3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

Analysis

max time kernel
147s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
08/05/2024, 13:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MEMZ.exe
Size

16KB
MD5

1d5ad9c8d3fee874d0feb8bfac220a11
SHA1

ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA256

3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512

c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
SSDEEP

192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-891789021-684472942-1795878712-1000\{5EAEB640-2AA1-4413-974D-5F6DD2ED9B81}	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5228	vlc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2132	MEMZ.exe
4576	MEMZ.exe
2132	MEMZ.exe
4576	MEMZ.exe
4576	MEMZ.exe
2360	MEMZ.exe
4576	MEMZ.exe
2360	MEMZ.exe
2132	MEMZ.exe
2132	MEMZ.exe
1700	MEMZ.exe
1700	MEMZ.exe
1700	MEMZ.exe
1700	MEMZ.exe
2132	MEMZ.exe
2132	MEMZ.exe
2360	MEMZ.exe
2360	MEMZ.exe
4576	MEMZ.exe
4576	MEMZ.exe
2132	MEMZ.exe
1700	MEMZ.exe
1700	MEMZ.exe
2132	MEMZ.exe
3684	MEMZ.exe
3684	MEMZ.exe
3684	MEMZ.exe
3684	MEMZ.exe
2132	MEMZ.exe
2132	MEMZ.exe
1700	MEMZ.exe
1700	MEMZ.exe
4576	MEMZ.exe
2360	MEMZ.exe
4576	MEMZ.exe
2360	MEMZ.exe
4576	MEMZ.exe
1700	MEMZ.exe
4576	MEMZ.exe
1700	MEMZ.exe
2132	MEMZ.exe
3684	MEMZ.exe
2132	MEMZ.exe
3684	MEMZ.exe
3684	MEMZ.exe
2132	MEMZ.exe
3684	MEMZ.exe
2132	MEMZ.exe
1700	MEMZ.exe
4576	MEMZ.exe
1700	MEMZ.exe
4576	MEMZ.exe
2360	MEMZ.exe
2360	MEMZ.exe
4576	MEMZ.exe
1700	MEMZ.exe
1700	MEMZ.exe
4576	MEMZ.exe
3684	MEMZ.exe
2132	MEMZ.exe
3684	MEMZ.exe
2132	MEMZ.exe
2132	MEMZ.exe
3684	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5228	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeDebugPrivilege	1188	firefox.exe
Token: SeDebugPrivilege	1188	firefox.exe
Token: 33	916	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	916	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1188	firefox.exe
1188	firefox.exe
1188	firefox.exe
1188	firefox.exe
1188	firefox.exe
1188	firefox.exe
1188	firefox.exe
1188	firefox.exe
1188	firefox.exe
1188	firefox.exe
1188	firefox.exe
1188	firefox.exe
1188	firefox.exe
1188	firefox.exe
1188	firefox.exe
1188	firefox.exe
1188	firefox.exe
1188	firefox.exe
1188	firefox.exe
1188	firefox.exe
1188	firefox.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5228	vlc.exe
5228	vlc.exe
5336	msedge.exe
5336	msedge.exe
5228	vlc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1188	firefox.exe
5228	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3556 wrote to memory of 4576	3556	MEMZ.exe	80
PID 3556 wrote to memory of 4576	3556	MEMZ.exe	80
PID 3556 wrote to memory of 4576	3556	MEMZ.exe	80
PID 3556 wrote to memory of 2132	3556	MEMZ.exe	81
PID 3556 wrote to memory of 2132	3556	MEMZ.exe	81
PID 3556 wrote to memory of 2132	3556	MEMZ.exe	81
PID 3556 wrote to memory of 2360	3556	MEMZ.exe	82
PID 3556 wrote to memory of 2360	3556	MEMZ.exe	82
PID 3556 wrote to memory of 2360	3556	MEMZ.exe	82
PID 3556 wrote to memory of 1700	3556	MEMZ.exe	83
PID 3556 wrote to memory of 1700	3556	MEMZ.exe	83
PID 3556 wrote to memory of 1700	3556	MEMZ.exe	83
PID 3556 wrote to memory of 3684	3556	MEMZ.exe	84
PID 3556 wrote to memory of 3684	3556	MEMZ.exe	84
PID 3556 wrote to memory of 3684	3556	MEMZ.exe	84
PID 3556 wrote to memory of 3340	3556	MEMZ.exe	85
PID 3556 wrote to memory of 3340	3556	MEMZ.exe	85
PID 3556 wrote to memory of 3340	3556	MEMZ.exe	85
PID 3340 wrote to memory of 4920	3340	MEMZ.exe	88
PID 3340 wrote to memory of 4920	3340	MEMZ.exe	88
PID 3340 wrote to memory of 4920	3340	MEMZ.exe	88
PID 1164 wrote to memory of 4364	1164	chrome.exe	90
PID 1164 wrote to memory of 4364	1164	chrome.exe	90
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1964	1164	chrome.exe	91
PID 1164 wrote to memory of 1540	1164	chrome.exe	92
PID 1164 wrote to memory of 1540	1164	chrome.exe	92
PID 1164 wrote to memory of 4188	1164	chrome.exe	93
PID 1164 wrote to memory of 4188	1164	chrome.exe	93
PID 1164 wrote to memory of 4188	1164	chrome.exe	93
PID 1164 wrote to memory of 4188	1164	chrome.exe	93
PID 1164 wrote to memory of 4188	1164	chrome.exe	93
PID 1164 wrote to memory of 4188	1164	chrome.exe	93
PID 1164 wrote to memory of 4188	1164	chrome.exe	93
PID 1164 wrote to memory of 4188	1164	chrome.exe	93
PID 1164 wrote to memory of 4188	1164	chrome.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3556
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4576
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2132
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2360
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1700
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3684
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of WriteProcessMemory
  PID:3340
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:4920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:5264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbaf003cb8,0x7ffbaf003cc8,0x7ffbaf003cd8
      4⤵
      PID:5280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,8588576406309161943,10337038315613143977,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
      4⤵
      PID:5544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,8588576406309161943,10337038315613143977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:3
      4⤵
      PID:5552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,8588576406309161943,10337038315613143977,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
      4⤵
      PID:5612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,8588576406309161943,10337038315613143977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
      4⤵
      PID:5996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,8588576406309161943,10337038315613143977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
      4⤵
      PID:6008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,8588576406309161943,10337038315613143977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
      4⤵
      PID:944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,8588576406309161943,10337038315613143977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
      4⤵
      PID:1820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1952,8588576406309161943,10337038315613143977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
      4⤵
      PID:6084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,8588576406309161943,10337038315613143977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
      4⤵
      PID:2324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,8588576406309161943,10337038315613143977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
      4⤵
      PID:5220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,8588576406309161943,10337038315613143977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
      4⤵
      PID:6008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,8588576406309161943,10337038315613143977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
      4⤵
      PID:5504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,8588576406309161943,10337038315613143977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
      4⤵
      PID:5508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:5072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbaf003cb8,0x7ffbaf003cc8,0x7ffbaf003cd8
      4⤵
      PID:6072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,11009057387081394308,570396206259124456,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2016 /prefetch:2
      4⤵
      PID:4656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,11009057387081394308,570396206259124456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
      4⤵
      PID:1216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,11009057387081394308,570396206259124456,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
      4⤵
      PID:4444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11009057387081394308,570396206259124456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
      4⤵
      PID:4920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11009057387081394308,570396206259124456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
      4⤵
      PID:2980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11009057387081394308,570396206259124456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
      4⤵
      PID:3624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11009057387081394308,570396206259124456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
      4⤵
      PID:568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2004,11009057387081394308,570396206259124456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
      4⤵
      PID:6044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,11009057387081394308,570396206259124456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
      4⤵
      PID:3016
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe"
    3⤵
    PID:5520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
    3⤵
    PID:5732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7ffbaf003cb8,0x7ffbaf003cc8,0x7ffbaf003cd8
      4⤵
      PID:4956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:2792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbaf003cb8,0x7ffbaf003cc8,0x7ffbaf003cd8
      4⤵
      PID:3896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,6257303952187796,17384657666573466299,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2052 /prefetch:2
      4⤵
      PID:6080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,6257303952187796,17384657666573466299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
      4⤵
      PID:6132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,6257303952187796,17384657666573466299,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2496 /prefetch:8
      4⤵
      PID:5216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6257303952187796,17384657666573466299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
      4⤵
      PID:3152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6257303952187796,17384657666573466299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
      4⤵
      PID:2004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6257303952187796,17384657666573466299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
      4⤵
      PID:1816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,6257303952187796,17384657666573466299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
      4⤵
      PID:2804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffbc25bcc40,0x7ffbc25bcc4c,0x7ffbc25bcc58
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,4291066903435676474,5996529090412530485,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1720 /prefetch:2
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,4291066903435676474,5996529090412530485,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,4291066903435676474,5996529090412530485,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,4291066903435676474,5996529090412530485,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,4291066903435676474,5996529090412530485,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3516,i,4291066903435676474,5996529090412530485,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4628,i,4291066903435676474,5996529090412530485,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4636 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4776,i,4291066903435676474,5996529090412530485,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:3144

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:896

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2324
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:1188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1544 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07cbfc5f-b649-4edf-9579-145205c638be} 1188 "\\.\pipe\gecko-crash-server-pipe.1188" gpu
    3⤵
    PID:4744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 25495 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0c0a607-8dd8-411a-a648-f9a11ae263cb} 1188 "\\.\pipe\gecko-crash-server-pipe.1188" socket
    3⤵
    - Checks processor information in registry
    PID:644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3044 -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 2920 -prefsLen 25636 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f5c56b4-11ac-4136-9855-b2042f1539ea} 1188 "\\.\pipe\gecko-crash-server-pipe.1188" tab
    3⤵
    PID:1708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3492 -childID 2 -isForBrowser -prefsHandle 3584 -prefMapHandle 3580 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64b9546c-8e10-4815-ab68-9295b99d262c} 1188 "\\.\pipe\gecko-crash-server-pipe.1188" tab
    3⤵
    PID:4816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4708 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4700 -prefMapHandle 4696 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b25d1bcb-ee9a-4ed9-a90d-0b1f2b68bf71} 1188 "\\.\pipe\gecko-crash-server-pipe.1188" utility
    3⤵
    - Checks processor information in registry
    PID:5752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5448 -childID 3 -isForBrowser -prefsHandle 5480 -prefMapHandle 5484 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {262abb75-8401-4fc0-8167-93a278f4da78} 1188 "\\.\pipe\gecko-crash-server-pipe.1188" tab
    3⤵
    PID:1392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 4 -isForBrowser -prefsHandle 5640 -prefMapHandle 5648 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f403d3bb-d79a-40bd-97d2-8f92ef0579b2} 1188 "\\.\pipe\gecko-crash-server-pipe.1188" tab
    3⤵
    PID:484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5232 -childID 5 -isForBrowser -prefsHandle 5812 -prefMapHandle 5820 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f444ba2b-7ebf-4819-b331-641017bfe73d} 1188 "\\.\pipe\gecko-crash-server-pipe.1188" tab
    3⤵
    PID:4520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6020 -childID 6 -isForBrowser -prefsHandle 6120 -prefMapHandle 6124 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1797366c-00ce-46c0-b913-dc7a8f70d1ac} 1188 "\\.\pipe\gecko-crash-server-pipe.1188" tab
    3⤵
    PID:1288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\SyncBackup.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbaf003cb8,0x7ffbaf003cc8,0x7ffbaf003cd8
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,17271341050427634452,16971438739222540809,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,17271341050427634452,16971438739222540809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,17271341050427634452,16971438739222540809,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17271341050427634452,16971438739222540809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17271341050427634452,16971438739222540809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17271341050427634452,16971438739222540809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17271341050427634452,16971438739222540809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,17271341050427634452,16971438739222540809,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,17271341050427634452,16971438739222540809,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17271341050427634452,16971438739222540809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,17271341050427634452,16971438739222540809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,17271341050427634452,16971438739222540809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17271341050427634452,16971438739222540809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17271341050427634452,16971438739222540809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17271341050427634452,16971438739222540809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:2416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:744

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStep.mp3"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5228

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateStep.mp3"
1⤵
PID:5528

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b8e5705b6376610a2a68a2fb1646312f

SHA1
a7e17a1a7a197ca4fc7f008b7e046fe637d86034

SHA256
35abc6b6071376f65e96d1a722635608c2b4a3f510643e26de8a2e472fd4d7da

SHA512
f306ccf59736fd01ee9a5acd4eb29ee7fc1140fe2bd2889aca6ba8f5b11593a0a0f383274fe0f680a0139bf510c7eb8c9955fb813817c0bc8fa73277251c19fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e2febb233cc1b9c2e0f4f6591cf62772

SHA1
c5344b8e356dc4909aa14ca0c28f62f684fa1eb5

SHA256
de7c895dde8cd7bfe577f1ae97ecf9fe2d0ae1716b739dffb499d445ca419dcd

SHA512
13bc85801bbefe8e2cd076f3c8da5f9b9e1cc5f1a52b3e441eacf98783c6e80e095e28993c46b80165bcc24a3b97a3c598dc21d3173a55af8a867b9c97e30bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
019aacbc5f192cc0da2f807af89d473b

SHA1
190de198bead3cc0a88ed7ea2b5d84dc1ebbf864

SHA256
d7ba4c0eb29c6e23e46a770ec5a2fc3b2e75e012b2c75291404a20d5ef4fd6df

SHA512
dc9c392d73d24aa458e7e5dbd6663695e53aba05f43569c8823a6bb1c47059ab6c3ece481c9f881395bf1adff03ce028c4d7740a8b8a19bec1fcc113b7c1be56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
24e9feac28673241fcbe49361dee5273

SHA1
2fe52beb6dc22caa92b61bbc62efe14d21ab6f92

SHA256
de3fe1bfe07d95bfef0627f0cb671c86251135ebee564bb22f90f7b7b332cfe8

SHA512
70ef56dd1107662f13ba5c7db8b6e17198da478e74fa5cc8bff84c5c6ba593fc58a579a9d81444228947717855f4ed2eb80a4436b93b3399468de23991f0f84a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7c50d4639b52731bcadf5ef70e15dc2

SHA1
8baf33f05a6060d0b51df907133dc6259d253ea1

SHA256
e2c31ce16af335780cbc49a29550d40bcaae31b1249a5fa7b5bd431e5bf66ed9

SHA512
6e90f96ac0500861eec8e8b3395bb8f670a8abf6cd0f765958e96c49055c41608eaa9104edbf20400812045416d1af6be4e3cc796138bfbd342ae9c8cb404db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8b53ef336be1e3589ad68ef93bbe3a7

SHA1
dec5c310225cab7d871fe036a6ed0e7fc323cf56

SHA256
fe5c2fb328310d7621d8f5af5af142c9ce10c80f127c4ab63171738ad34749e1

SHA512
a9081a5a909d9608adfc2177d304950b700b654e397cf648ed90ecac8ac44b860b2cf55a6d65e4dfa84ef79811543abf7cb7f6368fd3914e138dfdd7a9c09537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6e498afe43878690d3c18fab2dd375a5

SHA1
b53f3ccbfe03a300e6b76a7c453bacb8ca9e13bd

SHA256
beb39e9a246495e9dd2971224d23c511b565a72a6f02315c9f9bf1dcfae7df78

SHA512
3bf8a2dd797e7f41377267ad26bde717b5b3839b835fe7b196e748fec775ffd39346dba154bb5d8bda4e6568133daaa7fefa3a0d2a05e035c7210bb3c60041a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
282b7ecd3c3b8021c181c4c4590851ad

SHA1
0cd8ca5454d91579ceec81376c4ef55e8ef35d00

SHA256
e2b6a8666e301d4db5e2e594b124da6df841ea40eba12c7cf16093f222499401

SHA512
afcb679916f5cb415c6c7e5101d05e72370c9f877fef877b041bc13e7f1ef9bb2ddd90d6a05b420fe17f279240c6cad0b5730ea8a4e3ac48a880d3903cbe367c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9df60cf309656b1753eb4fe15ad7a38e

SHA1
7250c5b17e181821147c25a100095874e4a21c42

SHA256
d1d6218c7e6c2dde5fa1d6b0493b683d96807c34ad64c4c1f860057096edf036

SHA512
51fd34945daa797642a39737f6346bed88ebedafc088fcd00ff2e3abbe9c6a584856c3ba4ca923aa13b6d257dd01d03e2cddf83818276a19868b33b0d45637e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
49b65f96bbdb434b4bc1ae9442a5527c

SHA1
f429b0de6a7af55d810b03a411a7eade70cfa587

SHA256
63744945291a24486c91bf48d84d583dbc4d93f574b4d2f44e857b3dd7f76b06

SHA512
b86228ac7e2f4f9b6692e14e434f8aa8813bf1e1b1227404b4c387d9028202cde642ca03377a098858f3a7eaaa31553af09d5a6b296eb4b5f5b689aea417f5ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\87c371f6-27d4-452e-b75c-ed2717fa78fd.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
ca66831a22dfa42d261997850c56b346

SHA1
019f700426caa5dcffec1cabd198a383ccd591d2

SHA256
adbc2f59a22fda488ada76a7c4b7b1b7ba84eb9e4a38ed5c3473fa1e449ba84c

SHA512
7753dfd68da32887ee6df2edf4b95cc1ca8c58af6e87eacbc916ef644e15af1fa4a5333f5ae2da9ffd5f215d216c1544b769b446bb124b434d8b60410228c2e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
0526800bab233b1471118e6a1969dd6d

SHA1
a2a31f9ba95f404d821d717a9fdf77f93832b4b8

SHA256
8b667e871882fbd290c25f8fb8cb188002d145a2a1d53e8100290874d86e10b1

SHA512
534cfa07034cb0eb2778e93eadf901602b7de66388f604e6bbc23530204e944fb7bdc312bfaf5bca76951c468da4ae7533de18d671a6e33c5832a313cf658760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
55c1dd8240457c56907255cd086a7bf3

SHA1
4cec7f24361ac554e8a521bb3b067973c68986f0

SHA256
f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617

SHA512
9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
fde843a18281a2297dc090e1c4dd5b10

SHA1
b621cdbb070d0f7d6d3dbcccd63c5725a56ad06b

SHA256
75764009079765ebaeb61eaa672ea0a8928ba0946d5d5c14e8467607794d5f5e

SHA512
7a10dcaf91c9b34d8283fa53be2d13426378be56beb7719b65efddd09039e3194b7ee1fe884e0fd02e08eca1684840643722db1c43a5e4cf1814a08e469e0711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\84a604c9e01bbee6_0

Filesize
240B

MD5
9fa0457fa354e28e243b9089aacb488a

SHA1
f97afdec051e3dbd26da76698c35c6f254d654cd

SHA256
0d0e1e9a99e19e2743d15a1ebe3001df3dabad3801f9f483d5f660f9cca2d0be

SHA512
0f635d54f93aff3785439b49feeff692479bc773aeb838d84275a0e0cbdd57166db15d5ca7e412e9238d055865c692eb5ac148300d82b393af2b8ab4a56204eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
b97c9772a232cf042b4336c75c9bff38

SHA1
3e295f4744b62934d11da63a809889df18ac01aa

SHA256
a5087b7712baca354bd60e7d764bae6a51a00b7a8230a660549d4e4496083d25

SHA512
78a067213e3c13c45b87f94b85c24064fee27b8c41ce4126ac1e542ceddd0d74c613e736e5ccc000f7b3fc8d2afd563c833d4866a96d7752edbe28310afee35d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e057dc22a1e25a9227ac52937a0da208

SHA1
494d5f9e0c736eb5d07979bd5e51ed356333b273

SHA256
6cc94e3af55538f5df8a2e02f234d7026c3b6a83dd9b35c155ca52f0eb223b3f

SHA512
a944417258ecbbf6b0c497b28cc4433f43090b1d536ad893c081e292b22035749500f6c9a563cf7661fc57d43ae67e00d8dbd5d4e36975dd2118ad7588e28b28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
582581339dd0051cc065e271b31e9de9

SHA1
829b6e8bbe22d3a976eb8bbf1ce12f8e9a14646e

SHA256
75c19667e68a64f766204985ce0e067a21e67965da115e150e3733817d4b7f22

SHA512
ecf82d34301f02588331488346c50b5d67eb4236617964e93aeb37db60101fe1b9af8cba9eb74cb7e31d6aa819167f6cdf95046720b02354b5f7a616dc93f964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
94be4baf6c349b593a8531ac6f1a6630

SHA1
99f6b7aa2a39c8abba1edebe7f3c529461956990

SHA256
3cd42014a3a23ceb24f1044471d2a7bee5e57aa1661c4c665052606a5be151ec

SHA512
dd52eb335b9cdd000b38db7e7d3c9aa6fa5f6124a73ead290d712dea34d11ef0b4d8c735ed15ad0eb8619850e3745eb5390ac376976c51c817e49ea16b914636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
6dd3154802746ab6f4b83423fd4c93a2

SHA1
909264c4c70ae1ffef70fc7de334c0413e638484

SHA256
ac7f01b628401ee919b1da364fde3c9619c6ad35edc3871b95e822ca2daeb675

SHA512
ccf5f4dedd423813f1d628c2c23a59ac6b9abb5cf4ad3bb0fd3219e730e5962c0f29945d101782dbf763d20992eb9f7eb2f1938c2a8a1c2ad5e8e4e762e5b7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
aed78569d24de30fd28d6cc2208ef43e

SHA1
d425753b9ccac02771754d172a4626f381238024

SHA256
fa67b92473cdbe13e2dc8335c09cd83447582b8c7c4e47f9b3b082d4b2ec4cf8

SHA512
44b88984eca431c8c41d3a0b71394d378add2a3b4f1630f2e7188763b9cf6d85f02d40aed97329feb6214ab35eeb32e812d8f5418d6e26954441b772a5ed293e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
f0dc2546448807eae1472cd0c6d7ed5f

SHA1
b6cf97a1bef75988b8400f5d6844d146c2fcfa8a

SHA256
d5fbc3ec6f2a43554d56d19128bb1f99bba649625da4cb069082b570eeeff608

SHA512
e63862745192a3ac1b45ded8c143d2e96b8b6b1a8539e2659b1bd2587fae8142329d2f8ffa69398dd3ed6e88c980827b25095f42111dbbfea883ffab95c6cce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
125B

MD5
e38f1f30387dc152e27bfcd11208f550

SHA1
fb4ea8a773acff6d73df3a20f08f16d19151bd4f

SHA256
54288dfa557732005ce586545f5c766d867a97a880d10fc95343191910227402

SHA512
33b7d0b23eadb4120af121f6449cd30f86aca153d9455aa7d89787f601cf412304d3fd2a23f35f157720400596a11baba0d86b1853d217a63fca59772865c03e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
a59da0034f1bca8d543453969b6dbc62

SHA1
c2d8f63a75f70788c46775d6fe2d0c1142082e5f

SHA256
ff9c93f1a3ee0233714082be486811a21c09689e7671e49049dbfb6322726add

SHA512
8158c90be281f711f9041f2cbf80308fb91c9d67053e2a23225cb9ec7f91e9d1a7b727a519168cf44eb95b2aa385533b6e429841f84890279b9947e16cc7dfd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
89dbfdb938f71c26d3982fe4ae507385

SHA1
d867329c19d2ad626d97ba73609576dbee5f2af6

SHA256
f2ac898e49fc332711adc992c642c79dc1c422aa20a9167043879ed4618bb203

SHA512
ab2934cca50242521dc1a74fe0453040d01432a3667129d9448a51fe410a2199bbf0af33fc4741b428260c7d9bc97e86acbebb041711a41ead602e5c47ad1a6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
814B

MD5
54ec02ab9dbd2bc65b5063c34f6e897e

SHA1
688516454b7a5a0ac29252391527522411221ce8

SHA256
4cc13c047b8486974b4b67a6f5cdb32f7a8a557a20ec6c001182c63e3448d5eb

SHA512
b6db9aa740380c9d04bb4153c880bc4b44d45a0298432b913684d59da3b07e5c52955aa7225354d6a83f45d68753c8906c62fd212699387247c6ce0c85b27a12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
814B

MD5
eeb5fb9c814c0caf0f91898596682387

SHA1
52f4852bc2fd894265ae9a6a81f1a7ba814e4dfa

SHA256
e468c40eb13ca8a35ef285ae4be7ab46ed169031be216eecf30ee1385f47f2ce

SHA512
b0683c91d898388c1adcc51de0deb118771bbf4c4d155841b66edd4181b050db078484ca92707266a8d1020855a9714008bbfc2ba5f1a2061287d2ae77e1d5ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c42988ee30560f27180b62ee97cfa296

SHA1
b472ce81da8e333a9af732821b6ede8d891bdce8

SHA256
7dfa64ad7b95864ce358810cadc973a687c67c30678ab828f4021e9dcfc93c94

SHA512
795cafa458bd5bd0733ba0f76e31443e7e5d8b6ea38d26cad898cf807c7467fe7a67a08968f92c387fd1f5539c380b105991b56aa5ee85f3be944027cf79ac1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9ba167b4201d2ec78c23f27c3f9b3b1e

SHA1
49762bb54dbca8841e6d0111d7b97e51e2361027

SHA256
9abb6188d9af49e6fc00c55faac6408689db1345c52534e03de242e5c2bcbe98

SHA512
dc3186128e8dc4c712f9da3fe2f867edf4d769f2f6de0a2c17902e54be513951105d2a54705dc09f2f438f6b14dff8e745640a9dbd05203d51f2a761096561ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
750574b060297fc2020e4cf0e6505a24

SHA1
8897aead2738cea854cb8aeaf4221a4b3b4de553

SHA256
6210ae8f07a768ff2ee6c27ee504f5d37e550b06387d4b080adcb998c3925906

SHA512
5980ce71fc8d8a98dbdfaba9db60956495c27a76484ee05dc21a6b33796f2b53d51a2a221a01edf9ba700b84439f2934112ce4adaf48c6b9c5060719aca28bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
956f857c8bb6113890ab297a19b2547a

SHA1
dea6fd314cfbad3875829e2263b33e2b1fe53dee

SHA256
05a9632f5925723f086fd96d43038192e1add69be8b5e9d1944593146d42b011

SHA512
3d8c1a272c005d09fd1599c0e7141035dbf39d21f0d2ebc474b06a133ac432d8888dd1f3841e26c2dfb3ab1f5eaa92612d6847dfa0868616df01f45d5d16db58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
840294b6451741bc295c26afc588bb42

SHA1
f2abc092cc8a5b8b8a5395f15e2c718ecb1bca79

SHA256
8a1f2847d9c424b5350825992b0dc48c6d797bab907a34a08a7b8139f4817ff4

SHA512
97116a4ecb5adb1ec94dc17858e6c278bacd9d326a7ca83896ab243926fef0c84951e34797ce29093aafeccce91da033606b9b53b5e92cf54594f45e46cf00cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
676e5584ee663e32205da950cf770134

SHA1
b1ee056b2c6d7e77c60e2f009b885b8ac0b06818

SHA256
172df093969a0bc025cfb9388697161a8a6c2ea231774040227591da0628cd2f

SHA512
85f5d49e0bc25fd3016f6ded706ce9681f0e145a586fc563502389dd2e4f3415847f12f20a93e3be89d1d381fde1802b99b456fe90ea9b2d1a2a46a292ba6621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1bd2311706cc4423a394b2def36a35ec

SHA1
a81a1ed5007e4ccd79a2a74f2dcc089b8da41b5d

SHA256
9708dd335d91dc8ad7746a54fffe92ff20d619e05732d25cfab0bc48424ac372

SHA512
00d4f12bc4d55b13cc51d8405c2c05154ea297598c2684435a739f7c92b0feb957174ba4289485c4d48cd17d79bec8635a15a4c05ef24592ca9dcb4f88c9e67b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5b8ad44ca0a8e7c5957459f104abdbf

SHA1
de63dc407d7ef195ce1d74c4d6b4222ab458a086

SHA256
cc02ef8b4bb98202316dcdf1c436a0300900d06ab605f237b48286530a9ec997

SHA512
a5b8a7308de20793e67a20ae6d641ec327660395b081c94eb45cc1d3510dc7cb1cd1c2de4f9b5c32fd6be75340c7cc298023213d46480cd83db36d1813d97f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d9e1500ceb65806ddcf18dfc07a45634

SHA1
4e27d891d9168da4b5afb0b339533a63dde8568d

SHA256
6a0e4e269caede73e7d775efe67e7754b65ba0ebccb79352fff1eda5395db710

SHA512
548193221ab2130be86524e64e65c483a0c0145c615ab816e490e66d5674ca27ef26e2e7141558b472f4783b1c5d0fcdb76749281cf33d2286e81b1b3f8ae0d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2509dd04c9d1183940131975105945a5

SHA1
94a33ef94cfda46a4b4ec909cce5b486a3a4dfd6

SHA256
78dee9c010db899d3749ef77748b7a6e49a860bcaf10d23eded853ba1cb76ae1

SHA512
9ec4fe90e64f9bdc96afa9a8c6e41e62cd999292b880677ad10cbdaa1640ad0dc8dbca9bdec013f891558f3386dd7c73fd910a90868e3f8b0b31b1a5f30b2ee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db44add6173213c45449b9ba35630828

SHA1
e08bde8bcc803bbfc638c5cd80eba535000b93fa

SHA256
e71a07ccd39ba8947f22eff573fd72f3d1353001f34f338e57cd1325dfa6663a

SHA512
ba0d69dbbf725ab3b807e311bf757946c86fb928038ebbd874742aac3374e9b112cf8a0827cb554c32b811fef62ab3748301acc035f5543f016700fb506659d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5adc78eda2bea9ff97b57bf099876486

SHA1
0b722fa743032edcd110c440787f6dc9466b3bba

SHA256
dcc377bbe5687272398ee8a79cae51a2c881ff6713e9ef64654267d62de93c80

SHA512
b05a137ab1a1a7ce5e379e65c70fa98248c5e0c35b5ba1849662670f260095909f959527e04b3233fb28b8329a8f23a68b2d08965db92933c3e5258c43d44801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
86a94d0d23e6301b5179fe10b978d694

SHA1
35281b2fb2ff12b26f13f0ed63bc1e7c256427b6

SHA256
88a88a167e452215f0e807f055de02c40c3a2755aeffff386730e4b23cfa4c7b

SHA512
822caf0a45e1d87da952b40d7eed7afda493578721d10831aaa28f968ca088c6db31957cd8af9b2191ee32aff962d7461a46e978e990270b509fbc9990fbb481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
753B

MD5
f82b59cb9ecddcaa2e17826b16dd453c

SHA1
d4fed267616ad8a1f83754164815043b3a93e2e5

SHA256
2804aabc73f62c6aabe9cf155e828fa79b35c9c59f2841e6d3e68ab031a8c85e

SHA512
d2e668932cfbe77b800ece07a0cd27f62f5bf6a73c435f754dfe2c66ad1110621339cc0807fd499ecdb1dea395bf8c7e4ee2452b6f62b9cb46149f99954d22c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
a476b11dd27041e6c9b58dcbdb804e01

SHA1
1c0b229ec990c38d050f7b921542a7bf3fb28eac

SHA256
5d506f93cfeb63c8b31a271a2fb62b92a90528a784fcb710f19485b2e864d63b

SHA512
7e8b6aadb579a3463528aecafd0cc36ec97c88a3ca9b056d8d16a40e6303957beefb02caa0aef963cdeb2e18d93eaa607867b45abfe1ef367b5721c68f911152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13359650380844421

Filesize
1KB

MD5
7373f8dc4d86b9375a7fb42d5bbe8e80

SHA1
f3969864b29a89cc577389ec7b1da55d4b20928f

SHA256
26538364f60f2f794d1fe5ed575c767c4f0576e0b9cee008bd1817764720eb0f

SHA512
3af52023d70d14c4e89ca612a8f2bfdabe3ef3885d656297a91623567749f7f521c6397b76ae9488f6a990357b39c3998d0373c5fdae7fc73ad212a0ec458898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
bac8d956ad3cc3dae987272b41b0df01

SHA1
4cca720800a7a377daf9bccb4c992ebc14cda1fb

SHA256
3b53bca0fa118801727f78e6e61067ef71f9f1156084152a58689f0fdbb4e01d

SHA512
12847e7e1401abe476dd348137a6e0ddc6448624640eba527807a45d6b353360812b0638911b3b36c7a239535bfe2f802f32cf4acc18886f13c80e88acca405d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
092910fbf31868e3e70ea4aa73783724

SHA1
fe5ed32d671f5d462eb7d80f18c51c9996cc4853

SHA256
34c1241b7bd5c0fd24b1c1fdc06699f31f6d2f8a929d6f4aa028ed2cde8a55ff

SHA512
fccbab8535c1a31d0e01080df22abcf45c38182a3c584362f144bec402f47b661f74777801713e6d4b703a11edd698bd51f62e32f29339a90a0fb1cbd33bcd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
8712e17eab05ae84e481cddfddaeb7ac

SHA1
1ac600d43b68409ec413e27bc22d414096bd366a

SHA256
c63e080e7086f68d71c606b66e9d9229acbe8ad1868840efb3e149ee5e5fd728

SHA512
fec2363c8453d4da545b55b40358fa749b11428f7f3ce9c28e36448845ffb94a7ca80df607b5678096b354baf681e20754836266a4b02b2805f6c8d21bb35cd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
ac8dd06dcb42295440a6211afe09fa25

SHA1
e3e524c398d31c128418b492d8eb50650a185532

SHA256
57300a56c30ab96276260d5b2e8cbfe56d792da7b75a1a1b60ef5aa684c3ad9b

SHA512
fbf2bd58ac099775ea4972ab16e3cda8298066cdf5564912ec620352c89a89104d24f0cfe733737854efd126136d4732a942ff6d8f5f4a2bf78db8fb868f60ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
4f3e3c5b9c97d8e8b926a1431eaca672

SHA1
f602a0481f3912e6a844a537f9521f3bafa9ad91

SHA256
06a6fb377b9c5e7801e840652682ab301eae72b21625c383556602b37d23217f

SHA512
d4b30cd416a23a2bad57fed156f45b842dcb541d4945223e7c857888ceea05b05af34769df5a6b4fc0f2a82595a28c55e6cdde2527be8226e8ef8f8c9ee45891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
c9f22acead6914734a673459382a3b24

SHA1
7a0c072d02a393169bbacd9b24415952dc06002a

SHA256
8b1ad105c56de799cf1bb944baa38b4f02f55c62e1c8be156206223b8f5b2ecb

SHA512
766b28e2674a95d2fee7fdbedd8f273c384aba44c987584b47036dc22ad43c6a21c76488daca101c6b23c362b8c3546b4a26ef06e494fe7696f8a4fc52a34ad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
53809c5b10bc3702ddfcdb479402c551

SHA1
0a8435aa6b64218b3e57feb7a70ae2cd523af8fd

SHA256
95b37fc311a59780baf9846248e8ca70cc706fbc2c794be945f3895f1aabf2b8

SHA512
302a1fdff3371a2e2d77a0e9b524f2fd42356e83d6559c63ae40e9510eb693a6ac345639876e372943af28f04f2d644f84c64145611df360cfec6588f5d7942f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
beb05a0b29163346c730c2f158dab6ba

SHA1
f32b455a776a83a2d2a388fea531e7715aae875e

SHA256
11b0e2596db64a4a80eac7f6e490e6d51a6459cfa9a2a008a8832160de287594

SHA512
59a14e6698bc49a07d82e5a4eba94064aab6c8c2fdb5ac64f02c5c6ae9d8a0dab77a4a5db49818fa243a0074f4ea6d06017379f5bd9a6bd2b644eabfbbe20758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
5a91d4688a7ba6b02cb42697fe042a95

SHA1
de8b9ec7eeff352fcb2b6b95941c104f9dce434b

SHA256
ab592f64ca9fe9ae3c7c7f08434bd1cc39ec8ce94003cca2d2ce02e90ea8267d

SHA512
2d041c6b39ee3ceeb099c72484b370d244e8b7146eb54b6ab62c347422983e2378dd6d94a96bf513eee1a5028ce308487718413bea1364bb9263af447bd88e33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
a28ddea1f7006b63d5baa8ed2c2d153b

SHA1
09c9ff2077d9154a71092830611c0b0e9bc1e833

SHA256
2405a306ff3f06dad16a5ec1168d45502ecafa2413684c26a7eef2637f252538

SHA512
2188c78e8a10bcaa67ade43773b8ecf28812bb7190776fcd9b0eace6f6bc3aa977011c894f388db520eef06f1c8bae446931de2b4cd63880c4e865cc3aa5ef0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
1fb6eaf3d06a659cbb438d3edda0b768

SHA1
4a9a182a341b46a6d1a7edc2ba1f129993ca6485

SHA256
44454436dc6b6bf1c8e26906786442f6d4e83a11a359f144c9933a669f6f4451

SHA512
43badf95396204ccb2eac5404ffcf4f18697ce7b8e92e6fe6b1be2253ce11cafcf7ef7ebba0e2915640624b296eb8dc2bd0af83df6f283a7e33330c4facfe072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bb947c3694411a9b05dd571bcd1fb4b5

SHA1
f980866be0e1683e87ac36968650e25263fe5e15

SHA256
47fe5b57143048e791721fbe93b71352344d25f400963b24a1d0c59b283ca460

SHA512
37d8301b8b550de2b5307b554af1ca053bd134f9a7bbd9aa502f3f020d725a7f981d69c56b603a73db8ce409fb02dff73744468737e04cdfa62ac98e795ed05c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6555d26215d909e030adb6fef4049e64

SHA1
e3ea1d9be6651ef024ad390e6c1653a81c399688

SHA256
05c03d1cabc01abf995c4438065e2f51050b31f7209bf20254b472cd0d72dd1f

SHA512
0f7ff797d75792a829708cbfd55db70baa62658935ed555991daa9c6cb33be714f9ebf08cf9cd74ce364cdb0d4d701758c530783402ca3dbfe669129a7362efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
06d7860c515aa18a7331eb45c82a4d4a

SHA1
ede37be47c75d0dad72eadef27d5fb7db21b6b85

SHA256
cbcf4bea6bd38dd73fc604f107727b5254c22b409c7f9f3d09c47013534d9954

SHA512
718bac611c7c72ecdb03870a0f453bfb10cf54d93d766c97b2a2dd9179c666169ae659004535998d4f79be8d5453af6c3e54ce1563a38700c909ea76d76d9c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1f8375dc83ca3a0de7a716fa182e3705

SHA1
5e292c286469b4ab9551b227b80bbb35b1a750ee

SHA256
e9d2344bf2fe435ef6253f1b7e39be75d1c34142f21ee6aa113cf77181a943d7

SHA512
b99a466d80d0b6766c63ba04d25130b127d70bdef1b8ee4b053a97a0b056545191aea705c4d9d7eb389afe142d77e2dee30b7a3aed65757009fe02bb789e59d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
287165a06fe8cfa76bb8b4be095a2662

SHA1
e7206865e0c5fe46775ffc932be9e209e1153bd1

SHA256
c43f4807c5257be7f05551ab02acfc8dfd3bd3cdcbbd82e11b3c81d223744cfd

SHA512
28950d23d725d5f37aef951b99fa6a8d94fb1164338cae52b00a3af7411d752e19583d30ab95de65796b152b0e94a79ae43f114403440c0c59a9cd87f2d0d858

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\AlternateServices.bin

Filesize
7KB

MD5
95a9b5a9ee9b6445f464f435a9a9c0cc

SHA1
814200a67ab587873fb86423a00cae2981192c4a

SHA256
80a96cf5150195b0b5acd50225447c91091795b94161913f409f6b927891a7fc

SHA512
9fd24e249b0310d747a71e7ea9de7a51280a79ba52ba141b04764adbed6dda3bb664846789337d3153956f5914bbd29cba0c7e971ec24f3ce1cf3ea942b9ab28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b71b7c19ac8d0f7c35a46f97967ff2b6

SHA1
8c5476a40cb96950dfe4ab11dddf2187dc1b17cd

SHA256
beec7a0b1e70b0f055ebe23fb01ac81a8c10e5c07c2317121302e4aeadc2d698

SHA512
da84e67e1d7378a40be91f7f17ec6da0bef412ae2a825655a79bc04225240740137babb716f651f52b1e506ae560cb6d583de790faa1b1b18632ad6eef5fa778

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
865e41dc9b5dbdb90cfeb86ac024cb44

SHA1
9b92b955fb534498610942bb96e28f2e63e2f967

SHA256
deb72c38335fe6bb6d1abd1ab0c02a89f417b2ec6d08a0201f4f60fd65c5cf8e

SHA512
cb4b712516d593f35c7a9b9289c3bee50e28f6c03c09e1a795d5b09462172f6293a36025772bc5c7da5cd40d98700ecd775593177f0b3ce633d276b5c3fee67f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
59280857eada5f82c144975fa17e583d

SHA1
45b1787788e5a593768c88194f5c1f2f802964e4

SHA256
4975219ad529876f8f2c2269846553d0a10543c4a7a15dc1bea5b8595d1b8bb0

SHA512
08df3b3b03633d763ca2e86f4196cef29e403c447f50cf59adcfaa1a2f9e59cc3ec185cb7dfc688c73262a7b0b9976d9a6baa6985c438f1d643cd88382801996

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\pending_pings\009f17cf-5b02-4b4e-8da0-1ec39296ee2e

Filesize
671B

MD5
a0639d933d8751a9be431853ec54acbc

SHA1
c20aea84c9702e09f434283189de5469130da576

SHA256
8f44afbd91b36e668382cc189a2e127cfc1fd54b2827392df1b66371541c6da8

SHA512
0e6e8234e5d8fe16a9323424fceebf9c87bb7a7d494d210e0886aba2968e0bfd9b6bb566faf5d9508383d4587f9ed4c30d357857bdb23f1d175e75f20eaba3e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\pending_pings\06daa8d3-0e2b-4cb7-94b7-e4808d4c8347

Filesize
982B

MD5
77bf62df14aa6e43fac1ff3d593b0a55

SHA1
bcf8eecb008b9ebd60cedd51f5a495177c3ecd36

SHA256
9ccd19d6468cd83dcffa8f7e5606b10536cfab0187c9237491fc839a9920fa0b

SHA512
ea73eb371e6a9378520f7fb6d549221aaee7d93c8302b8962c4b708ff92ece951594ea4cb8856e0b7bf892c6529f98bdad22b88b94ca8c6f939a265bf1c20c44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\pending_pings\5dc660a2-d546-48dc-b28d-cf3ae4850864

Filesize
25KB

MD5
2ca48360f6fafbbf91b385fdadec35c1

SHA1
8f2bada93094b9739e4bfa530b7f96bce833427d

SHA256
0684bbf9c80438f77b68b6e318e6c3966a0a042932ed8fcecc9455cf6a874e4f

SHA512
14ad4717f25be8993246419309cafc9a8a0973757bcfcadbf3651f2c99ce1e3ec5d08b3cfa3facf44614ddb2fa35c1bb025bb6e521b1d0deece99afdae2e8a1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\prefs-1.js

Filesize
8KB

MD5
726d5a62983d8b2411717502e1d91849

SHA1
3e09b8fc1ca3beb9b547ddfd8806ee5cc6833079

SHA256
2302f25fdfe3b87ec805b37adc8fdd69cb03b1179a656c93ec64e2754912c3b1

SHA512
8c83089e3ca5057c5ab477ceb226cb62eb3b4ef239b038b378712c52eaad5ac8a8ac962b63d944a3ca22c0dc673515d87c41216fa044f16a5ba32663289040de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\prefs.js

Filesize
8KB

MD5
2188b28f4fe9d81164c0af239aa25220

SHA1
45d2ef4639e2c5cd947d615a57b5ae5fb4518f30

SHA256
3cec6f3359b2472231b21e3768fbf1da301c4c29408a2bc7e4652153bae2b1bd

SHA512
6a7280faf832c4262da59afdcbf821531bf67ac93e7a9e2ea82c484f9b4eea3c8ed13ca64a03f9f33dd050fd6d5960d7e283d81fc826723aff9e9a49a432c5ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/5228-1108-0x00007FFBAEC20000-0x00007FFBAEED6000-memory.dmp

Filesize
2.7MB

Download
memory/5228-1109-0x00007FFBACE70000-0x00007FFBADF20000-memory.dmp

Filesize
16.7MB

Download
memory/5228-1107-0x00007FFBC2290000-0x00007FFBC22C4000-memory.dmp

Filesize
208KB

Download
memory/5228-1106-0x00007FF79C460000-0x00007FF79C558000-memory.dmp

Filesize
992KB

Download
memory/5528-1090-0x00007FFBAEC20000-0x00007FFBAEED6000-memory.dmp

Filesize
2.7MB

Download
memory/5528-1088-0x00007FF79C460000-0x00007FF79C558000-memory.dmp

Filesize
992KB

Download
memory/5528-1091-0x00007FFBC1D60000-0x00007FFBC1D78000-memory.dmp

Filesize
96KB

Download
memory/5528-1092-0x00007FFBC1BB0000-0x00007FFBC1BC7000-memory.dmp

Filesize
92KB

Download
memory/5528-1093-0x00007FFBBE3E0000-0x00007FFBBE3F1000-memory.dmp

Filesize
68KB

Download
memory/5528-1089-0x00007FFBC2290000-0x00007FFBC22C4000-memory.dmp

Filesize
208KB

Download