3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61

Resubmissions

26-05-2024 05:21

240526-f2elzagd4x 7

26-05-2024 05:10

240526-ft2frsgb3v 7

Analysis

max time kernel
543s
max time network
545s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
26-05-2024 05:10

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

geometry dash auto speedhack.exe
Size

14KB
MD5

19dbec50735b5f2a72d4199c4e184960
SHA1

6fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256

a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512

aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
SSDEEP

192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

geometry dash auto speedhack.exe

description ioc process

File opened for modification \??\PhysicalDrive0 geometry dash auto speedhack.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	\??\PhysicalDrive0	geometry dash auto speedhack.exe

Enumerates system info in registry 2 TTPs 45 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exechrome.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 17 IoCs

Processes:

chrome.exeLogonUI.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611742489663275"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "183"	LogonUI.exe

Modifies registry class 2 IoCs

Processes:

explorer.execalc.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings	calc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

geometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exe

pid	process
1508	geometry dash auto speedhack.exe
1508	geometry dash auto speedhack.exe
644	geometry dash auto speedhack.exe
644	geometry dash auto speedhack.exe
2312	geometry dash auto speedhack.exe
2312	geometry dash auto speedhack.exe
4612	geometry dash auto speedhack.exe
4612	geometry dash auto speedhack.exe
2288	geometry dash auto speedhack.exe
2288	geometry dash auto speedhack.exe
1508	geometry dash auto speedhack.exe
1508	geometry dash auto speedhack.exe
644	geometry dash auto speedhack.exe
644	geometry dash auto speedhack.exe
2288	geometry dash auto speedhack.exe
2288	geometry dash auto speedhack.exe
4612	geometry dash auto speedhack.exe
4612	geometry dash auto speedhack.exe
2312	geometry dash auto speedhack.exe
2312	geometry dash auto speedhack.exe
2312	geometry dash auto speedhack.exe
4612	geometry dash auto speedhack.exe
2312	geometry dash auto speedhack.exe
4612	geometry dash auto speedhack.exe
2288	geometry dash auto speedhack.exe
2288	geometry dash auto speedhack.exe
644	geometry dash auto speedhack.exe
1508	geometry dash auto speedhack.exe
644	geometry dash auto speedhack.exe
1508	geometry dash auto speedhack.exe
644	geometry dash auto speedhack.exe
644	geometry dash auto speedhack.exe
1508	geometry dash auto speedhack.exe
2288	geometry dash auto speedhack.exe
1508	geometry dash auto speedhack.exe
2288	geometry dash auto speedhack.exe
4612	geometry dash auto speedhack.exe
2312	geometry dash auto speedhack.exe
4612	geometry dash auto speedhack.exe
2312	geometry dash auto speedhack.exe
2288	geometry dash auto speedhack.exe
2288	geometry dash auto speedhack.exe
1508	geometry dash auto speedhack.exe
1508	geometry dash auto speedhack.exe
644	geometry dash auto speedhack.exe
644	geometry dash auto speedhack.exe
1508	geometry dash auto speedhack.exe
644	geometry dash auto speedhack.exe
644	geometry dash auto speedhack.exe
1508	geometry dash auto speedhack.exe
2288	geometry dash auto speedhack.exe
2288	geometry dash auto speedhack.exe
2312	geometry dash auto speedhack.exe
2312	geometry dash auto speedhack.exe
4612	geometry dash auto speedhack.exe
4612	geometry dash auto speedhack.exe
4612	geometry dash auto speedhack.exe
2312	geometry dash auto speedhack.exe
2312	geometry dash auto speedhack.exe
4612	geometry dash auto speedhack.exe
2288	geometry dash auto speedhack.exe
1508	geometry dash auto speedhack.exe
1508	geometry dash auto speedhack.exe
2288	geometry dash auto speedhack.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

mmc.exegeometry dash auto speedhack.exe

pid process

6916 mmc.exe
2624 geometry dash auto speedhack.exe

pid	process
6916	mmc.exe
2624	geometry dash auto speedhack.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exechrome.exemsedge.exemsedge.exe

pid	process
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
5392	msedge.exe
5392	msedge.exe
5392	msedge.exe
5392	msedge.exe
5392	msedge.exe
5392	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
5404	msedge.exe
1856	chrome.exe
1856	chrome.exe
1856	chrome.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
6240	msedge.exe
6240	msedge.exe
6240	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

AUDIODG.EXEchrome.exe

description	pid	process
Token: 33	1352	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1352	AUDIODG.EXE
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe
Token: SeShutdownPrivilege	1856	chrome.exe
Token: SeCreatePagefilePrivilege	1856	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	process
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
5392	msedge.exe
5392	msedge.exe
5392	msedge.exe
5392	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

geometry dash auto speedhack.exeidentity_helper.exeidentity_helper.exeidentity_helper.exeidentity_helper.exewordpad.exeidentity_helper.exemmc.exemmc.exeidentity_helper.exeidentity_helper.exeidentity_helper.exeOpenWith.exeidentity_helper.exeLogonUI.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exe

pid	process
2624	geometry dash auto speedhack.exe
4980	identity_helper.exe
2624	geometry dash auto speedhack.exe
416	identity_helper.exe
2624	geometry dash auto speedhack.exe
2624	geometry dash auto speedhack.exe
5308	identity_helper.exe
2624	geometry dash auto speedhack.exe
2624	geometry dash auto speedhack.exe
7068	identity_helper.exe
2624	geometry dash auto speedhack.exe
5960	wordpad.exe
5960	wordpad.exe
5960	wordpad.exe
5960	wordpad.exe
5960	wordpad.exe
5960	wordpad.exe
2624	geometry dash auto speedhack.exe
2624	geometry dash auto speedhack.exe
2624	geometry dash auto speedhack.exe
4928	identity_helper.exe
4480	mmc.exe
6916	mmc.exe
6916	mmc.exe
2624	geometry dash auto speedhack.exe
3500	identity_helper.exe
2624	geometry dash auto speedhack.exe
2624	geometry dash auto speedhack.exe
6804	identity_helper.exe
2624	geometry dash auto speedhack.exe
5676	identity_helper.exe
2624	geometry dash auto speedhack.exe
2624	geometry dash auto speedhack.exe
2348	OpenWith.exe
2624	geometry dash auto speedhack.exe
2624	geometry dash auto speedhack.exe
2624	geometry dash auto speedhack.exe
2384	identity_helper.exe
2624	geometry dash auto speedhack.exe
2624	geometry dash auto speedhack.exe
2624	geometry dash auto speedhack.exe
6824	LogonUI.exe
2288	geometry dash auto speedhack.exe
2312	geometry dash auto speedhack.exe
1508	geometry dash auto speedhack.exe
644	geometry dash auto speedhack.exe
4612	geometry dash auto speedhack.exe
1508	geometry dash auto speedhack.exe
2288	geometry dash auto speedhack.exe
644	geometry dash auto speedhack.exe
4612	geometry dash auto speedhack.exe
2312	geometry dash auto speedhack.exe
4612	geometry dash auto speedhack.exe
2288	geometry dash auto speedhack.exe
2312	geometry dash auto speedhack.exe
1508	geometry dash auto speedhack.exe
644	geometry dash auto speedhack.exe
2288	geometry dash auto speedhack.exe
1508	geometry dash auto speedhack.exe
644	geometry dash auto speedhack.exe
4612	geometry dash auto speedhack.exe
2312	geometry dash auto speedhack.exe
2288	geometry dash auto speedhack.exe
1508	geometry dash auto speedhack.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

geometry dash auto speedhack.exegeometry dash auto speedhack.exemsedge.exe

description	pid	process	target process
PID 2368 wrote to memory of 1508	2368	geometry dash auto speedhack.exe	geometry dash auto speedhack.exe
PID 2368 wrote to memory of 1508	2368	geometry dash auto speedhack.exe	geometry dash auto speedhack.exe
PID 2368 wrote to memory of 1508	2368	geometry dash auto speedhack.exe	geometry dash auto speedhack.exe
PID 2368 wrote to memory of 4612	2368	geometry dash auto speedhack.exe	geometry dash auto speedhack.exe
PID 2368 wrote to memory of 4612	2368	geometry dash auto speedhack.exe	geometry dash auto speedhack.exe
PID 2368 wrote to memory of 4612	2368	geometry dash auto speedhack.exe	geometry dash auto speedhack.exe
PID 2368 wrote to memory of 2312	2368	geometry dash auto speedhack.exe	geometry dash auto speedhack.exe
PID 2368 wrote to memory of 2312	2368	geometry dash auto speedhack.exe	geometry dash auto speedhack.exe
PID 2368 wrote to memory of 2312	2368	geometry dash auto speedhack.exe	geometry dash auto speedhack.exe
PID 2368 wrote to memory of 2288	2368	geometry dash auto speedhack.exe	geometry dash auto speedhack.exe
PID 2368 wrote to memory of 2288	2368	geometry dash auto speedhack.exe	geometry dash auto speedhack.exe
PID 2368 wrote to memory of 2288	2368	geometry dash auto speedhack.exe	geometry dash auto speedhack.exe
PID 2368 wrote to memory of 644	2368	geometry dash auto speedhack.exe	geometry dash auto speedhack.exe
PID 2368 wrote to memory of 644	2368	geometry dash auto speedhack.exe	geometry dash auto speedhack.exe
PID 2368 wrote to memory of 644	2368	geometry dash auto speedhack.exe	geometry dash auto speedhack.exe
PID 2368 wrote to memory of 2624	2368	geometry dash auto speedhack.exe	geometry dash auto speedhack.exe
PID 2368 wrote to memory of 2624	2368	geometry dash auto speedhack.exe	geometry dash auto speedhack.exe
PID 2368 wrote to memory of 2624	2368	geometry dash auto speedhack.exe	geometry dash auto speedhack.exe
PID 2624 wrote to memory of 848	2624	geometry dash auto speedhack.exe	notepad.exe
PID 2624 wrote to memory of 848	2624	geometry dash auto speedhack.exe	notepad.exe
PID 2624 wrote to memory of 848	2624	geometry dash auto speedhack.exe	notepad.exe
PID 2624 wrote to memory of 2596	2624	geometry dash auto speedhack.exe	explorer.exe
PID 2624 wrote to memory of 2596	2624	geometry dash auto speedhack.exe	explorer.exe
PID 2624 wrote to memory of 2596	2624	geometry dash auto speedhack.exe	explorer.exe
PID 2624 wrote to memory of 2864	2624	geometry dash auto speedhack.exe	msedge.exe
PID 2624 wrote to memory of 2864	2624	geometry dash auto speedhack.exe	msedge.exe
PID 2864 wrote to memory of 4676	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 4676	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe
PID 2864 wrote to memory of 1844	2864	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\geometry dash auto speedhack.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368

C:\Users\Admin\AppData\Local\Temp\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\geometry dash auto speedhack.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1508

C:\Users\Admin\AppData\Local\Temp\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\geometry dash auto speedhack.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4612

C:\Users\Admin\AppData\Local\Temp\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\geometry dash auto speedhack.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Users\Admin\AppData\Local\Temp\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\geometry dash auto speedhack.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Users\Admin\AppData\Local\Temp\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\geometry dash auto speedhack.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:644

C:\Users\Admin\AppData\Local\Temp\geometry dash auto speedhack.exe
"C:\Users\Admin\AppData\Local\Temp\geometry dash auto speedhack.exe" /main
2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2624

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:848

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
3⤵
- Modifies registry class
PID:2596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:4676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,2363810927368731743,7145937664919997240,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
4⤵
PID:1844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,2363810927368731743,7145937664919997240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
4⤵
PID:680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,2363810927368731743,7145937664919997240,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
4⤵
PID:2792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2363810927368731743,7145937664919997240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
4⤵
PID:1140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2363810927368731743,7145937664919997240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
4⤵
PID:1104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2363810927368731743,7145937664919997240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
4⤵
PID:3640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2363810927368731743,7145937664919997240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
4⤵
PID:572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2363810927368731743,7145937664919997240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
4⤵
PID:2172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2363810927368731743,7145937664919997240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
4⤵
PID:4104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2363810927368731743,7145937664919997240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
4⤵
PID:2860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2363810927368731743,7145937664919997240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
4⤵
PID:2908

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,2363810927368731743,7145937664919997240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
4⤵
- Suspicious use of SetWindowsHookEx
PID:4980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1972,2363810927368731743,7145937664919997240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
4⤵
PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2363810927368731743,7145937664919997240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
4⤵
PID:4156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2363810927368731743,7145937664919997240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
4⤵
PID:3796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2363810927368731743,7145937664919997240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
4⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,2363810927368731743,7145937664919997240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
4⤵
PID:716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
3⤵
PID:2608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:2520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
3⤵
PID:2596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:4380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:1448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,443579932275530529,11382624962138451880,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2
4⤵
PID:2972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,443579932275530529,11382624962138451880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
4⤵
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,443579932275530529,11382624962138451880,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
4⤵
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,443579932275530529,11382624962138451880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
4⤵
PID:3008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,443579932275530529,11382624962138451880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
4⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,443579932275530529,11382624962138451880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
4⤵
PID:4796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,443579932275530529,11382624962138451880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
4⤵
PID:344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:4528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,7267188690770039832,5267426680798319328,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2052 /prefetch:2
4⤵
PID:1832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,7267188690770039832,5267426680798319328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
4⤵
PID:4624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,7267188690770039832,5267426680798319328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
4⤵
PID:4160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7267188690770039832,5267426680798319328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
4⤵
PID:1988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7267188690770039832,5267426680798319328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
4⤵
PID:200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7267188690770039832,5267426680798319328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
4⤵
PID:3712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7267188690770039832,5267426680798319328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
4⤵
PID:2724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:5536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,12249151265029833595,13583252542971691578,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
4⤵
PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,12249151265029833595,13583252542971691578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2684 /prefetch:3
4⤵
PID:5136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,12249151265029833595,13583252542971691578,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3116 /prefetch:8
4⤵
PID:1272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,12249151265029833595,13583252542971691578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
4⤵
PID:5104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,12249151265029833595,13583252542971691578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
4⤵
PID:5492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,12249151265029833595,13583252542971691578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
4⤵
PID:3112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,12249151265029833595,13583252542971691578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
4⤵
PID:3980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,12249151265029833595,13583252542971691578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3760 /prefetch:8
4⤵
PID:5876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,12249151265029833595,13583252542971691578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
4⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,12249151265029833595,13583252542971691578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
4⤵
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,12249151265029833595,13583252542971691578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
4⤵
- Suspicious use of SetWindowsHookEx
PID:416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,12249151265029833595,13583252542971691578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
4⤵
PID:5732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,12249151265029833595,13583252542971691578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
4⤵
PID:2412

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
3⤵
PID:6136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:1136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,15446668652887092686,14348805838309286216,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2044 /prefetch:2
4⤵
PID:2464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,15446668652887092686,14348805838309286216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
4⤵
PID:4532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,15446668652887092686,14348805838309286216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 /prefetch:8
4⤵
PID:3956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15446668652887092686,14348805838309286216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
4⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15446668652887092686,14348805838309286216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
4⤵
PID:2824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15446668652887092686,14348805838309286216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
4⤵
PID:3420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15446668652887092686,14348805838309286216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
4⤵
PID:5556

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,15446668652887092686,14348805838309286216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
4⤵
- Suspicious use of SetWindowsHookEx
PID:5308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2032,15446668652887092686,14348805838309286216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
4⤵
PID:5152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:1120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,15777693483183473993,7386521379734430778,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2020 /prefetch:2
4⤵
PID:3088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,15777693483183473993,7386521379734430778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
4⤵
PID:5136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,15777693483183473993,7386521379734430778,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
4⤵
PID:2812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15777693483183473993,7386521379734430778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2540 /prefetch:1
4⤵
PID:3892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15777693483183473993,7386521379734430778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
4⤵
PID:5404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15777693483183473993,7386521379734430778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
4⤵
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15777693483183473993,7386521379734430778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
4⤵
PID:4372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2076,15777693483183473993,7386521379734430778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 /prefetch:8
4⤵
PID:5780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15777693483183473993,7386521379734430778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
4⤵
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15777693483183473993,7386521379734430778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
4⤵
PID:5512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
3⤵
PID:5556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:1996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:6080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,512137486435236557,4824003351439265,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
4⤵
PID:5616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,512137486435236557,4824003351439265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
4⤵
PID:2272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,512137486435236557,4824003351439265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
4⤵
PID:2400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,512137486435236557,4824003351439265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
4⤵
PID:5264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,512137486435236557,4824003351439265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
4⤵
PID:5464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,512137486435236557,4824003351439265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
4⤵
PID:6600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,512137486435236557,4824003351439265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
4⤵
PID:6720

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,512137486435236557,4824003351439265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:8
4⤵
- Suspicious use of SetWindowsHookEx
PID:7068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,512137486435236557,4824003351439265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
4⤵
PID:6832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,512137486435236557,4824003351439265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
4⤵
PID:6244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,512137486435236557,4824003351439265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
4⤵
PID:6428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,512137486435236557,4824003351439265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1
4⤵
PID:5744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,512137486435236557,4824003351439265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
4⤵
PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,512137486435236557,4824003351439265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
4⤵
PID:4812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,512137486435236557,4824003351439265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
4⤵
PID:7120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
3⤵
PID:6208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:4068

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
3⤵
- Suspicious use of SetWindowsHookEx
PID:5960

C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
4⤵
PID:7088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:6240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:6108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12364546527658710489,6878200492778726769,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2120 /prefetch:2
4⤵
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,12364546527658710489,6878200492778726769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
4⤵
PID:6400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,12364546527658710489,6878200492778726769,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2384 /prefetch:8
4⤵
PID:1196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12364546527658710489,6878200492778726769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
4⤵
PID:416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12364546527658710489,6878200492778726769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
4⤵
PID:1188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12364546527658710489,6878200492778726769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
4⤵
PID:5680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12364546527658710489,6878200492778726769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
4⤵
PID:3048

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
3⤵
PID:4668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
3⤵
- Enumerates system info in registry
PID:6984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:4088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1938874970827870740,5139423046970621539,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2092 /prefetch:2
4⤵
PID:6592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,1938874970827870740,5139423046970621539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
4⤵
PID:1112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,1938874970827870740,5139423046970621539,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
4⤵
PID:1032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1938874970827870740,5139423046970621539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
4⤵
PID:4944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1938874970827870740,5139423046970621539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
4⤵
PID:5868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1938874970827870740,5139423046970621539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
4⤵
PID:6628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1938874970827870740,5139423046970621539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
4⤵
PID:5988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2056,1938874970827870740,5139423046970621539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
4⤵
PID:7004

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1938874970827870740,5139423046970621539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
4⤵
- Suspicious use of SetWindowsHookEx
PID:4928

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
3⤵
- Suspicious use of SetWindowsHookEx
PID:4480

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
4⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
3⤵
- Enumerates system info in registry
PID:2708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:5228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,6825192844140197147,1728194536179964561,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
4⤵
PID:1656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,6825192844140197147,1728194536179964561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
4⤵
PID:6712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,6825192844140197147,1728194536179964561,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
4⤵
PID:6688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6825192844140197147,1728194536179964561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
4⤵
PID:3700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6825192844140197147,1728194536179964561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
4⤵
PID:6868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6825192844140197147,1728194536179964561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
4⤵
PID:6580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6825192844140197147,1728194536179964561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
4⤵
PID:5176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,6825192844140197147,1728194536179964561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
4⤵
PID:724

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,6825192844140197147,1728194536179964561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
4⤵
- Suspicious use of SetWindowsHookEx
PID:3500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6825192844140197147,1728194536179964561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
4⤵
PID:6488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6825192844140197147,1728194536179964561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
4⤵
PID:6492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6825192844140197147,1728194536179964561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
4⤵
PID:6848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6825192844140197147,1728194536179964561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
4⤵
PID:6680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6825192844140197147,1728194536179964561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
4⤵
PID:7100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6825192844140197147,1728194536179964561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
4⤵
PID:3512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
3⤵
PID:2008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:4464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
3⤵
- Enumerates system info in registry
PID:6844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:6860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,884018646588107538,2629975239502284866,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2068 /prefetch:2
4⤵
PID:1772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,884018646588107538,2629975239502284866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
4⤵
PID:6668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,884018646588107538,2629975239502284866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2928 /prefetch:1
4⤵
PID:2792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,884018646588107538,2629975239502284866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2936 /prefetch:1
4⤵
PID:1652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,884018646588107538,2629975239502284866,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3316 /prefetch:8
4⤵
PID:6992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,884018646588107538,2629975239502284866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
4⤵
PID:5816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,884018646588107538,2629975239502284866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
4⤵
PID:6296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2044,884018646588107538,2629975239502284866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 /prefetch:8
4⤵
PID:412

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,884018646588107538,2629975239502284866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 /prefetch:8
4⤵
- Suspicious use of SetWindowsHookEx
PID:6804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
3⤵
- Enumerates system info in registry
PID:6856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:4608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,3067985038949092193,12647355607773895173,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2032 /prefetch:2
4⤵
PID:5528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,3067985038949092193,12647355607773895173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
4⤵
PID:4132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,3067985038949092193,12647355607773895173,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
4⤵
PID:1036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3067985038949092193,12647355607773895173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
4⤵
PID:6848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3067985038949092193,12647355607773895173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
4⤵
PID:4232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3067985038949092193,12647355607773895173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
4⤵
PID:2988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3067985038949092193,12647355607773895173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
4⤵
PID:6596

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,3067985038949092193,12647355607773895173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 /prefetch:8
4⤵
- Suspicious use of SetWindowsHookEx
PID:5676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3067985038949092193,12647355607773895173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
4⤵
PID:1636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3067985038949092193,12647355607773895173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
4⤵
PID:6864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3067985038949092193,12647355607773895173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
4⤵
PID:6168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3067985038949092193,12647355607773895173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
4⤵
PID:6944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2020,3067985038949092193,12647355607773895173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
4⤵
PID:5288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3067985038949092193,12647355607773895173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
4⤵
PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3067985038949092193,12647355607773895173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
4⤵
PID:6360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3067985038949092193,12647355607773895173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2996 /prefetch:1
4⤵
PID:3124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3067985038949092193,12647355607773895173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:1
4⤵
PID:3364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3067985038949092193,12647355607773895173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
4⤵
PID:5884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3067985038949092193,12647355607773895173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
4⤵
PID:536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
3⤵
PID:416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:5472

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
3⤵
- Modifies registry class
PID:6168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
3⤵
PID:6864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:7108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
3⤵
- Enumerates system info in registry
PID:5364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:5496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,2863983497553671324,568891179533621245,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
4⤵
PID:3512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,2863983497553671324,568891179533621245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
4⤵
PID:6656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,2863983497553671324,568891179533621245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
4⤵
PID:6440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2863983497553671324,568891179533621245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
4⤵
PID:1452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2863983497553671324,568891179533621245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
4⤵
PID:6576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2863983497553671324,568891179533621245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
4⤵
PID:6164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2863983497553671324,568891179533621245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
4⤵
PID:3364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,2863983497553671324,568891179533621245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
4⤵
PID:1712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2863983497553671324,568891179533621245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
4⤵
PID:2988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2863983497553671324,568891179533621245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
4⤵
PID:6944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2863983497553671324,568891179533621245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:1
4⤵
PID:6708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2863983497553671324,568891179533621245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
4⤵
PID:5920

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,2863983497553671324,568891179533621245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
4⤵
- Suspicious use of SetWindowsHookEx
PID:2384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2863983497553671324,568891179533621245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
4⤵
PID:788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2863983497553671324,568891179533621245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
4⤵
PID:4736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2863983497553671324,568891179533621245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
4⤵
PID:4552

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
3⤵
PID:4476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
3⤵
PID:6056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
4⤵
PID:5896

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
3⤵
PID:5748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4704

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004EC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1020

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda35f3cb8,0x7ffda35f3cc8,0x7ffda35f3cd8
2⤵
PID:5976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,3943978373222298611,1958733681980739365,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
2⤵
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,3943978373222298611,1958733681980739365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
2⤵
PID:5464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,3943978373222298611,1958733681980739365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
2⤵
PID:5644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3943978373222298611,1958733681980739365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3943978373222298611,1958733681980739365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:5924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3943978373222298611,1958733681980739365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
2⤵
PID:5132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3943978373222298611,1958733681980739365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
2⤵
PID:2008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,3943978373222298611,1958733681980739365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4220 /prefetch:8
2⤵
PID:1576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3943978373222298611,1958733681980739365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
2⤵
PID:1032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3943978373222298611,1958733681980739365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
2⤵
PID:2404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3943978373222298611,1958733681980739365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
2⤵
PID:1424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3943978373222298611,1958733681980739365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
2⤵
PID:5288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3943978373222298611,1958733681980739365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
2⤵
PID:2092

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,3943978373222298611,1958733681980739365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:8
2⤵
PID:5196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3943978373222298611,1958733681980739365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
2⤵
PID:4972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
PID:1856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdb024ab58,0x7ffdb024ab68,0x7ffdb024ab78
2⤵
PID:1400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1976,i,10611171198048076293,17090287360561285641,131072 /prefetch:2
2⤵
PID:5996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1976,i,10611171198048076293,17090287360561285641,131072 /prefetch:8
2⤵
PID:4464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1956 --field-trial-handle=1976,i,10611171198048076293,17090287360561285641,131072 /prefetch:8
2⤵
PID:6132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1976,i,10611171198048076293,17090287360561285641,131072 /prefetch:1
2⤵
PID:5884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1976,i,10611171198048076293,17090287360561285641,131072 /prefetch:1
2⤵
PID:2368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3496 --field-trial-handle=1976,i,10611171198048076293,17090287360561285641,131072 /prefetch:1
2⤵
PID:1948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4416 --field-trial-handle=1976,i,10611171198048076293,17090287360561285641,131072 /prefetch:8
2⤵
PID:4484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1976,i,10611171198048076293,17090287360561285641,131072 /prefetch:8
2⤵
PID:788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1976,i,10611171198048076293,17090287360561285641,131072 /prefetch:8
2⤵
PID:6360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1976,i,10611171198048076293,17090287360561285641,131072 /prefetch:8
2⤵
PID:6380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1976,i,10611171198048076293,17090287360561285641,131072 /prefetch:8
2⤵
PID:6528

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:5624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5320

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6316

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3e0c055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:6824

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
c5da598a34c55b8fed20989a4f528e90

SHA1
f5833d7868338e31273f5dd6cabfa7c07048970f

SHA256
70664ea23113025db60f3ee5d64320752fc368c1a1326261fa0eca14ce4ef302

SHA512
1a4782d1e6440067026b6b6c75e5d20a4f1dcc3a9b7e40c8968d1344b168c2c52acac573a978f5489e11dd8884e49278b88b0951320b39f92e484726d1d83b40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
5f512695d36d19620cfb27d232c45f93

SHA1
6d5e6f5f2d1d590acdc4b24453192d07167fd0e7

SHA256
4f7f4e8cfcdb27d29c43c97423723d1459f10bab27655c8b1300eb63bdfc99b2

SHA512
78788e70044eeb3e33c1692767720963bbe23919016d1b891b0f3e31db7ff4b45fc7ad516323adea0fb07e38141e0130aa92fd4f0a8b05f872bb63a90aaf31ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
440fbac48fe9e4088d4fdd0195c45d8d

SHA1
2a48fd712accdc84c003f074ff7ec12a95d19aa3

SHA256
ccd789c48c62ada96b3e5cb3b032d077d9720b7c969946aecdd1d2ef0d4df7af

SHA512
216b19ca1f97156e64f231bbdd2fcdc2ee9dc16e29987f4a1397974d2bd994db3f82c739328f27c26a8a1a53d37eec26c7f5e1a9701ce444bf19bf3e9a1b0ac2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
14d990f186702456f6806be54b24d1ba

SHA1
8c3f087b974232600a26b0f5e068a8093471ec17

SHA256
17d34c99c3f7ebac0c3ddc6b2494348f5c4deefc2f905c8556fb708f1ac71a65

SHA512
2b5e24d021bc397ce11cd5634dbd52e75cd6f061105c56517aa5bf47010b12d4f209c17bcbf28d6abdd6c4e0419778c942b06430d149aede8d5c069028b5d048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
d83348f1ce8c3f34c891ca774816251b

SHA1
94d3d483fac66e4e7169b15eca3a7634b7145d9f

SHA256
fe0c0404c20b3f3a22d9400504c87fd44e6ac295c330852689860d60a80f3e31

SHA512
079fa6fd9b07ebaa51719ba002d493cd1fb3dad418d8df4086c7d8a71ba4d02cdef65ba4d4dfa1b84e09c523c3f4554d93578480531d08650c3abe7c08bec9a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
29d504846e5dd6c3e2cb92f61d5c8916

SHA1
3cc1fcaf90a6b13f60afe142864dc9dc1c90f2d9

SHA256
30295654164ba45f59f56526675008b7be826ea70136ae2d1a638d8b51f7bf51

SHA512
9968d70fea92f40f6cd686dc609bceb049320be149c087df7ded85583b148bd56e0c5280c717cd919841a153299247050367b0dadc3b035d7bb5269749876bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
2a2b2b4c679ac583e2eecca9da961fde

SHA1
fe68ad9120467438abf41347fa47656c6c931e48

SHA256
e650ef359e92461c6cf69fbec594a94e7d12eeb37dfbced7097c9171aaab987e

SHA512
b2dca486acd7e9b5cc9671d4a687e7d39fa733222ef4956421013bdcc566f1c503da5cb79b780715bf2a1205ad581d687e4d5fdacbac0efb6e264351a458f455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
66211fc0c99fa48cbdf9a51971ead0f3

SHA1
8e9f3384331f1d046e24239b65b7e0e5997dcd99

SHA256
6d2ef2846ef64a77715afd3feef84abf0a206784810f22552c255ca25b4c15ff

SHA512
db19d72fc0c64902d0d8ec6a4df3dd77ab443b0120197a18ae7b2737bf604a94f2ed78de00eb042ad30fcf9e8b911a7d84a8b650c744085a28dbc7338f56cbec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8ecf06c82d0ee57133830d9d5407933c

SHA1
0f0feca3b863c49288015ae60ed4673fdc2c8b34

SHA256
29e2a3ec74787eda95226fe8c573d40cd54d019233df4c774021fa2f192a7c36

SHA512
ae66e4febc64cc9fabec5450fbd34eb0a1ccd6b6f92a024f6feedf2e397f2ec99beb82649f90fe84b5c771c909d426abc0eaeb76ff8b4101ab9d27960fa60c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
de47c3995ae35661b0c60c1f1d30f0ab

SHA1
6634569b803dc681dc068de3a3794053fa68c0ca

SHA256
4d063bb78bd4fa86cee3d393dd31a08cab05e3539d31ca9f0a294df754cd00c7

SHA512
852a9580564fd4c53a9982ddf36a5679dbdce55d445b979001b4d97d60a9a688e532821403322c88acc42f6b7fa9cc5e964a79cbe142a96cbe0f5612fe1d61cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
bb2d6efca68ea0ea91910c15599ec159

SHA1
ab4ced81e69cf9e6d06ff437d700075c7ac4f122

SHA256
4d77e06cd4bd9e2c1271304dcc636639e81f3c39530dc019750bea66ec57bc15

SHA512
d07355772e3eade8c814b09d6abe9a9fb44825a533bba73dbc0b99c213963101702821cad39c0ddda7e474a6aac9f7e0211dbf5a737d318d319666f0abe30a6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
fdd624ef55f1fad0f3457054be8205ed

SHA1
6ae0dccddd9ccf9a949352e58d053cf17d459c4d

SHA256
562254fe7f6aada417307b8c07d4ddf41d498a79490a0be4a71da13f86fabd95

SHA512
7e7f72d1b9d01c188ca8f3fd65747845146094c90656305753982caa4567cbc4c964081f6a967dcdff59935187d3c66edeb4ace935fbfbff16d265f7cb624cf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
bde07e7a726eb586f0de852ad3766413

SHA1
1b58109013ac54d60c2fa507248ced33f9a97b19

SHA256
27707b4eb2e0b036265e4376d4e0adc927a42d12fd71913936cd6e546fd510ff

SHA512
0b192b829ddebd5ea34f95e14dba8d7f8134ef80d48664753312b83af42d4333a96a1e86b73596d7160260ca96a44f97cf76d51da0f61f0d90c438ec25405389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
746f70f717e7a0fe89583e96c0753692

SHA1
dc5a10000667ba403d8ef416bf226774c7ca7962

SHA256
f068014fc89b10dac0c03af1e18cae848b9a980910884555fba1ea766109d997

SHA512
2e23a0e41d8412445dbe99809992836b0b8c4382ab5118b260a599b29290248342746c5711807118b731e45dc074ca19c9baf43887e29a850c0a1d1af712de58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ea93d6af6201a531f7a03bc710b7a5be

SHA1
3605c61ce85bddc3c6fb676e388a1ca49a363d2b

SHA256
e7ad994f0388c5ce3b3923d680b9d69804eb48d94f658de053fe2f67371060cc

SHA512
816b5cc1a9d37864ed61bf762d7c46aee37d7d25f01228ea4b46a978352294172f02c63de001952f05bef41de8de42e1a551ca9c4e2e0e7fba71d804dfbc8c07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
027cf2cc32d4a152f52b418e8b252c30

SHA1
b134b529a22972c4be3e8acb65981130cb575378

SHA256
e04188881a7d7e218aabfb22a9c7dd43d4769d5dc60c55094e438597caff72ce

SHA512
076c0d64871b8997e5e32ffd171f6a394e54b78e31cf158c80c7bf32ddcbce532e2007397fac442ef6e09157cd94617d77e6d97346a407e2e3b9ea9332e717f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
109b6598cb48d8694748162d167e23f0

SHA1
9793f8a0e5801055cc1f955bbf4a96a358810051

SHA256
0b7e8f73cf3a510a86fc61249c4527b77f0859dea483d6c48e1968eb69d860c7

SHA512
959447845694ac6893bb0d5e04d79d55020fd0d0ffd86c2a5b72ce9bbd73d809e5ccc6d24a1cb2472eb7e45b9ab3d731603c79b0d8f3ed61c60a58c66e548492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
704d4cabea796e63d81497ab24b05379

SHA1
b4d01216a6985559bd4b6d193ed1ec0f93b15ff8

SHA256
3db2f8ac0fb3889fcf383209199e35ac8380cf1b78714fc5900df247ba324d26

SHA512
0f4803b7b7396a29d43d40f971701fd1af12d82f559dcfd25e0ca9cc8868a182acba7b28987142c1f003efd7dd22e474ac4c8f01fe73725b3618a7bf3e77801d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
15168de678d6522030e7c8a8ec976322

SHA1
0ea1a4965f933734a7b1c8311bb5e7c0e9f29816

SHA256
a54461655a28e5240dddf26b1770fdee10155e5b567395e28ac4b1dd5e72276c

SHA512
b63af9b4afc061822a638a63c0c758942572205a898504828aba274e7e5fde5f7c9ec9d5b48849969015fe53d3f086d9227061c0fa777c77d30a6eb3ec4e1b1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
888268d71768fd58b3141ddcdb1d1a1b

SHA1
4b7da9db3e827573e49c6e7a24ae0704633cff43

SHA256
73e88fe99c7807e6c570eb69e0156bd1288479d1f89301dbbee7cbbc6996241e

SHA512
dd6621513230d8a0d2ad21d49580bc74b2f8f3e10e60dbc2903a37e05f928b19e93546ab39a8129481f00ab07d53a8bdcaecb107d7cdc0e04b602f95b02bb109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
897dc29ba85f84350fc0a213a745fbfc

SHA1
e2cf35a2aaa9ff897e7dbc005294f55148766d18

SHA256
c0cba294ab67f9bb95b68c1da27299f94800f2d15d956440c49e1971e2d020bd

SHA512
5b9e56bf5b30a9c502cac9626d50e0135d51a349c173989fdb12b492f7614a05fa4bc25622f4653180464a69f0fdb7e39edad6ef531d3fa7f8301f355f3d2184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4ed0a748530f104ca3ad78e06167580b

SHA1
15e3d0fb4287d5a09f602e0ed0589c39f6fa188d

SHA256
842f05c0df55018bc6fe77a10eb12f992a700064581dc3c1ecee1ca2e4b2df5d

SHA512
433fa2ba061b332d0ac57daa6d2462330ad05a2f1d2da449861167a28d988e8e317c719e5f1a6c991b2896085e1eebb5b60f052395473ed2608255ae9ad420d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\106b353d-9759-4099-be3b-08647b063a8c.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
3d438baee535aaf2d70d4558ca983890

SHA1
9c7d33d85522634b08dd8ea83a382f1dccc71a32

SHA256
8909c113b8d2d74c48b88e57d39787ceaaa197db008bcf3834cd977834144e19

SHA512
acee01bd73c4e13cd4d630e51450563b75cea30b631925884f259030b5a75583381777a6925c49cd6ccf2dcc34bedb541814d9324a2c162fb9f4087304e16738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
3cc8aba1050fcbfc7916e01fbc91f8ed

SHA1
c0af96f62190b782f8726ef8b3d054aeb43f7e79

SHA256
763806cc81b2d9899c9a82ee82b9a01177d750980e4f76aee60b3e5b6073e6b5

SHA512
0410cd282936df300362930e8b8800070f40e2efe216f917080fc94258c7f0ee2a61e913f14279dbd8b959658c864d29c427665026c40cb532f88f13d669a269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
c78c5c866e711e022fb54238942a70d9

SHA1
59f2a4e0f41a6cf8f39955b341edbafd9635afaa

SHA256
4e759012b7f97ad8139796eceed0d32cdf6aa2951f3584ac5935a129c6658b0a

SHA512
644828bf95c45678f9d0ef2f06400fd23cf5095f7bfc69b3c390e6b98a012d16d35484fe25aa89061e726c1d406e92c2b18bcfc041b2ab8a225f8e8753d832ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
1.0MB

MD5
55c1dd8240457c56907255cd086a7bf3

SHA1
4cec7f24361ac554e8a521bb3b067973c68986f0

SHA256
f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617

SHA512
9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
4.0MB

MD5
0911eb15deaa47c5ec57dcc7ac0056e1

SHA1
cfffae3ddb5912da40eef4941d7281a5cf727bb7

SHA256
cdfafbe7b38efbd8ecfad59f4a728caed8dd48c63ad3707e61862c927cc4895a

SHA512
016da6cb1fa4f7ad77e5d651d381e2c5045812ffa691dd3e3fd862073812e3cef5bcb6e28babca6da23357c7db4ee81668fc21e36e8068bc575214fcf638ae5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0b94b2381d8486db_0
Filesize
288B

MD5
ce67d8fca8546d75f1bd89fb0a867807

SHA1
b0f1c4f64a95f8fc6719da4c92d8f72093078182

SHA256
2cb9fba3ed4df5a9aa5c4fa0c7ad285e6d42a8b0b4f0806287a9531acb72ed95

SHA512
ed5071029caf66ad779d826ad534218dd40c4a4fa0a7bd45a00298e153f5479bc8f2765a34b6ba245289a052c82dd7997e0917fc2c008efad92fac624a21136e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1e06211fc96d0ba3_0
Filesize
424KB

MD5
07e9d37268e1ac91d3a39fc140c03d9b

SHA1
a9d161b311248bd4f5edffe8e837075a8b8533ca

SHA256
70ee9b845df40bd00e7ada094d57a4a96324a4e916d6ade3b73d2a5094994979

SHA512
671af1aad2e38e0fd22fedb700e251f5a473b759ae822455692a5efd915a172ce5d928366ff15184b4dc602bf24a1929d4ad936e4da4aed3ce064e2a8c011c74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
6b01bde517497ff01e5b9a8e7021d462

SHA1
582ae32b6ed6f94c1c159c22fb0b711718c2e9ad

SHA256
efa274da853344af12cd9e553f8c1ac2673c4ade3fc96a7ce4d818e4352d2c8f

SHA512
8d25b4bdaa4dbd385c98585860ae90fa03e29679ad68c427ec8d582d04b7e67df72bc31506cd81b0990761432c3a2190d31068216432642366cd5eb39801c3e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
8804ddb92d8091f0beb8ffd96d28f413

SHA1
106622994185518ee7e99762b0ba9790854403cd

SHA256
908af52e492a3467c18cbb46904534587d47488bc24e6a0ef45419f98a633471

SHA512
3f4646e61644e9ae0ec769e47c7abf461ea3a19a7d9239329d01fa7d25d11ce36afc12683a81e1d06429e93f870b618c76a8888923b98eefd23b776792cae690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
7a9a7c6b019d94adf936f2a40a5a68be

SHA1
267833361665e9127a74a35e22d5ca1799d42b6f

SHA256
27e64712ee573ccf9d977e136e25a990d5bc611ff663e36e9de167d51f9af96c

SHA512
3bff9530f0d4a78ff57ee5e2d53462cfadc2785585f4e122ba256d325c5097aa44af44bd8e3e40040ae3e40b51287e4bde0d330d1e314cd05eca528515bd9a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
40165c04fde6ce2a82e14269da9abec3

SHA1
1ecb25f9f1bf1f3b51d729dc9d08e75340fee1cb

SHA256
8530309ce19faed9e36d9a239d45e19a9018e91976389ca703d5b0d1d4bec1fa

SHA512
98962956734227337c54fe1deb0933488572e8e6568475765b951b6b54b35f9b227f0e07be57a14ba08c70e755136deb5e1ef91790216f92c78a83b9d9dc6b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
5e62e5e08aa153847a8c687d67cd0e43

SHA1
873d4d539fd659bdb7ffafaa4acb56b8ba226f7b

SHA256
4cc4ea0c0532e1c96fff84843a87837e8892e9c55a5a4b7a65fb4d8696544f08

SHA512
4eab392cfc58db7b42e8d2d10543b191d88f5c13920d9038043db3b2ba8c84c4bb0fb5f36a22bd0ed2f242b373448909fb59cd132e586d0a51df8f7af8b3c9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
002b788cc50f5ec7918899622150d7f9

SHA1
2a5eddd616ce6a002ac81b2de49665295fb1fca1

SHA256
68fbd4ad9371b41aeec1cecb612bec972f0b046a6dc15ebd2f83855b2622f244

SHA512
5e96292bc5d7795c30da483dc4547060db73a8e140afcead51712319a7d75288c3c14974953df002b978f9ef0355f345a725792e1fa08163e3c928542f216bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
d9c6659a5cf453ef91aadab9c0150b97

SHA1
0ccc2219046f1c0688fb4def0c83ba83643e373f

SHA256
a7a7c0838e717b81cec554b901e4df198afb7b91a0af3fb4389438273e0c772b

SHA512
aaa962224184a8b887f6ed57ef0978c93421a576e2b859de8aed04e3b2b560a644577afc44b52cee78eb145c79fe7718815bcd82f3cd04d31c2cca8b06426587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
ab8f1c65a62e84cf44ad426e151c1fcb

SHA1
aef3e5cf7b00c4569daba56a260447b7ec45bc63

SHA256
0af50bfc5f9d5afe98c1f15b1ac5bbc3bc25fa4bf1f1627b3f780b3bbfa20ea0

SHA512
4c0fe9ccdb21f1ca8e1fd01470a18a450ddbac1183189bbec6bc6d03c127205e7893bfd55ed468cabbc98dd332ef9816e72f77d7ce1836ef5614e8634800351e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
e8cc317d9c96a0661dd9cab67d44f689

SHA1
7d210cbd078980625f14aa8a414a197b68fcaaa2

SHA256
9179f28e32d997261b4cffbb4d4b614b8223999171e3f73e14f00e53bb8eba46

SHA512
a0f7ef23da6037875a721f70a5872aba70e45affaf742eaa490eba72e65ae18fdd73b1ea8919fc5c7dda811e4291acb34fafd7be1ef1019034204bb510eb3d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
075d0deb93def5e0ff13a99802a0df39

SHA1
b88a4c2293b8a556eb0faafeb9f6620548eb0f37

SHA256
991b80ac0411557a50d65651db31bd3b51a8f9600dd2ef2bdca8ee80baa4f976

SHA512
bd37f22acd7fd85fce086e0ea00ed5b67f5fb885b61d49781a65213c62505f23a51acd7e16cc2d5ee3f2a0bd872ab0f90ff7cb018e57410a76f012f296700bad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
06c8cb8baef32b537f7d5741548cce77

SHA1
04c3e41039fd0b301db3413bb27796f89d2a23c1

SHA256
647d4441b6dbf106c75c210629493afa73325d3f2206b35e5019d92192ab571f

SHA512
baf1ca8c5b0938ae52b5e11cfddfd40b5eaa4e373b342698374fa52405d43714c26f5ff6e006d0d6f7a0ad6f6de35aa30a22cfce77b4407ae6011fecb1b90bb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
a732a9395e4e41a9d2c5b74e7ea14b49

SHA1
53b1dbe72c511a377950e6178ce9cf992c09de8e

SHA256
f88738e7c43cc54f48703c4d643d8e6b094b55dda15758b08493eecc5883163b

SHA512
ddd63b1fd2c730c78af585f0b5c341c54f10356a6b1965b0ee0e1af15dbd5a9e7f8a058b398883df6710a47518a05d53a32451a08792791ce8039974e9cb80d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
ae07bcb53805b3124f631f06e6bbcd60

SHA1
034e08bdc1fe508ac67d72f48575fb14596fc02b

SHA256
c02c1e0632681c4617c687fa8ad1274331768f68085689509a1e87569a8ca1b0

SHA512
587df09814ea308f7e28af451b2074c8015a2d3ffb259f77c4a99464cf854be93212e9fad3f83053df9868e5586b0167639f3b9328799f94507b9a2733a3b9aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
c39f8b6f31f85d5904d8a1594402bd31

SHA1
73e1463126a163640578bf0bf11a38637aebcd0e

SHA256
bdb1c314a737a1bfa5ee86485f1081bb209c900182e92692a02afdcc44dfd336

SHA512
4c4f09cff73bd5603edb0810400d5f1c483177681fd0c3a0fbdcab75f21eb89f7486442322ee8f0fab3f674e2090e38eeb30b32469a3b453a838e08e67b2ccf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
dabcefb12a7822445e29795f0081a489

SHA1
3aa077a47fec4ac73e0daff8e355bd17e2455b86

SHA256
28ed2817094b5f37edab016d4f6682a72ba15d90dc78ad02e3c6f2179e19a773

SHA512
79db9ffab2dbe1b40fb5b1cdb9f3363f634942e055c9cb2ad3372947f3e34ed590c9f635c2fc82aef5d646d5537267a6ab6a6c0c5a12e2b8fcb7c4dd10a7e5f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
bcfc914e1e9f6760210c024184a89755

SHA1
33fd70a9dab97650887309f4d482859ae85f9f80

SHA256
d84501e0b617d9c5c9bd46061e820a1f009afc1c3e25969da12ed49d8b2a5b69

SHA512
41bae72a17e02c16ce4560492f8091c1c9ee3678a49be9babe6e085f231cddcafaebd79ffed3ee4844c21ae78966a15a5f498d0d85202afc3385fb9f1bd3f7f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
e65c162e297796d235979cf96679ca31

SHA1
1b4f10c8b3fa2054ac047c2a7057dde0b6a7dfd6

SHA256
024331769d99950e414299744e5884ffa516587152fd17db019cf5c7af1ff706

SHA512
59cf9807b6dc0bafd56afcd3cb34904a652f2381e93b40b1489c61b30ba7ede5f014c5cb965b4a627da2cea337dc363a0e96b84588041c1a1b56fbeb9136b714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
2f112c33cc4689218797044137479628

SHA1
60e5656bf990896993e1d17c02e3638656af9a36

SHA256
4145d49cee29dc3a412ab19dd769e7951e060b18967f093b45df1a2ae01e7182

SHA512
d909007924c24adbb187fd10a740e7a4789625fe8ce86fa1be55e832f480abe06011a192b9f2cf47449b40a2bab6812c88538f71bae44d42b41f57ddcb79c6ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
116KB

MD5
9bdf54cbe7ac6563a03489c88a87e397

SHA1
f411a10cb9993b0350e099f59065d9041a3aac90

SHA256
fdd3f869a94047b9c23edd216d0554bbcd84c6dd2c622612bdd97932135a9cbf

SHA512
364b07ac52a084b82b580577a486c9df1ff793900c4583159c55339ea41ecc4b9835fb462330e9ff6eda836e126e28e58da66c1a781da6a711072832eb5342fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
Filesize
28KB

MD5
ff5c48ff4fb7652299c044fe24ce1062

SHA1
75cca2ac6a5d6f7417f88b956ba7da0133ce5273

SHA256
4a89c895a4e8bca2d461a2be0a76a96ff7145839e2c4fb1b51664c354ed3a7d6

SHA512
5a84e6f2762df871d90f68352567362abab9d8d5075073b4d1d9e8b33865183cbe0c8675a6caf0d719e4fe2428068b99f90a13addd4b790e3f59777ecacfb726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
125B

MD5
47ed89329070d5f0c807880e621658a3

SHA1
b9b9c459dbb464214b4e65205bd235d01354b63b

SHA256
243f939125f947ca108557d319c5be11ba4ce3f4d5158544f3cee4b8f71f7279

SHA512
bca297a9d05885fb46afb10930ba099ebd7bc7a6cf9425cda7bf3f0732d905fd96186d9a1ab3c978e2860c1a8eddd9e58d76e60132224983689c9585ce2bcbc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
e6e6de973fa2c74e9ae5eb3a91d00dd6

SHA1
6e39e8dbcc0dfd0da77e21b1df8bdd4709d91837

SHA256
bb2f602a7a5b97674de02f6d7c6aaeda2955eab4c848769566d5e97cf887511a

SHA512
7c7e88fb36969f472de9618a457eeeac95fe32bc9d95cc79008b07f73aac9ccb10c4d6d5b9b104898265d30443c068ed1813f2d221ca7492d761403db6d366b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
815B

MD5
d598900b47a16397407e6b253b339a46

SHA1
18558f0d3ff52582bd0de36fb84ffcdf8d6863e7

SHA256
e0544cf4a6e3bf2313819122ff52d3e5b47a2577b3a487e1de54bfaebe5ba6a6

SHA512
063d07588377c9a03ef236fe6d6ca82134bd15495a4345d5a0e467b4219c6152948d8d1c258d6d3749c2eda21adf55eac8fd3f891c03134325891a41c635d65b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
815B

MD5
f6c3d06abc09fc577b8032684c0b11a3

SHA1
78f961f32757922d52ee82de259f9168576051e7

SHA256
3b654906f7279d30b18d23dad7dc09a01362d72bf7b31d4ea5daf2cc5367ad4c

SHA512
420d2843f6131171f3e6a84d8aa2b17e4177d381a376057b92a38f0400c58fa1aafee2562e9656b6987685b9041af28c0a88b8bd9bb93083404e6e14c901f0bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
815B

MD5
2c1b17413460fa3331c36378d7cf5a1f

SHA1
ac4e610d2df448a397cf09ea731e0f41fa5b9d64

SHA256
33f0dc7e905f130c349ed3740564ce57a961f72cb7368022c41a32a163baf82d

SHA512
a2a4264fbd69ed87e914b47c5e3076348671e1a593a87e247754e1c46122bf0464863ce12a0c31aaf6bdcddd175dbf60456c38441a520c1f7853df775e712eac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
815B

MD5
5f1c92becbbfbce5c6b58e0ca2452a10

SHA1
0c1f4356b14c012d5a163bdc7ca4ca62a093932e

SHA256
dc48e87d88e4bb30efdcf85d7260aeca788140da56fab1d29df6f1fec4d30145

SHA512
bc98583889ff3c201028950639df0a33aafcf61e299095e1aab9a300fe866eee630fee41e309778ff9a145388cb968154e328c25fdc2401b6bbfc8eede6e4c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
815B

MD5
5d71e694a3b3051fbfc4e6def0f96835

SHA1
94de3bff444f97da2f1fbdd4a2d4566c7060be1f

SHA256
0c3295a593341b648dbca346c4facbc4a5be203b09ec287566bd6c44dcbd7ae6

SHA512
4de2109a6ab3ee03af6f2984866b0954758ba5b9ec592c6a7d66f6955ca846d5711699487067380e1a8a44be48c8df54bc5b44138e7ed3ac4e3c43a4b80bbd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
815B

MD5
40699e15e3a88289fd1f3af1e3c71403

SHA1
d499a9d6adf3ec5d8d6a407233e0ed14b22fe951

SHA256
b6f9039c90cd48c854ac6f91455d4c54b36d1eaa261be854a9f420cb923f9c7f

SHA512
5dfd9b3bcfaf6e2fca242f2f906a70a17c1b89533613a668854d84b7d629f96c4ba570856085f735f7fdf7d22cd4022d139bd4975fef5c2e202cc15857f5f744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
815B

MD5
908db0f2b9958d1a81877a6697842a41

SHA1
fda20dfc738e1c760f123db878a4c7eb895ceef3

SHA256
d562cf8bf7a4e92fe094a5024e8712518a986957091e96ebefe9ba77fdb35089

SHA512
8c4304c964ca78215487d6a82c69f994a1700bf41294ac30d040e2da00fa0b10afde2f46703c8b3b822d94f0c530dc715d5c40ea4c2cd9997bb456fdb4c490f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
815B

MD5
028319d655aab8bfba95f6ffb650a8f9

SHA1
a9481ba0f51ea1ae65d94f33739417ed81a63a79

SHA256
ae8026f95723f77c87f119e4eee928412c1f7cf78807b4d35880866ac45106af

SHA512
a5436378cf350884e7c2e1fad57069f3e6b65f912021922ffd99f0ec3a4cde2b29c030663f76f074c5dcc9f93e1c25687fbd37b86e407319e7b39c34490cd1ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
815B

MD5
0831adac3f7d22317232bcfc93be7f9f

SHA1
b5730628f8b0566d8292aa4f205bbc86df236a6c

SHA256
497a0e60208956de7823d30fdd4e88f9d8154cfa550e71b5dc3a1066f1fc69bb

SHA512
cfb997647c07c0d0ceec36cfc5a6e96b4448b894791434d7f7c94e3180c2d72a23a77a56b7090b1467f86a036c92250b09950609006312703a55d5152d8ee7c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
815B

MD5
785ec1c6f399cd05df7b325773fb8fb2

SHA1
6b4755d5c8f2b36e45631cdb9df326d6af653961

SHA256
c60b1a90a52eb1247a52c404dba4c1d6086ceb1800e3fb29fd798228710d0db1

SHA512
935568424ae69ce01e1529d3d3ecd4c3ff9df86b8f43a10831f40e852beac783e78eb1eca4d7f4af80e960ba72cad25fd05639fa145ccba038e3c1168bfd6dca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
815B

MD5
ff893dcc6fb990af3af9c5c451ab67d2

SHA1
d82e79c2ebb813fa5034a8b1b5c63764cf40b1ee

SHA256
cc43ffe16688fa2ecbbcb5490f7a715afc4e7b45033dd322afd1acc245710204

SHA512
b4075a692a26f7a2d77c4d3ea3f63e2d900b4995d7553563877195e65df6448cf0a94e1d4450ccc77f0f0a00be4e38aa4b42ec902e18de1688cb46f2bb9e86ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
815B

MD5
7f737b5c3b925e378bdee8a566bcab7e

SHA1
a8418173769e5f8550979c9f243a0961006cc662

SHA256
5d6ece0f608d19f5fbb219ea85992aef15c3b86d90e3508758d704a84b41a361

SHA512
d5a1f6a1d6d3c5f48fb4aae138f6c7e70fc2f00670431b753a53abebfc0135b6a6af1daec0dfc665af24166b50ecc5057260e4cd7d99b4dff5a216c209f520b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
815B

MD5
676c56dcb19a5d7ad8df24c0c26d5907

SHA1
fbd649d45546e9f085991d7fe7cdf6eb2fea11a0

SHA256
75b5c75e1895be62ee0a52eb59d6c8824048f90b43b22b4eb45b914b8146a2da

SHA512
a04bc6e34e8eea564c9caed022c236986b170a088f617f449edb010dce207a34b52f1a0d902c5f3106ff7af6f530a36cc11e91fc3496dcf173adf979181eaad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
815B

MD5
aefacd9b67a4d0c37fb28e5b6d79c47b

SHA1
3622357ab4116c54a0b1a5006bb3382301750996

SHA256
6db75813b5eb03ad6079f9bd752cd510ef936866bd555658791e399c7572e8f6

SHA512
049a2a93a10481cac7fc19b4cd1bd5efaab476d1e5f03a982abcbf718b1cf9559e55bbf1fb2e30aefce62255b6898bfc3787fe09cf4d5087b7583588a264d162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
7c41da39162122560f17dd9f71c63fff

SHA1
6d5be8da49358fede1f02bd951969dfb719b6740

SHA256
f123a8cbea6ad3be76a7f47467e3bae3746078ac7bc1fa10c78d544250fa61eb

SHA512
b8cb1a86d874fe288803cdda6f53f3d6868f106a173e080c01b32f0893946faa51a5233ffeaa9373c24eddbf777fa838f48bba5e555da016b6f6070d0187394c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e6d84182898be72370236d48ea6b386c

SHA1
edc9a39f7f0bca129cdf912cb400b557c366bfae

SHA256
b77ab83e4ea5fd643b6c1703dd778ba41b8c52ea885ec0a0552889b6dca36f39

SHA512
83380eed426e2953399b7c9389e11c23521f3c9172f78b97013d472c4a981351e21f8a81fdad3aa6971186fb400992a98e2e8dc94c2f87f2c96781af99462b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e62b6708c4b4227f2a136e5310bb54bd

SHA1
a0bb43d8416bb6a63a378e1423463384302120a2

SHA256
e792267fc66b478bca1b7a81f16425ef6d82c57b1fbf399fb473447690b854cf

SHA512
1c444bc9ae312f20d00746f3b01c232cff7ebd80a90059767488911f6196847a99b660e204e8dde2643aab5118c0669963ce3a4410110cfc4cc018a21d9bd269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
862e1781a8f067dcbd48228d8ade1300

SHA1
326ae01b85897d4d55a8e6dc5304b6852b512d1b

SHA256
a2540f5018e134967fa977cc99a25b690ab8122bf6e69d743bcce25ef162a5ee

SHA512
394d9553bd2e01b47be773e7bd8dd75e0087ebbfa03e62eca9fc1cbbae0109b5edef6273b43e7e8a96ef0184acd1401ea62bdaed428e60be23ccb139515313c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
575d71346035ddcbb0f0e3d9af258f0e

SHA1
fc4887450827c272a4b1ce61ac8331ed4347d858

SHA256
059e66050a290eb4e950027f9e7aa13e37c7b9ef21d55ddff1fa5c46c67dba1b

SHA512
c9c20e9af700da3c85cfd2a261ddf2b8535bf1c81a27623214ad9350e5ef91e62f3981167e879ffa2008f3e0345d9fcd6b9bf2887419900aeb416c806175c5fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
12de6c93dd380948c7d9b81932dac854

SHA1
0a12a4517d6d882702e8a452ada16c04091a1176

SHA256
42f15d6fadfb5d75ea8922f01d4e4ebd6dc1708ae2e62fa32d0f4ef9bc2f4ad7

SHA512
b8add43836b87a789d75144749aba31d78ddd652cd62298fa37fb53e048713d70d2ebaff38199b13d0dc4fc420ba6a3125843ec406d2c72d5c80b4025bf35cf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5b65c6837391a4352a09d027830533cf

SHA1
37d109d14f7e13240a28b999ce59f98468b23b5b

SHA256
a08fd96257d047d1afe16df0e255c2ba18ed0066acae5e14ac09ecc4c99f90ab

SHA512
2fbcc42fd5bf3697f3f38111470c65889c07bfc9a1c255cfb8ebe3104745a3c4f4a736f7f8d62245aade4f62dbf69576f0548c93b9a0db602d857fc454d31802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
026d46a25a195232da192c0f43cb7f29

SHA1
b9c05fede58075519191199cd958ef56854beac0

SHA256
6536c10e39bca6f7523e0a83664e166c0dc3458c4f313774e05b4168fbc9d5d1

SHA512
5bfe07d52bb2d626af07fc294db0a6f18fd12f7e5d9d65d5156294be5907db7bd5f0bdbd5624469f92dc99720c86f294ae0e56a51d1dbbe505d97a859b7273ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
770a67d8abaa1afbc54e5e625e7a6c1d

SHA1
123025b211a3344d250eac36b12727f8eaf671b8

SHA256
eb4b429ff03803b3e0a1bb41ee8c7680fb2637b944a5b7e1bc0344456956f9e3

SHA512
f35192442125fbd3fbda65fe789aec642ec0ee6ba11251f8bc9bb3f48f755bf4c22b58d39e379db964e924de0ec0b77cbfe6250dee31a514edc9283a807d5bc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2efdef28caac9826a224a788aca340a3

SHA1
622a763b8ea367c121e7c718154bc67cd55e90ca

SHA256
c1aa9e7c468e27757baa898f273d6b2b73dbb61d1811551b190924d3ad1fed27

SHA512
e226cc368cb3b22e6032c221f4d3db3d87d2fd21c68c1d2f9f0ae5425ec1c8e2960c04ff95a3bbcfe35b5c26b799c46084714fe42e93f0655f2bbb6763c2ea64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ba36f8f9f49313349f0d74a5763a056c

SHA1
5ac3b8c5204cd80a5a265e966b44c73e4c3e6273

SHA256
1337f44b200d8f2a42b98b6a063bafa30dfa4aaa3bd0f98709875672e02d45d6

SHA512
014959167ca958cb8b35e19d42ce971e4cf93cfe31ea77c66420cda7248442f1f98280e123cfd047dd529d76fcdd9bd37d4f597ef2f57b84537705ec4a65a174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
44c430c2870883c626a66f5f1185479a

SHA1
d614c09a27e05094b8b624d5e079f59f5b3c62de

SHA256
98887e316b342b91a59e130fe81d9af0cc4629a62e31b50b7486c094aa73139d

SHA512
8ffb4757c9f565b9d3ec87ef0ef6c9bd3c50f5af39c9f8d2bc9b1e6424c1b44285d863445d4938c9ecd9607b0d7d6186ae6c3f0f48d666ac45bfdb5aaa609d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
69b3db7d02fd483f5966adb61afa6e08

SHA1
843313d392affe4074d009cd43c392f492d6698e

SHA256
8b5d4170f19c629337f3b8ebcddccfde823937980e0e7f82ae9dd507fcc00172

SHA512
5f6671f8f87daa9a4ba4cd680361ff1c7933b239f180a9ef8fc0607322b744dc75ac8fb809b0d15f409cebc17c04102daca65a99055cc4909a4af386fbbdcda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
9f2ad681e78d61a3949bd35225ac733c

SHA1
06da47d31e514dd2584ab9cf7e8a5b2fdf9089ab

SHA256
0ae401d9622431fb71e5688033075a232e1f573959d938147268b22d83d3b223

SHA512
a4db00ded75d645ea53a2f699f9bb6b27adfb78165bc2ee355926aa162e2cdaae8381bce13f75c0500eb2acc817705a3ab286e922720f6ded10b40c10c5ff8e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
40a521c95cac06446d7ea5b5cc98b93d

SHA1
e81c3d3036b43e04e5bf1cab36b59ec71ab8bcb4

SHA256
5097a152c05379bfe199821ca165249aad72c687ba3e7c68123a1fbfee83f713

SHA512
5a1fe629f9dc4a86c3ad3ebb1605a237ef7e030df3750e769b71d48d52afc14d5c7919d50423f63cbe871a8f540becc71ba67c08b22671f28af4a39eb88aeb34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
269f0de3f441912b35b92de2ba320aec

SHA1
25ac6e1e1e621cb12d156dad255275ac658d982f

SHA256
be1c90e4b05e443f9482b2bb55d05a10aa5fccee68230a18479e8eb0c24489f1

SHA512
8bc93cc0ca46ba5a726804d01337671d358f8721f5a39675a67bdd1007f8002d928b49ef801f63dd333f8404fe72bd8a0dd39ebe83e451483e830ce1e03b07e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
148f4f5c2761ed6c4618bc167896f67c

SHA1
2f1353ad4289ff2aefc0514921aeffd1322f78dc

SHA256
e47626801cafb294f748d67f5d4bd0a422b1a5e383effbc11e90edb71bebc0c1

SHA512
1b993b4f2ed7d29f92e646920f5d6a0060a00ca1d8a1df232ba7fb78082404a219197ceeaebf4f24ed8abe6154b1afa76a20a5fbfe2fd7419ee83ada0133edbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
2b7032eaffa0229c6c9b9f7596eb20a3

SHA1
396df584b6795355f3449ac587067bffe97256e9

SHA256
c6e07a4b63ff40482a548439740139d1fb1a5ff1f813281615775a723a2924c9

SHA512
b5a31657aeb63849825d49d97cc2374e560d34cff0e82fec2339a58e65d3a7f4ebb28a229c635a7994631cf60afb94e6a75124d1d2ab1e249b114116c8da1905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
38cc94a390dffb3ffcac60d4cf2b2fce

SHA1
fc6a630d88efbdbc80305011a791c98708777071

SHA256
157bd710a41d03e882a83d6b48b14de94b30bb36178a2f638dbb1f33b151a621

SHA512
e3000417718bf0228ca8bf7e5e9774a62b2d3fccc1409eb6be1c0a3c5c130138acd5d37d732386f3bc314c85da7e218fb358c61a203ba8eef58783131a115592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
64d9dd9781b1eebcb80bd9c9e27a496c

SHA1
5f3f401f42f3c896907b47280f127f96f2413bee

SHA256
83b73937f164777d08dff8bb8f6e0c0e0ef22eeaf0c69fabe6fca139d91562be

SHA512
4f25da6186677b392e019f8a884b9a828ff1c0311829a003f3b2f2d7b5f348f06e7443cda2365f3c63e4249a6c91a6317dc1d73648a2b02ad8aff02215689c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8e9b56dfdb239cdd41fd1af8f6f72d29

SHA1
5b58bafcd8d38c9c702172d21f639d5e246c656c

SHA256
11695f59a44a13fd150ab7016f526ccbd1c00f6eecc7880a4d0e5fb98af673e6

SHA512
eb2a358aba2fe674938fab7cc3439ee5495451d922486087556eee0ea16fe4013484ecae700a80937da848f03cc2cabaa7ed7cb43be6e4b19f269054f9f196da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e14efb93a9043105ebc6e51f23c8125b

SHA1
8d7a06fd0406b632d3b255f210ec2158feb3f45b

SHA256
e261f63119c28698a53e652c7bea15e024ac6a64e520232bb765d0410179fb93

SHA512
39c1bc33ec8ba9df6d5a5b759f317d5bff4025f2d49b3f20c4a4fc569d923e8a80aca2edae5e1a95341346af9fae6ddf0b6a0cd7671bedda35b6055a58ee2442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a3cf7a802e5d55db8583f0008f273016

SHA1
5f3ed92caa46f954dfdfac4616f9fae84f089f5e

SHA256
220d3a6b5fa96b43a50dae09a49bdfd48100a8c613a9cc680ca8994b63458195

SHA512
573da8290d15f38dc3e6f9d8eba28e6355d712a95088f767a0faae2eb1d81b543c7b12305d7f8793a31fdf4d848e439d14bd2962fc9c0ef009b1b358165b95c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1f2a18c7d2655d4dbb971c8497704f21

SHA1
1e622a2dc1572ba44655f9a9a11c9a602f3c0149

SHA256
be52fa866617bf210e903fbaac34249d0561065e668da8ae301672ddb7e21c4e

SHA512
bd3f703eb33979cf69e45e02c7112ee4c0c83b8d6a8d9084012982b2d08046b1556ba28ab8fe64aaef3a7b08311a9292fb30442925cc1200b1a1d80c3d2cd645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
40378bd7e89fa87164b8b70ad2a340a4

SHA1
15c492468c3d0ef040fc988ed03b414ff1e59ad9

SHA256
8affe80591890f608d29b0629cd3d9da807a91f2101e37431ee94e9c5679c1d3

SHA512
f48d374e22b7f671fa49aaffc50462d752607fe69605a27b62af24d6200624b74eb9d928a7c1b28de08c1f54f0ff789099835f06d7d134eccf4d282e02797771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
71997702aadc532b435741787bb8e506

SHA1
35d65be59ca653e9474549aef8709a75ee0635b8

SHA256
c679d88d9f116346a809c305199caf35a33b4118f1be5eb1aa1f90d78c767025

SHA512
1e89a89a754cf23fd916d7156f226683651984e8da93023e8e020a5b855e292f21f6ccf71dc867838debb63018bfef9c83cbce58d90e583d694bc66098b8f66c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8ca0e9daa7a61d31de65af732d4f3b8e

SHA1
85db3141ed27b388495e6f919830396276fea273

SHA256
dc35a3db5b43f1cce506708f8c5722e5fc4b43a8bb864d1e4b48c5e65c2e5244

SHA512
f83b98abc2f8a03f3b060164cca7070a64ee6968c1a19f129c0af50cbec211d8eb0cff139fb162beb84d4975417dee21742720aefa5440ac01525d2bcf239a81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0754cd10ec729127e34399665badf55e

SHA1
e32d420cb176bd4c1c5b843e3956cf3786859dd0

SHA256
fbc2e9f8f00d57acdd171a6fc5ec4f2c9bd048f0cca7ca7f42d3b82196cab276

SHA512
cfcbcfd8ebd52c4c94b5a5ba155f8f392468430bb13ad9f14fbb317e95a6a00826e88d152adb983c42c8c1b2277accc321acf92cac31870ec36ea48defafacbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3775b509d4a05ec8bf3b22e44bd18d55

SHA1
19403e2d878a20e3970a2c75a253b343dc7f242b

SHA256
d5ded8b983250323d308af151cffc6c699ad0c7aada6804051c61cc4ff9b84bb

SHA512
0e02e0ef1aa9a373ae9794b2477b0e20e67a13b0490a893111b5644945bfd226d0f4d1402492ae79f83e1d64e71a9b3bfdeb22e1dce9fb5567e300ea515a183a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
63319aa5f8ff00b8ef1228e00f810e11

SHA1
8ac0e1e3d7db7e8fd4cb231c0edc466b1d35e4c1

SHA256
6414f38503280f9391212809d05ae735bc82308bbeee8bef92fca48556ff95cd

SHA512
5220f9dd0ceb35372eee1c798bca78efac3b05705271ba87ac76f2d3f8531b917d897771b05afd39cad7646e1e1e13683b299e81cbfefb9e4dcb100950c2b9b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e80a8b8bc3e479b2ba9d52d60835593d

SHA1
8f94b6faff8bb2e801a95744bf90f847b85b479e

SHA256
2c046af1a1d2aca771143b422c6cb8970a39f5cf2dc19df2e92a1cd37e559406

SHA512
ea46395ce30e9c0966dd11b6d9a92695777b0374454465e867dab51aa7359f8ca15f17a2048a3356c76e0cbe5b0aae2244a62da2583ce45b349a2bd87e871ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
0f2b260fced1a58bd88bf49c65413b9e

SHA1
5b26fe4f47526aba9f5b5b9fb8effc88b5c3b35e

SHA256
cea6088a933abcc5d9caeac809a6dde0076f02b0caf7f4222d17c683205b1852

SHA512
bffa9ffff34304aa07e28fe108c25b84ea2b4a4e3345b794168131cdf19ab2eed094b3773f87ef9db79a6412df0279ef56a7df7c31b14c0d8cb85bfa7fc270b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
225d45994243191d5a7459fa244df8da

SHA1
2f6b4269219e34359449a8be5a393acdb0d435e5

SHA256
625ee4db9904dcf0113ce0c4802ec851e8713f07c2f520e998320c2f89546a57

SHA512
9382d635186a37228ba25b88c00425bc8fe4e7dc8f2ed4e3674c1f549648afeb459ad4cb5b10b02c239fbb6aa0d8aeb0805f15f86c455dc785fb3426e1f71f20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
feef221a5f68657f99db3463c744b2e2

SHA1
278ee2d6e31bb104d6c19bd77be5c5a117f76db2

SHA256
5ce25f5deb27a9f908197de4bb769245be8c6e714aeb609f0a465887b4fafe2d

SHA512
c8dcee8518f1c8a273b57ae016f2563fa040b54c388f3814455b886efc6e38248f8da997af0265298c743bfd400348c86ff7353a9921adbcc071e3639507ce1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8c328fff59c1fb25d761ad174ea8371e

SHA1
624000315419719f0cb5bd347d07ed75ddcadf90

SHA256
257ff9ba50a3dd5f79ea4094dada886aac4ee587674c2962be1fa758f161a9ee

SHA512
0f835b525080e4674c189e5e04a2959e8f67f12f16b0833b7a68ccaa66d5ec87085e50dfae5d0293673c7a8b54bfe13f3dbedeb77f13d4fdd3740a71c20b421d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d4231d08aaa590bdeca1bad184dd0589

SHA1
aa6de895983773200535327f3a2d6807462036f6

SHA256
c76d947c8089a5f3fbadf61b6664dc063f3851bfd7c2a6a9e2e346b7e1cbf7a6

SHA512
1ef830c23476a06909332b39be086a69ba2a0dfba14c74e6fb6c1e7a6821e25f5276692d644c7ebb4f9ecb381dd258bd26e7d010bd83157f7aae831c221b39d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8c7521c4b80162357533c33e72094105

SHA1
53d201ca53e5ff683427ffd123e3b21ea139bcb1

SHA256
435d82991356152d2edc62b02dee2a516f44ca06a7a86e305d9dfcf86b6ba2a3

SHA512
d7b57281706c36a88607250f6f9187311ab0c547692c9b23d28c9a1ffddda1f8d6956e8c0e8d7ba3165537f9ac70b3a7faec27a9e5a829948aa0a78a1851521b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
91c722165354afdcf8469461b26489e9

SHA1
b2d5fcc21f2a8daf3fdac71cda155dd76b8c9ec8

SHA256
5b37c1c358885e0234fa2249e3c4a6fca0cba0a6d4b6192a79a8f95e3f0df0f3

SHA512
9303682324f4645e0cf7ac286d890613c284cfd553bb8c765b3851ece4370ac02e9642ed0f7cda1ba2ea4f131936ea731dc2ae8e4befa69bdac887b4682bb107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
Filesize
36KB

MD5
a7acc23cf085a46e1873497a72e336f0

SHA1
d95b976c66af34744cd618fd4267d27cc42e6b08

SHA256
1a780925f3514187d0980fe6d1f261b5b1a7c74f13094499fbbe0fc768b8194b

SHA512
5ebb1f4529b5d9e31cc2336ddf9431e482f716a1d3b1d51041abc50454ae44d876fc9014dbc3b3cfbf80b3e4a7785fcb848a3b74f7cd57c5732c9bee7ec2980d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
7KB

MD5
7619336f0a5327ac8b29fd9ce77708d1

SHA1
4af1ac40e897c1f7e68d9e5f7cf69a11faa2b4bb

SHA256
3b00dbb34d98ebc8c661abbaf529edcc52461ac09f855c900b7b5fd1be210b9f

SHA512
93d7dca075a273f89b2a15116d67c6e90dcf26b18224a85d41a2dd963ef043121fc34de77c0b2dcbd1bab6cc0c57734d6251200940130766d1809d838c397b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
1KB

MD5
f82337a2d52fb605fa1190769b3e69b1

SHA1
9d584a0a6fdeb52b87541cf6d487342d37139928

SHA256
aa27b27173da2e25876dc77c43d53483d2d4c03b50a18d776be509aba6276f53

SHA512
2d953ff57f88dd0e679e0dee3bf3d45a44e3c668c43c847524abfd1491fc69287dc34a61801a84a139036dcc19ec29516735950d7d63347222f0551c9c587111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
319B

MD5
4a3641d0530df2be9a9e4049b575c049

SHA1
eafd5f6fdecfd9d5844b5eab4ac43f39c68ae577

SHA256
e65d1cbd0694aeed264f7c600081ae3e66b40d73af8ae3a52fb85a7c0e24a52f

SHA512
737688254552af25feff90d75a9e4a2a815a0f86046cef0ffd683eda27bec465fcb31981a28ca089190ce5c85e5b23f9ec7b85f5f5179dec5846897968677d97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13361174015574096
Filesize
4KB

MD5
b630c1fe5606b06c9a33471e6f5b893f

SHA1
b9125a28038259c27cc6b645142218568dfec0aa

SHA256
895a00b440ad73cb0a01987e299b37d28e73a40569ecfb0a9e25c249f2ecc2fe

SHA512
93da75f85c663a19d04a8592bae965bf3be5b34119c1ffa0be57b56d216f6929b18b1a091db9cc5af739169a8866907f084a9aad1ff63988880de123cc3fc256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13361174216647188
Filesize
9KB

MD5
44c915e53d9d6185ffa1fb1f17f37822

SHA1
dbb407581306595d15556864ae408a96e7768775

SHA256
d61b3ab8c9b68a7117d57120527b64b111a44f8b3eec9ccea89af40ec42d17bc

SHA512
f5827bd4421f9ce65d815a644cd33ff1e6697055d3772e673dd95b92ff707e617b673eb68f4a1d20efd3854f1928949be9d234a3f0e99489596a95f8f385f082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
573796ceee6263564edadf9b59390640

SHA1
e1a25ee7d3ff2ff562034e0d3bcc270a9708148c

SHA256
3b69bacbbf43b2e93095a86a71dc731a0491e318348eefa58a542b6fbeee668e

SHA512
d41fb428fd2594332f14d4da77fc0aa54dfbdf2e267c01e274a721bfd9bfd2e5a9bb1bcd2ea62c38e1bfeccfc79448a834424f3b7f1c59650032c63ca6b06acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
ef53225603b667dc8c41a2e0b44759aa

SHA1
9f3e52db3172f9f0a78caf39673780e8bc2b0e97

SHA256
92a24553bff375031c6b4178953e1cbc45b487f3bf9dfe4bb8f77c35618e3970

SHA512
cd87ad3ecec6f76e303c2eb603c2b9e0eefed5f791931db25890debd3b5c39bb52fcef120b26aa965ae63665f3ab7da8cdbc8fb474481b5636c0a4edb92cad04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
326B

MD5
536545650922b8814c3d1ba2e0aa23ac

SHA1
36ca270f4f09fbfd7a1b6f6d63ccc9b48b5d89f1

SHA256
6c863c7a64854e500b1d5045323f9b07b30ac265daaaa6a8575f62b3b8d17166

SHA512
944e10b506629cfdf6180125b9f4b8fcaa9c62d0942b64113129286e7d04d9b5075c9fa925f1847830a497667c54e0f4f280f8426c02f4cb4be8294aa8cf41cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
de28ef8f6eba4456d5539493fead5cae

SHA1
d4ff133ac47350f43d9d270f4dd69b1ce00bdf57

SHA256
943a1ef094476a55209ca9e33dca97250188e8ed094f2a8e63deda69621e3d7a

SHA512
30277673b9c56c0f3df6608630ef2e70c288ea3100af54ea3ff8dedc3942858f1f4949b51d2be824417eda9fff0232808889d751a85565d051a52f645b6db100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
a874f3e3462932a0c15ed8f780124fc5

SHA1
966f837f42bca5cac2357cff705b83d68245a2c2

SHA256
01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d

SHA512
382716d6fc0791ca0ccfa1efba318cff92532e04038e9b9aa4c27447ac2cac26c79da8ee7dbafae63278df240f0a8cab5efea2ee34eef2e54e884784147e6d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
edd71dd3bade6cd69ff623e1ccf7012d

SHA1
ead82c5dd1d2025d4cd81ea0c859414fbd136c8d

SHA256
befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6

SHA512
7fa9b9ef95db0ce461de821f0dec1be8147095680b7879bad3c5752692294f94ebc202b85577b5abac9aeaf48371595dd61792786a43c0bd9b36c9fc3752669d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
ebc863bd1c035289fe8190da28b400bc

SHA1
1e63d5bda5f389ce1692da89776e8a51fa12be13

SHA256
61657118abc562d70c10cbea1e8c92fab3a92739f5445033e813c3511688c625

SHA512
f21506feeed984486121a09c1d43d4825ec1ec87f8977fa8c9cd4ff7fe15a49f74dc1b874293409bd309006c7bbc81e1c4bcba8d297c5875ca009b02e6d2b7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
ab6ab31fbc80601ffb8ed2de18f4e3d3

SHA1
983df2e897edf98f32988ea814e1b97adfc01a01

SHA256
eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8

SHA512
41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
904754a73eb4f8a75410a92b2b7a920c

SHA1
208f9e70a93742e8ca1f5e2537690172971209be

SHA256
c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db

SHA512
cb251f3f6679b9f339c3697f64ed056ae53caf22aedbf37fb57dfe47e8c0e95f295cb180c342e415bc540a9332c0aa9253af7fd2ac17b3e80ad94bcf2cf29469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
b2bea72b39b540d63cbf5a679b35ca83

SHA1
e97fd32b5b1265f03662fc54b45f84bdd1a6e16e

SHA256
ea7fdf1f23bdef20aa6391e3a86e0ab48dfe9580936ed17aadb5fadac9a3ac31

SHA512
2f268bccfd06937d7d9f6580ae6741230d4a3860aea6978cfdf2457a66e8d89134cbd65abc4297a4f938ed914e514fd8d901c6860256452214c0bf59642790ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
45c582603c45a89917288094058921f2

SHA1
8916aa30309583da595940f73f5b7c68094bbeea

SHA256
57723f4646b5568641e883e516fb99328f04f7256dcaea603e900dda31d08440

SHA512
406333fe946f6fe63c33c19cd319a0fe2cfd84ae01b6714b7c37b33f3b83a4818e9963171b7cc795577912db300c400a3a70a41f2fe90558e4ffb6b4769072e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
319B

MD5
666dde95d2d54c560cd3ff1bb742cfdf

SHA1
fcbbd4cb1aa11cfadbbd3cdcb4bec1959fc9ee10

SHA256
63b1e05e7c5a6bd9f5c3605630947be44fff885430e1234d25e08d315673f4ef

SHA512
d6442c6f6995ba335cc018fae0a3f14f5c249b33a131532345db51c432a9753befdc2a6e8c33fc8f7a8d71c5f3e935adf9a2973968516d4d37cd2f0d512843a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
318B

MD5
ccb671a16c98b3b166a2b9eac10b30f8

SHA1
a888cd976ec07fa31ac028bf81272f16f7846411

SHA256
32ada2fe18d53731572d1a93674a40ab42df4705120b77db8f6773aca879167d

SHA512
31c7752179cc0ea895b085d78676a8a3566aa94078ea054a19473dd583fc2f34bf9ad5aa7e2a6bcba4afc7830a15cc69abec9f9c211eb411aecc6c3304bbad17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
337B

MD5
28dce488b8f99af663d0e7e143cae7b0

SHA1
46cfe6da33bcd9b5e3dc122c6a0a6b8fef05dea8

SHA256
57f88291e73d29135efe12f2b9c75081525b932e7ddaf128f781ad1c5e1466ab

SHA512
99c1cdad6bf9ff5fdf19a8aa0abc956f6aa423363338084947151265c9d41adb3c91703c3d3e732de221d2c18b7f0aba1b9c3752c99154cb40eb50ebb85820cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
f1d706a1c78526e3c1452796e1d64441

SHA1
c39afbaf77c0df9145ef63a77e69a73ad54d4b70

SHA256
077b13b7f1d0d0c77f1c98109f335c48d0d57fb555ab6b1ff8d504e419b1f4fc

SHA512
c584609143cb1d51745f5ed40b462ae308647bd5019f2f6d5c6260f9def59d62842279804782024c536f3e1ee58fd0fba23a0e6c6caad60952fa0d3f03d3f3ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
a3125800faaa39683bb03e13b1b90691

SHA1
c42a7dfc242d96a798b60859c68dea6e510907f2

SHA256
82662f51509191183ef7a1b5f07ca4c1e3d29ac1ef79874e28e757dddf5eff18

SHA512
b32123e04d9fa3388f1a1060c20adc2489c8e91bceb57eec2d4f6bbfd54865aafb9a788266c2d8533c4c9005e2aef551a99f3a218810a4bf91289f1df507117c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
8493033aa2859a4cd82b95983efe53ba

SHA1
65cb2ffdece8d73d29e51c06b71ab1b8a28ca950

SHA256
39e996e40ab3eb96af982f13f50e499abcade431b43875395b38377446ae3a08

SHA512
b14efad1e58b3c1cebf0479e15938720eacaaa045c940de45e1849b26277ea28886683267725eaaf95acc43a9e8a9983197f5e8169e7cd8e12bc24934dc898f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
597798c74385ac3fc3b9e5ef521ddf76

SHA1
576c0cc0d655eabd7735ca7cc73a84e16a337ab2

SHA256
59e2b540c94c516f173e96f6330f86066cbd9c79972ccfe6c45f6c5ae658588c

SHA512
5f8ee3b778e3bf947a19228060a784dec930b91dd30905a088ebbed28390c5e9fa2a4e84a1d54ba8b2006a0e4fa6cbc5a351d0ae4322272aa9ef3a7b504d09cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
92c440455bd75398713ae85d3839c169

SHA1
9d29ae85c30616596e7ccdbe9faa4a354f9db838

SHA256
da94f23f276665d06533058e4d87caf1d3229088f64b71a86cb3b35c9d71bdb5

SHA512
eff8d109b81b463390689af8ca81c429c66cf4c014cf1ab0d94e44ed22fd1a995bfc861d7f176bbe17a7b50eca24c8b46c2e6deedeb78b14d6a66c6f4cc104c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
98e7f85659bc33db55f528d3fd3edc71

SHA1
2e8ee89dd61462c364c7abcd6b0889200500a218

SHA256
e1b674d2a8ea63f3192a29f51e8ae77fa998e94c53d691bc52487c3b8bd3e2cd

SHA512
83f0a9548f6086f7bae0095ee2116b0b00267e792487d86ee724e211e966c15cd931de0f4ae1514a1b610f072001cebaaca5fb6ba089925cb70ea01dd009f51c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
69bdfc78432f2eff80f2ff73ca63ba99

SHA1
e17e1c8b3549b95050a488eb36cb46f91349ef5d

SHA256
bf5a0a19ab44a8375e0763f659f11cb8f09a8ae7cda15734445c288d89ea5586

SHA512
f7f96325932a4abb16e0972034d0db3f60b6d540d5a9400ad2a10656e277ab7c16f64b7c891cf04cfa6098618a387ae956bb9072adf219d16c1545c1e1ea4427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
78756131efd85a76da16a4f88fbea37c

SHA1
a1b96ee5ca6eac3d4889f345fa7e56a1f2916ded

SHA256
e98c045fdb3fe0c95078907c49806ea27d6dd87cf5312044c84f9c55dc76bdb5

SHA512
956c3da21f563423b9b4087162134cd00127d76a60fc62297a00c77f61fb7746c48a053d00bf720265a558c2261b6528155b578bb265b8dc2c0ba237e2e50d10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
12d961bc8c03db05ff8c2364b1537249

SHA1
ccf199d11b4681f81638600df56552e3d2baf534

SHA256
eee814323ffc4f9c60af83140f1799960a95d8086d8c82f35803ff4015a75350

SHA512
d1dc1697acb164a2399a07a0ba679299dbf47f9e0ac487627e7ddb7ae9b7c7036af67f3b45b59414c2d29d5cb0bac71434795d64610f47aeb0bc64af90f7ca3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
b838d1c1913dde760a7df0c2400ee0a2

SHA1
681dec9849bbf5d6310ad1d8fd81dc0435410f22

SHA256
4c64b93dc94004b45fd24404b1a4ee5b12446e4f7fe38198df398effcc233abc

SHA512
fd66683832b354a1dd6d2db1123feff84cedf8fcd891fed5084088bd9798b901b2e7a73aab20600e3c069f946c1569a8cccb053303584099fad0c703aeed3184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
3263121b183e0fd501e4247c140d5cce

SHA1
4fef3e3674ca7a6c6c0b1957085ad4f5d5e940f7

SHA256
2f13dcdbad4ef16132e84e66ec8a26c6e2e4394512d4f68e3fb50e9f9823c301

SHA512
401f1bb317f78d22d323125afb51dbdd3b96c97f068c39892269ff1147727e75b27a5a9ccd56257850bf7cd9190d4f9077ec4482eb55863ae831475354488ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
6189799a2db237b2ca76397fed48be4e

SHA1
22e05757cbaf48da46469798d8d36d4b86ad7f68

SHA256
362b97ca6e4dcffc56f86d9854551c4a528ca7452d3de98c2c0734476fe2e8b2

SHA512
ab276b307f14b2c6ce7fe32058cc8db7ee2a0cc4f3c1c22a688ca4f0b2c418c5343c4bc1cd534c73b3920d9f88fa8265eabb29e0b9667a9d0ca994fee81382f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
d0fc758c693ac12fd9f7acda62125caf

SHA1
ca451d16eb219d6e0f3d944952a59c83912e10b0

SHA256
c9fde15ae642ef638deb3f07d02f0d79a9401b04927a2818689f5bb7b7551aa8

SHA512
7a2e0f8c8d65a4d928d7089072f6c28bafc23669cd538eceb609965ba2de9e1748b3d5b1fe6280510be49efe4970a858b57bce8e1aade391f50bedfb543904d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
636a96615d07041ebeafe65595c64dcb

SHA1
ae82b8565c678d4ff8f61d004a5425679b538dde

SHA256
b64be9800bdca0d0f20939ed7773db5ee2b4e24e6e841129e3549a651423831b

SHA512
0a6c1a4eef7641dbcc1726b1d062c7c2322359c7478fe60b89b1ec95e0f98d6178424b8117e9dcf9a59f3e75ae6e8fd3b4c65a93eb8c70b7ff9f3e602947f1e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
cc2e4ec115bad1238edcfa2a7bfbdc2a

SHA1
06b691332eee27455f7f8cc583d068ba7a779945

SHA256
01dd298e163bde10bbfc2c16bb03664902b10b48557ce54de3b285aa2c63ae65

SHA512
1175dc32059a862e784227847fa142027ff7bd4f8786fb00f711ccd5f94a6c1c63d77ecff88f7fdbcc79ff9d67c424628e33f4b48e551644499c494d1d576d16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
1c37c4959692fa5d5ca7c1728cf9ff0a

SHA1
bd4a8895a1e4a6a15dc0f4870e2c4e8fa02a67d0

SHA256
0048e36e3a50d30901e216cd13fe82342ed4055fef8167b7307c93dab0185f56

SHA512
0a97400fd1df3e664bffe0c71cf9fbc4ab585de89f2adc92ae97c2289c57848abc741f3854d494f07baa0507ac0b4bd7e91d95ab0d9fe6487dc525f8c93bc9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
0a72ca278905f45f19c0153acb5da4f6

SHA1
ee992e3a43edf4c6c9e31b048674ab498fd3a61d

SHA256
007b92d948bbdbe2cbb494f2b346ee7550a3a02d7c07dfbf0f9072f3257d2769

SHA512
0fa1d1ef4226931ce47422a4e15228d21a28758b98ff69dee4d3e21154903000460e06384a22900992e890bbb00d913d32b71c8f1a9091e72b93c8eeb9b68f4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
79186cdda378fb8cbd5a9f33853fa531

SHA1
536b6482a85be431cf539054be4f90de59c33399

SHA256
a2f1cf65d3d1c4d960dec8089066701f587effa886c99aba68611689723c1b8e

SHA512
41f0c133566063fe0646e276b29c81bbbf51cbf56d71f918e18b282c24dd4d46a26ee637d65e7cede77a61edb75c68d5333a20498616c33490a90257b1ea38bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
c0626669a58e528acad9439cdb814239

SHA1
3083ff34d9effac214e802732c987529f78fdab9

SHA256
c5590b3fced95cabb2d24e94830e50f1f0322cce775ec0bb74190ab089b79c33

SHA512
b1b7945fce64e29b5b1c8c94ed3eb5165b96a99b95b31ec682fd249a952e35f94d144786095744136ce656df4306cef3fc23826fa990034645a3f0d078da7129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
938d1b21f1a83814113c00b3c5927d7c

SHA1
4a7b5002bfdc9fe332c08c62f7ff400cef1a4fd2

SHA256
2d08c43af378129b89ccd65317ce925daee3d37cfceb1eb5865e0281aae903db

SHA512
f64b3664669a643252a1b5b5cb0e652cfa4482ed029241c5e838d12ff68e69c44eeae21b285b416c93f6c523eeeaa4661eeab680ac0d5881bc07ca5efab28208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
6e81e4cd73d4354537c6d8138f0b10e7

SHA1
69941e125bd66ca1e7fc912210658d353fc8bb12

SHA256
949d85f988c262ec9e19b9bd6732b35cab5c41ba2e24a354300f9512918bc178

SHA512
bd6258f15133c037d4cb2b2b764e7f56fa4660bb3a8cde978f2268bdb37fbcbae510fd9603c347694b08ab4d27fa900cce012880588ae7915e5587582abf2e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
3c281b0b1d431b2f8890c8a3d4eb19a5

SHA1
044e8ce04dae082dd8e01aaee7f2c99dc1ae5247

SHA256
9fd65714f43f703bb36a28804d7e85e4c899a04a5b085d1385a2fbd6a04792a2

SHA512
ee1be3a617f67c6d5f44e22d5e309e356423e8f5cf65656a3c9207c70be2fa19f146b2516afef65457add67d9f0596910fdeae542aac015050b6b85c12faecfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\aa2994a1-82d3-48d1-872f-b4fea1a680df.tmp
Filesize
11KB

MD5
3e316ccc7e80a4f22fc99c52f0a21465

SHA1
1eacb43d6f5af6006e3e04be70e8cc09d450024e

SHA256
a3f5cfb81b3b71dd5dda2b72723cef9c010f91ce49fc474e40b1b71d3a85fc35

SHA512
88501353b72c66a896de3d7187270af789c4ca0a38dfef9a0674ab5ae285ec1363fcbb056866b19037d1f5b56a6abaab161c68c224316ae8c0f02f09c0c25626

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_2864_RCYJUWHZZCYAQTKY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads