesize
349B

MD5
e1ee1efbb794b1756cf8191c7398750d

SHA1
2f99129d84717bb2822a51678e1a4a6dc74ea4c6

SHA256
49ee8ea262c7cdcbec2b34ec227b8e6a0d4ed773dd96ac75dddd98a3e127f6b3

SHA512
1ce810569db630796ac5d66f0dc68371af3a1fd3790421ba868fd0617cdd0e3886fff0b1bc435ef115a4c8407af185ab6bd1a305257aa129ecea54281d25a413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9f33349ce0015ad6_0

Filesize
224KB

MD5
d22790a3b0975965587f08990ac345db

SHA1
dbbef8ec20695aeeae351597135a113db391f7c8

SHA256
665f20baf2d22f29cd04d3222a56733ab6447675c86b930f0513e1840d4a2261

SHA512
3b972b4831b0b7866c92e068cf24e9ef503a8b87044f318e369ba9cbabebe87cc7fe6705c750fd4a7244be5647f7abc8f3334b7fde608da7e641563b16d8fd77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
d80b3f4d0d723d9760fe5eb521378549

SHA1
e8be30de7f45d8a528057ba7fda649bec5b2242b

SHA256
043e618bef7f6633c637ee7d928944fb67192757fd57ec456744eea11b028557

SHA512
d189e14021b35a95f99dc3d71c611ceb3e35be155139e5fb312dea374fa61af3d6005b77bb49fc92e75a9be91595f11a39fd20509abbe0d33a589a36f9ba93e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
e8528e51d25d083e555040f78e805624

SHA1
243bdecbf9f1fd2d3c42a0d543315c2a737c03c5

SHA256
e46398e847e088ae831107fdb4254df06cf1df2277e1115f2ff712a92869f42f

SHA512
efccda3227c0dedfd5ea9080c105c9c26ce43b1a35c9fb66f22e163af83997bae5303eed2a7d651c3c3c820fb5202f013c78fb48fa825d7ca1c569d9c5184aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
90041ed54d38034a40e4fae2e9529b38

SHA1
09cdc4b6ce842f5c8db729c7dedfd4b924d5d302

SHA256
a2d71b7739a10eb4fbe2de35cc55eacc933aa3d94a26849d139c20e92c80bfe4

SHA512
ab3bc54a797bc42dcaa7e7b4d0df6cb262332c59fe31095bee2ff85ab4387ffaa0ada47bee0d3019c4722669ccfe67548969d17dcbf9f1eed91089f1dc2aff99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
1168af644658bdd3d96f0ce5c8329663

SHA1
855109b1bff424d71ad9db1c9525d4ec40b4447e

SHA256
7dede82afcd8ff3a4e8988b1ccca782df57c8870bf7165f7cf082883f2f81083

SHA512
3299163ba4bfe7d2492661b0138fc6e3d95b808f7dfb61d2246bb0d6bc9c5c851000765f427f194ddec32edf641bd552228d0ea5b539b664b1d9571b207f78ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
5f5d8ba66bb8f17a6a7525f6cce2e20e

SHA1
36b76bde4721024298b36e99505aecb3717e6532

SHA256
882648ac25be7ee6f70c8b39d33c14746ec0af6627b05021ca8d80c02b06fad0

SHA512
1125546f38fc19c7f4e61c58c82dcb823ae783d6925f54a07b3437b09e4cf521bcafcedb9a55a69ff6223a93bdb442e1b01e5dd40fc447d4492c91304d50613d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fe3f782044f1d2928cd3a39473b37cb6

SHA1
a0abff587966912ecd96fe1d40335b9714c4cb29

SHA256
e6065dbda28bffea627b22da287157dc125131dbf096e9c12ea7e98673382402

SHA512
5e9301166976993f018459a9fc719f8176e6ec776c869a1ebe0f97ebb07fa59a813ac9ea0ee39f586487b0ce5055582728c69ada07a04cd4bd305f7ff2c1f7b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3a15cf18a3513234baee91e064f65310

SHA1
38e5e6ecda23a35df76a7f9a5fe80a6a17727c89

SHA256
6cc9ae859f1d062e3dc0b04552f4b8b24e812bfe41252ab477d2b5b46e971d9c

SHA512
4f4fe74fe124253343d627bf12b8a0f4cfdd3f63035d9dedbba44b9e66d1032a7efdf036792007587ea0bc9933405f503d5475da795ddefdba9a435661e8bf1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
918f3e5dfe802c8334efbaf9ca11e18c

SHA1
629d3a3817a9d985806922ab46af1be5d46e0420

SHA256
a3f8024249421f0f4f30024fb4366ab3c98597f195bb5aa44d4b255b68904193

SHA512
86a1b633ffc2545ea662ffc9a315d62d0afb899e47000db98a634cd8f37a147bf9e336cc8219ed26de7f06f526a94233dc450064448a39c3fcbbecc94a640acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
10cc7aac2348a09b3d3eeba4dc11a1f1

SHA1
da6e9edb7951098933445038e03e8f56aa7651f8

SHA256
ce5330deceacc45b35c8905c4926ce8f4cd9e57bfbdf2323e579a223cd67fbce

SHA512
448ef24d8d49a729fafd7575cd41ffdf4667c0a981d98f03a62283818f46e934cec4629bcd68e05129c64ed8db249f4b9ef67d944c5909ba92e2f5883d2c5293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.vice.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
bf654954d8002b3d4f6c714f5038bfed

SHA1
3db6f7f32ba708a936c51c2bf4d941d1b7500ee6

SHA256
9fe313aff4e79b2ac17bfd5838afe185b028352af8e6f2aaeb2b02dffe921d10

SHA512
5851733e4662bb9fc0b7964261b1302faa2201d40f3b6861eb7763e75bf2447bd8c80c309df656e63bdc3e9a5b72a9623945b20dadbf92f691a9432a19a15ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
246fd4aa263870f3e49d702963f761b6

SHA1
18d5d47221beea4a60a7e6d7689c919b7aa656b8

SHA256
3e45caa61c8fb92b2300828987aed2b55ebb8eaccbe26f32d1be0bbb335af068

SHA512
8e6344f6ab26211ff18047250b74523ed37b24772d6fc65e80d5f0120e530ac81313b6433dfe43af19d73217ce2581a063707ec6150f33c2644d2e6d428b0caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
5ecb0738184f726fc3fbad748df04a93

SHA1
412d41f7876e2264bb1c7f6c85fbb558518ebe0d

SHA256
01fbb8f590ec7518b1691690992733d52eabd242aeafcba3154904c5f021d6f2

SHA512
6f8debae097a063392e45b32ed4dda51519e424697d2360c10357d8b40a152d09590f57bc688a96481aa9fb44cde11772b77c087c45bac228fb6ccb78dbda013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
816B

MD5
10280c91fcc1b9b75b57fa5962695d49

SHA1
3399048475af62d4e632170350f9bb3683e1e5dd

SHA256
8524298ed74ef21d2a6e7ac3fa48cd78d83d533010c82cf6e57b94411396bb29

SHA512
65a5e2580215f5327c04080018c350538cf9daead1a7fc12dec73a411dc7f80d4d7e31bcc4940f26681ffad8907c6480b88b50829d73355d1a6073388249c35b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
816B

MD5
cab0c2c2bbc3032500e8d5b01e109668

SHA1
566848a2a4d8177ac8ca2f7c4a3a2dc24f722b80

SHA256
7d6698778ac30eb67cd0192a919bb7a62ec6dfa6f4b239cf8b3ccaa39dd7f094

SHA512
15140e9a478976e95797361d0e960bbe9b7ff660eae1ff41adb5205954113c711e8f653e9289fbb85dbc9501a7fe77e414db135416fff0134ac328520fb883d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
785B

MD5
69e6d9d2047f11d59b43cf6495892f05

SHA1
6beb68d4b41a25ec696a7b61fd6c89a241a6c8af

SHA256
1faa831731d7ee365ac23707107090d135b583418fa9a607a8930194066bbfd6

SHA512
f01bdb737fbda77cb5c3ac15a30c226462e8e43343e82fefca22ec8e172a8d0423fead064abb7972bf457f6d7e34cebb56c488f86dafa15049cf6df952cb9028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
816B

MD5
43a303fb855c0996435b5fb12184e358

SHA1
a89e3812aa247ee4ac93b46393ba873334f3f215

SHA256
2339551fbc2e920bd67c52de3cd0d7a9e71530465ff8e64153dbbccb67c5bc94

SHA512
9c24adda653f56c622d5d628c667af724ecaf8b9da44794b17c24431614d4ec7eae97692c576c0776730154457b05410363c3662dca6de58e29e54783f7ac1ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ba0f98e833f3d00a8e6b38e96c6f5f0c

SHA1
78bc20dab5a6e6233649feef98d49cee7c23ef49

SHA256
5fd0ab199b8c843dd476d78bb8b51a7793d8fb1cc5ab2efc797711feea5fe197

SHA512
caf76ccd3b8b3b04baf192eef2471c8c1f77fbe4ac398f0d1720a739e9c1261e53adde6281a8aa494c899aa5095915c2ef39041c3460ad829084f09dae2d0a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8de85bc4b04d5f3cdaba3cfc58fa3f83

SHA1
dcc53b80ea84b9401f0a818f94ec3629d837d0ab

SHA256
a39f7ed7eeb1d7dfeb5ad6943dc19ebc10d35a9162c84e9fad7267c0e8598987

SHA512
46f5c2dfdd28e835c19e1d3e58a425e51c241bac976443db2b5fccaa02d1dbc818bb90ae221d1c0b74185ba31bc0d1cc3ace171ec1ff27201c05dd8afad31c21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f3ac4352303c28e0d776d47a6e7c3cdb

SHA1
0465434d3b4fec01ab392a478935846b55c3f70d

SHA256
7036a61c0323b7fd986e4f131d818acf133c17847b96f6cc946dc4587885dd51

SHA512
58b5ae0b125349c73f483b339ddb5e2d69edab0d228261fb757a251e985f020545b4084e9dba4e27dabff492c341de9fd08b0c430952c3a46c5f283977e4f241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
4c27c07a7cb4f03938cdecc1af37c56d

SHA1
522047c24fb152248bc5b61b235846e054478cfd

SHA256
a487b28a4242ca3bc6047bdc15cd2fccba5aa11823131534c66a98bcdd918c02

SHA512
3aafcf228bf64636a734626cea1f13122b6d554192c38ba9c4d57ec23aa70bca0436b28f84c8393a6059a30e8e3fc557976fdaff9d6966c7528f39b0736a53d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
ef72d72e39ddedb8e441d200cc93732d

SHA1
785d8ee0f1bd65dfcaf3a9cbe359bb6be879a7e3

SHA256
54fe2ece9e4a985b38b56541df104903455e29adb33e80eb51bf23c300464073

SHA512
894bd6a212d1edd54267cc948dc018c1300bed2970a0a22dcba1b5ef49c9b64b647b16c8d4bf4d745eccb65c6de6231a03b149fc209603d887f7a151dbfbdaed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f759b35b610ee65179d6e23712471249

SHA1
523608ff857b7ff8de9244fe29e51ed2d51168ae

SHA256
d050783d0823e42c301d35a36fac5649df9954f63260a78c56d79cfa19467988

SHA512
86cb97649ac56838efcef7e1d2f186bfea9bbe838974f38326a0d58f3aa70da24c439985e1f5cfabac3fcd188580a14f223a08c66bfe5bb43177350a76f17384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
48ab150d35df5e66f20430c8986c829d

SHA1
04786b17845f3e3477ca861a51eb2a41984d2399

SHA256
3ff930f30619c5df051a043a95241b3c2b54330477a5d258df2c3c046a3a83b9

SHA512
385b83386e5af4065c9d9429473544a72c5aa72c1e20e9ba14f7247774d66119c577e39861fc101f13ee2d54472a9689a19567be1b7439117dab6feba9114e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0d145c73d08bcbace84de8c8ebc30ca3

SHA1
d42749cc5799cae7dfd50ce91bc1d3914d28ae85

SHA256
748ac5bb6787c13e06b81495d91c65afdcb190f4569ba8a8a1f1e05d2694d537

SHA512
f4d1db46f8845cf24376482ccad4e0e5794f6c4fdd666fff2a409cd1270d5ab75f2bb421fc6c7a09777b0fe265f58613915a3288ec64b645a88d5890faad7e44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
789148e3f54a4dbbccb709e50c9b2d84

SHA1
e4c602254c4a27aef934bdcd59d27a1fbb467e66

SHA256
71e06a240b2f676ff3cd234ef570847efe61ef3a8b43e289e12bc10386f7e6b8

SHA512
a8d8218a4386289eba5206716ae2727ad094da22cb46dea27dfd5249b563d07209ff17b7dea1195096d2b433f98d5beef35186257470faba9c9408b59048f271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ad5682eac1694b5055186ea04bb8cde3

SHA1
aae56e02a42c5756a5157cbeb448998413ceec28

SHA256
0e14392fa24c16310bc341017a5fb9544a2b8ec6135a205382b7173355eecd6a

SHA512
12cf2e807186eb25285b892ca8fa00308062ef84f58d80b66e10ca4500221d01a103618e9ee64dbe820d2e763bfdbc7d6b968e04115c54602b143434e6bb2233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
fd79589ab6b9230b030c58bbcf2aef22

SHA1
2ea43104e569a2eb127535eae1cdb0bc57df0415

SHA256
a24c7bb4a4a84f6d0f587aa493408a46b3426604dda85da427e87c986064de74

SHA512
7023b267f00817d1e8a5d5fda7378640865d49dce0de5f396405b69a9d226a9a32ac7e888375e7b0b049535984db13c3799a8319f461e1d908aa8f573155ef91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
e0fe64f9db993cb2d75e643f82c998be

SHA1
b96e05d5dfdbd6b9a850851b7061c0ffe02044cc

SHA256
3958073842b25e94db36f162488ac5b4deea44ef879fbbdac59cf473a093d198

SHA512
d900ae89689fa86c0e2cd36e0030f8d9264baf81ae0bbaf84b563339ca1f76a2c404e6de05934d2a772252afdfb18568d1ea95d558c869e11bc2da2875c19d3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
cb523bcb2a5d3c4e794539c74e480409

SHA1
73d6feb559db06c1845e230bd87b6f3d14ee4260

SHA256
fae445e6c2e15ffe1e0a1879355e4dde8e3a469d8c9bd2804cabcd2532d71452

SHA512
76b6ee4c5551b24f4e7517fab4d6f0aba5fa021a860c9e25540f354e594777a63aad8cc7e6cc4b7cdff3f623213e74bfe6fababffc4cb2025bf418c9160311c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
28ef50e7323b8bcbbaf03648fd80534e

SHA1
54b3fe1f6fb4216467d3c52173a5d50c7d64414b

SHA256
ac1253191e917796b0fc09df38062e50181e70eaac4aa098c636693f057dca24

SHA512
f86831cb7e977538ae1dc99e1d6553cb89e3d6668260c7ad7d723b360f8c788d28d60dc4546cd6d6ba023c8f9ab3b4f9e8d513a6312c88da10dbaf040feac59f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d3a7dd480782cf8d906cb5ec5091d80

SHA1
372637bc18483cfd3315f29336990eeaabfdcb97

SHA256
bfcb5b81e32200aa4006a58d4dd42aec019041a74620b8d74e10901411521789

SHA512
b731a140e4dab57132a3d6412bb2fccae513641563d4230b7abf05860a91c16965228321e905755412df9c13c27952a761c1b7bd39d07bd028a4d478872578c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
c2906d947d734fdfabace95461fe5986

SHA1
9e8dbf51b0a0e447db5501190fe5c9b5edba146a

SHA256
4cac18306e462a27c294f648f9fb1e135bb199ac31263d90e212bbc8fa9d1633

SHA512
66516560fb6501a004148c195e75c57b3ac739975c2cbac408970daffeb1cd8e45c4f303239c8a756af37829794f8ceb74478dcd4789ff116cd5d9549e5392f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
75447578b401b1eedf94803265147014

SHA1
cc5103806873cb165da9732010947197da57ee05

SHA256
5a5922024575c74d571a64390ba4872ed0810b37c1a16e424eb34e0234e5839e

SHA512
09e0aee99f34ca61b90f2c27e10b57014c3a762471aaf829cb620d8dffe581496e896b95400304836e5421c15c27d5cb3ec7ae0d9e2c3de4f48e53517aaffa2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
285e639ac4687b31a862aa1ee78e037a

SHA1
0b2d2f44a7dcea27082ce7c50ddba463c727cd96

SHA256
58f2a6b67c7664742cae29ea091b13914d41dc7b4048c9b4c112e31f46d7d933

SHA512
c7306e785271da9c5d30292e589b5c6910ff65944de63645a2e3d35ce389f332a8970ebdb7c4396c5caa7d1259bd2daa08a20d4aa24a938e50c1313fd83d3f36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
6f96b429ecb441a2827efc62bd581e06

SHA1
d381586745678971d2d19d2bd0ceefaa8fb4d3bb

SHA256
94b9fcd5f0e263cb29614174fb5d18d98a421bdf279b30fdd854701f6a7919e8

SHA512
ffe6926c13a51bbfbb7bed0274c7aa6e8708d62f799ab26dda8b60c42bc591c9a6dc9ef64e92630b2f0a5e47fffc1bb9b80713f57280c86d434da2ee5ce18bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6d87c7b782dd4c93972b8f2f8817bced

SHA1
20be63af2fd5f2005576e07ab8118f05f9a698eb

SHA256
b22eb5b6cc38adfda1e5e1f3bb8cf5d9ffefa4303a0f87c4c655ebc38d319cac

SHA512
cb9dedc47236c23f9279dc8a7e15384cce77be8ce458dc44827842f10f4a6c76a3554b6d166bfa76fe578c3f556cff891253f842c6d42bb5b00f1d42aac41392

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ab8ffde510e3162a1f9fc429028adb00

SHA1
7870a89a995f91e17eb97c19a2e175668e4f38de

SHA256
d3b7bc6b3cbb2d63393ca0698fccb53c05883776e8e149b04f509f639396c550

SHA512
6e523e073cc8e26a0c5a401477eadf0d3f3db2a7909bebb7704cbe1d4c5572c0b7168c0d02a17ed922b28e8a9a81bd36792627e62798ca82c97e8cff0ad89a02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
05a006eb98faf090980979079ee71fc2

SHA1
5627b0cce52af6303f13c127db99114ca12e627f

SHA256
5f62166e64d102584d5813cdcd23986301e56288c89df7a61dc0d92448ff0bcf

SHA512
8e49f48bad59d424c1573e43c9269aa2df5d266664d9ef8633eea991080e308f199e36dbe8c51645d87a89c19d9127317c8d34f15685d57ba4337e55fa499335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7fd39b3c20ac9b53aa6e6bc5a1e69fc8

SHA1
69686b4f43319475a7825324ae7a8f51f845295b

SHA256
90447538ba2239735bf6a088494260f4297788fb13403cb6ed001517ed57410e

SHA512
f5480d99484bf0e4c87615121255b622b2a0032f9dfe0f2ed6a9cc1a2149f1b839dd03f9e16dcb74092942b71814b1b271e85fc74d987e6ed35495b20d6d4e67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b49e5a6849925da5d01abfc5f708cb7f

SHA1
b775822647decdbc944021cde4d23189330974ff

SHA256
8d8e82d5163aa65b2f9b328a64df0ac840c96c1dd3c5d898c2c1e140e9baba48

SHA512
08cff70ed06faf214f3d969e4bd6c7115fc85d4a8bfdbe0fc977979e5cbf58dd01822984947c1fc320d92d6b2ea2adf9d7a5955e925ce3f0895b1f62b9059fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
0ae8fa0c9d9e931eedafd021c16c746a

SHA1
6f6130d605883127e2afaf4a7bcb96303155b375

SHA256
273db46eadcdcf298dbc26877b32c5d245230fdfb6142805d077a8aac25235db

SHA512
c2d7322df0822357eb2b4e7588588522db759f49633900453723a88d8ba8cd22aa4e3b59d03f69cf9ab149c3ec4292bbf088a749b9a163a16aa7495b23d63b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
7797899aea47bd3be3c0f405b348bda0

SHA1
8244a42d91a1f213413d1daa8f31c11af07b305d

SHA256
501bf7f55d37f9d8d3a192eddbbdfd5c2b6feccc768651f317f47a027473b355

SHA512
22868f19edd11676040c143cd47175d0f03de030460be21b3a36af893e87201269d2616779faec070551e7180cd9abe5a1be974bd785606f1e766cc7b70e30e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\4e80e10f-766d-4f6e-8bf6-07a3aa1f8ff7\index-dir\the-real-index

Filesize
144B

MD5
f686471305228905cf98e59fc3789918

SHA1
e82b328d24b937f92843db003b5017329ba2b69d

SHA256
b9898285f6ce12afae73da017f737346ec247c88f5a7f2ac4156b23634f60111

SHA512
7c5e493c49bdf3f6d411f49e8859749577eea65e2e2e26c8d314c14faaab1f6752908f7cb4210315510a58d5f33e9b2d0c4bf63c85d42029fd74dc41b7d0e2dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\4e80e10f-766d-4f6e-8bf6-07a3aa1f8ff7\index-dir\the-real-index~RFe5f03c2.TMP

Filesize
48B

MD5
2c6bcab686c0d69e113c36719250ffcc

SHA1
7cabee8359ee8cc308cb194aea4b6b33fbdc3357

SHA256
0ef9ae57293af7760008d3a80651567218a1b03f9dfdd9c475d0b01eb82bdfb1

SHA512
fcc40dd6d7b3a34a65c5f7d5d4b804b4f005839eab26072784d03dfdea509131b632765729e5d55e696a32d848d3f2dcf73766b27af099b3cb43b3d089b3e575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\998adb22-b769-4be8-9afc-db4f4a0c6d98\index-dir\the-real-index

Filesize
72B

MD5
cbf2340e2f8f391f32b0089db1836727

SHA1
236a3687e533cc45bac50689c2b7b43985cbdce3

SHA256
b86d1712b2c9e9a09d3ba9f9cfb8e6a222b4cf39602295f3ce90f81bec717b74

SHA512
4aab45184e0162bd3b934b708c0797a6abe64833c5fb56b9d42631d6e56e04f08db099ccc3fc0eb4b71e7fa0a3a4bbe62f453d374ebfd88f70428534a7d39c02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\998adb22-b769-4be8-9afc-db4f4a0c6d98\index-dir\the-real-index~RFe5f03c2.TMP

Filesize
48B

MD5
eb9909d32e61770fcd312a097b1e9e5c

SHA1
66c29999996d74e2e65071da57da57526da72919

SHA256
e72a4234413e54f1be94822423b64ef6c46affcd76ecaf9a949de50cb65606e3

SHA512
d84cf5fcfb7fafb62fccd6b935f86a13e72885d667c37c3a811f04275851e5c9ed2451a33798fb5d0f995e48efc9854c60bef4252f338741ac718e352d0688dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\da05bb60-4fcc-45d1-98e1-c1534f946160\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\da05bb60-4fcc-45d1-98e1-c1534f946160\index-dir\the-real-index

Filesize
1KB

MD5
b3c9d9cb1a7dfa2d0ebf7bffc554aec4

SHA1
75ea2df9614c20c64f593e3eccec4f2dd1f29e48

SHA256
a8fbb6cf8e597a7d1768decb0ba066a498194ba4ce6cd66bcc11cc6bd28ab19c

SHA512
8c3adcd68a6284bf4c4cacd2456f33a96f7d010d2e30ba6fde4ebf9bf114ced10ebd08c13479236e4a2ee16af4c1f9a8eb52f2ac48d3fb4638036f3fd396d161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\da05bb60-4fcc-45d1-98e1-c1534f946160\index-dir\the-real-index~RFe5e1c40.TMP

Filesize
48B

MD5
350af399bc08f31778d18267f64f5b6d

SHA1
9e74bd2d4ff560c9835e0eebffe427b515b4d319

SHA256
587073c503980352a77f9f82c699923f3280e9223bae927ecdf8517bc4823b47

SHA512
8e72b207e0b23548383111dbcdaa387256185b38cd985f3f1b9be323ae06d475a31ceb2f65bfbf841fee965f73e5b643d0e203e1bba1c932c04fc8c3c0bc63ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\e7d21f0d-3761-4c56-b9df-80aa9857a704\index-dir\the-real-index

Filesize
624B

MD5
3f5d99e804000a424814428ea32c537d

SHA1
e148d47d22b63531d04d20e99d57b2b9d99b764b

SHA256
a780a8ca981b606582bd9703f40b7d9e86b0c4c9617cc18447ea6f9218624d02

SHA512
2d3b9887ce8f1a0d98f0d8055f440ef63f3f5187cbf03222f7f0cdc03e43a281c0318dd2b61801b582128847513d49100f14451341e919469bc09eaa7aad2318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\e7d21f0d-3761-4c56-b9df-80aa9857a704\index-dir\the-real-index~RFe5f37d2.TMP

Filesize
48B

MD5
a0677c9c7a2c58b7b794bb7bcb83d727

SHA1
4d39e0cfeaeb21ecc40a2892fcf2c022432b7e27

SHA256
cb91bae9096bdf4de2a138fe5066dd7b317aa61680e99a0224b92a38ecd5e18e

SHA512
13bac629052365f9895a7dfeb5865448c5ede37eefbcb8e1ca5230f8990ca2e1c17abff328092c7451c0c52b0032c0fda23c5ca680cd3ebb802a483329a802d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt

Filesize
176B

MD5
4ed519872d5a4e704b7d60186a9765d8

SHA1
1e5e62f812b708b421facfacc8b6a6504f6175ad

SHA256
068cda98354e72d278f54ca32cbfb9c8c08dc4e4f36b35cbca4cc2b87c660441

SHA512
dd7b4507929dccc2bee7919b3e9a85f48e3f340ea780dc0a13ef5b4df815ae57a0a87b8d148407fbf625ccc84ad13dfd81df63f51b5e204a797a2068e0818e8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt

Filesize
241B

MD5
593b5fdc621fb311f6fd4335188ba4dc

SHA1
5c0fd2a6bd98ad18e302ca77f4f1ca2f230d1af8

SHA256
00cd62fa7907f574559ab739ea1c713112c491c7173e09cd1eae0ba27c8c9cda

SHA512
9ef1040e88d018badedb6d9b3386d8c4d6bb4aae1fc97cf863201d015da13da31dd4d01520e2692590a2b9e27d9bf686f506df1b99b57c344ee2ac7bc2e93697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt

Filesize
115B

MD5
b9fa5dfacefd96a3d93e8d7e40b68f7b

SHA1
523384ae12072734b3ff96283ebbf6d2494ee5e4

SHA256
b2f217831533e1db5f8d2fb32e54f66d7f169b460d2016926c2b9d0bec7c825c

SHA512
a9a3c9a9cc9f4481e3e712e5ba7ade84660fb1a8b2e0030455f7730e208824ccd8c50b2330438129b1e987f57d4c688eefd5bcff0e1dbca710b198a8700b40fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt

Filesize
307B

MD5
685c7b24a0d5d7eb5da600894ae969cc

SHA1
caec35fb683e014a8eb0eb299f8e6f83b87e1951

SHA256
b1b987c6c6fea3213f4a38fcb0547203804cd2b52c9b409138f8bc04ea64d72d

SHA512
75aecd1e08e2689e62010870de9f1bf2cb000f7806e74472e56d0d1f7c10ad1057ea49c30a03b904b689987fae71a464a216c1cbf3f9bbf7e3fa72945303cf2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt

Filesize
302B

MD5
b0257adff121a357403623f4aa68a276

SHA1
053feabe31c775e9ff03a065dff51c0eb024f942

SHA256
919bad4ecef701b474b312e8adea8246a4ca3ff761346ccd414ee29f0ccd8752

SHA512
5d6b79701c2b180609b50638a9307649cb09b966d527b43825b53cf6f1585b47e05fcd44e466a35089914ef8a5d6c22e04a72a678fc9909dafc08535bcf0298c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt~RFe5e1c6f.TMP

Filesize
119B

MD5
0db550cf7894643b6900b99c02f99fdb

SHA1
fa8e5657179e1af29a2046232cbca7596c1c18fa

SHA256
810a0800a4401c605ea1728e278293ee4edd595bdbf72f4121e5451432e29409

SHA512
d896b5daea7fd7bf8ed0e728bf70c026c53a3b167cad38f36530343932065cd928be47df2a8b1ffe686747d270e0e90f70b910f24d540febdd7df2d1698a801e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9f6ba708d21808bac5d8577e8200e130

SHA1
dc48ef3b0f23e5fbf8f39c496d6376bb32293d28

SHA256
623fb1637e3fcc0e12a7d0f30ac1d2bd7ae817a3fac4f44b5f6721ced58ca95b

SHA512
54027581e2cbc2a9c38c94474a9daf5b7e94f8536022c9577e5f5457e4204fdb9b70426c0e09c2ea20e65060119e408351f91315894365d21449ce07e6c7cc04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e102a.TMP

Filesize
48B

MD5
ec9f8d09ad0492025f1e32417665043c

SHA1
1f19686f6b13815c1f3c6e6400a46d3ed238f54b

SHA256
14520ac7a8a7ee5d520473967ee9f1527f703de021336515ae373567f1fe5a50

SHA512
c88d12805dc4743a06f24a58403cad1c8203045d9bf4c4b7410c9c7c218a3f261e53779a487f0bc75197cfec0569720b4f0276835db653e2ac67850a617336ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
b44de1b7f208e01fc93f30d69f2d02ad

SHA1
e2e9723341743f7c74568e6e5cf0abc0b41caff2

SHA256
cef6a93f5f7c93b0d08b7769bca80c331b82253f2c89fde6d6544f0240339514

SHA512
96dd294f86e4031d60ba7bc7504f14594030a86f074e4e152326ee22e4c9f0dd38871036d5fe9257e01422f739286ddfdc2136c2136db5394a4d2f49b76210d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
dd3690160991510dd5ed02571e677cbd

SHA1
eee5267ab7165297d325d21b6454fa36225fcc9f

SHA256
fea74588165c20c5cd2306fd72f1bad162d7c784eb825b77857e9564f2c7b308

SHA512
c2a4dc46fbdd5342e9682c60d2f4236f5558b6e8ca1aee2a7258dbac870ea2b73313bc61aecd58d8b1f64680d59d1f011be788d4aa87fe62ca23f3b267862e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0873c6d097fb5e713e306c30fe286282

SHA1
3bbb115782ff798fac0767403a9ed6d545a31864

SHA256
408a0326f959b028faced37b15e7c42de2bd6d5227c188c74801046da4e9edec

SHA512
610c755a1adaf5c6c9b82339a19f2294f71f8ee259190790942ee16793e1e6cff3695206744da1b9803a8d7e6ec9246ff1f7c9382aa9a5c6fad4d72ea3eaf8ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a2f61df44fb273f9f9b984fcd1e4254b

SHA1
1731045b2f1316a22d8670d2eed8a86641005dba

SHA256
23bec09ba50e446303b5cd6c4e8120f62f6b56f8ded037830aabedd1fd8eea50

SHA512
5e0d5cd53acb31b17c2e9478b502e6d53a178377aad354845d641c9b3c6796269bdb933029d3b1e46c2454c9e0644fb1999a4f8efe0de56abcbfbebca41dab43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
06dfdc00e26eaf4748d7ce8b4d21f72e

SHA1
0b0cc7e6f09272f14df78e149f24393f3e7b8d59

SHA256
440cdfabc2e8c6d9724c98e8aeebbf911dbc88197a0fb27aa813e9d4286000dc

SHA512
df69e996bb21aa6ae3bd7dff6a172cbde6ad160ef5a19e2e9faf3e37b1888d4f49a6ef2132ceb4d5cdb109802f973c98315eff87bba44056409c61a943ce8011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
6586f43422ae77cc33182e878ed4cc9a

SHA1
eac5340d31583b2355db3981868ef49c5439e378

SHA256
6732229321aed95a65f1890db9fa0d3dd09d38cc4e2a6ee95f1dc0b9644c4c57

SHA512
fca7fa475e3a6b512fd5ed7aef834f04884dffba23034b671d2ab7b2905dab1c1a43e137436c614d04b90c575f47c89614378b0e41bc968d0b9605416c56a437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
f1aadc9f2335548f600ec21fd2322241

SHA1
526a580f2c9f0d4c0106a581c37f087ea3c6475c

SHA256
71740604adbc87bba3370cad97642c341ccea5c0cacae705cab3fc1ab7d895a1

SHA512
71956634af5bd0bab642ae22c52ae9e3c820a424a869aae83049390165754e522d57a3095c7b823cda0d95d105b02dc2514ac90a9fdef28df0bb6b6cfd8fe31d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
6276202e2f8e133117df542b28308480

SHA1
1c3f0629ceb99a7f515a1749d762480b20f2eb89

SHA256
4b92fe0e460973387c9b0fc259d44a2b51b2f2d0537706320706445e5dacd8b8

SHA512
a3fff0721e6b442606214c41fb64c5b27df812ced7c79316dadb00918208cffade3d728231f8f6e29a43f4d4cb503819edbfe125b7114db0fa8e207167dfff2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
af18e991a875ea53f3ad2820a5a8437d

SHA1
3d0f9b2bc614f8022f221a614dadc40b6d6e9655

SHA256
fbaf7dd2fc79bc5913ffe7f920b70aa489b3dac158561c98325adaa1cc083337

SHA512
5d984fc892dfd8ba5e9158b294a6cae7b3520c42a3720daaa1a589e45c928c1ff5d7be466b5c91fb9b7b4aaa14cb18682aa1cac323386e89ca627d3e95a45fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1f1883899f226c8ff2ba80d3455a80ea

SHA1
992a6b84e847c2f58d2ce3962725ccfacbfaacc2

SHA256
83779c03a5ab043d224a4738e9010dfbfb95158e6630938656f2addd6101e017

SHA512
34a20dae30187b857239c5f6867eaee7e35eb9cb56d6d4227d04c2e3c0ae83ae43a874a32d3f3c6aa4110a2f7e2eba708572eeaec237eab6e3d0ef377e2ea392

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
02b778983f0b8630262d204528f7ae1b

SHA1
9d05260cdf4c717f2c32182c40972a876064a46c

SHA256
e1e40bc87c4f41f03a5279a4412d3e7378aad852b0f86e75fc89f988a9093a7f

SHA512
7ea47796af361bbed00e8a2473856c07a7a1eea285d8f8b687ed94899f472fe1a9d7a44f45e8ddda92e341b909d057f63d76b867dfd4f7f18cfc8d005a87bf96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9f123387fca549a44241aff24cef04f6

SHA1
75102672773489e92c3ccf1dbfdce28301691e43

SHA256
285342bcd30d3b91303c1bcf5846c926b3ce3c796d4eefaefe62577de04540da

SHA512
cf7f9ccf2c0dbdfdf187abe00eaaa77cc3886121e40790e71c134268e12864976fa5f1b81c983b7749d67f38e5f1632cb3f7721932cf4ea909e715cb575e86ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
1e81ce16e98c71f7c27456d0b94c5269

SHA1
491d361b6af8e84b72a20dd0b32e75dd267a7554

SHA256
4de0b4db6e6b139ad5579cc47119cf6a0ad3cf68e042ab73d2cb5cefb11eaf95

SHA512
3f4fa41b98709eb6c7689365f1882acaed20ba238d45188691a3f794bbff9f602df7aa87c2edb98cac4bf19bf58c6f9bd1732b53b1db5eeaca4d0d1b1c3179db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
6ac1022da9f62e6d2d9b817d3aee0839

SHA1
902ab32ae0ac954bacc94cb935525b4880e8389e

SHA256
6b833111580124180a01d3c538a97ef64870df4084564abbfb06c3090e6abfeb

SHA512
fb37b66168e69de5fbb59dfb755163279ec93c50c055b791695006e2e82c4096d5a12b0ae714645db79649d4b2ca454f20fd211bfd0e1148d0d7b321809ff53e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
d36afe9777cbdbca72db3bc43c09a4d5

SHA1
db30429553a1001629e2afbbd89e85c73ce05bbb

SHA256
d6a8ec22d89fc9490994dedff01f1f6ac25c5952503d37975c473252968e3d10

SHA512
e4592c5edcf14fb9f70044457134f6c98ad5112d32735090c698057aa5bdb01561e7c00b1f818f7cf0f0c2214f592d5016d771e18682e327e17234df673bb8ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
eac82b2993445d05b863f87ce8086864

SHA1
11a9786f6a2d7fc97db9e93c53c4589b70f825c9

SHA256
16ee95aad1a7fc44411fefe64c14495c14e6eaddd169aba73aa998eee938849d

SHA512
d883f13ee0986254f0aefecfdcf064b2b80841abedcf130ee2dad4829c7f384fe7e8cedbf85ac54127dadaed95afe4c7183578f67c44970cadaf9cf8e5776bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58db38.TMP

Filesize
204B

MD5
27d0bbb4136765e233f921e3ce3d424c

SHA1
eff565b957bf5eebb6313f05305f64738028cff0

SHA256
aaa55db3d772e60b7d43165b8ca0050ef803a6c9d452b078f7a3d0ecb80b5e40

SHA512
546d8af6d902489e2d62d847cf15dec5583f18b29889887f8197c70790487c99685851cfa1ce0c193761abe316f160ef0a3127c1d191037c1a1533ef88f0a9fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a67f070d-c5a5-45e2-9373-0a1041f1091a.tmp

Filesize
7KB

MD5
140e202c17a51207ce9bf501caec3293

SHA1
202603d80391c8096b1cb332a27cb7ac5659521d

SHA256
960ff352f398a5a5745c15be1b1b369b61af4aa449d6fef769a171d88badfb93

SHA512
3274687ed26bdb61023fbe5a7bf2c02b5d5e014915b6593aa85bd2ff764466f1245b5eef0d10d2955b25401de3d0f3adfd1bcd6c7ea76af964445f5b25021194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8f70f47781ede7e11d00c04d7df6ea10

SHA1
4ce754715b9a5df8514b3d2125b78f1c943da0e5

SHA256
f5d1bf8e9b8e5518c12dc909b9eb51250400c2d1f211be59f00349a3551cd698

SHA512
69f972962970cd83add2d1819d1491e50e482ae4191ebac262bd6c47073e28e556f50be95044e76ee9482722d96303f516db2608dde7a61f42b6dd5626b98200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
46092e135c69c21d9c295c32a50de766

SHA1
8386d3c61392d0e027b838635e3a8325d28d31bc

SHA256
49354f2ce15cc9ad1cd55488e6e861a2635b56bf633e04bd820cb7582539dcab

SHA512
f257a427dcd6bcb29bc15cfdf8659bc81fdc518e1d7622ad54933dfcce7631db5982d181d7cef23ec56d541832f0096183b7ef4d313c61452b9e86d5137a7258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fdf9d2f183eb90bd7ef1e3b1868bec40

SHA1
f950e192743db6972757cfa34c2d125d6b01df26

SHA256
aa1a688dd89c0a70643de9fb6de06845bd769685f89d07627924cbfd62610db2

SHA512
956ef37fa3245b92d9066273542e0dc07ac47735d3d48f1d4a5a39f4d465634ef79b0356ad8a8647f39546611b09db82078563bfba42a0b5483159223e5e38cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a3f723fd0148671f36f0f24b68549ff4

SHA1
50423f1edc1ad5dc3385dee4d73dd9243b1cdede

SHA256
d606f8149dbcd67c743ef3bf30cbddd4aa131c2c3e4cbdf20cf3f88b1ef0e8d7

SHA512
cba4005bc26c570d2048b4fa4a3b96dd6c21d37c57de4879d06e84b23847a210b1dc2279c87d2dac24fe7a3f2329a423df161096deb0bf0e3fb84b18deb058c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
62543224230b7a7f4edd79f8d25409f1

SHA1
74b080a5344fade5f7df85170f95ae97623b5c74

SHA256
cbbfd53b88422509675d3e5a6f4934af592ac9a5ec47f23cf3b5e14ae7c0e1e4

SHA512
7fa127b5913260a171aa8a2a329d1baf5e3cfe0d63ab83c4bcc7056bb01f4ade3b67fb16e02efeaaa7ff73180d8e301d64a5ec565549c351f0a64ee8694d339a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d9a1c5cb23ff898c04bc8e5d488bc60f

SHA1
8885aaba8181e9d567296ecb61bdba0de73b778b

SHA256
b2ca8663157ec0ae26956c4dffb3606d264e4cbdb6fb544e895bcdd530ba15c9

SHA512
74d96ddff70927f319de502d21ca319ff041898666285d5477ff9f013929e047ccda18444d06a47fa065100abc443d8ecf7bf54bb274b8c2fd2d05def8be41cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
485545b2597f445aad50575743364dcf

SHA1
e651cd40450d573b47e00ec50e84cd98350714be

SHA256
c9a5c3afc0a370d048150464015f4163e28b69d4899d5670babaf1ac2057dffd

SHA512
e5ca61d93b50f8c00b421a20b4255862cb22dc8cb9a1e209286b6eb197d5bf7fe09426226b22349cec3cbbc9144db45036220c407496734b56b802b0f26648a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7e3b4156cac629374c74597d3115fcb8

SHA1
921eda739e91a7e0d67f13bdc39c368244aaa4c0

SHA256
c675105e7a515fd22c3afae45d6014ec93a5f590ff982379dc9d6d2930bd80c5

SHA512
2b5f2289de87df21af72f747bc228d1be7864c9a3c223169f36ffbcb9e58b79691a9793fbc59181947c7cf45ee802ed283e53ecff05c42bbaf4d7d0dd06ec539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9d325b5cb7b449d12c2ff46d3f6781fc

SHA1
83b73dfa5133c5facedc9167e28abe05fb4cffc9

SHA256
8b2ae313c3d02dd29776f98a6cfcc5021ac5bd5b11f40d13464284047ed6da07

SHA512
a20ead120e055ef3aaa6a314b61f08c582ed492c1580df1a62b2168bc7ed8879260755510ea97274a2a973cea9512cc183cab3ac65d36686075ca9c032dcbf94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e109861f7fccf856abf0be81d5b48fbe

SHA1
0f5a1311e472c6f9f72cdb594e2f17088ad44bf4

SHA256
cf67c45a7e741cc3bb05707fe97b4263e29a863aaf1ea6baef4cd5c749abf8ff

SHA512
11806263c8937a911b4a826d574deb7b866a9c107a46a5644e1a775e221d19c9347f78ecbf20d6ea9baf368e4dab9c9ee3b2b969d4bf66250df1d68554d0d37d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
223f8ced9bbe7c6be59daff7b9cc6ae6

SHA1
43a71e106a1bd0e4eef3575997a536577ebfbacb

SHA256
528c2e0178496020352dfd079860c389c6837253c6129477b4675e1b4892ccd8

SHA512
fd356acd57559bbace54c7abf28b1af1c1b34b0714f05b23d102f3016a30cbd76b207e53d6fa1905924ffadee1c14c8937bae9950c7f3eac837e8b43f98a51a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
78093daea50283b45f0e49e0dee15e65

SHA1
0c9c3d0d39293b1f7e113313424621e3d1a5bf87

SHA256
004eb888d9256905b7145d661b3fccb0e245bd7336115ee7c668a5c8e27b71b4

SHA512
70269e6e52ea23199791000bc80ec888eb85f4ce03e9a9575e1ae6f2b18b6e86239e471874d0cf06b790abef77df3265e950ffdb50ebe78e6dde83c859038813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ce4b811806a1283e3b9bf45e74ccecd9

SHA1
2d72f0f14c707be232135cd0d7ee2ef691c992db

SHA256
42e7800ac7996665804c9010803cf7bc617e6ea83f4ac2fe6c9f2ae20206c1c9

SHA512
8a74a69069f5dd644b88d50a31be80f8f07111fbc61ff8208019931a55280ff75baf09d20863eec1f3772c3b7042641392c58e488b746338fbdb3e8991790e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ab4dc9b0c436b4cf53948920ef402763

SHA1
32c024d63f7d80f47b8934b4c2fb3fbc5430ac4c

SHA256
5c21c436f786994930e60ebd453f69d9c52bae84559f47b14f7ebe1d70a6fde1

SHA512
fe37e29d52b5978a0801bc2984996523648edf35335f849be5eb418fe8c151328f0bdb55989b411bbab1e225b5ac9791f9a13731a302de0f499f9261fa2780c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b01ff67af09232f71e3c930e46d79d42

SHA1
73077279667f1c9a9cda03794dbc87c32f2d273e

SHA256
838c34b82ccda9380cde4fe135eca623b612724355c3590a9f0d9c240a2f7954

SHA512
894871ffee2ae14473f057ccc8c4360fdea806035bb51675fc00a0a85989b99ed48ab76294cad756fd0c9311918936c2078df29d81d8ef5ac0aa8097697021e8

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_4224_SGJLIYWVUHTJMBUC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit