3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61

Resubmissions

26-05-2024 06:03

240526-gr4c1shc8t 7

26-05-2024 05:57

240526-gn2p1shb8v 3

Analysis

max time kernel
521s
max time network
534s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
26-05-2024 06:03

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Geometry dash auto speedhack.bat
Size

13KB
MD5

4e2a7f369378a76d1df4d8c448f712af
SHA1

1192b4d01254a8704e6d6ae17dc2ec28a7ad5a49
SHA256

5e2cd213ff47b7657abd9167c38ffd8b53c13261fe22adddea92b5a2d9e320ad
SHA512

90e6eedca424e2ee37c78e0c0380db490c049b0378541812734c134510c40c6e4c48c4e213f395339ed99ff337ef087b6056ac5aafb246c1789ca6082dcabd2e
SSDEEP

192:AOyUySl0UaDz2gWsIzlmj+BxZ3yqueWQx0lZicyC8Sh31xcjBzyxwn7AVhllz3:AVODaDSHMql3yqlxy5L1xcjwrlz3

Score

7^/10

bootkit execution persistence

Malware Config

Signatures

Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

5092 MEMZ.exe
4580 MEMZ.exe
4040 MEMZ.exe
4872 MEMZ.exe
2796 MEMZ.exe
2692 MEMZ.exe
4612 MEMZ.exe
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

pid	process
5092	MEMZ.exe
4580	MEMZ.exe
4040	MEMZ.exe
4872	MEMZ.exe
2796	MEMZ.exe
2692	MEMZ.exe
4612	MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Windows directory 4 IoCs

Processes:

UserOOBEBroker.exe

description	ioc	process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 24 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeWINWORD.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

Processes:

MiniSearchHost.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe
Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

WINWORD.EXE

pid process

3892 WINWORD.EXE
3892 WINWORD.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

pid	process
3892	WINWORD.EXE
3892	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
4580	MEMZ.exe
4580	MEMZ.exe
4580	MEMZ.exe
4040	MEMZ.exe
4040	MEMZ.exe
4580	MEMZ.exe
4040	MEMZ.exe
4040	MEMZ.exe
4580	MEMZ.exe
4580	MEMZ.exe
2692	MEMZ.exe
2692	MEMZ.exe
4872	MEMZ.exe
4872	MEMZ.exe
2796	MEMZ.exe
2796	MEMZ.exe
2796	MEMZ.exe
2796	MEMZ.exe
4872	MEMZ.exe
4872	MEMZ.exe
2692	MEMZ.exe
2692	MEMZ.exe
4580	MEMZ.exe
4040	MEMZ.exe
4580	MEMZ.exe
4040	MEMZ.exe
4580	MEMZ.exe
4580	MEMZ.exe
4040	MEMZ.exe
4040	MEMZ.exe
2692	MEMZ.exe
2692	MEMZ.exe
4872	MEMZ.exe
4872	MEMZ.exe
2796	MEMZ.exe
2796	MEMZ.exe
2796	MEMZ.exe
2796	MEMZ.exe
4040	MEMZ.exe
4040	MEMZ.exe
4872	MEMZ.exe
4872	MEMZ.exe
2692	MEMZ.exe
2692	MEMZ.exe
4580	MEMZ.exe
4580	MEMZ.exe
4580	MEMZ.exe
4580	MEMZ.exe
2692	MEMZ.exe
2692	MEMZ.exe
4872	MEMZ.exe
4872	MEMZ.exe
4040	MEMZ.exe
4040	MEMZ.exe
2796	MEMZ.exe
2796	MEMZ.exe
2796	MEMZ.exe
2796	MEMZ.exe
4040	MEMZ.exe
4040	MEMZ.exe
4872	MEMZ.exe
4872	MEMZ.exe
2692	MEMZ.exe
2692	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

3400 taskmgr.exe

pid	process
3400	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

AUDIODG.EXEtaskmgr.exeMEMZ.exeMEMZ.exe

description	pid	process
Token: 33	5684	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5684	AUDIODG.EXE
Token: SeDebugPrivilege	3400	taskmgr.exe
Token: SeSystemProfilePrivilege	3400	taskmgr.exe
Token: SeCreateGlobalPrivilege	3400	taskmgr.exe
Token: SeShutdownPrivilege	2692	MEMZ.exe
Token: SeShutdownPrivilege	2796	MEMZ.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
892	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

MEMZ.exeidentity_helper.exeMiniSearchHost.exeWINWORD.EXEidentity_helper.exeidentity_helper.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
4612	MEMZ.exe
4972	identity_helper.exe
3572	MiniSearchHost.exe
3892	WINWORD.EXE
3892	WINWORD.EXE
3892	WINWORD.EXE
3892	WINWORD.EXE
3892	WINWORD.EXE
3892	WINWORD.EXE
3892	WINWORD.EXE
3892	WINWORD.EXE
484	identity_helper.exe
4612	MEMZ.exe
1652	identity_helper.exe
4612	MEMZ.exe
4612	MEMZ.exe
4612	MEMZ.exe
4612	MEMZ.exe
4612	MEMZ.exe
4612	MEMZ.exe
4612	MEMZ.exe
4612	MEMZ.exe
4612	MEMZ.exe
4612	MEMZ.exe
4612	MEMZ.exe
4612	MEMZ.exe
4612	MEMZ.exe
4612	MEMZ.exe
4612	MEMZ.exe
4612	MEMZ.exe
4612	MEMZ.exe
4612	MEMZ.exe
4612	MEMZ.exe
2692	MEMZ.exe
2796	MEMZ.exe
4040	MEMZ.exe
4580	MEMZ.exe
4872	MEMZ.exe
2796	MEMZ.exe
2692	MEMZ.exe
4040	MEMZ.exe
4872	MEMZ.exe
4580	MEMZ.exe
2692	MEMZ.exe
4040	MEMZ.exe
2796	MEMZ.exe
4872	MEMZ.exe
4580	MEMZ.exe
2796	MEMZ.exe
4040	MEMZ.exe
2692	MEMZ.exe
4580	MEMZ.exe
4872	MEMZ.exe
4040	MEMZ.exe
2796	MEMZ.exe
2692	MEMZ.exe
4872	MEMZ.exe
4580	MEMZ.exe
2692	MEMZ.exe
2796	MEMZ.exe
4040	MEMZ.exe
4872	MEMZ.exe
4580	MEMZ.exe
2796	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exeMEMZ.exeMEMZ.exemsedge.exe

description	pid	process	target process
PID 2360 wrote to memory of 3560	2360	cmd.exe	cscript.exe
PID 2360 wrote to memory of 3560	2360	cmd.exe	cscript.exe
PID 2360 wrote to memory of 5092	2360	cmd.exe	MEMZ.exe
PID 2360 wrote to memory of 5092	2360	cmd.exe	MEMZ.exe
PID 2360 wrote to memory of 5092	2360	cmd.exe	MEMZ.exe
PID 5092 wrote to memory of 4580	5092	MEMZ.exe	MEMZ.exe
PID 5092 wrote to memory of 4580	5092	MEMZ.exe	MEMZ.exe
PID 5092 wrote to memory of 4580	5092	MEMZ.exe	MEMZ.exe
PID 5092 wrote to memory of 4040	5092	MEMZ.exe	MEMZ.exe
PID 5092 wrote to memory of 4040	5092	MEMZ.exe	MEMZ.exe
PID 5092 wrote to memory of 4040	5092	MEMZ.exe	MEMZ.exe
PID 5092 wrote to memory of 4872	5092	MEMZ.exe	MEMZ.exe
PID 5092 wrote to memory of 4872	5092	MEMZ.exe	MEMZ.exe
PID 5092 wrote to memory of 4872	5092	MEMZ.exe	MEMZ.exe
PID 5092 wrote to memory of 2796	5092	MEMZ.exe	MEMZ.exe
PID 5092 wrote to memory of 2796	5092	MEMZ.exe	MEMZ.exe
PID 5092 wrote to memory of 2796	5092	MEMZ.exe	MEMZ.exe
PID 5092 wrote to memory of 2692	5092	MEMZ.exe	MEMZ.exe
PID 5092 wrote to memory of 2692	5092	MEMZ.exe	MEMZ.exe
PID 5092 wrote to memory of 2692	5092	MEMZ.exe	MEMZ.exe
PID 5092 wrote to memory of 4612	5092	MEMZ.exe	MEMZ.exe
PID 5092 wrote to memory of 4612	5092	MEMZ.exe	MEMZ.exe
PID 5092 wrote to memory of 4612	5092	MEMZ.exe	MEMZ.exe
PID 4612 wrote to memory of 2876	4612	MEMZ.exe	notepad.exe
PID 4612 wrote to memory of 2876	4612	MEMZ.exe	notepad.exe
PID 4612 wrote to memory of 2876	4612	MEMZ.exe	notepad.exe
PID 4612 wrote to memory of 4728	4612	MEMZ.exe	msedge.exe
PID 4612 wrote to memory of 4728	4612	MEMZ.exe	msedge.exe
PID 4728 wrote to memory of 4692	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4692	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1944	4728	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Geometry dash auto speedhack.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2360

C:\Windows\system32\cscript.exe
cscript x.js
2⤵
PID:3560

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5092

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4580

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4040

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4872

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4612

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:2876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:4692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1784,2584751879084960777,321867476363779089,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1776 /prefetch:2
5⤵
PID:1944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1784,2584751879084960777,321867476363779089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
5⤵
PID:3640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1784,2584751879084960777,321867476363779089,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
5⤵
PID:3892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,2584751879084960777,321867476363779089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
5⤵
PID:4984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,2584751879084960777,321867476363779089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
5⤵
PID:3572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,2584751879084960777,321867476363779089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
5⤵
PID:3296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,2584751879084960777,321867476363779089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
5⤵
PID:4364

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1784,2584751879084960777,321867476363779089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
5⤵
- Suspicious use of SetWindowsHookEx
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:4608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,2400826250805630006,13805672905891935358,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2044 /prefetch:2
5⤵
PID:2548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,2400826250805630006,13805672905891935358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
5⤵
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,2400826250805630006,13805672905891935358,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
5⤵
PID:1264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2400826250805630006,13805672905891935358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
5⤵
PID:3584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2400826250805630006,13805672905891935358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
5⤵
PID:3496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2400826250805630006,13805672905891935358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
5⤵
PID:1808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2400826250805630006,13805672905891935358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
5⤵
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11540736019726993362,18294749299655711423,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2104 /prefetch:2
5⤵
PID:3692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,11540736019726993362,18294749299655711423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
5⤵
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,11540736019726993362,18294749299655711423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
5⤵
PID:3164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11540736019726993362,18294749299655711423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
5⤵
PID:1164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11540736019726993362,18294749299655711423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
5⤵
PID:1476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11540736019726993362,18294749299655711423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
5⤵
PID:5336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11540736019726993362,18294749299655711423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
5⤵
PID:5344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:5560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,9013060117537654403,5494973634347719936,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2016 /prefetch:2
5⤵
PID:2072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,9013060117537654403,5494973634347719936,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
5⤵
PID:5796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,9013060117537654403,5494973634347719936,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
5⤵
PID:5824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,9013060117537654403,5494973634347719936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
5⤵
PID:4712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,9013060117537654403,5494973634347719936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
5⤵
PID:2464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,9013060117537654403,5494973634347719936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
5⤵
PID:4680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:4632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,2005547233597835576,18432309777871767529,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1972 /prefetch:2
5⤵
PID:5528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,2005547233597835576,18432309777871767529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 /prefetch:3
5⤵
PID:5648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,2005547233597835576,18432309777871767529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
5⤵
PID:5672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,2005547233597835576,18432309777871767529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
5⤵
PID:5412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,2005547233597835576,18432309777871767529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
5⤵
PID:5460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,2005547233597835576,18432309777871767529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
5⤵
PID:5652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,2005547233597835576,18432309777871767529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
5⤵
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,2005547233597835576,18432309777871767529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
5⤵
- Suspicious use of SetWindowsHookEx
PID:484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:6028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,2607267499457119352,7531130000989879788,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
5⤵
PID:1924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,2607267499457119352,7531130000989879788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
5⤵
PID:4572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,2607267499457119352,7531130000989879788,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
5⤵
PID:1908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2607267499457119352,7531130000989879788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
5⤵
PID:5452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2607267499457119352,7531130000989879788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
5⤵
PID:4704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2607267499457119352,7531130000989879788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
5⤵
PID:2916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,2607267499457119352,7531130000989879788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
5⤵
PID:1172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,2607267499457119352,7531130000989879788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
5⤵
PID:5648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:1168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:2496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2092 /prefetch:2
5⤵
PID:3240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:3
5⤵
PID:5468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
5⤵
PID:1676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
5⤵
PID:4072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
5⤵
PID:3152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
5⤵
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
5⤵
PID:3348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
5⤵
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 /prefetch:8
5⤵
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
5⤵
PID:2700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
5⤵
PID:1988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
5⤵
PID:5544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
5⤵
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
5⤵
PID:3296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
5⤵
PID:4300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
5⤵
PID:1648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
5⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
5⤵
PID:5420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
5⤵
PID:5152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
5⤵
PID:2140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
5⤵
PID:6400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
5⤵
PID:6640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
5⤵
PID:6268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
5⤵
PID:4468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1
5⤵
PID:6156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
5⤵
PID:6160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
5⤵
PID:6976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1
5⤵
PID:7032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1
5⤵
PID:6044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1
5⤵
PID:2856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8488 /prefetch:1
5⤵
PID:5272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8440 /prefetch:1
5⤵
PID:1856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8260 /prefetch:2
5⤵
PID:4432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8372 /prefetch:1
5⤵
PID:3360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1
5⤵
PID:476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
5⤵
PID:5264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:1
5⤵
PID:7268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8856 /prefetch:1
5⤵
PID:7100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8824 /prefetch:1
5⤵
PID:8080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9104 /prefetch:1
5⤵
PID:7780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8576 /prefetch:1
5⤵
PID:7844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9416 /prefetch:1
5⤵
PID:7632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:1
5⤵
PID:7796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9284 /prefetch:1
5⤵
PID:7476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9240 /prefetch:1
5⤵
PID:7532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9352 /prefetch:1
5⤵
PID:7428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9312 /prefetch:1
5⤵
PID:840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8276 /prefetch:1
5⤵
PID:2436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9288 /prefetch:1
5⤵
PID:8084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9204 /prefetch:1
5⤵
PID:7736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8980 /prefetch:1
5⤵
PID:7516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
5⤵
PID:2628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9184 /prefetch:1
5⤵
PID:7416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10448 /prefetch:1
5⤵
PID:3424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10028 /prefetch:1
5⤵
PID:7856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10436 /prefetch:1
5⤵
PID:8464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10872 /prefetch:1
5⤵
PID:8480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10776 /prefetch:1
5⤵
PID:8428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10396 /prefetch:1
5⤵
PID:8408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10676 /prefetch:1
5⤵
PID:8184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8780643770782865914,10608545360561867517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10924 /prefetch:1
5⤵
PID:7884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
4⤵
PID:3156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:1228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
4⤵
PID:6008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:4744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
4⤵
PID:6928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:424

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
4⤵
PID:6692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
4⤵
PID:764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:1552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
4⤵
PID:7072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:4592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
4⤵
PID:6364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:6252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
4⤵
PID:8132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:8144

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
4⤵
PID:8092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
4⤵
PID:6388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:6788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
4⤵
PID:7720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:7732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
4⤵
PID:7500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:7616

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
4⤵
PID:6408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
4⤵
PID:7360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
4⤵
PID:2536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:2852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
4⤵
PID:868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:7932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
4⤵
PID:8112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:7728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
4⤵
PID:7288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:7156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
4⤵
PID:8152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0x108,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:5344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
4⤵
PID:8340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:8352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
4⤵
PID:8572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8253cb8,0x7ffef8253cc8,0x7ffef8253cd8
5⤵
PID:8468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3572

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1308

C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5244

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:6052

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:3008

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:2304

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:2228

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6408

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:3400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3460

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1bca3a17d03c3440228ce6a92a59b1c4

SHA1
c24de0d79d8d8b61dfbd4142f663064849f157ae

SHA256
342cdf4a5ec346e25b25dd6fbea135877fcacdbb454bb749995a865ea9f515fa

SHA512
502e24d1025b0fea28ba39df7c3973eb81fc4d121aecf6985dd68ebf50b62f22bae983bedbcf5e60cb636d08def8dc0026182ebe51409d25420c5e0b6b95909f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1898979ad41aa7ba98dd5b3a39debc0f

SHA1
4ecd6547a9e353550a67831ed6d890e79e864779

SHA256
5a1f4adf1d961d5aaed3bfef8bd0a4f62d7409a8dbe3e7eadaa77276711a69e8

SHA512
4de6a5a454f18345f81d45f13a11c48b125a2adddab5e58572dcb54ff7406bbcf794ed16fd58ca717c000e7e3bfa7bf40d9b87e4695a58b659cd80f9f896044a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
21678fd467a10d27333c76cbdbdd6b28

SHA1
89fbecbfa39630d935289bd02e842f6eed8d4915

SHA256
d477b005b743278b19f0f5faa1d5653b59d4b8abb1e813b9856275db65e82bf3

SHA512
9ad7c26f2472f7be7354315036210b14b4670c1103eef633d0f28f6a835c74b2d2e3022a56581e8e5d31f78efcd13722e092d8010eb2a05e983a78a6298bac55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
bb0db55a696762ab071b4a5e0523e94d

SHA1
a44b13478c6019e9ce8289e77269659143b6af0b

SHA256
c8ffa6dd44f06a29179af9d4e4d931cfc0db20f7faa3c04aec7495f57d40dff5

SHA512
ca293cd96a6a2f9e62b29632e076e1fbb15c10384e7c9de910273c51008d9178f4970df8abe0acb1e39b98dba72c71e26ef8c29376dfc4eeb6068913d5ac8425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
fc29a529d383875afe58e80de4200bea

SHA1
8fc4166216094fd7c05c0584b843ac692e62f57e

SHA256
e04d02206e65c1aeba3595eaf9cf0abfe7a0ab877b272d92705c5f96deb8da37

SHA512
34086d0c2e19edb71f1444b7fe6e6ea474e0261912f3612d9976a9cf5331f2037c7ab80c49c9d0e30d3a324e2a451d1976c3476c4b26281e12a59ec2cabb2aa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
23da8c216a7633c78c347cc80603cd99

SHA1
a378873c9d3484e0c57c1cb6c6895f34fee0ea61

SHA256
03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3

SHA512
d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e4bf11ed97b6b312e938ca216cf30e

SHA1
ff6b0b475e552dc08a2c81c9eb9230821d3c8290

SHA256
296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad

SHA512
ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
de39b8ca21a62a293516e28e434ed255

SHA1
1b39322f7aae8d1f60780028a9356fd89e9b2ab0

SHA256
40848528732125f14417f2f09321387107f1b793afb0647a64e80830f301eac3

SHA512
cb78a034ac63022e627b0b6f6ce3e4ae791d25a0425ae85549987bd0163427b5c2328d43e64c6af0dc374acf31b5676bc55d1f7a6957f698dc777acb90caed28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
31a1b08566d43ce7ccfd9b6cbcfaf49c

SHA1
c14c064870e198268e757c22303651691aeac14f

SHA256
c0d09250544644cc09d454e0d24a99d634f7a5cb6b6c9a704da4a412db5083b1

SHA512
a6b695598e94356a5ec70becf75a5b12ea88a84393ab298b4243ad13f6c3d6908ca71b7e87d117f35732b1b8b555bf3414339698204489bb52bcf9e331d776da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2a6ad9d1-50e7-4b34-8bc4-1da4adbe9383.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
16c4d86b15d4365531608cf656114740

SHA1
4d90740bd10ea0b67714289ae48c0e1147733323

SHA256
124fb2ba0bc707a836b8be24ef906c1c3c4607d9a86ac275c079ebf792856852

SHA512
9abd0a2d02025b532177a795818d120e8a15a80f992a3b483e9cf9b28958d940fc3e7efac0fa6fd30e98c62cb6fa9521c8eaedcaf81137c0d509d4100109ca98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
633674aa1cabd8361a33a6cbf82d0d1f

SHA1
d0ff964db33580def054af019b09ce4459a87563

SHA256
b04f719be2efa3a16dad3b083658f2a05dcc00d1927e02fddf617ec44be3fb63

SHA512
f2f5981c29dbee54f91c2ab8353f2fc88464ceb67a92a83633bb2b1dcfdfd1c59c260513c520fbe78891c84d3e4625f8787f610761c803746540f213581e7a56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
1.0MB

MD5
55c1dd8240457c56907255cd086a7bf3

SHA1
4cec7f24361ac554e8a521bb3b067973c68986f0

SHA256
f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617

SHA512
9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
4.0MB

MD5
c472c02c1f36dde06972fd50d5ef92e8

SHA1
310384586cd993af93676b09bcba0c10a5c86068

SHA256
bc0afe03f0e4bd1127592d2fb95a978d2b279972df02f14e352fe3e7637b2cc3

SHA512
65f9dd712ce635598e09cd27b4da360bdfbfc467bb80f59b358a9570222c6a2ce52e33c87044a444a0731e4d3555f5eb4a891cd779abab7a0fbf847ec563b95b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
24KB

MD5
1fc15b901524b92722f9ff863f892a2b

SHA1
cfd0a92d2c92614684524739630a35750c0103ec

SHA256
da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4

SHA512
5cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0b94b2381d8486db_0
Filesize
240B

MD5
f5cce366ef487a83b219233f15d5a06a

SHA1
a160fff5f0b871f0912882a19efd5b2e105ab7b2

SHA256
8d283c752c29de060ec4d9a65cbf20260d1f4b54ac2eb9c532bcf9d68322ce17

SHA512
cfaea304016e1e3df51e19dd84dad24d4546b6e6a723b5dae0b4f9bab2a246cfb77f06b090a1bda1eb6057b4cba0aedc667ef5a093b6d2e2b4cade0e9fb524b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c713096c83c1ca37_0
Filesize
603KB

MD5
d0312f1a2dc691d373dfd26f72c23491

SHA1
a6852d578fb71adc7e702b90bad5e3b9265b67f4

SHA256
9e9759407734bdf1d0dc19ac9f95d4423327da48b6cf0dfb36f1827c8055a6f0

SHA512
d766b3546192337f30e7a82dc4229df4a32a98d0ca19d5d6d272897db7dbc0265e35ea34b69858fb106ed6e0ff9b9782be8d9f4c8624cb8c4d19ad147b54d7a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f8aae2cc087fdba3_0
Filesize
289B

MD5
63472752e8c7d63ec26b0440a7d0aadf

SHA1
598ef20b81ee619783532dbf81d1ec5ceba29972

SHA256
9baf5aceed076f2933655a01cc9eddc49c78978dcce8c5bc1ac233b60c99c3ba

SHA512
83dcb88a10f412e1daeb7104ea369a45f2114e10026aa32bc7fe46c5d8d6cbc68a805d83a4d954e247298e4e26e53ed2a0c231b13061844391533da7af5a486d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
02dddf865a6e2c8894655b6d046de8dd

SHA1
414e549be46623dbc08179f9129303640c144665

SHA256
49776f0ee79b9faf31c5ef2287d1236f0c9a7327ddd79b162ed3cde711f41f50

SHA512
2f7871312b0fa275d3924aa7adaf588689129874583562d6e8c7920d5720fd3570cc77cf891572777ec3dc295443cda950a535740f9e892b097883890f486764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
024f238f1959aa65c2f5f398e3c56c12

SHA1
a8cd64696a6e087667691b7b20f15a00cccbe0ee

SHA256
54eb47afb06dc36ecd900c04dd16f57f8ce0f7050118a8c48b52285bd3ec104d

SHA512
60ae3b8aefd527e193cb8c351a93996150d4e735c42ea656a55f4efa339890afde29a9e6e96a4d4e8504313fcd7f53fb9d118ab7599895a9fc47fb9bb54be4f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
a1f0f3fcfcf60b56ad72730d5e8d1d25

SHA1
8a35681baa796513c3afe4b6e8c2ed43078d9bd1

SHA256
5fa992c332c553fba480529c47572620fe55508f0a3716d6e565d32cce46ec52

SHA512
e33d2b990312d9b356c19552d53ea305c4bd31c45366594cd1a11a7bb5ab94ba7c72514357d11b602861cdbebb25b9cb042cf38c16c696716b57e1abccccb7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
a14e0bb7cf568d344c89b5454c5e3411

SHA1
8a58531ae50d3d9b75e5c04932e88676eee8b7a2

SHA256
78c6848e6655a7fd4be047164616c87f0d05441f136add8ff34b0818a788b7c4

SHA512
0f728be8b7adf1f2ae024ce99d8bde2268adae638924937c38b86a6237490b0a1ee7fe99339dcc34add2deee6c6310930519d6318b367b89130ca072421401d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
a02e8e1e8c74210e4238b52f390191bc

SHA1
64765aabc459fba3f42178da926250f0d789188f

SHA256
a8040ad267d89115f70bc31a1de585a5e737b7834a7af142f641a8c85a49c5ea

SHA512
65c89b5861ce507291229780331fce09fb492fa9c277097b7e4c0ed894ba68bcf17bdbc1d322761dea0053ab5a5b9692561324566f01eaa749b4cc015f72f0ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
3a297b54727e913826d0a4dd29937144

SHA1
adbe2f48e0e4acf0cce7ddf8f522dc549ad7199b

SHA256
d84fb40d72aca2ac2b6e43ca3dc32317bec6702a22bf8f889c10aee26dedfdfe

SHA512
5430cb0c2e0e097bedb2a0b9a200d50821a41d979c2b731040799a18c7176799129af505d390724b265d2ebed09fe43d33f5d4a3f5a708ea2a5d65154419e060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
dc80fb301ba11b29519e52f276b9b8c1

SHA1
28780219248a30bfda51733361d36c84b5d27545

SHA256
9e1f1a1831a7aaa2a1dea35c0983cfad9cd340d9c63fa69e053488854c15d732

SHA512
f668a5f9b958cbe099985c3f43fe6f5a00c1a46e8453a351120c30f4243a32ffe598f2cddcf10fcfd62de2f6b53c41e8f8c087ef358a98c123da9f3597f1cbb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
c37cf85bea911630821bd2ac3c9b19b5

SHA1
6bbd581659c6406669c24d8759bde4307947b209

SHA256
ae7f9f78124e8d25aa03e355a5189281e6d0f1314fcc6eb252907df6666e8912

SHA512
414c4b04f970cdd76ecbfda8272f28334a3d991d60c416253c63c14cf34ac49a5690baa0fd9ed2eef49c606e0b07ecee9ef9eb7252fdce783629ceb4922eba97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
903605825b48f5869d1f120c73c60d81

SHA1
f4e635a0eb392a181db6383f3f944737b830e2dc

SHA256
2cae9b48a1e1bc32d37ab5b6620a54061cd8a6d6f06b3b4de89867cae6c2a53e

SHA512
030bf2ed710dd30812ca9a76781a8080a7b6cc4eb3d6409ac0a62df319099abc07172a7c3c7300eb272e92015f6edc21e0c1eb0285187f520ccabbc53f198285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
f553fbe6030a8e7abc61ffc59f42849c

SHA1
3f685d29178294208283e6132712c8f033c5cc82

SHA256
a0e29d6880799e4eca973fa4483fd10c69e4002254d36af83d5a4434746368be

SHA512
b6807105738487e492bef2989ec02568ba56d4e0e9941dfb1f58a313d273bdcd371e8f0e9c9d3b2d161ac65d346950426804b220ab3633377e22bf6cc3ed4f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
f4eb61586a92ce7bb6844abbd7844fcd

SHA1
c12fe653e636fa2af9b438660b9ac56a172326aa

SHA256
08f92a2cbe3050c35d9e311307e333b015a3b7b027a03b79d9e750e886579802

SHA512
d77507d91344dff1108e81236003029185a793b8455d6ebbb5268d602f6c1d9f73053459a4c6f68ed19b3ccfd50a81ed6b333904326970f9e5f744b9310001c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
5a7aed82551bcf228e595ab3857847f5

SHA1
4c403394b87348dbef870f7eef09f82cf8e6e437

SHA256
56c89486a991ef13d877e5659412e19ff9f04b3d330c8bbf6f24e4c59fdc3756

SHA512
ed3bacb596b7ebc850711d1c37f1e6bdd23eb55f25a5a358a143fa1187336c5c8d341f96cf31a6d0d003931d509417e622a20978a2a4c29c67d317592bcb3ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
116KB

MD5
53208833d345b925d880a07623f8b704

SHA1
9951c834481da9dbc873810c08d9373736ff2fca

SHA256
cd5b5f7535d02d93343256103fc8d5991b47242050fd0b2e6855393751d59a6f

SHA512
cf2adcd8b40fea6b8213a59f7758a21ae95c8376cfa1e1a6d46a1616d44e024ad3dacc8c1f48a89d8c018a4f32a793603b6b38f5ea466a76f74d54421ffad6fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
Filesize
28KB

MD5
055cde736d81036e930b9ab33d3f54f8

SHA1
ee1a367f568f82f9bb9f18ce7e58466bdcdda1d8

SHA256
8e364e77ab91137c474c89747171fd551e915323172fe9658fdd6beebbb5e66f

SHA512
f4854630390b28d52d5b738130e388471197837cdc2f97fe40d97b30f7e801c0ca9fee0d2b65a05dc874e1aebeb43d81f5ea3bc26448b48caaaf004dd86885ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
125B

MD5
7e4551b23cbc038b0ecf7faa8f6f11c6

SHA1
f75658cce750d9d90c0c86205a9d2da14ee129c9

SHA256
9c19b0b0b0786b25a195d22ae19972cbee956c313d68935e90792db37ccc2f59

SHA512
b51bb20c21d33ad74c3ee0570374850972c16d1810ea5b1a87e69383ed65f7cd2adab10a28739b5e20ec027159d8b9f9bde729c1e415a38eda95b8f59a24a193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
334B

MD5
b86adb1a816443bff69076140813b5e2

SHA1
5cba5e8017f0b9981415bcdd8e987d43e719f319

SHA256
1977aee31f419b2f54a47c49eb9c54766a7ddbeb6eb7833b5a2a423e8e81e440

SHA512
d500b9014fcf4aa0a3721d7bcd65d292fd45c31a2b43ead781e9e6360cc81e2ec1abeeb2699844566a2d07bc670b9fa83110bb632914b439a6a5492a7c98c313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
11KB

MD5
7d6b3418b77def314cbca70ede622ba3

SHA1
e5e4be1049f9384d50c32991d9d22086cdae27ee

SHA256
a610041d4baffa97de48d38fac5a2a755602accb4afe84240f4b7cbaf372886f

SHA512
5b3200ee6f767c7ed805941fd2c27f9423469556c04c3ca8d7ac3754ba8e88b4a48fdc46f394c58ed1e1b6dbd398cdf62365bdd2ed7a78d15c931e01e7981956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
696c059e40cd55afb442572777676e1f

SHA1
a429b214e3e4d9c23925c55ed9cfc4101ee89aaf

SHA256
46664c419458b3bb818956151ea7d040e2c11a074d9a8145a082afa76a075615

SHA512
248c9b58e15c1b9ffc5d0cd7a222ca6585d8d0e46b012e5025395859057f2f29b74f93933785e9f1f9156ad42c816c2b506bc990f06b5ce77e7d21eb4cbbd181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
11KB

MD5
7719678a2315200bc573ae57a2d74b8e

SHA1
f7babfef644fb0eb85102cb93313ce99df975af7

SHA256
94ade738c30b9c495b23624fd5d48d49e772fda5348f1782dfb2b7d127b57162

SHA512
226eead060df839a772dc4a1978b94b38ddb196d6b19201c3aaf9c82843eef7f0bb43ac56e37e7b9417999ec55202ba272d71276e6bb0c120df610b947b92d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
814B

MD5
1b3649a2ea5861a7938637307cf3b005

SHA1
458f94b75f4fb19959586cbbac652c4e6b6b6db2

SHA256
a5f9c1d3481cbb2c9b5f8e51ed3530228e70db83a737d1b3b53b91dde314c65b

SHA512
497318e00e381afb0d9662064690244629a10cdf9c2e55f62039478be696b98ad1b90265483a45bba555c78c803bb998ea340c066f2b5e6581f822a5a02dac93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
e2ea2ac006e8462708f7cc04bf0c9e43

SHA1
0528338c9f3758ab5edea0b272602cb1ec1fd8aa

SHA256
1db279ee9095c05cebf4298b7efae8da6b79456449f09299c185e4766d664768

SHA512
7ea09e6051765342f0706badd821c248b59bd2697732a24594af7481914ca1597355da4ec71b7dc748528d0fa15319ba889065c1e2f947f9b6d39669dadc6331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
814B

MD5
e7b3aed93d2711c204e4cfe5ea98aaae

SHA1
57322a2b46b07100ef184e132cc2d6c8d24f877d

SHA256
0c6c7655864f7a1e63f023fa7c1f8f988681015f94bd49c6b29e5b7508f907d7

SHA512
c748c3f0c91b6293baa2ca26128a9cc30c25b37caa1ba5c16af635a4d18a97eca4b0623c85f0de9516e133043144f820be2e855a01d672acfbb6ce681901b620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
814B

MD5
93371170081f5013f26aa92fa93ab4ef

SHA1
0cec0f56e8c49b6eb65e6141902b48fdf859b872

SHA256
ef2d06d640461e50a352a0c7cedda87ea60543ac45bfad3551da0d58b9a7de88

SHA512
a2f89a32044d2a6f110ea297008e2e2b3c8fc8b3c0d6fb185367780289118a4fac8b1a71294b138695cb058fe4a61fc56b91676e180014c8919e4391c5c90169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
4d2f64cae0362a22f0226b5054255941

SHA1
91f2e46234883c7946f378fbdc395644257ff6e9

SHA256
93c723b3fa9620c5ed5371974254d34b9b93e535e275f66d6b01cbcfba2a5697

SHA512
88c73b4006c58537611b61a32dfce289483b3dcdf62e341aa978f84177bb8b5cdf87474f926e27b93b574d2fcc9829120d5042dab23fc25d0b9f2530ac68ba42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
6fadd00816451dbc4202873dd66c128c

SHA1
caaaaf4ea481b8a6469a7386b0d4d708f7e5b726

SHA256
e3acd6fa52aa2bae0c129b57feb447b068f4afe40f0405c6da99ad589ae567f2

SHA512
373d4b06a599e0651deff45263be2be9aa25826815b6e92794239c600cbe205a3475ed8e14d120a208aa766d553a552315d4af72d76a868292b727e85d32fbba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5c741a866e25a79d3877221d260a5b41

SHA1
f53c2d0d83bbe923aad9821ed9cb5b282647b9c5

SHA256
73371f435ae24533d1e62a6f0080e034bce411e4ac998f60528b052f342dbc67

SHA512
1b136e5459ec13f5da448fd0f9be3e223da4ee4f309303e27e69e31816a60a49f786cf3a461ac806768b6ba3c7f4062370969602d1c49770d6f5d1e920934a63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
7d68844e2bb3e15f0f3954212959602f

SHA1
e097eff4c6ebb6a86ba6d414e9ac08db2fbb7b05

SHA256
174433cb48d1d435c35adc0074451ec78a7284d7ee1f012d77a7c09411695016

SHA512
f6e769d53972dd19845e7cc3e374715fd444f9088236979db0e359eac433b57db887d20544a685beed16c41dc26a403acb63b2f1a7fbbc1a055ed9e02b160f97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
c19ce13a0331d0a3901db455fc2a48b4

SHA1
f2f7d687d9afbf05a68255c792fa0d6056775293

SHA256
3745b749ddedcf2bd88097e404bfd225db828f7e601cc177db5e565024e716e0

SHA512
fde4fa6c93ae962c7c8a0f37913762ed2ab08dda83fb8529fb95dbd36e2ee8ad4e31a18112737776c26cd97d00aba8b7b03ca7ce0724732f028665f4417b4cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d93b8d2aafc20554315c2f9ccf76bad8

SHA1
de47bc4e9faf77e0f8354c403101ab316a8010f5

SHA256
81687d38d24d3a9efc796e6aad9910afb7b372b02b8210e48fac15eefc619f2b

SHA512
f98029dc517035813fa88fc282e6614f86045fb24f49fa7bf2f7aa09be6ef8cd93f7aacec9f4d5e58622dd1b696825ac72a4e0dcf525c9025f4677452922fdb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
f35c2ec92228b79b6cd0eb5f11218565

SHA1
822c2a956d6efc54875645385d43ac803662500d

SHA256
42aaf42fcf11b5be4264f321c4cd7bae653ac4724bd6a95f33b18100980f1732

SHA512
951bda5a4725b73f5456a488775092342264e21fe068d7e6f985e8fd62c205b042799053d46fe966f8453c0e971f6e7cde4185a3cdb17370c26048555feac57b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
7d02fe922ff96f9a08d2310f24c1f45c

SHA1
51195e5228b13790b04bb25c3cb13bd78dd5a807

SHA256
0e8a05db70ef7e35c23815ff038294ada1cd1c2cbbe6f378e220a5096577030b

SHA512
3706a1dfa31c1c061c17b1f2bca7375a31c74ebdaac3ae98948a051dadd8d639472d89d9da8242ba8c78c45fb1a19b32d8df411324ab1e8b14c01c48becb8574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
09dcc00f3b8508da27e27376c92860bf

SHA1
e93709b818e850234ebd0461241b17adbe527ad7

SHA256
7531dfc536032723f14ea438df4bbdd774504459428bcb63d57860be841caf8f

SHA512
b6088286070e2b4e9b29066a295bc1ee1ce47bfa30cd0d7e65ad19d2c398f15f892cbf010a95b904004abc96a5018ded8855cce7dbba280dfa84246cb89149ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8235cb0084c828cc264030f67ca663c7

SHA1
3604cac1b44194ba6a1006dbd5c7f738028f6361

SHA256
c7e996d7cc0f7c656b2cf78cb2c41cc3e2c2ba5d329506cc0dd374733e1a821b

SHA512
e51cb64555f34c7e879cb5d9c27497b2e076cf997bf80b79368663f1c73027a428b6a8cd07ab1a2f53eec08dc6137814fed1b0674a15241dc8cb87455abba81d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
a20dee0d670ad50e177d132686296262

SHA1
ab9786c9d9f32517f009a0c5daf0bbe7371c06b8

SHA256
597f9092792c901ca003537f1d96164360e45eba44f86ec64baed92b2c7018ad

SHA512
cb9cdd631db0457a679540bbbbe0673101474893bc6d63dd0aaaad967918dc1c0ce3633953bff87eb85f1b2e65f95bf4550c36c04e6abb72d202e171fee00e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
1d3b21f9b1421dd7ac07b60bef174700

SHA1
6f6687b196ff77bbfd463d1866eb107a93c3df57

SHA256
a048dbbe99d0cbf85d530a6ee61351575dcbee90661e80e9b8d4b11dda2a3628

SHA512
7b88c6a4010892c98655403a069a1c992e659e836db460176e4115ff3b6a21d5498c1f1d7581a7bbb0d2a1a96811fe5dd6e3841900fd236085fea05e3932a26a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
1f7eb1fe6149fac4e98bf491b7b49bac

SHA1
2d802f0d2e600f98b9c5dc1293437fcd1ef2dfa4

SHA256
f6909e1b6b0cee9ba52c3449dc2b2f9cdcc3d70b21bf22eab105e8e4f2d5263b

SHA512
98f8df2982d6ed46dea22cbef6d7ec9e1e89963a90cb2914b266215d87954a45441cc65d90404bf43d836995d96c05239918ba0aa3a75e5957c4fc01c8141fe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
c752bfb89b16a0c41427127ce74e30e0

SHA1
4064612465c5a9c1befb3e3a9c8f91a657ab7411

SHA256
bbb0ff5736f201afa601eda420914ae61860d2aafb58751c8f3fb29fdd14674d

SHA512
22499af585abadd6f9cacfa812465625dae48156938ab3fe1597bf23598aa474f2e76a58929b29b176005008d9f16d1d94c83a025ad7486031bb7fc7cc453ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
1ec111f019feb93f696581329650def8

SHA1
c5287b789a3d66f3e0e7d3eec852b86c4539c4d2

SHA256
3adf79f50f97b8e2ec92c9fc112e2be75d175ecb05769521bdedc5aeeb1c9e24

SHA512
e811ca5b41b6d8975ba662c5f6237447514ac6c1a5f9dba2889b3bee6a72af29eb80dff6455bdcce9ed5cd5feb991c5b470d5f33cb680cb03cba4ec0b25dee56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
2a1862be5f29826271dfb62a82418958

SHA1
c41fc229421f7d7874793899cbf68810b53e8aac

SHA256
46b73725c3c05feee625cdba2a21cdc56f13d75fac0574174d7e4c70cb1e65f6

SHA512
2346ea4b95904c2fd67eb938843b179b10b396a1e286fd3a927b1c80fa87525e196668c8461ec8211bafcc5b77ab86913a0d487c59e308a5da1e628fac6f665d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
abe11ac66d72827425fcf9ba8d845641

SHA1
f7ca0f0fdede96bb64eed985f8ccf4704ee8caa0

SHA256
f593ef1286cd39307f0722a0d434865163ab2fb814c9643c13c5ea5b0ad6657b

SHA512
b60388feb1b0251b5237b9410cb83df34b531deb065a767067f344e94279021742adc661983d10a40143fbb9cc21af70c3a2fabd9863a39912a2706e8b02f5d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
b60e538119cb0d8530783bbd4a1e502a

SHA1
c9f927e9a23c5b1fa980eb07e9471da2f4925e32

SHA256
d7dbd8e21c19f0ec8081f314d258463ff1934555f24c58bca04213928e49c304

SHA512
9df4ebb44ce687a0fe6c05f633f8ef6bad691391bf558fbb060a049772ce11fe7a961f2efe257f414bc22931e9ab772cef005d20a1d190878043ca9ee87944b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
21e9805386c279d30be9fb96dc60c7c9

SHA1
29539626f34fdf2b5fd912362a7f9c947fccb1b3

SHA256
283d48b6ae46fe1f2cc0a157d3fd2f9bfe3033d5bebceb9e8e7de1b32e7adacc

SHA512
938ff596f35dd0c0e2eccd78bb687e6b03fd5cde551f7bab6c7ad8810e893f908829c5376aa55a06beabe229efe85e40ed0545213332785a1cd22a5cb2b7fc7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d776ebc00ef4edefa2e69e1265a2036d

SHA1
6d3a8301078f1b2769a1673a285c1bf6efadab5d

SHA256
22257ec6f5a856bd25d2797580ed835334f0504a565e2a0e96c07a799888baf5

SHA512
6f7820e49eab3ac24d84da7d331c104198659d636005e666eb44d20dbaad83563092771a45c4ac745e3dfa9f9749908bde5efc114d9362c941a342e4108ba839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
4319e2bd59f2018816abec8ee345bea5

SHA1
4c74759ac9337ae2700cfea771581f6f049b62a2

SHA256
cf7cd532b7c0d014bfe57391366f1a85646306f44e01379685708864d038119a

SHA512
15bf4e7cfbfa338383382e1d0f47c236278da8ff8f25ebd2c0679dc0f9c15c3ebef4051ec58c80f6fc5d10ea96522608e59efe29c2a54dbea0a5f61bf7d39f5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6249cd4785dcfac07afc18006082dc29

SHA1
fc43a683a2a2cb6884cfc8128f2f99dbb87e2f93

SHA256
bdd623fb8d96ffb9a24a29d600fa5061f374b1a29a25a99c865d3767a0273368

SHA512
aef010481cb909fb4d4e854d6d37f16a1218282802dfcfc01b02721ea8b52b47548db68733c065f735bc5d5535a758214a6f69b85c83a70c78dc25dade2290c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
c8894d6c0b14f032c5b89e32dcb5fa22

SHA1
06f92017c7b9d1dce758906fb749a98f2b11fe48

SHA256
373390b3a8044d1b50e78bf51f6b4cdd306b4a109a7daabdbae54fd503b82eb1

SHA512
c7102e5727ef88567ba96a26298136c9edcb37f17d6ca971e33ba22721b0570c042f1da8ecbc4951062dcdc54f007d5d5587eb0da6f99aa43e264febc09c181b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
a91b37e5c3267c9f7e592dd208c91747

SHA1
6f82b61f8fe7b2436ba1bc229c3c9c03937ff670

SHA256
fb97baba00f6e93f01f8cf58d6e6ef4f77fc559577cc9de9e016028f906e04a0

SHA512
dab15f81ab6b6f3dc89169714dfc81563f5fb4f9801e57e69019d9a4660308af7b8eb6449c1b2826be40e9fa7ddc2e63db2f2197689442f5b8225962d1af09d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
641fa10007a914786289565064544a6b

SHA1
c941e22e1b41b766abbaf7021eab23afb7995a6f

SHA256
c0b29f3f93b15364a0db77ec53ac5fc5ca967f7ec8bfb8a76650e8838e86dafb

SHA512
b613d1d46d417b3c1193d16f9b52a7bb763010302a7c0340d8c3406437711504c1c3a805997a0f9b52a1755c43200c64478e9a1a1a243ab62f0d8b17dad8b201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
17448885306c3a932a477cbe5be6b319

SHA1
76bfc35ebdc6a92a4b27051abd23d177030b43c8

SHA256
184f9d4dac765aec7dc451e35d08e690f32e60ab32055770013b60a565dde4b4

SHA512
a3cf18558af87c082d9a3e57f8777a685d172e2f439a7f052d61f569524baad1ac8879b2548dd8c24b572b79700152f788d631def6c29d0073377e5ed296bd6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
2de4a197441e1142a29d8db1a6265da7

SHA1
a79595f1c105f08349f8125e7520e35ff493af82

SHA256
dbe9db2a4ab074c9b421be1c726c0a21db881970479b84cfeca6e8e923bf1772

SHA512
94bf3c99f1b42a30a05b32607d9996eb8682624e97685b77b76532ae6f49155ee6385a98b507eefc134f7c662fc00df69322e5a88ea0c6088e6b1926a4c7cb52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
fdd8e386705e6d89fa16e3badc76d7db

SHA1
8ce9cff15b8c080c45f2f87547039b906e15bb23

SHA256
d97fd82f81dd006d61f695b72fb372cf6bf147aed83842c9013366edbb57fc44

SHA512
0a0796c3d75cd1c43708d2932b180e33990eedf446103e048b5f5be3978376f98cf93f8bfc2af6160152fa4032aeddeeeb39be95cf30affd6a0ed1fe3fd44aa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
b99b8c83e95287c9da51401f518a1b4b

SHA1
4d733bb2893f15a4a628497c8f19144a610a02d5

SHA256
47e4cc60b80aa0a31fb9d388f81163b3f6b3fc1f1bbb9c6a02aab1228a6b074d

SHA512
a84b221895bc7248a63267a2a4b0ce663346f0e2e8e163e365c05ecc2c3a87811f481c5d4ded699af1a54e28ae2ddb2f586715a533b01764c25902e72d63d1f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
e23fe043fa9c83578fbf0dc691e39592

SHA1
69ef2a72888f43e365bf742672e1ca3300f0218e

SHA256
72b145777821627c5296984d9034fc5792a01218cc461c723455c4788027d3af

SHA512
c2022be27a66feeb5d6b4dc997ea7bf50c69066d1871c81dc214edd1bc4006fdee1f0aec4e2e81e062a549c2108451315b6777902135907c2f1433253e1b2a18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
5a1dc23c1c265fb6a1b5e25ef89761e4

SHA1
4d00c5535732fd23bc455ec707d4a1cf1d688aea

SHA256
302716c9f6ca53744f951f861df75fa05ec3bc1d6ab8cb86be3c371389484cfe

SHA512
16bfea3afd1336f830d6a9fdfa5c16243c1a647ec6e48e5f5cdffcb90346731d6ba871c7acf16b9b38df4990a5ce58c1f8e927b1f9d56f47b1401ee412325ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
Filesize
36KB

MD5
0ba0e684f2726f73689554a6a52c30d3

SHA1
8fe9f3971f96d93e81d4ce39c04bb19181c87e15

SHA256
d5cc97b8269636bd51a148bdf139519dd03a5add98ff64ef3d94b9ac726b0ff3

SHA512
64e7d374c566021de2024744fe5ba416c9b676fb092ced2b19e5719e957cc15b3ee512e7f5d8d400434c480b0f07512bc929547e4b58f32cb730b6bc3a717d07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
d98b3d86076832f26c17918e6b2955f1

SHA1
b35defcc29b1b2b2c62efd0879d28cf502463d16

SHA256
1585262c12a64f9ee917f253be629a39310dd622c6872cad6dfe2d365ff85d4d

SHA512
09ebc79a63a640141bcedd4c4a9327c790fcce0f8971d3ef3d2daa49bff2050a2efe7d874bb54e43b2c78af2c0dcb0e02c59044995ed9662e2eeee34fbf2b3ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b2ad5.TMP
Filesize
90B

MD5
cdbeb44f0a990bd9fa29214af40d45ce

SHA1
07e37b1aeefb1546d9ba0b42a306ebad186059ff

SHA256
d8912cf4e97d32712616d36e63ffd26b50c9052d8d28ece2b6ba1451da612922

SHA512
822147ed15bb284d612b99631b6aca91d07b958d747634379ba135678477bac9c88ea3e5ad9f18ae67494a4770aa86feb3635c6cda5abacdb9d322ddc93d55d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\3ae087ce-fd36-41a5-befd-edfc8587d3bf\index-dir\the-real-index
Filesize
624B

MD5
b184ae2648e3bf76ea7eb46a06134c3b

SHA1
40b5179f851bded2753f38abf42a6d7a6aaa52db

SHA256
7c52a0bb0e3684c64ee8fa8ea8bdb6c33814bcc3d62dcc89a4f987af76c71918

SHA512
e900ff40cbf8cc389c33194a28c5bd031ee8f21ab2841a2b5ad1b6c9be53e100b901026750c6c4a7ff22f4451896d1fb8b717d35abe1812a53607aed16b5fac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\3ae087ce-fd36-41a5-befd-edfc8587d3bf\index-dir\the-real-index~RFe5f18ff.TMP
Filesize
48B

MD5
6fbfbbb889ce0e41a2602bb1cc40a101

SHA1
c50b6a51b90aa9f71441dc526de8b4e7d92e9407

SHA256
82bff503ac02a9a608ea4500105b19b4856dd1c51c4b585ff7d95b8c7a78af99

SHA512
fdae14358d712eb580075155ded781dcf4acbd112c200b1cba6b929b73272fdbd846408bdf1ded40d2ea4134237d5d9d674dcc67b1f9f1deb6efdd1605d2853c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\48f4d472-bde0-4b95-8f6d-917707c4cb58\index-dir\the-real-index
Filesize
72B

MD5
b9faf13b1116099c3231c42c67f09c45

SHA1
5d416ecdba4f3050051cc252f0ea029cb6b84dbb

SHA256
0c5e68feac52377276f85cb33e8961970e45c607482337f35c52c818a0c4439d

SHA512
15b9cc53daed491e352417d915503d6d92f3a90b2fadbd2134199a3250d38e58e0612283d94d8d871d86af4e07c245cb2766d05a343fd82ce2bf5e6d772be584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\48f4d472-bde0-4b95-8f6d-917707c4cb58\index-dir\the-real-index~RFe5eedb9.TMP
Filesize
48B

MD5
c302572ec5098d5a0f6e95aaefc2324e

SHA1
6c1c7e259825357d8cc31e93cd391a4ec3cbc1e5

SHA256
9f4b6c1154b368a39ff130ffc92838944e6d066007d68507ab2c5d5398986ff3

SHA512
35322e023f0fd44bede9860d4d0422a7e5ea496ae78c66c89c3fd9a41e2bee1485e7f261f0e99cb5f1ae827057b1707e519443b871f61c3b2f5d646998a0386e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\6de4c6e1-1210-46e9-b249-95b98246abdd\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\6de4c6e1-1210-46e9-b249-95b98246abdd\index-dir\the-real-index
Filesize
1KB

MD5
377fcd8de4c8bdd034f89f2790cae01c

SHA1
4a6f34f411a1b0b21e723b790c6f64f29c5472c3

SHA256
fcefc7b8482e9a0a911aba447f2be7ef39443656901aecced18adc40d448b2e0

SHA512
58f9502f2c157c151b7be1a2731b1e8b047a1015cd91e3da5d93df48780c5e6aef086204daee27d0c31f6ae7f2b86ce1cc99fa5d32fbf686f5b754de38aba1ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\6de4c6e1-1210-46e9-b249-95b98246abdd\index-dir\the-real-index~RFe5b848e.TMP
Filesize
48B

MD5
676e68c601bb868a6d4eefdbef751ce1

SHA1
c2b90721ecc2170991f8752f66fee5cc2cb191e2

SHA256
7706da5747c973c29ec643198f5b842c33e5bc55aeb8996af4af185bd1c1b262

SHA512
45b621664ebd2f5a67b2f58f86ba9a253434420264cbf551f5fb2c55821fc0ef4504fb56d1b1ce2759e3352e9d82fafd648bec46d0abf11434004189b6c7dd53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\f1b27e44-af8a-48ad-ba0e-961afbb0e20e\index-dir\the-real-index
Filesize
144B

MD5
048879c3132723337bfea3eb12567088

SHA1
922f9b276977f26b97a5635619fd579409d76654

SHA256
731ab2855dcdbc9278435166f41ae44205942fe3a4304bc5f59442a4e40963e4

SHA512
ed5165422f0671f8ab42198868d96dc49318cb956d91b921bf3f34a79b505e0d7cd536c01133c71fce2f103b7361739f9a5b2025a56675d0ae51b49faa3327a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\f1b27e44-af8a-48ad-ba0e-961afbb0e20e\index-dir\the-real-index~RFe5eee84.TMP
Filesize
48B

MD5
e7386ff9b41a68bd2ece3ed974ef399d

SHA1
dcba0bbb80b593d7e54750a8d70a44ffd4464d8a

SHA256
3e813d190fbaeaa1a6e55182ac347a7734abce591e217e5b22545481b7c08f3d

SHA512
e9c2e0b3878614a3786398d94fef4a92d28e135f236a9da8c1cd80df3e42dc815208fb900a9c755a9f7009fddc2fbc81e7e3095ca86aa3f2cf7864246d9c39b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt
Filesize
176B

MD5
4442a3f31d635973799546e3ee319774

SHA1
c0899948da38e16c276afcbc479d316ad68c8e10

SHA256
f0057e9025810be6e4bfa7d7ed385178f2a26a4a766513c8f90d92d0134d2f55

SHA512
ce821a328ac92a41daa7cdb54335d2305ecf7b3d45558aef2ad1c4ad1331250d0200928bd5b0b63eb83133a4230ce72faaf3428452a1e97996dbd926cd00b1f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt
Filesize
241B

MD5
7ea903b0637ce3fcc990a72db0c6853d

SHA1
52e27f9e6f5196d7300ed81583f526c9a7198915

SHA256
30f32abdd7b322d45632b8f0dcc40f1a48c4d04f6160efc41ca97123bb432d85

SHA512
fac803e38ea5f0348d7d7e811484166a3b2be2fa1be9caf9e03a278cff9dd9058d893ade85ee39102548363517b8c3480d4a2cab23d7564ccf6aa3d3173a1cb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt
Filesize
307B

MD5
e94cd8636956a668a93a77ef1fe69fa3

SHA1
f13b4ac0bc50da2e7ee6866e10c9605b26e93533

SHA256
fd0ab4c85adced46a48cc14e45dde8acb39ed1ff43097bb4a647b65dbcbcd0e0

SHA512
c87775e15a931df48903372fd239623b95bb287d97f38952de5e34922cdd2c1a5f3de1ff906d60ea90e39bb7b36eff2c2dbb29c1ca20d667773b70e872abd216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt
Filesize
115B

MD5
4610016bcfb1a140b2bacad42df4120e

SHA1
1144acacd81360e00eb0ffcc0acacbc293f6067e

SHA256
ab4dc9fea64ea5f0beda0f9237a75e46ec235f2203b2aa0fbcc941b92ee0e5be

SHA512
fcddda0ef516cd7855e8f01a8fdfa997541b596b3ae1947255266f580a2eff21680ded4148d81f7f4727806491fb6f74d75f8a092d0742e713a41ad15b66bbf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt
Filesize
302B

MD5
a9ab105447c7d7f62e2bc98ecfc1abbe

SHA1
f96b5def8daf095b7f746ea1a9a3651824fc3161

SHA256
b3259aaff24e2d6a90999c388203ded3fb755c6226d01fc24d0535d4ba3a817d

SHA512
ad52645056035ac4134280a2ac808dccfb6904ff18691a66cd8cb98a46391a3837d8fb720797049a352ea2d3b43eb23aa289c2863bf5004192240ea16ef6b495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt~RFe5b84bd.TMP
Filesize
119B

MD5
16af2c71cda84658382f638519d01200

SHA1
c54bd9f4e1d280034f1143be1b02d3b015d1b3fe

SHA256
28e05ffc586ad36187b58b84774fce7093a4f85d83dbeb5c45d9230cfec92344

SHA512
ee0e8f4501a7caf0975ac25dff582dcb7ef8b338277bef04ae615593d58e311cb077b357060fc23e2f32026e35bc1736d5da03f8d9ad92a82e9dce40e497ff93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
7a663a9f556e493d9057d89bd1749099

SHA1
0c36895dd4a9590ab10013b8eb43525e374a641c

SHA256
99fa8784cf97e141267b617897bfca0eebc813f4ce9f8f747522d4cfbf9e119d

SHA512
7f078b9867777c93717b34d6ae026fddc3fcb512357468ca12cbacfe92a1289843d9a78c68ca0499610e54e4fd1a113ca91c91ad4ca150d40944ed67754a154f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b7f6d.TMP
Filesize
48B

MD5
73e53ea58340e6d02d7e20b2bd86fe06

SHA1
04c871c2d7517f605e7c0893bcfc5725ac054507

SHA256
7f46072c8c343e1707a66ae5f8e04d54a3e9c4a864815b8dbe96342f3db06f1b

SHA512
f06f7d7d54d4fc6453c5827ceeac5387cea0ac935061acd87d3d1b1c0ea7a467b2379e45a81df183a1001ceaf0ec44de1b25d04f626eea55fbc81545ec546bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
538B

MD5
ed64aa5d423d8dfe03f6feb9c39c7cb0

SHA1
603992771d364103e703e893d73485e1e0ff35c8

SHA256
a402330407de8787c38e73d04d37867b00ea71f710ab5ccd02cf360bb6a16fda

SHA512
b454e81c366c574c5ec9b501204b9f15aad563027a8f7c6a9e36c70c2a84a34f9b7d8a8770780d3c48dab5c5345423abebf4b26a0c1955efbfc974bc20b85d22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
322B

MD5
ff3098e7bab11e010f805ca810b96cbd

SHA1
bbe12f63d3e5a2f953353a91ae72bcd9053615de

SHA256
bbde43dbbed76940c922b014f77ea9e6e8cf386ae8ab9d71ae820f0be5a89264

SHA512
c8f892c49fc981269a260da45878c67c636a9122c1b847c3116965dde0bde4cc1411a5fc758cd9e0753034abe3b52bed6cacb2f873c8517705f14ab8a392e25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13361177163700698
Filesize
1KB

MD5
f41653d7f180c0510f3d9825c95fc2f4

SHA1
8c9d37d5d735f381af58be7615c5a4270aa34e75

SHA256
39233026d5a239753c5cbb915bc2b5ca793210e2a2b3b59b8fd7859f1766f92e

SHA512
21869905ab84500f75123adb164c6a520766364c3460f4993b549dc5219ab71b4ddb9466b289b5c0126f179db1b2e121d3797c8a32816190792b9ebed22eafa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
7b9e99d4f13e68a747918f238010723d

SHA1
77ad0cfbe6d23adb6b464248e0903a69b260ad9b

SHA256
ba7e901306b8d596aa315bd22543e9a972cc7afcf44dfb90df0bc7d02727107c

SHA512
07af588bedf3701ecbb32b2b1d5708dfb9789ca1fbfa0b1eb01f588ff1e50cb16eac7f94c1885adfd12b74a8b8226475ad9bd0b42f88064a419d017c2d824e77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
70c86dbe367c57dfa218ebe36b39d1cc

SHA1
b83efd3dee403c46c7026c80e8d7ee7e10bdacfa

SHA256
ba4be61d027156a0abfa986131e762155dc94bcca6e30032f99e65c82dcb2a47

SHA512
7f95ede674d0ffdab04251758ddc50ec2a753884df28da94503b270df68a62b004078dfdcae7cf0f894f62dc0994ed9b5eae55277bdbc347a04b18236a6b2632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
ad706dc31927b102c56874272ec02dc0

SHA1
0db69b9ac565ab51a949eb6ac8c543d9f37b9892

SHA256
3c11e9a0763f062c48353bcfed2cd012395bede7a87171c1cd424f05ff80b541

SHA512
5ba1f12f9608c40731160170cb346d00937cee7e289418c4720ea6cc1c18ef604c8e04ae6ad58cca88e70c2779f3e0355d6079e5810cee3b5ca0a6ba5b2a436c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
ce7233c4bbefd2d57e43f5b61e35102b

SHA1
2297fc744f0a0b9b2249d8c631812e2b1e8d2be8

SHA256
4e71f4597d4f91928f63278884dfe7acac6fb3009a9a152b2ac8b47aac93a879

SHA512
3cc5a313e5757b08f44666eba7b959dfd03e5af4fd4ff02117e2d80d1bc65a739c0f8d7bd0f78976a56835df9b95c76c5c0a6c2cdb94b1f90e6293a9e7b81ad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
9d86f10f1a83d746c9bc72b51077caab

SHA1
6f2d74d7f5df782244bb402bef457dba483fef5b

SHA256
424dd23f9e6b77c4ed9018ba0752e50c18851e8b785195ae2d09902429f1d59a

SHA512
bec78a005535433686433f3cd8ec3496a0c47c89c82a3b809835581339e4898a2e7938b42b402143ec9585efeb503ce723d84f06a72fca5b763051e14c21c657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
fcb6b0e9eeafdcae77a70db625ddcfd4

SHA1
cf634a850913926cd28d32fede5ccb2be5adb2e1

SHA256
1b96dd7b2a76085db041575e0d9413d7349ee5e6a800edd71ed612cb1e5a9144

SHA512
2f7fe545bb727c0e0fe335a3932f97b4da2a3e999b756bb494ad00ba4b53ad31573c36968cd3a7de0cf1b786de213e9f1c3576cdac9db185769af297008c5d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
b44b34c98faaf9c40fa36cf7f90bd9db

SHA1
9d02bdd5a718211338abe63569606e9d8c9778de

SHA256
692b9ca93af798fc9332a12139e41c4aef376d3ed852e73d0045a38257082f9d

SHA512
187a141fa53ea31e2ea8191b3646635b398c5b05dfeb2148933df14ab973d4dc8945a17af0380f9be6f0db24ad02e7a779d4a88ed3858b5c0aee0a34808a03a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
31b89c6378df7ab51dd5afc9e11810e9

SHA1
79210756c3b77c707c87ab24c5c2d19b109bdc0d

SHA256
0745569547a9392aeee3c4968c039a0b2401cd627972405316804688592339eb

SHA512
158c404835c7a76c6e3e6fa6223e8963c16cd15f767bc3aed65c073903ff7549f80d91de552438310a2fa4e85af1b6dd6028da91edceb1e0116814506db8f1d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
93929bc2209166eefc877e6ed860eb70

SHA1
4d0b194b17fd2de2a5ac99a86a5e438f98a5f927

SHA256
3bed15066b7485adc3738780ae61b34e18554cabee7f3934ee7a7a9f81014dac

SHA512
e82c9bb3e30473b94f47c2a8094ef98a037f934c381fc12cccb5187f3f08cf188d2eab5ef18fa6b8fa6cdc2c8a5f2d23087692c33be9381e9b6a97abec0ef1c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
128362ea472103990a8edbe4d40afde8

SHA1
92a9b620731626efbf9bb5d2b978432af1ac2987

SHA256
c441298a26709f8e1fbc9d0c1f2847a7383c6b5e837d722aefe28908d79db081

SHA512
ba82b5f37b13e5fdfe6350ab90883639b0b8a3f7ff146b9b9d1b6f17af8941bfcc19cb064c4ebfb20d22e31169bd908378d3f14108ecea2f6548e8a2e898ef4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
322B

MD5
06b8625741e934d6f79ade661e73e34c

SHA1
ab207ab19e326a3f9582d5164613cdff35f398f8

SHA256
78b1d0bebc4b3569e059276b4f273ac5c27443b2cec9bac4a6ec8a074952687e

SHA512
a3500cc10c069f595581511e1184192143095e5268dc7ab5861b7c0e66e5ce46bf183828ab5e878219052efdb48e0eaba779f85fc5a05b735ed07b2f87f685eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
340B

MD5
80022df81b7b201a17403ec7512a08cc

SHA1
de29d78d67f553964701e5e6c7db01147c715adb

SHA256
bef9b278674737afedc1a831e7c515c65e6ae0dcd7488083b8c042dab94e6000

SHA512
997dff17e23a783a247ba49bfbcf1a94647d73c0b49ed4952017c3778dbf8fd142a58d1d83c5e605b6e5b972ffe01aac5d8feeaf392df0e8483d9108160f3848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
0332f04e9cf78901f9a1b92659985b68

SHA1
710dc861513acb4b1cf50a7e66ed6e1bedc0b208

SHA256
e552ec653ed59a6b0453efff36f671e6638c5ab66640ecc405808381d1c2bc63

SHA512
dcdbcf2d99db7cb047705e3101a6cc17043acb2cdecc84af87c13322db4d6f19e0165532b47bf4dec3d10949efb4a19e6d092610bf28938584de1694a7bfa566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
5d6e247e7d5b89ec4df636153f55249a

SHA1
cae12e1b00dff73077845cbc24e9725e4f6256d8

SHA256
851b9ac9589786255bc68861666b99ba65490db22ba6ce5868779e1778dea864

SHA512
d59a7c37a56de2d393f28f46b809eeace82eab31c60c569bbbf1d3e19e32bfcf4ae78b91bcac1e98856dbee24b26c40fe9002c0da48b3bb51039da4326b7aaf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
6f57440b346738ed65cb9f6eed85faa0

SHA1
bd1dd8ea06274bc54b0ce0d20710954bc1830b13

SHA256
d2ef7e9761bf2540e40f8f6dd0cdb01111c69cf9c1d7b8a67143f8a6714044e9

SHA512
7384d6487fadb4054df3dd16f7251eef41b766de04be78bce01c154fc5f5726c28572bca1efc81ea3ac58273ee5021ac1399fe3811c421495a72875b4a9c405b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
af39535aef2f57edd5db6732911c1be8

SHA1
c68161b515ef718c7ac02c3d662be4ab5b84e981

SHA256
cabee79c81556ff13c4836f6410b5cf8d1f69a5dc1dff1aedfbab46143888ab6

SHA512
a153048d5d95e4545ba1fab4f9e180f66d59574817e24317cf3ff0824c631ad2c6e07e0ab7fc1d28ca7baa5ed7b5f3230dce93477f6f3b6ab800249bc35ebb6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
4fc2eb7b3800f878a670e955a4749582

SHA1
025d10d33b5ec70881d6687a9de78ba9f5c4b1a1

SHA256
bd0d4027586fbd383522b20ca1f312d65bc373587092d0f028ae76fd84717b36

SHA512
a2d7142af58d938b4d341093d025d9cbcac22244e8301dba65a04bcb5b7bfb9c5c31f79526bae130612913a53ab1520281aac267e75a4af994cce0de4a4c728a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
9575d3786b0c10cbb7f8f978c958faec

SHA1
1f532a04e0489c9f85f32821f522737ee20f7274

SHA256
f48a0b176dfb01194d0266a6ad2e7e502ec32bc6a30674dbd100b1922bd40185

SHA512
846e6ca8d34235c7fcd276874091e295d65ca8f81ad74c84afeb07930c3f8373769d0605ee46ac0d8b7e24fb4cde708ac93b219516ab35b5135b3b9133d0011c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
ff2efbfff977b8e675c3c2b8b4ac8dc1

SHA1
1bdb9c479d3f87c4b356cec250777358aa01e90d

SHA256
e3c8a42ef2ac530e72cc5b7562c6b0b77eecbf422836c1cd9f1e7a4c0a153fba

SHA512
c810024af4a73783a4d34801d4f5343b90d5ecd0f2e6ce8577b5b9e29373626b513c9e8d445b84f25dd4f457409698ada824cf9e915923c72eba1f9d82b7b514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
48edce6be70d172dd9735b071e20c11c

SHA1
729657beaf10fddf6f47dc7e0647b264c581f44e

SHA256
e5405bd198a2da059004bf823bdc893d7cb0d88c4000c295d286a3c2f909f59b

SHA512
94722b98d65b0fd0394b09da464d3955818921e1d9688320a6dc24fd8141a3771535af99a75f1570447359e317da29d2def5de4a2188b0299d5cf202a0c28849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
f355d9f87648413fa9aeb3d3c3b2a4e8

SHA1
c73a4ddfd42dadf4ade29b2ec350321475dbd91e

SHA256
bd9a71894398d425ec0dbd7fb523a36bc548ad0305af0307335cc5dfdd187c2f

SHA512
ccc6ae38b8db40fc4b2bf53029d8b5d927f2eb7217f21153898fa5416cb5b5ccb8c9dd03c6f68ac2b70006317125568548c6e496bf6881826fd9e15dd348c9ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
32dac0cceba7eb1b59e1803f5e6c6a54

SHA1
e8c8571005f7b1e57994d7008401b892e8be33d2

SHA256
97231a469a544e98beef99115c23504ec2e103893681104a03fb6eab783c8af4

SHA512
1ecc6c47ed6cf743ad009aa626b35486980656a6301a518398d319c160364576e19736be70ac49b384590fc086660db9475c3d5683e31c44bbb0b8ab30a4a2fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
93784837aec10288df12ade1926773b5

SHA1
0c67c76c4bf0714f90ac4a96f06d4fc662831246

SHA256
ec28b36982ec6c562d4275c93698d596430af4755f7a687a907cdf70a2641e1d

SHA512
382d312a19e625da62cf9a66ef76465ff179a48f459b8051946971e765c6bfe112eb220b0ef4937f9ef3ac1ad2ebefa230c08a00a90320d521fb7bd2ca3e2cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
9e4dc2b75523837029436642739a6614

SHA1
6c6b70345c8f1b34459d36b9e69bb67d44457b23

SHA256
da1a20b3bd8d33f28fc1dcfba558fe9d526bb6747b23fb67f0feb95775ef1011

SHA512
41f50fe936b4fdbf07aa73423c7d56352586d38c1f7ade7a394d5ddca9ba4cbdeb7fe14e17676b782a4b1c380e232fdaac00a2a3a2ab9bb49458753b263d2bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
c2520e2062daf20e5b517da950eb0ff8

SHA1
028049524697277c477036210727a812d6b33dd2

SHA256
8f93f4fce8c6d67a20b98223aedecb9c26022fa6cd0b7bdbc76ba784a610bdb2

SHA512
e40abe43ee855c8e7e1ed127b70fcb79d5bcf5def0bbbf9df0f369aa831218c92ccdba956cb28cabe4f376d8a703cc0e954ea06340b6d52304a91b3eb31f8fea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
cac7f4a48291816ca9a5af3cadc8c3e2

SHA1
40827f31a514bd42bc0b5908d94bea46e7073a62

SHA256
ce807b3c211760448a8db53d5a453e8e157ac56005015d05a79cf0c77a7870ca

SHA512
dfb9e5ee8f229fcb6d7f105a9a708945c3d7c2b6e5de589a93e019a3c1809cbb0f5ea0e3def1fa29638850f8a9dd06c113606777dea2ad52fb28053220c39369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
8b2449734930004c402af01d8bbd7f7b

SHA1
dea17903ad6ed8d16243de31114c646886ae3edb

SHA256
be4905fd92f1c7a84aa294447be1afcf81ce787d49e77ecf4e731e318a91ccdc

SHA512
3c6d35df509848a98b078b31cc0f33d8438e02862e90039f790a17636f469bec16055a774fc2f9c74b914ec561c21f7a067e64e21e793d5de2c1b296e1f04275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
31a7c641725e43c82e0547fe1f78daee

SHA1
d77482094a22aefa52e375c24924f97ea43e8c45

SHA256
7302d59b82771d56a1f44ea4a8ee62d73c9ebf454ee5b5261cd79292eab9588e

SHA512
3f03b894c673215e2cf51e5a0e8ca82afccfb4426f0bbf72f40037ef2c549d6f1f0a224dee056f08160d6a03f8e9306fbe79f9a150febcb9bbe525e30abcc4e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
6f2eaab449f52868601f5a56c7ebc8ac

SHA1
bbf74eaf9b91be0d7eac8377ccdb449c0d2cc662

SHA256
f3b5d57c01d8e606c9c8fe557ceea6ec7e1c47982b8f929b6ad054186fa5ebb7

SHA512
8427d3ab98ccb5b4328413b9ff171b2db3b4290d024834feb26ed858127b611be75ea6cdb64920b4b35d587c4c1c1bc827702d984b14f38758726b3b7cf46b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
98df23f68582120cf33584a520f0d88a

SHA1
ed3fddad45c46851f102f87c30ecff4a46677876

SHA256
b8e77745978a6c46cd31034f5f3a6e1273e9607bf159896d0ca69df4408872ca

SHA512
9baf4f3080b01a2bc2267f00a2d028ebd38fa7db2267ac8bf85eb4ea5ccf583428d67c8afe4feaab0bb45ea959f9ac25eee07f12c52fce339803e93375ac4d83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
7d5054af55d494fa1c874a2ce37801e0

SHA1
d51aee5367899eeea0467330538d6030c561a12f

SHA256
acb37be68177e703395dd5f4a5d31b457ec12b33508a2493f89a2294faa29dd6

SHA512
c9a38944ff75d2ec01f32cf72ac619bdcf1df3eacbf4448380138c08ebb8b1649cc40f4c8e70c701c798aac7ec15e17599fe77bbcd18b8fde2837480bbb76419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
d9c1fa9244889adfd86114f0e3b1c723

SHA1
c152d36316d86569302140159e539209307096b1

SHA256
5e92e7e751e5bba85e7d60c6ee2faf18fa1f73c42a26fe118ddb8c6ca0c8dfef

SHA512
7383152f9bde218d6de0a3f3e96113968948f8adbb65610a73cc01c81c9f6e87764b90233984797594cb59dfc8f67b1c37e091b91f3817be5f1f88bedace0fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
9c7e26e6233d54bce529a63bd46b0605

SHA1
472b078faab85496dfa7b053ccac8ea8b1f216d7

SHA256
e20eebe6129b27387274b3db235cbca3ec36e369f9f76d4dad75f7b9562abcd1

SHA512
04cf6f87d28cf984d28e2ce2359021aa4bf3192459bc149e1372637cac6b2b7cdb7e20cc18640e6f8c85e5b425bc7e038c0bcde7b233bef56b7519110a05163e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
5065215d71a852928e38678cb624fe19

SHA1
3cf5fb4e46c8bfcfb4660fc5a417f9333cb0d142

SHA256
7c4f8809e4ce65116a53419c1a49b5637e03745e8c82c7bfa8607e89e4fe2e53

SHA512
38ce5984136c1cc221cb6008579f5ef4ef6bccf1c793f4f76d03a2f8f8bedf39f742f74130384402088ae9ffe8bcd0d897e4a7a1a34e84c84a415be0cf234f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
df46eb1fe5d54a0521d9965203a4a9da

SHA1
e977aae1bb82f3d57267ead3b91df3d82d6d50c6

SHA256
6076a9ea8f52f5ad109fbe29f955ee052f626b22ee45366bfa83f70706744b1d

SHA512
5bc5f8d247ba164f1af6f4ae902906568a4e9baf05c9782d999e537730d8cfe443daac6f44aa246f27e9678237a4b57a7e8411e3c4fbe88e943525cdb2ae239e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
b11a15baac2a74995ae6f353e63723ad

SHA1
a64d549fa00962953eede6bb877caa60862cfbf3

SHA256
69e2381681ce85f320660228583f2ed1604b1dbfa90a69dde1a4853aca900778

SHA512
3406cdb89d03d3dc114637d8469f265d25857538e52f6f76ebd6272d4c79d51fbbb6c711e04605fb9ed1875ef870cd0ef5f18cf8accc5ace2a3ead72a3dfb8b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCDD976.tmp\sist02.xsl
Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Local\Temp\x
Filesize
11KB

MD5
1882f3dd051e401349f1af58d55b0a37

SHA1
6b0875f9e3164f3a9f21c1ec36748a7243515b47

SHA256
3c8cea1a86f07b018e637a1ea2649d907573f78c7e4025ef7e514362d09ff6c0

SHA512
fec96d873997b5c6c82a94f8796c88fc2dd38739277c517b8129277dcbda02576851f1e27bdb2fbb7255281077d5b9ba867f6dfe66bedfc859c59fdd3bbffacf

Download Submit
C:\Users\Admin\AppData\Local\Temp\x
Filesize
4KB

MD5
214f98cb6a54654a4ca5c456f16aed0a

SHA1
2229090d2f6a1814ba648e5b5a5ae26389cba5a0

SHA256
45f18ccd8df88c127304a7855a608661b52b0ca813e87e06d87da15259c45037

SHA512
5f058b05f166e2688df7b3960e135ada25bbcdfbb62a11da3cf9e70c08c51e5589a1e6ca2250318a694d27197f2c5ba1028c443831c43fba2171ca8e072e9873

Download Submit
C:\Users\Admin\AppData\Local\Temp\x.js
Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\z.zip
Filesize
8KB

MD5
63ee4412b95d7ad64c54b4ba673470a7

SHA1
1cf423c6c2c6299e68e1927305a3057af9b3ce06

SHA256
44c1857b1c4894b3dfbaccbe04905652e634283dcf6b06c25a74b17021e2a268

SHA512
7ff153826bd5fed0a410f6d15a54787b79eba927d5b573c8a7f23f4ecef7bb223d79fd29fe8c2754fbf5b4c77ab7c41598f2989b6f4c7b2aa2f579ef4af06ee7

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Word\AutoRecovery save of Document1.asd
Filesize
27KB

MD5
1bf3a7680ba0adf14be6ecf401cb5693

SHA1
0864ce5fa5e8991c844df684e5583d877465275a

SHA256
a81eb4a5f78f095cdddcc81f187d7e1c66d3c17da50eae418d2a8042d65b9f9b

SHA512
16f7a1030af343b3bf71a409dddb138dbb7690c1412f0b1e7db6b2ede38003334c936f35c2c912cde3c8bbdc66e60f4b5a554625ec607c6203abc910b7b59965

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_4728_BFVWOQDVQMCMSOIJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3400-2203-0x00000254BBD70000-0x00000254BBD71000-memory.dmp

Filesize
4KB

Download
memory/3400-2208-0x00000254BBD70000-0x00000254BBD71000-memory.dmp

Filesize
4KB

Download
memory/3400-2204-0x00000254BBD70000-0x00000254BBD71000-memory.dmp

Filesize
4KB

Download
memory/3400-2212-0x00000254BBD70000-0x00000254BBD71000-memory.dmp

Filesize
4KB

Download
memory/3400-2202-0x00000254BBD70000-0x00000254BBD71000-memory.dmp

Filesize
4KB

Download
memory/3400-2213-0x00000254BBD70000-0x00000254BBD71000-memory.dmp

Filesize
4KB

Download
memory/3400-2211-0x00000254BBD70000-0x00000254BBD71000-memory.dmp

Filesize
4KB

Download
memory/3400-2210-0x00000254BBD70000-0x00000254BBD71000-memory.dmp

Filesize
4KB

Download
memory/3400-2209-0x00000254BBD70000-0x00000254BBD71000-memory.dmp

Filesize
4KB

Download
memory/3400-2214-0x00000254BBD70000-0x00000254BBD71000-memory.dmp

Filesize
4KB

Download
memory/3892-509-0x00007FFEC7550000-0x00007FFEC7560000-memory.dmp

Filesize
64KB

Download
memory/3892-507-0x00007FFEC7550000-0x00007FFEC7560000-memory.dmp

Filesize
64KB

Download
memory/3892-508-0x00007FFEC7550000-0x00007FFEC7560000-memory.dmp

Filesize
64KB

Download
memory/3892-1026-0x00007FFEC7550000-0x00007FFEC7560000-memory.dmp

Filesize
64KB

Download
memory/3892-1027-0x00007FFEC7550000-0x00007FFEC7560000-memory.dmp

Filesize
64KB

Download
memory/3892-1029-0x00007FFEC7550000-0x00007FFEC7560000-memory.dmp

Filesize
64KB

Download
memory/3892-1028-0x00007FFEC7550000-0x00007FFEC7560000-memory.dmp

Filesize
64KB

Download
memory/3892-512-0x00007FFEC4DD0000-0x00007FFEC4DE0000-memory.dmp

Filesize
64KB

Download
memory/3892-511-0x00007FFEC4DD0000-0x00007FFEC4DE0000-memory.dmp

Filesize
64KB

Download
memory/3892-510-0x00007FFEC7550000-0x00007FFEC7560000-memory.dmp

Filesize
64KB

Download
memory/3892-506-0x00007FFEC7550000-0x00007FFEC7560000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads