5f6a8f0e85704eb30340a872eec136623e57ab014b4dd165c68dd8cd76143923

Analysis

max time kernel
854s
max time network
846s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06-06-2024 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VineMEMZ-Original.exe
Size

39.6MB
MD5

b949ba30eb82cc79eeb7c2d64f483bcb
SHA1

8361089264726bb6cff752b3c137fde6d01f4d80
SHA256

5f6a8f0e85704eb30340a872eec136623e57ab014b4dd165c68dd8cd76143923
SHA512

e2acd4fe7627e55be3e019540269033f65d4954831a732d7a4bd50607260cd2a238832f604fa344f04be9f70e8757a9f2d797de37b440159a16bf3a6359a759b
SSDEEP

786432:1fhwEXgLYTou24XbHzjkgV5bQAH/AbkP1hn0qPQPrhBPC7wYqljbdPIa:dqgb84DPn5vhbIPdZaWljbdPIa

Score

8^/10

bootkit discovery persistence ransomware spyware stealer

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	tv_enua.exe
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	MSAGENT.EXE

Sets file execution options in registry 2 TTPs 14 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shutdown.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe\Debugger = "rekt.exe"	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe\Debugger = "rekt.exe"	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonui.exe\Debugger = "rekt.exe"	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shutdown.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonui.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger = "rekt.exe"	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe	MEMZ.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	CScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	VineMEMZ-Original.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Deletes itself 1 IoCs

pid	Process
6632	Installer.exe

Executes dropped EXE 11 IoCs

pid	Process
3064	MEMZ.exe
1628	MEMZ.exe
2212	MEMZ.exe
4632	MEMZ.exe
1380	MEMZ.exe
2136	tree.exe
6632	Installer.exe
5292	MSAGENT.EXE
4248	tv_enua.exe
7748	AgentSvr.exe
5348	BonziBDY_35.EXE

Loads dropped DLL 17 IoCs

pid	Process
6632	Installer.exe
6632	Installer.exe
5292	MSAGENT.EXE
4248	tv_enua.exe
7468	regsvr32.exe
7488	regsvr32.exe
7488	regsvr32.exe
7512	regsvr32.exe
7552	regsvr32.exe
7660	regsvr32.exe
7676	regsvr32.exe
7692	regsvr32.exe
7712	regsvr32.exe
7728	regsvr32.exe
5348	BonziBDY_35.EXE
5348	BonziBDY_35.EXE
5348	BonziBDY_35.EXE

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DesktopXmasTree = "C:\\Users\\Admin\\AppData\\Roaming\\Data\\tree.exe"	tree.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet"	tv_enua.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 8 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	Installer.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\msvcp50.dll	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\SETB5D0.tmp	tv_enua.exe
File created	C:\Windows\SysWOW64\SETB5D0.tmp	tv_enua.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Data\\Pussy.png"	MEMZ.exe

Drops file in Windows directory 55 IoCs

description	ioc	Process
File opened for modification	C:\Windows\msagent\SETB6FF.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETB572.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentAnm.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SETB583.tmp	MSAGENT.EXE
File created	C:\Windows\INF\SETB5A0.tmp	tv_enua.exe
File created	C:\Windows\msagent\intl\SETB597.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SETB58D.tmp	tv_enua.exe
File created	C:\Windows\lhsp\tv\SETB58D.tmp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\help\tv_enua.hlp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETB56F.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETB571.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETB585.tmp	MSAGENT.EXE
File created	C:\Windows\fonts\SETB58F.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentSR.dll	MSAGENT.EXE
File opened for modification	C:\Windows\INF\agtinst.inf	MSAGENT.EXE
File opened for modification	C:\Windows\fonts\SETB58F.tmp	tv_enua.exe
File created	C:\Windows\lhsp\tv\SETB57C.tmp	tv_enua.exe
File created	C:\Windows\lhsp\help\SETB58E.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SETB56D.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\help\SETB58E.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgentPsh.dll	MSAGENT.EXE
File opened for modification	C:\Windows\INF\tv_enua.inf	tv_enua.exe
File opened for modification	C:\Windows\msagent\AgtCtl15.tlb	MSAGENT.EXE
File created	C:\Windows\msagent\SETB570.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETB585.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\SETB5A0.tmp	tv_enua.exe
File created	C:\Windows\msagent\SETB56D.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETB56E.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\mslwvtts.dll	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tvenuax.dll	tv_enua.exe
File opened for modification	C:\Windows\msagent\intl\SETB597.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentDPv.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentMPx.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETB572.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETB573.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETB573.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\SETB586.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\Agt0409.hlp	MSAGENT.EXE
File created	C:\Windows\MsAgent\chars\Bonzi.acs	Installer.exe
File created	C:\Windows\msagent\SETB56F.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETB570.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETB583.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\SETB584.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SETB57C.tmp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\tv\tv_enua.dll	tv_enua.exe
File created	C:\Windows\msagent\SETB6FF.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SETB56E.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentDp2.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SETB571.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentCtl.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSvr.exe	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\Agt0409.dll	MSAGENT.EXE
File created	C:\Windows\INF\SETB584.tmp	MSAGENT.EXE
File created	C:\Windows\help\SETB586.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\fonts\andmoipa.ttf	tv_enua.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Control.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B2676D5B-8D53-4569-AF2C-A55A0D90C132}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A7B93C73-7B81-11D0-AC5F-00C04FD97575}\2.0\0\win32\ = "C:\\Windows\\msagent\\AgentSvr.exe"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B2676D5B-8D53-4569-AF2C-A55A0D90C132}\ = "_clsAddressBook"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4900F69-055F-11D4-8F9B-00104BA312D6}\TypeLib\Version = "1.1"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6B1BE80A-567F-11D1-B652-0060976C699F}\1.1\FLAGS	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B2676D5B-8D53-4569-AF2C-A55A0D90C132}\TypeLib	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\Version	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE8EF600-2F82-11D1-ACAC-00C04FD97575}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F}\ = "IAgentEx"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B2676D5B-8D53-4569-AF2C-A55A0D90C132}\ProxyStubClsid32	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F68-055F-11D4-8F9B-00104BA312D6}\Forward	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\Version	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB27-9968-11D0-AC6E-00C04FD97575}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31E-5C6E-11D1-9EC1-00C04FD7081F}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentCommands"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\ = "IAgentCtlBalloonEx"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ProxyStubClsid32	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{159C2806-4A71-45B4-8D4E-74C181CD6842}\TypeLib	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B77181C-D3EF-11D1-8500-00C04FA34A14}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.CCalendarVBPeriods\ = "BonziBUDDY.CCalendarVBPeriods"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentAudioOutputProperties"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8DB2224E-D2FA-4B2E-8402-085EA7CC826B}	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{28E4193C-F276-4568-BCDC-DD15D88FADCC}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\MiscStatus	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character.2	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31E-5C6E-11D1-9EC1-00C04FD7081F}\ = "AgentCharacter Custom Proxy Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{916694A8-8AD6-11D2-B6FD-0060976C699F}\TypeLib	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE3-7DE6-11D0-91FE-00C04FD701A5}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\ = "IAgentCommandWindow"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\ToolboxBitmap32\ = "C:\\Windows\\msagent\\AgentCtl.dll, 105"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\ = "IAgentNotifySinkEx"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{57DA7E73-B94F-49A2-9FEF-9F4B40C8E221}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4900F6A-055F-11D4-8F9B-00104BA312D6}\TypeLib	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1DAB85C3-803A-11D0-AC63-00C04FD97575}\ = "IAgentCtlRequest"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}\VersionIndependentProgID	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E26DD3CD-B06C-47BA-9766-5F264B858E09}\ProgID\ = "BonziBUDDY.CCalendarVBPeriod"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{916694A9-8AD6-11D2-B6FD-0060976C699F}	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\2.0\HELPDIR\ = "C:\\Windows\\msagent\\"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\TypeLib\Version = "2.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD4-7DE6-11D0-91FE-00C04FD701A5}\ = "_AgentEvents"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB64DF2F-88E4-11D0-9E87-00C04FD7081F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\ProxyStubClsid32	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\ProgID	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913410-3B44-11D1-ACBA-00C04FD97575}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31D-5C6E-11D1-9EC1-00C04FD7081F}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4900F6A-055F-11D4-8F9B-00104BA312D6}\ProgID	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD9-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1380	MEMZ.exe
4632	MEMZ.exe
4632	MEMZ.exe
1380	MEMZ.exe
1628	MEMZ.exe
1628	MEMZ.exe
1628	MEMZ.exe
1628	MEMZ.exe
1380	MEMZ.exe
1380	MEMZ.exe
4632	MEMZ.exe
4632	MEMZ.exe
4632	MEMZ.exe
4632	MEMZ.exe
1380	MEMZ.exe
1380	MEMZ.exe
1628	MEMZ.exe
1628	MEMZ.exe
1628	MEMZ.exe
1380	MEMZ.exe
1380	MEMZ.exe
1628	MEMZ.exe
4632	MEMZ.exe
4632	MEMZ.exe
4632	MEMZ.exe
4632	MEMZ.exe
1628	MEMZ.exe
1628	MEMZ.exe
1380	MEMZ.exe
1380	MEMZ.exe
1380	MEMZ.exe
1628	MEMZ.exe
1380	MEMZ.exe
1628	MEMZ.exe
4632	MEMZ.exe
4632	MEMZ.exe
4632	MEMZ.exe
1628	MEMZ.exe
1628	MEMZ.exe
4632	MEMZ.exe
1380	MEMZ.exe
1380	MEMZ.exe
4632	MEMZ.exe
1380	MEMZ.exe
4632	MEMZ.exe
1380	MEMZ.exe
1628	MEMZ.exe
1628	MEMZ.exe
1628	MEMZ.exe
1380	MEMZ.exe
1628	MEMZ.exe
1380	MEMZ.exe
4632	MEMZ.exe
4632	MEMZ.exe
4632	MEMZ.exe
1380	MEMZ.exe
4632	MEMZ.exe
1380	MEMZ.exe
1628	MEMZ.exe
1628	MEMZ.exe
1628	MEMZ.exe
1380	MEMZ.exe
1628	MEMZ.exe
1380	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2212	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: 33	3036	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3036	AUDIODG.EXE
Token: SeManageVolumePrivilege	7744	svchost.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
2212	MEMZ.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe

Suspicious use of SendNotifyMessage 53 IoCs

pid	Process
2212	MEMZ.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5596	msedge.exe
5596	msedge.exe
2212	MEMZ.exe
2212	MEMZ.exe
5348	BonziBDY_35.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 3064	4040	VineMEMZ-Original.exe	89
PID 4040 wrote to memory of 3064	4040	VineMEMZ-Original.exe	89
PID 4040 wrote to memory of 3064	4040	VineMEMZ-Original.exe	89
PID 3064 wrote to memory of 4632	3064	MEMZ.exe	90
PID 3064 wrote to memory of 4632	3064	MEMZ.exe	90
PID 3064 wrote to memory of 4632	3064	MEMZ.exe	90
PID 3064 wrote to memory of 1628	3064	MEMZ.exe	91
PID 3064 wrote to memory of 1628	3064	MEMZ.exe	91
PID 3064 wrote to memory of 1628	3064	MEMZ.exe	91
PID 3064 wrote to memory of 1380	3064	MEMZ.exe	92
PID 3064 wrote to memory of 1380	3064	MEMZ.exe	92
PID 3064 wrote to memory of 1380	3064	MEMZ.exe	92
PID 3064 wrote to memory of 2212	3064	MEMZ.exe	93
PID 3064 wrote to memory of 2212	3064	MEMZ.exe	93
PID 3064 wrote to memory of 2212	3064	MEMZ.exe	93
PID 2212 wrote to memory of 2488	2212	MEMZ.exe	94
PID 2212 wrote to memory of 2488	2212	MEMZ.exe	94
PID 2212 wrote to memory of 2488	2212	MEMZ.exe	94
PID 2212 wrote to memory of 4032	2212	MEMZ.exe	104
PID 2212 wrote to memory of 4032	2212	MEMZ.exe	104
PID 4032 wrote to memory of 4300	4032	msedge.exe	105
PID 4032 wrote to memory of 4300	4032	msedge.exe	105
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 428	4032	msedge.exe	106
PID 4032 wrote to memory of 1932	4032	msedge.exe	107
PID 4032 wrote to memory of 1932	4032	msedge.exe	107

C:\Users\Admin\AppData\Local\Temp\VineMEMZ-Original.exe
"C:\Users\Admin\AppData\Local\Temp\VineMEMZ-Original.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3064
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4632
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1628
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1380
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /main
    3⤵
    - Sets file execution options in registry
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Sets desktop wallpaper using registry
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2212
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:2488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=skrillex+scay+onster+an+nice+sprites+midi
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:4032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:4300
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9699931719824213647,17196623854893623726,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
        5⤵
        
        PID:428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9699931719824213647,17196623854893623726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
        5⤵
        
        PID:1932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9699931719824213647,17196623854893623726,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
        5⤵
        
        PID:4932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9699931719824213647,17196623854893623726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
        5⤵
        
        PID:4016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9699931719824213647,17196623854893623726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
        5⤵
        
        PID:1656
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9699931719824213647,17196623854893623726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
        5⤵
        
        PID:4340
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9699931719824213647,17196623854893623726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
        5⤵
        
        PID:2004
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9699931719824213647,17196623854893623726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
        5⤵
        
        PID:1568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9699931719824213647,17196623854893623726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
        5⤵
        
        PID:1072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9699931719824213647,17196623854893623726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
        5⤵
        
        PID:2436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9699931719824213647,17196623854893623726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
        5⤵
        
        PID:4872
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9699931719824213647,17196623854893623726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
        5⤵
        
        PID:3808
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9699931719824213647,17196623854893623726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
        5⤵
        
        PID:2228
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9699931719824213647,17196623854893623726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
        5⤵
        
        PID:636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9699931719824213647,17196623854893623726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
        5⤵
        
        PID:5240
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,9699931719824213647,17196623854893623726,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5684 /prefetch:8
        5⤵
        
        PID:5480
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,9699931719824213647,17196623854893623726,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5808 /prefetch:8
        5⤵
        
        PID:5488
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9699931719824213647,17196623854893623726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
        5⤵
        
        PID:5856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=is+bonzi+buddy+a+virus
      4⤵
      PID:3512
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:1328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=fuck+bees
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:5596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:5620
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
        5⤵
        
        PID:5852
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
        5⤵
        
        PID:5876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
        5⤵
        
        PID:2248
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
        5⤵
        
        PID:6036
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
        5⤵
        
        PID:6040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
        5⤵
        
        PID:5436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 /prefetch:8
        5⤵
        
        PID:4568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 /prefetch:8
        5⤵
        
        PID:5524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
        5⤵
        
        PID:5948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
        5⤵
        
        PID:2044
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
        5⤵
        
        PID:3316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
        5⤵
        
        PID:3888
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
        5⤵
        
        PID:4748
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
        5⤵
        
        PID:3236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
        5⤵
        
        PID:4872
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
        5⤵
        
        PID:1864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
        5⤵
        
        PID:5700
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
        5⤵
        
        PID:3152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
        5⤵
        
        PID:4660
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
        5⤵
        
        PID:5492
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
        5⤵
        
        PID:1204
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
        5⤵
        
        PID:2948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5220 /prefetch:8
        5⤵
        
        PID:5800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5952 /prefetch:8
        5⤵
        
        PID:5708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
        5⤵
        
        PID:4696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
        5⤵
        
        PID:5448
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
        5⤵
        
        PID:1796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
        5⤵
        
        PID:1900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
        5⤵
        
        PID:2704
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
        5⤵
        
        PID:1132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1
        5⤵
        
        PID:1832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
        5⤵
        
        PID:2484
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
        5⤵
        
        PID:5236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:1
        5⤵
        
        PID:3032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1
        5⤵
        
        PID:1884
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8240 /prefetch:1
        5⤵
        
        PID:4940
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1
        5⤵
        
        PID:6252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
        5⤵
        
        PID:6448
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8636 /prefetch:1
        5⤵
        
        PID:6500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9212 /prefetch:2
        5⤵
        
        PID:7128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9208 /prefetch:1
        5⤵
        
        PID:5716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8828 /prefetch:1
        5⤵
        
        PID:5516
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1800 /prefetch:1
        5⤵
        
        PID:6832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
        5⤵
        
        PID:3040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9064 /prefetch:1
        5⤵
        
        PID:6396
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
        5⤵
        
        PID:6668
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7800 /prefetch:1
        5⤵
        
        PID:776
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8528 /prefetch:1
        5⤵
        
        PID:1800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8348 /prefetch:1
        5⤵
        
        PID:2388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
        5⤵
        
        PID:3452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
        5⤵
        
        PID:1052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8284 /prefetch:1
        5⤵
        
        PID:6508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
        5⤵
        
        PID:3704
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9092 /prefetch:1
        5⤵
        
        PID:4744
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8860 /prefetch:1
        5⤵
        
        PID:6576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8300 /prefetch:1
        5⤵
        
        PID:5108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1
        5⤵
        
        PID:7060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2448 /prefetch:1
        5⤵
        
        PID:4604
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
        5⤵
        
        PID:1408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
        5⤵
        
        PID:4328
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
        5⤵
        
        PID:4444
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
        5⤵
        
        PID:4672
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:1
        5⤵
        
        PID:5364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
        5⤵
        
        PID:6192
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8448 /prefetch:1
        5⤵
        
        PID:3684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9264 /prefetch:1
        5⤵
        
        PID:6984
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8600 /prefetch:1
        5⤵
        
        PID:5232
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,165276391407589324,4622469404788350567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8640 /prefetch:1
        5⤵
        
        PID:7072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=free+midi+download
      4⤵
      PID:2576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:4428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=bad+ass+mafia+toolbar
      4⤵
      PID:5460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:2364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=myfelix+download
      4⤵
      PID:2964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:1944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:5812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:5564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=mp3+midi+converter
      4⤵
      PID:2564
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:1864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=bonzi+buddy+download+free
      4⤵
      PID:2440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:5216
  - - C:\Users\Admin\AppData\Roaming\Data\tree.exe
      "C:\Users\Admin\AppData\Roaming\Data\tree.exe"
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      PID:2136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/results?search_query=tootorals
      4⤵
      PID:5536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=expand+dong
      4⤵
      PID:2868
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:2176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=succ
      4⤵
      PID:6384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:6400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=snow+halation+midi
      4⤵
      PID:2652
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:3032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=pussy+destroyer
      4⤵
      PID:6776
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb0,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:6792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=grand+dad+rom+download
      4⤵
      PID:3504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:6244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=cool+toolbars
      4⤵
      PID:6484
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:6740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=limp+bizkit+mp3+download
      4⤵
      PID:3460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=preventon+antivirus+download
      4⤵
      PID:5488
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:3808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=cat+desktop
      4⤵
      PID:7096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:6344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=smileystoolbar+download
      4⤵
      PID:6636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:6676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=cortana+is+the+new+bonzi
      4⤵
      PID:5856
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:6012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=smash+mouth+all+star+midi
      4⤵
      PID:6284
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:5516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=john+cena+midi+legit+not+converted
      4⤵
      PID:4392
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:6584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=animated+christmas+tree+for+desktop
      4⤵
      PID:6668
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:6760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=stanky+danky+maymays
      4⤵
      PID:5044
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:4744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=how+to+get+cursormania+in+2016
      4⤵
      PID:4328
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f0946f8,0x7ffe2f094708,0x7ffe2f094718
        5⤵
        
        PID:6248
  - - C:\Users\Admin\AppData\Roaming\Data\Installer.exe
      "C:\Users\Admin\AppData\Roaming\Data\Installer.exe"
      4⤵
      Deletes itself
      Executes dropped EXE
      Loads dropped DLL
      Drops desktop.ini file(s)
      Drops file in Windows directory
      PID:6632
    - - C:\Windows\SysWOW64\CScript.exe
        
        "C:\Windows\system32\CScript.exe" "C:\Users\Admin\AppData\Local\Temp\Bonzi\run.vbs" //e:vbscript //B //NOLOGO
        5⤵
        Checks computer location settings
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE" /Q
        6⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:5292
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
        7⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:7468
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
        7⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:7552
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
        7⤵
        Loads dropped DLL
        
        PID:7660
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
        7⤵
        Loads dropped DLL
        
        PID:7676
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
        7⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:7692
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
        7⤵
        Loads dropped DLL
        
        PID:7712
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
        7⤵
        Loads dropped DLL
        
        PID:7728
        
        C:\Windows\msagent\AgentSvr.exe
        
        "C:\Windows\msagent\AgentSvr.exe" /regserver
        7⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:7748
        
        C:\Windows\SysWOW64\grpconv.exe
        
        grpconv.exe -o
        7⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe" /Q
        6⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:4248
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
        7⤵
        Loads dropped DLL
        
        PID:7488
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
        7⤵
        Loads dropped DLL
        
        PID:7512
        
        C:\Windows\SysWOW64\grpconv.exe
        
        grpconv.exe -o
        7⤵
        
        PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE
      "C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:5348

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x30c 0x45c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3152

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
1⤵
PID:7696

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:7744

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
1⤵
PID:8124

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
1⤵
PID:620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dd7f392257954f1edc345932b4fda013

SHA1
d0a5ca70e532b852d9c37c2c4259486a0bd79b70

SHA256
c9720ed47a357c3b5d32205b62ea1d6bc9ef50fc38673371d26b1f31b493f5c6

SHA512
e694f8712d32c318cf9b64bcfcccfdab25aa5bd023f789856b3b40bfd58aaaa97cb49c76b21833e3c31dd31be6ca3418008d9d4613c55316a2066a525db0256b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1812c1eb-3a06-4657-be50-8813d7a35092.tmp

Filesize
11KB

MD5
77f4e24115e26842ec1da978eacbfb32

SHA1
6c4d2ca136d7368ada50941f96c9d0dfb9f550df

SHA256
eccbd257069b8a3c09df13c8ba21783c83ba4618fc805709f3644fafe2369789

SHA512
f0232fbc9d723932ed7b7d0f918a77aa230ede07a7b84bd2798893330ea32ae606f65f7e22b298f95a2e96028efd6aeb2d6181cc14ddb72311f7556bae9a0be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\909ace52-b47a-4677-81ff-a2d297da8338.tmp

Filesize
11KB

MD5
f120c919c0cdf6742849ab6a01e7e008

SHA1
30ccc6384b302f72add5b81cbbe240555ebd1ab6

SHA256
42ed818c045297b2e2663b53c2be0ea6790e47df7196dda8ea7d671da98be094

SHA512
b1c46240a24bc65b89b035931f16e55de3decc90d3b5b520ec65a3a60bedbf9f17ca99116c492835546b21a40fe660b25472c4dd4f8e87ef16094481f0ac2203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
9261e9628bddfd5166e4477e161e9aef

SHA1
b88b635096036a3bc987f4b3ef0273d28ab88135

SHA256
389152045a525a99456befecdfc1b6382922aca4f66a46b1630a5ff1304aa9b3

SHA512
ff786ce4555f941243bb6eebded5e9ea063a34e5c06b9dbe32b726eee0bbedae0af6a24d29a12e67aee2ed1a837bc6d0b2514324e5f2fa8f9b3398a6bf62c9cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
a113f796a1f13ff3f295926a780069f0

SHA1
2a25d62c8da9c72191fc9011ef98734ebe307af8

SHA256
1aba32f8b1b71fe398055c69bf40e95d499d70a02f20d4c7a6d6f57a03933b13

SHA512
142f01f672694cea4e3494dd9575b2c2f071447e666fa14be95d3015c0e78cfe9ea68a92c2b4507e2ec8a98a0cec77c70d8d0d6ec0b9bd3875d9c29aa4799932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
3c50c197c9fd13b0ba23cff3b34932b3

SHA1
cb71613817e2ac968ace70d48a9ddc26d060e027

SHA256
d8ad9f27b7ed87451e6adacde701eb4f9b543cd1c97c149c146d1c7f79aa67fd

SHA512
16091e8665ae7b628e6cf063a54bd106bd74a0ce61ed4e99255d63d086d5ab2890cfd72d98e5aa573063fac961092dfc208cc2edf73ead7df87c32debea3ccb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
6466cada0211f63cd62f170f224f92b4

SHA1
0fec0e9616497bfe34b97da79099f4a94a1286c1

SHA256
d2c0797c53aec34d09fcf38a6ebbadf0810913b48fa74f2f4b99d7497d8f75c4

SHA512
9f1b9980b4512999fb5e3b71e99bbd965308c4420d10c1e00a5f631caf821c306cba19716ec2c8a49ab8484357b4a8ea9cada5c22280ca6f4809e9b3ae42b54c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
69KB

MD5
4f9d58547367f284c0fa5c840c00b329

SHA1
afdf5a998830ad8bea4d57ad8cb3882ac911b43f

SHA256
3104d7911ad5190e95f4bcc647740dcc286325ca7a57f46510cd7970aeced0cd

SHA512
7d21bdf059b4cbb5a1203c8c7333ea91118bab3b6d935f59e7e89637eb31d2a28d69033ce8501431dfbcccdb6df1f05d86cc4d99af01c68270a5577b795eb350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
351KB

MD5
bff705b60aa39ad5064d5e994f70c131

SHA1
5be39cf9533db42b5f95e232e29538ff35c7b461

SHA256
99d0246e77ca23e5fada66a6be7e824f2cbb52ee2c4c520bba014007249b817c

SHA512
b34f751b38ac1d0a820a93a5305d8f6a5134b746fca9ed6bb018da222657b13df164911ef093c37f915bfd624217b7b0bb2af8ea9d6085708afe7636a506224e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
133KB

MD5
2332a5875d1bdd1c48c98abef5aa8b62

SHA1
e4f72f1b12ba428905af301eae3ba1918020811c

SHA256
ee34dd1bb74d33525605e9c6e888d82081d26a0696ab667f5819f854dc4566e7

SHA512
f3348c92815a3b321c97f7138bcebad8c411faf8620f23860fea2c591ba2b9478a045630a20a092ed7933771a9348fd17a3fd4908a0c04abe6b3189efd06f5a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
74KB

MD5
63d1008932f8b3d8ccd800dc3e1a6fd9

SHA1
a9a7033f5960cb0786e4aa3205be13a63f2923aa

SHA256
b1b773c1f65b07222f506f3e204bf6eb7aa3f263dd273c31683c9405f0710dc1

SHA512
f36d00b0f6d06f26815fc8475470bea1383eb1872558db0900bf91e680bfead05ec9844270bac917993016057b31fe599cbe1f15a09d856709918c7b76fcac21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
81KB

MD5
12f8cc1a83d8fe746844040686f24a7b

SHA1
7b3638d20c11ae74260d22ea828ed22317090004

SHA256
ecb1b7c770c1794ae5be7b3ca4a1fc238b979dc4fc6c8d4010688440698a66e5

SHA512
6bae74f1f896d33f3d06223af11f70db1c0d6ab850e54cf0dc0acc3d873791a157497b6a6a2a10aa04a80011b22c275acf165d8afb8f5b1da0332841d8d0993f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
102KB

MD5
79349c227a1b3655a2aded30cfbf8081

SHA1
bbbfc8440ff99307e69c36f63b8aa816023233d1

SHA256
d114d344c4f15d16a6969c30f22d610da1ae459c005745127dcc2863934dc009

SHA512
6a6ae6433151bb5e9b1fda1c8845cdc97ce0b573e54546273c76fa4edbd39e353a47b427864744d76ef95dc526cb97ab91cdf6e6f660858f48adacbf82daa287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
42KB

MD5
eb856afc582068f68bc3dbb589b19c70

SHA1
5e718b9c674105c140e72200cd901d6471097aea

SHA256
30592900de834802e07b665ebc13a6a495956d248c8dc23aeb316dd877e5a7ec

SHA512
60f55078e15e80ea37d389620b2ef7df5cc7fc461d24f59383a1910140e7fd9e5b2551816641fbb7b16e262b41173c72e1e33a119af6d9feb28ddaa49e771a5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
71KB

MD5
690fa0671cfc379fe518c8bcb0e32fe0

SHA1
c1212949751a1422b8a2b7d73e5068d089f63b05

SHA256
e71199611dcf359dfeca7316e56a7aaf5b642358597b624db2a6ea789d306c4d

SHA512
04c250e8149cf919aa7b12fd37e2647d5added48c090499b9d6cdfb6a7f661ce99570ca4385d1b77ce5fa9a6c05eeafe5a3e458d45faa8304e9c45d8c366f9e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
29KB

MD5
ffc507ab662c24424f3fcb9e8d2eecf9

SHA1
f447984c038d8ece67915c0492e8610894dbc255

SHA256
0468c9bba7e5bb67ac35bc4f4609a257e6fc542e4faddcb494e285e60e9bf170

SHA512
6cecb73607062e2f7280b2cd0f33c014b1fc5190c34120452bd297001b0ed585dc35a451fda300de6864098896a76006a6577ffcc98fd8c0b0d4ed7f961ebece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
66KB

MD5
92c246ef2e1abd033b2c5826d3f9973b

SHA1
82d95a1f611b425486b47cd2f40b483875c05a9d

SHA256
fc70759ae81425e9af6bf2607c15fd2c402c069d9d748975e4a3afda6a9cb6db

SHA512
ee4709b9eb358af52e91119feff0592497ed343bb804d9c1e05719296ee0e1aa1af98f652858484b724e778ebe45fefaf407a01ce21c06b652079e0847bfea5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
121KB

MD5
852063cbec403e95f6afb464109daa5b

SHA1
71784bafc0232e08f5def5b4ddda00abfff3459d

SHA256
21fef832d2848f30eaf749fee65859a7fdfaef5822fc96bd48c74ed3d0ef4cc9

SHA512
e0c93d0d6d0a7631f64ee2bfd35b42370784e5772a94f0ed0c523d8d45fe6ee7ec6636b9475f5748ac53c2f50060be7f01323ef837000d919b11dfc04d0a4be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
108KB

MD5
9406b89dec207a27c239b8109fd4d4ae

SHA1
ecb51f231a2fd844c40a3db3585bb7884e8852f2

SHA256
23505106ffff8ecf2035e48901fc87383ccbb414257ab635551a5f3612584af6

SHA512
3f1778ea36c5eb95a8d4b09c86148dcd1825873e442c6262159dbba74c995dedd6c094551c9c1cbeb93abbeacd74f61b6246a1e07d5fc3232b80f366beb7bf7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
87KB

MD5
06cf1e5c6e458c5350e57a5e48905086

SHA1
a15a0855eaddc0a14230bbb16c03af3cc35b7f58

SHA256
9bf34a0b02f9ee7c465db8f6685e36fd054966d34ba2f66be7f2f4d79ef36ff2

SHA512
908fe1f82f5160c4aa286b5b67f17abcdedc93a5016eb49a55ac064244c7e3c7b178d072500aa1f3d37493c69cd3ce68ea48d69b352f8e26320cd01aa84bd54b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
55KB

MD5
7de3c0bb5dd80627aa4e38c00a7be2ab

SHA1
ff7f559052cec0bd583120fb27f1d66d990168e5

SHA256
4b9bf7769ae6505cad588cce1d6130dac95ca6656a47c74cd87f8ab185492c3f

SHA512
5dd3f7f7738c4cd3ca918d0b5fe5ea7361c193189843aec53c7d05635f284c1321ad976dafa9b5f1b7ee335bf464681a69e39b961a21e73f9cf8f398efd7c38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
175KB

MD5
573e12f2f32d2c3159eded01f1ca7aca

SHA1
1116f860f5b29e86c433f7a9fdd0c70e1366b722

SHA256
05989eec980883e9c3e2282143387d512342eec9193fcad9de99dd1bbffe3ec0

SHA512
d195dad9338aaceff60fffccb4d61abc48111fcd47fd9021c50726a65c3ca15ffb4d0416dbf262c1479e6c5dc9698202b60bbe5e11a3ec102d2d0c5427200b60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
120KB

MD5
37f0bdf555cb02a882c66216242c8dc6

SHA1
7616641e2a5d1db42f258ff200fa3b79d49db524

SHA256
44e6fd640da45a76daefc844eab49f1d7647f3a978535630542c0c44da1e9986

SHA512
9cfc3f34830ccf7d70d5f027dc9dae4621545543dcba0455fd577dcc965231a21f65ae7749cdbbb71ad32696df7f439ddcbf4f674e1a2bc77d8263ddbfcafb4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
131KB

MD5
d8d09ba369d374bb7b7314598a1c1305

SHA1
26e6564fd7bff5c61fd508fb1110f4f6e764a241

SHA256
e11aadac9eafcb251c217bbf819714e4afbf470d01ff9059b9c61f21bcc643ce

SHA512
28d92102c19b22f0ae846c636bd841d3b7c42c623de0c8d40118323d982056d235e6bd99541fdf8fcf30c1e65b17597c87575f111768730633b1a9656ba195aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\20121f322294a12d_0

Filesize
2KB

MD5
2c040aefd20abe510e2a681d2300d3cb

SHA1
4de21c97db19b487ba5c5d41e7d68c2d88846362

SHA256
12fa934809318f2e07405f649ec91007630f75dd7b83541ddc626d62e3dd7bfd

SHA512
1c332db3939c1107191db4809dd4f0892216fc6dafee577379fe314ecf411dad343967c8883ea3f45420db610f78f87f48e26b34a151fd33f654869e21cd57bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\23f05c81a59c0421_0

Filesize
19KB

MD5
2b785d4169aefa071c282b32cb580dc0

SHA1
6a73dcffe3c80ffb9abd4c2d04b9f4f142a68930

SHA256
8a2c16134b996075239f43912a3df6cca517ff4aeae536fdc8484fc747672967

SHA512
4a9e96b4856b0958735efe11c6456bdf93969390dd4e0d3081125dd9d59661350f166210d02fcf33f872fddc3ee3262e874ea133a6eb6708df760317d32c946a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25de1eb133c2ae6e_0

Filesize
11KB

MD5
0357b019be049b3a66fb800dcfe54a3c

SHA1
ddd5496f68ad977182e5a2c72c51c54051d0eb78

SHA256
7038e93b51583a16f2b3bcc2ce782fc0150358c63935bb895289eefabd954a90

SHA512
3a4886004ed6803dd8a54fb54a16210759a97a15d8a2a8fc72b6c22f753975f3f8990f727bceca23501aa1f6b15c5a1c30a2ccd70728194537ef45bc7a899c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\28f969d20c021889_0

Filesize
227KB

MD5
2803f23e8877ead6041df22ad2728fcb

SHA1
0964f563d9a6ff355778da7c7281279373ffe2ac

SHA256
77606ace42a2a0746f0d0d0716b6875b5998fb52c8866687ea047b99f037c822

SHA512
166bc3f41c500e7d771166834ca36699a8c8de4e6b30dfb44453bfeebb26df6e36bb62afe50bed0a72e5a4465b95342b2f9570eb4a7605f9722506f88e62642e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\407e93e4823a04ae_0

Filesize
3KB

MD5
8c830d57e3a02021adbf9afb91da24ec

SHA1
cbd6353ef9a3187fbeafd95b2a26462e13cb466b

SHA256
364fac6e47a09fad4d3bf0665f45c4bff3b7a3b76dc4473c7f7d8bbbcf3c2fd9

SHA512
d15d987c7b6bf4d22611c67a4956b27e8f15e700b98ea80a250367bf59c3e2ec3b760d68b24ad62dea509c965445f48c603ad78f595265464a428ff2e8140e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\523e92249e61b8c2_0

Filesize
349B

MD5
a5b2d6ba6405003a2a82209241984aec

SHA1
454f771d80284d10ac5ae7f1e8b7ad0df2e71b81

SHA256
c82df80dacf1d409e34a827298d2319e909ee8891cdee2d5565799f22683fc9a

SHA512
5300bae342a4ffff7680b4920dedf1d3456c6445d036d811e765f2ee43dad463e2d593715b9ede0cfde60e6121ca11e8f29ea6ee7d2be9477288c36104b3a0ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ab2c3e937eb53c7a_0

Filesize
4KB

MD5
cceaf9bd93f20b28163a087057dcb31e

SHA1
c956913d4bea3d24b27695aac347ecd9d7662ae1

SHA256
5864b4b8cba88d93adb1a952e48d0be13c0371c17bde1149989fc7938f4f9fd0

SHA512
dce8b8f0ab7c60c62e6fae769f480eb32bb052ca8dbb0510dd0cbe622076df2867c901416de0558b1f8224d01db760a94d08438788848e9298238b99facdd900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c3a58bf5438ae5bb_0

Filesize
87KB

MD5
1da4e90ce6dd96d032136db70c12de24

SHA1
e1ebb3c1bf45f40a42b3c58696ddd9699aec0da4

SHA256
fa651f07ab21d27412e92f7f0540cff1efe6645903a9aa2cdeac205ed0f4c69a

SHA512
309df7f6f039ebda4375e38c0e148a079278fb514359f38043328c669d616b5f0e594afac7933a3b63b03ea6e063ca67902cdb32973365e918475d8fdb76df36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c61a1084b3dde919_0

Filesize
249B

MD5
deccdf607382d41ec4636e8b6d8d473e

SHA1
89950c28e176d83f061d98298b74cae7a4ea18cd

SHA256
3a43f700d58479fccc27d2fd6c7c6c50df22dbbaff1d3330cdd61fd155a0111d

SHA512
d2ec251ecabd2f5773ce08525c8377cd8ca22d38b3b74edc8c431c087f097b65c6bfa8072c487e585c5af807f44bfa4b8eee0056270b3c52eb19ae3ac3d91956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e5e161ba5a006418_0

Filesize
1.5MB

MD5
02a1ad61063e1fa2cac31c47007a5967

SHA1
311dd6422827fddf203a91fb94c35b0a47b21817

SHA256
529358340f47660894907a16f114b0ceb11a7e089c88f05caa1bfe2815d06c2c

SHA512
b539ae4f59b48d844a3bd4e45d2d704347ec64e3ac602ec8d3fc12433e41333e9ffa05414150c9f7e9a7644d6b4caa5b0830212acd39d85cdd38c338714cb731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8f66aa0d975d684bd2b499e6fa8501cd

SHA1
046032277160a54079649bc7721fdf6099740482

SHA256
f637d651ec7471a9204083b902d3cee8d17e3265c81b88aafc3354dba57a0b74

SHA512
9ac071bcf1ace5fe3dbc2efd7e96fe659eba402f7d16229218b46d5d30bd09152bd8b735932f3bdc5b0ad28558c75abd086615f09430603f55a406f21b32fe58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
0b91d08203e82050725b88a46a0a8c61

SHA1
57e5085add86c400fe647769e3c74bc0a4bd1076

SHA256
5e2fd88c7fc508b4b06494a4740297fec4b741ebe0257b2ab788c5ff5154e233

SHA512
e312df8487fa0189b38430b444eaa68e4ade9bd602bccbf4e3c052e1e0fe062f9c39607aa350a5653b4f1fa84f68ab0af7eaa56d37afeaa21a9f9422489d6e4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
ce0e7524487bd5e0b25fb972c89856a4

SHA1
509379a85d6a0a2585459cf1e83b37a118c108a0

SHA256
cf21abfce57b7325228e55e66b2f819850bb8d5aaee0ad87c404a3e4d660980d

SHA512
b3dd7c38654ab2f49f6bb6d3cc6301b1725cf8c29445b905cfcef51f49072030155ce0a2b262294d8095866ccac6d032eb5718d536f8324f8366c401a73c79c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
a54d2c209d0f1e4f5a8ade851cad4869

SHA1
ef8c8aed09fffef512b3c85ac1106605e3aa4798

SHA256
d001e45368680291e455ffb668709f294a04f90da0181b854a2ffa1cab823ed4

SHA512
875715c0a2ff4474fba49dc8c486230ce2c85b6be9e6a8620a4658be90fca27265cb6ab640655038ab77454634ea8795c6ee1b9ee5f68e15ce827ab736d6c11f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
0e99714632a4e922143b495c68a58266

SHA1
e611f6f9f31a6ea12a60926edf4dd0a5380e2f79

SHA256
564d8a6461d3845d9631536401925ba55f4c3cc3303a8a46b1622102cd75fed0

SHA512
3bffe25827750d38e1ddcdd61705a7306231fbfa87af33875608f417965f3c81f5ed0fdbf3e067e6a925b86e87453562b2f3ca084d8191a098acfac268530a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
956b360e589b914a82d94b472cf28b13

SHA1
33b268da21f710c47a4ea232c6a7cc9081a4851a

SHA256
0b8ae3931c7b97620d072baf2384fbd196d9350e76e62d3d812547fb8317c071

SHA512
f8da49e33e0afa8c9b21485e41a4406aeea278062108b745370138308f80d61467920558d2e009272a2bd56861268dd777488100252845d344cc3416c5a046e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
3KB

MD5
2b5689e4fa3fc37c7a1d8d3cb839a576

SHA1
7e549a1130d92eb9694e62599a692ef2c0ebc45b

SHA256
fb276007cf2d862d9b1fd4bbc67f1dfa78c3a1ed788768f3f37da054f545195b

SHA512
0475258f32a65f8a64fb5120c8165936a3a9a0300e755cd563a53498bb410977b6a8aa9855dd3de98cc7baa40a18e56e0acfaabe7eb3b336e5235cc27794464a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.ask.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.ask.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
131B

MD5
834c2b8e68e2cc44892e2816ab787c63

SHA1
f3ffbc07103824180853db239c39bcd089e0e889

SHA256
a680f7ec67ad52385591b6428fbcb5cd82f72a835b30ba077c1ac13e61943e95

SHA512
02d2f8ff5bc5fadcf8e779917fb3a2f0a3472fb8e1068fae0c2c88d139ddc6807a770e0c5d5a9addb3e8275bcc0d11a7b47a467e36453ba9f44bac756e4e595d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
d3a193efaaddc862832e84b12771f10f

SHA1
a7a3294380eb8e46605b9a18b03c16313d1c7560

SHA256
715f99ea6af0c669539988bbb146d22e35b3666c9c7cc0a55fdbce0676dabf2c

SHA512
353f346b488520ef5cc7735fa85de2dff112ac2ccbf9e5c83094438252f7d0c3118717194c3fd88bbfc6d7e696d9ea6eeea1f84178395535998bcb350ea8d961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
37cfe809150a4c655a91fcb8ec2608ec

SHA1
900ff81ab76aaf2f23b45df3740341fbeb0ebeef

SHA256
01f072f25025e5ad5bc003874413bc927e1b1140bd08ef9f31f9466d01c58e2a

SHA512
2cc42ed1fb46c1816b6cb118506b268b7a35937774ca93dca1bd2faa2a66fd86063d75c1295ea32123e1d4aa8e69c2c2e2922bc267dc543ddbcfcbf6ec3866cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6dbde683dde7536358bd725d963b6797

SHA1
8f7cfce1c77f69ae17fda5e1eec3cd24da594797

SHA256
f2c11ca8e42ab746da4da3defd15dd399106de7320f4c0db18a4750072fc1220

SHA512
1b3762eaba77fc6b62e17654286caa6aa3f813b8b0b4a89e9f8ba94fe4b0d880bccf4e0a79903129b46dcd3c758639e7365a43b08edc1048495a2acd1987f074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
621B

MD5
918fcb10c3195f088b2c591cd25c4654

SHA1
1ee738c04818b225d306992303034795589cc694

SHA256
fb89c784c602bce8e20d1c0390ccbca17292af2c28ee671f2fad2d613a95904b

SHA512
b1d778e8bd52eccc98cb0e24995154dfea1d158e2572b442c632b36cf4bad60626779987cd62b53dc00ed97d4c87fdecc27848d8c8519b4a2034214eebfd58cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
f7c92d7516f54c8ebae21a9adf6b129c

SHA1
98b9ec09054558e33b9102a91ac565dd2472ae2f

SHA256
b7c859396f11cfccd8ec1f67a2f817722d48f3bc2b0aa1ba8068da4812edfe62

SHA512
0e9f7c947e1a08f0577a9080ba5e693cd60e8b9cf17ffce5e830aab9df735a4158bdba5cbf79e7db8dfe42f9875df1d8a1ea6eb5ab700a07b7526c1e9af53e94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
2d317d13dbe6d6c00ffaf6612d8c197c

SHA1
b64a9cbf6b64b6b4a966288b1d4019abc944bfeb

SHA256
3da2fb76b288b245ceca77206e103528c5a8695868fcc122deccc14442d5983a

SHA512
f3e0789a2649d16806956867ba49b4cd7233925ea2d03e68ba37a13f2826d6552011104db7c6a6771c252ba5813954803da761c48a9dec54791c739087f81ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
087f45e139c7f90b2a605762f7e76c6f

SHA1
3f1d0a3eaae1bee6c96c022bd8df022a956cffa8

SHA256
635ec5e9657ddaee9f82b6f001cb45076378816cb8c3869b04f7fedb7e8ed7cf

SHA512
32f62e659d2472189c4116fe687085b423fdcc44a262a2f3ad96fe3a5cdb08a6e2758a62ddd555d3b1ba0cd93bf1b2994e167859f62d8b1bcc3a8553180220b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
57c44cec5d355f3006f4cd17f358a2d5

SHA1
c39bb887b0a779d859406c780e6da1ce590c4796

SHA256
99eb60621dc07456f4f8cd3c88d5dd6f6d6beaa08099e50e809fc037ae9b87eb

SHA512
88f6df722e409b0770499ddcb6f765dde5bebadccc1d22a65dfe92af9455251b662b9d3cf048b3e7af3f62029ad5ba524ccdfe5a988d8ff024e7c5e2de256c11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c4ca936c9e487765dc1fc2db6b7d834b

SHA1
180d3191b22b8a2b70c3a61ba0d1217269d47f29

SHA256
10229fe993f86e33de1da04e2b242d8bc4e60076e4c58733a342af202923237c

SHA512
f1ecf227a8136ce085653d209c990249f7bde8183f613598a7db8b0805d5189ebe89746395b4cfe4bab733095b4bf532619c9e10cb08fdae743986fb649d0c26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1a0faf54b8cf7b10b58dd7919aff35c0

SHA1
98df8fff04df626ef2353d50c130513f834c5493

SHA256
df3d41f3d6858bc4e78518b1d61d4369e5981740ddea3fad661471823da88a74

SHA512
307d4b01da57253b4ba4ff353759c58bfec5944b755df576194e2ec34930d499a0ef38a908142df4100258965c161e54bfdd7887a7566554f88ab3b18de3babc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
47c727dfcaeef25539bfbe592fe6076e

SHA1
6a93ad86efa24501a13e782cd7572454152dd930

SHA256
551f60f7c143e806af6858622a098efede4376d74cfbae1d1b5fe57e941b9843

SHA512
f06c5bda9760a7798af9cb8a8aa7ebb2efc56e733603560a3b4a179f0d421f2cad0d577e464b46a3659cc54c5845e479d11c504d064dfcc8caaa3518ae42c9f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
f16548d2127cf5785dfe444f2d2a0ee9

SHA1
1387d166bde6fb5930234513785dbc7919e48c9e

SHA256
70f802e04aaab6dd46a8d85ea547dbe8a6029c974f505490c46eb35c4c6d1ae1

SHA512
a2ec3d81fdd9cc4c969adfe87bf3f1a358fe4fb72ae3a537cb5c9b769dca7e68d0eb1a7c8441cd2a6c4b6f126ca41ba6b902cb2093afe6a07df2c2a91684df0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
ec226f55cd069071fb9cd39194214722

SHA1
78b3965aae70dbe44c1519ef3f9565951c9b655b

SHA256
fd05eaf615010845eb7f92d239683a89daa26f3ccd203f2fb560d6f99a5ed2ec

SHA512
0bb42fd6a367fa5fdf1118011b001f5c39133c6992254209b5b2950397ba23b1d49e4d8ac18b19edefe75a04cdcd5ac8ea79e07f374b5a686ff50dbfbbf9240b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b7a2725b695cf05d0324fd033d67f88

SHA1
de73cc22174b3e5c256e4be3dfa550ca82b81656

SHA256
bde8716b1c440760b70444889e35075c258aef46bc8ec3bfe9d441c252c90b54

SHA512
ac42a27d3623a382c84ac1357a49aefec495d1a75f292f7e6a47c0e76e62cd2cffd0f0e6cd740cb06d84d17574ca2547b6dce9ff419c6e1723e2a1a4982fb018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
3821cc70879504b4da67cd2bebe20521

SHA1
bc7bb9df43060319f201ea7607199830e38f7aa1

SHA256
43510aebb55188b6a527a6aa6f07914a684db17c5f7baf62a85ca37ba6b613f3

SHA512
9b07d1838cce99bfcf20c0e4e15ac711088b94e241c8b444780a9012a8de4fe569a80ef18ee5dc09e473431b109928f7d2c73b3863e2457e343c1cd3964ce539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
de343007569829c45624a7f6843f7787

SHA1
e8f8d685e53154663e73745f09413d1f25108eed

SHA256
cf6e45bf59d82a58954f361e587749fcaeac49dabdca4eedef0e095df78fcdea

SHA512
ecfe69e11871f1f7128591be3d2fd7567bdf8cf69b36bea5c66c47b65717e7e6810696b1bac709b4e9b8afd800e70eea08bae0ed7a8c43acd01160f566d9b91a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
094e2eaf2190591d90b5fe4044a0bf20

SHA1
62c7acf49cb8e618a423c349f823fca2da4c0b17

SHA256
4186d95facbf2c08ff4e00f54f536c81b09c128733d436c6d8821636baa3e4b6

SHA512
d000861db52deccebed8fb14bf4c44ab204fd7b18ceb41dec9df64702e944bdd55f51883b52626bd5ebf34c0df123377933f9716e98255a217c623c2bb7c581b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
f65e31431d289022247f034670e1a64b

SHA1
cf16104b0cc638107ffdc34a98d6e5cefbc6c226

SHA256
20b711885c402ebddb371f98bd7a894e724d0dd2ec8e1d9230c709740c4b33be

SHA512
b6e9e37a72325905eb1ea3c28d7c23768087ae86895d32ec8f6b603666059311c04dae92dcb877fee1357acca6a61044571600f1a4fa437321838911431fc748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
ca00c6e31950643c47385763191a4868

SHA1
8275a7b9ed92df9e397cea4e44e97ce9acb13186

SHA256
d053f4c142b50221a450bdd0011be7b22b8d91b4e9bb4b6aae03dc07be071180

SHA512
b7cabef29749ded612a460546d509f31f63b76a5b7120fffb037864acb470693d03604238bd0a7eabbf74541aa4f6d08189ae4ce93aa2fdb0efd995cc5281dc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a5485c9c76f33454479e85ffd2f99cc3

SHA1
2fe9ee3e90aaae8a0dc631e86b366d3a6abb7fb3

SHA256
8e6aad634ff5917eeea1301bc00e2f05dbf18531e21136ad5ae9f81cc22cef26

SHA512
51ef6b4617764e761849b533f2311b686967341268543286c16fe448926995551e8922ded7fb3d2fd9c199fb734b7dff704d1691da278cc07656eec8e5998161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7964c88aa277966f1621b46f9cb44656

SHA1
b9b7cfd3e7a19f746c9c65a20840d43cd7b5db3d

SHA256
1966a77ea6463e32a451f991671932e7a8f476ba527eeb120578467867ae45ca

SHA512
d427c9b22eed002baefb133b666f41de99c0f9c6e6652bfa9786ab302fa09e6cadb7d8f16aa71683aef8465f148f341e6d81933182ba2b61a40253e867f1794b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
400adc0af0cd96cabba7c694f5388b15

SHA1
b20b43715d88d0d0214f08ff4a1eb268ffcbb314

SHA256
7cef2e9e53f62436bc5126b68a6d8329a56316383c0b800d84ecae731f96b752

SHA512
e1412005a97a346628ecf9c92189d965276d03fee657389e4ee6279a89fb1f5a95f192a495760856806740d27947f32a612ace3ea1a55f846fe1af45b7fef2f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
8d045fa0a07bd7db39fbe9f8da6cddf7

SHA1
a8684509901dd7ac94c9938b05cd941b0e03fbc2

SHA256
86f4c72cf9453c6cb4dc7d1e90fdb81ac49d6ee9716b023891f490d83fb24339

SHA512
003bcb8e17d874875ebc6b6fb876c5a0e0b10b3d625c2d10c994d782303ea18c6592277527e8e8ba7d27b90b104da2fa58ad732e018f9cd5c18093d211d828c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2fdca76ddb13eb853b4ffdc64511c0d5

SHA1
8ce96d983663f62e60bf88eb6780205cdcc22713

SHA256
045257cd118e9eb83a8cb392590b46fc48482acb6e98699ba76d89fa03413653

SHA512
3728ebcca6d7f1391adfe5cfe11a6a1992da7ce4f18f7eac4dbb11334c3ccc1c9ad98a85a52d966fe243422c51bf792acece300e81f9599d500e3c8d2b19a189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a855a3125f618b86f15137f7fbbd51e2

SHA1
e5c8f76b5a199c8ed9d6f82d91cae6d4c0695e1a

SHA256
580d5402bec17a5ebf49667a3632985f0f2b983bdbc5347e93c4a3a130729c34

SHA512
6c9f2464bc7b8e5f14faa66052f2b47cce6b8bf658f79c83d0071456e613134d1b14a5953c8ff5ce4fb73ebb33ac766c531839e32be8850e1300bb195fab2367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a85579bfa06a0ca5c6a285b99234a8b1

SHA1
645843dde7fd3d4d807d82adca22e05b90e844bd

SHA256
14b0dfcc384e45d9a65f8ad952e890aa6131f2dfbd4510fac2602e5f7f10992b

SHA512
32294d5bccd7166eb963bb29553fd0b4993ba2ea0f5b6955ddd0531b992b90301b69fe4008fb24d4589ea975fba163c65f579da2a9a71a9be7ce354a6ccbd505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8a739ebc-b6cb-43a8-830a-080590d2ae95\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a1fc4f64-3bb8-4cb9-9e31-2fb8463d4e36\index-dir\the-real-index

Filesize
2KB

MD5
c3146c50aff2334b16f53b9f6081dc09

SHA1
754b4dd140a20133b3abe60d885fc0e3055aa2fc

SHA256
3ffca96b3688b6a4ada15145415cbd6cc1763f3536eacdc59e684b7e6eb9026f

SHA512
eb90fbe13d4dc0c2962296c5b25ff68317ae78dc99b8ea5e1be0fc06b40875c00ca431403dafe7ebf2dd639a6af7e0d228e48653655d82a0c96bbc71aa058da6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a1fc4f64-3bb8-4cb9-9e31-2fb8463d4e36\index-dir\the-real-index~RFe5a5d73.TMP

Filesize
48B

MD5
63327ab4720dbc9f44b52a872b3fb24b

SHA1
d7a7a077dbb38b7b8a7a8af6155122c6edc749f5

SHA256
6527ac0b122c39d26128af95f22e76cd4b3e4ac2ca518afcac1d184e8cb365cb

SHA512
bec29c86bd1dfd209d7c60bba11eb0efac40e4f530470835c11df72806b8acdfcedf02d6fca5f061721dd192f96cc0bee3c34008f1d0ba0d187e4c78921bc479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\de4effdd-1509-4029-a8b5-425f4ff93100\7e2e32c45dac1f59_0

Filesize
371KB

MD5
67e69a89ece9364e2c83366eacd79cc1

SHA1
12b1215df2b8a5b44862c813bde72dac538597fc

SHA256
ef743f6577a910f031baed868f426df688ca7fcc3c85fdd15f11e2667b0f20df

SHA512
f6f5f276f6289b77b2ad54134d9729be483d963ee747620f7fad8d60b60fe454b70b2aaf3206af9976571630d80ec772f195f11f026386e0bdecbd2cb165b56f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\de4effdd-1509-4029-a8b5-425f4ff93100\d1fc685467e822fb_0

Filesize
118KB

MD5
309a1b3617cb0d418a4928e27d0cc0b5

SHA1
88d5bcfdf0fb11ea8b5022d96a7098820d43f24e

SHA256
1a4b674433af976d267bd038e3bcc73ceaf804aeb6369b50604f01c8266d012b

SHA512
51721a68c56f0a4b3ea448cb9132a50bca51f5476df5d821b6cff31bdeb773795d974c17e852bd0ec28907eee06944fe9e9c0f26cc14c98627c7f09a5b0b1d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\de4effdd-1509-4029-a8b5-425f4ff93100\d1fc685467e822fb_1

Filesize
268KB

MD5
21650e73291fed08605ff8350988bbdc

SHA1
ce0d50015ce380b35f2501b28ebbfb11834756fd

SHA256
54c03f563a0cf6594f2229cb82dec214abab09ffbc6d0bf3e00ddee935854a40

SHA512
728dcf4fbc9ba43dc60e0d7c2b8d1a1d41a13e1a14f182f63f2939f007ffa18d2daa90e0bdc763854c56f970417a60353b76d6ed6418a8f4e9d6daec83e4f72f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\de4effdd-1509-4029-a8b5-425f4ff93100\index-dir\the-real-index

Filesize
624B

MD5
42a51f4a908b0d3be1b33c3dda4c6a55

SHA1
23276c5d1a721b27e07ddc2f833ed2059b862955

SHA256
181eb1968ce90582d1b66f27c6b2d8577cc7245783fd22026b6410b0681ae9d7

SHA512
f2fca0ea2880bd03ee492e513bc33b399833905cbc1d05407a8378b75904198d1d9b579b536f1373e1570f890dd635204518dfefc8dae25c6b1547fefb4cfadc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\de4effdd-1509-4029-a8b5-425f4ff93100\index-dir\the-real-index

Filesize
624B

MD5
8de0b7cbb93b259ae0abd7f7a8bf5dad

SHA1
4528dab4f36e244c357027ff2cf8de2a90c11ab1

SHA256
9ab83c0af3ba4835826b22ae4f00d0936b30273fcd50e9c8c22230fb92a0a6df

SHA512
8c0ac8ba590950332a581c5093b262589cc061398c808fc56528c239d64b2f1723d96d49813f6e9a76106fe24ceaadcf9a9369cd4b1bef5f9021686af0348684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\de4effdd-1509-4029-a8b5-425f4ff93100\index-dir\the-real-index~RFe5a58b0.TMP

Filesize
48B

MD5
9f875d77e6c14ca9776a023ea1534753

SHA1
180df75f88744b7b5eb6446ddd72aaeb3e0ab99e

SHA256
14daf37952e913f768c31a5f0d52703893f1ffab87267aabe81735ea1ede7322

SHA512
081a5115916a8d27c825e6ce9ebc177e9c667abaa6caddbc2fd43dbae97b732e7ba12216f310a211419673cd7d82f6d48ebb2ad5ac1c7ccd289c26dc2730b581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
0507bdfd765eab78681b028c973d5fe1

SHA1
ad2f7a11304bf989c2892ffec3f483e507560684

SHA256
e142c5e428e5d54a1f59b612bbdf12c9777f136c0d6f40f0cebd0093ba12895c

SHA512
f5eb22c360575f6d25f2a33f50dd1c7a5726571fa9394098c1781988fc4a996db016c91918ada060ff425f4920136505dc1fc93a2f64aa285c0d07e8db9d163c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
4de36109ef55eb6e3139ed73b42eca15

SHA1
82bf6727bb588ce19b59e9a2b732cde12133d0b9

SHA256
c4d00c6fc3aa94c5cf4ccd8fe7f50f802078ed2a1c5d1047d0e9f28683bc93be

SHA512
6c3d055e68e89d660e2665f3ec23f166140f3a46cd2b286efdb71df1a5b96a7c8c56c739e78e2c01cc24a2fb541dfa86830bd84cf154835b9e1bc46be4a83c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
496e1621ff854b1a5da9b7305f594850

SHA1
c4f8709a8e8706d4893e0d12230fd6c986288495

SHA256
8e140d039993c02724e709d6f4f8674d3a8b7d49ecdb3ca07399694761aa0d1f

SHA512
a4a3d6979f5a04d54f2e6a920bd0dc17b5ae91383438abc87261206627b19c912a3359d256b27332d2b155496fe222c73ae4246c9be61d1afa7d237b91875d83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
a6e8cbe5c02a1b67bdcc2211194041a4

SHA1
9c08fa0ebf9a17f194ac74a170159f56c31325ce

SHA256
0b83fd71b7415044f8b0cfd5fd92d181052633c913c9f64d078485dbd6d0d5ae

SHA512
574a31dea8503a327bdc477b5c9527da0dd2745c0db967e24f8718c938dcba18361f3c5dd1f3226d603878d3864a63480a34a763b06ac2c253bd5e2cf62d5635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
9f7c418753437b8e3ce611016ea48d54

SHA1
854fe422cdb9eeb638b5777328a9f23481da9dae

SHA256
db07224d70efdf65f98795ee08304b765eaa46210e82011911b8fff7c78a6a15

SHA512
9c63e6ab27c144a4097a746be096c2cc74299a303c7fe6d4a8b43a370a969c2553a111f3baddfa70e3b7537e2e53c4631a8d089f38262136fab25dbc099b473b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
de336f55ef96c27e9a4b0475a44c9603

SHA1
8fbc6e5eb047f587021a401c1ed43f6f9732e4ee

SHA256
af4ae4e4d143711102ae0937551eaac26ead8c78d16823f4c8f9b78163a49dbb

SHA512
25bd790b8e59ca9fee8a26046b4753bd71dbef3f86167cd0b3fe3fc64bf0cfed4d3c27317776d638af8c15efc2e6033b3b6984c088b0ec399e0ccd36dcc35d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
d9cc8d5fc7f8c2c7876437c0ba5194d7

SHA1
00b9e18f69e1801770d8723a10144b0592180148

SHA256
1ad495187379a4edc1c0e426a9f326ccf7f4fd0a981cdc04a6f890868ba9e432

SHA512
0c30abf6478f18a5aaf6e419242d5943d043ac101915e297907a2294119306f06ec7a096d3617ad635e20ee6ef917efb4ebe354e76b3c8addfd370366ff01ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59fa64.TMP

Filesize
89B

MD5
30194f96ccd17396e7014a57d8315bd0

SHA1
17c4e1308ad98c643f8ecf4ae32039cbf3ea9d90

SHA256
c7b47d00e183007e19c71484cf4a83588845b2cef7fb991d686c0e840f9cb981

SHA512
32f296d7a7bf7697a2821cf7aab6b9140b74f0680741af64d32a5d967763120c6b6906baed22a8ef931d637356532b7635fc176e6248f79fd52088f8f3db7534

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
23KB

MD5
b6cdf092bfa8f3750100cde9d613eaa0

SHA1
df9667a3174ae69be29898b181b76e92eaa6442c

SHA256
70eb0bb79ccc97811aa32d8e0b1a6af01b1fecd95bf52763e91d8d68a1496e12

SHA512
5b29770f426711c757b85331e99e3f2fb00651d5b28eb506ff619f7b0ca60a59fc95ec41767f43b85ec1e7b500a44962876114cd466a1cf8741120c46164fb5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
17KB

MD5
12ff74b01113d83804da1731c9ad0d8c

SHA1
8651c11780451712585abc973494f7a6f64ccf7f

SHA256
452765948fbe32ebb99bf64d8586402916652dbd3183af887e3cce7d6414a009

SHA512
08c4c652e69252418c9eec0c738b0788fb448671f1eb176b168befba4887a061c142eb56fe904fbbe85126525b811504ad917a635006c02fc354d073a2e53150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
f7201596725846a25f2444d1ce5f746a

SHA1
c0c7ba078beba5d20f7d37ce5ea89e050f9a1d4d

SHA256
358211d38980a88a9bb3507557c4d89cdbbfd3175fe062a5a88b121cf8ebb259

SHA512
21f4e1e25777afdd212fa94e0b17bae4801dad5a0756f1e949313766bfc2e6440f0dbf96e906d845fa7af7cdb91ae6fc654c7f4909e563c904bc4d460c15744e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
b354eb288c242d60bbcc741180767152

SHA1
11761834ffd86bac06221dc646478de66972e4f6

SHA256
f0b5bcf1da1cbd9129ebc1abc685f5458383447e78c2977ddec2ebf91956f7a1

SHA512
c454419869299fc570efba4522bea59727e64920709e979f4ffcfa99d9b8f7d22745a0bd8ff9fee376f3b06e72de7a08c260467e7b2a3148511bfea911e68e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a4f5a.TMP

Filesize
48B

MD5
5d0b09b270ed5577d2678a679df3c379

SHA1
ac317cae5ef828b05ce56c50379dd4e1162835c6

SHA256
9260841b83954357a0f2ef623902371c550cbf9e4a65b8bed0d12d7130526083

SHA512
2f1ad6f57cd9fed7e91aa48db41a1f871bd76a69a3e6e615e1d2c920c0f122b1d38b8a2def41ed196eadc094a2932d5d0f9d3470247401912dfa62d3280d9111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
388B

MD5
250840bbd1d24d7e0c11d1c2db94a972

SHA1
097d236b001babc7365279bf445af8ef6123c58f

SHA256
c31f4c75f49ee28ffa5387c7310385f6882bcf8fda4589f6947481a56d042f7e

SHA512
92ca82c43e6c442523117ac4154a90ca20ca6572abb18ac66a1c43f3cc4682c5466cabc97e45495bc351e9b7dd5b0c5418063fe75061e83f645ff4563dcc54ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
ad950477acd618ce39d2db5fd4e3d8ce

SHA1
94f2721dc24c700c4e2157e4f11c7f05dc1b0127

SHA256
af6ad32e5c748bce44cbeb3de409b260ce690ee271be0ae8834df428a6eefcf5

SHA512
a14f104b4791e6eb521068fd44ae0a86b040ec31fd4f4227376f3c240de628fc0690aa8b3d077292abb3a3bb0d03d01c3456aed07e68d7cfd4c801bdf373c06b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13362157613667017

Filesize
7KB

MD5
bee04b52b86a8734debf89743d284fee

SHA1
2e6e24d6499132584722b93201b72f258c602541

SHA256
1cc6f2161bf089b64210966b81b9e313f7c2ef6945cf7d9e5d399338528edf96

SHA512
a575709e676caf80137cd70510600e5d42afdc57bd7dd9b1b9f4b161be71a3231a30687b6884ab95b379e9d3fc9bb15636c5f1c25d16a559a2c309d8ac92250c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
2ad1a2d3ae7bf099c653733fd0c2d237

SHA1
c6243163b9e3436a8c7fd1361f0c2167054338a9

SHA256
fab2a1941febce84dc0b34dc526e49942f6f28f662c8687d24a7713fd8117590

SHA512
f50005ff54e0749a66795093a12b56bbb9816c1a1d0dd07e291f4c399b45924bbc82900f1e646b7a2f2c8cc7c77aa0f3d201f0737c9f0b26dd0bc2eb586ae6c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
beb7356357d39ef2db6837c956a150d4

SHA1
8d560225e47b886aee648fb40b11412ae3531b24

SHA256
39ac12d3c2a490187c9d78f30c1b1a0b30f4b949d4e7bb00d55c00714b600efa

SHA512
9111c70cfcd0dba61a32f4de1005055ab0da6f157d54baa9bbd8a8890aa1c6d2c4edb154c257b36d6da3b17b5fe58c9857b9e1c792e9f68097c2fb8adf490faa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
f88ade7ea1f2d583dc019202c54879c1

SHA1
3950a553662c6a0acd1ed98c2998f94fc9a16c95

SHA256
8d80ecd79af3893500ea6d0984ed7572a7ba3f2462630f929469a01f48871158

SHA512
818b7f1447dbf13de3bd04154b1fab2a937d5d0bee3b8265377d4c703905b78780b3377b9132d42f8d6027e9121620f64913ac6e97537893d1302bfead5965d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2289ac8c9a1514637d7096b1e6fd2219

SHA1
eaff89e6107d11152db3aabcf9d9e874be8b07ab

SHA256
bf85b30c2951ce14c6a40137d900cc45a3fef7e8e9a140e5378ea4c1846b7018

SHA512
6cf73c3528aee172580c581db8a174438c4b34e8baf4d54adf5cdc7ac656ae8930125c0f4d4e497a906a0258a921832bb716295000e853cb8de2d46b88990a59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0fdf249d76f8c4b8b39ea24a74c7c71a

SHA1
65cce3e8fe5b50f5c45d8bfd983dd12c385a0aef

SHA256
8563f27c806095a9a7161e4712023b2fa5ff68c501ba1f6653267e9fa5fb4b28

SHA512
868c02eac937258581abf4adab69d2606068d7d0b97c313bf258d64e781f51739f662e07c3333c27ee73ab21e5c0b310ce1754f1c4f0ca5e5393045fff0b5454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b68beb2ef809ae53b84412ade06c299e

SHA1
754bfdbbffe5da94e343ab4021cafc3bd8ebcf5c

SHA256
03ddf2a1e53bb3f61c87659facbbb053d4ff3490db776cec14aab87ca139631c

SHA512
b7dc3d0b9778eedaff0a94766a08a24c43d67690e0d1ed4600a0cd2ec39a76ff45b8f9018fe9b9344a4ca3e90e21b6c8638708005df72bc3ad894b8db44afb5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
44278e73bd0fe4a58d97e73a13b4c4d8

SHA1
b495b3adf2a2a53eef49d396632ba9c852f3d929

SHA256
f0214bb99ac3d15e35d4a08d4ff0bc60a4194b8eb53d2aa715435c0ed33a326e

SHA512
2a786092fdfe738c17b30dbb391aa81d9313bc447b60d999e5b4b17f102b7cff83977272d237a772db3c45be4e5a971a34270e03c56cbe1a9b9ed9d2f4d2ba99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d31129e446bc6165f34b914d060dee3d

SHA1
013d7940ee548dfdc5848b18685537a02a42da06

SHA256
2a59a47d32e1ac090c6232de50c9ff8ceeb04bc1ffa37f3f21eba6feb697b730

SHA512
44b5637bbd68475ddac6f39a4acd3e999e8ade1510126326baaa9c9c7b379e35733e58964349d9012e11d57d197cf6f44162b9ba178992c90a6b148d497cc653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8a19639429cdfb6197f18d544ae23dad

SHA1
d2069007ce63edd9a80b00c35407cc3b517a99bd

SHA256
3ae28c5b15c81951579762ce089aa2497370377da594c0fa918c6c77f0c112c3

SHA512
2af41ec60a5e0dec9c68c2af9736e174e34875d1c587532a56275701dc4de443c0a24d0cea043e7b85101f2bb1382464f576a9ffcacfc15e2e2d2b5f7c85d035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e723b892bbe56bf7f9b88d149186f355

SHA1
fa3fd55aa92898ff311edd239238002652a47a77

SHA256
1d8bef84ac4ec9cd416527a660acca808aae9440f98c0818a364f4b5dcfab07d

SHA512
1555ed7d6a489e1f316a65892b8ed82c0fcb676dcf3938553ea48d75229fd6b0b9741b41f23a9301f33120942fb36a8f62f3948ebe7b9cab346e330d172d0af6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a4ff45c68c81bcd73542cb828b0296f4

SHA1
e91de643998e56e85be6ad11e5c915274fc893a6

SHA256
1080b1cb4ece7d2d22990436a543623d870f9613a161b9872d1e0dee89fb398c

SHA512
9d5b2e6b13101e14bb0a905818ba8e117ee1359519ee880dad53a311452286dee87eda107487674300f0b99219d667d3a3e621107e695d58be658311acd28d79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
7490a98900c4460ccccdaf0b0783b0c8

SHA1
072a14d38b94b8c8a1ddcd7e4fdbc8a926436403

SHA256
1fc64eb23f932b0f2f11a3fb928798b9ba920543d274910a53ed85f2c0aaff85

SHA512
5785e0e5db012d97752cd1dedd1ec2ad178db082a890c7f9ad6a37d93eb27014d2b350c8611d19af6f21e67784f785725a7297e08458281e7fc84c8020ee5c6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
36a5a5d5357df2906aa4485d10e72a35

SHA1
d22df933628ff5fd38279cbb96a5b99e822737e2

SHA256
b14f8f947dd118090c987cf06d73e678e2855076b72b67429e5fb248ad913d5d

SHA512
3d5d2b11761db93487c8d73db86632e63c214aca6ef814d65eddf538b1082aadbbe579dc17ef014a324648fc7962ba783423479a523d52fd939a0155b06c92c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ba7b2f1cadb4bedbbaa115068cd61421

SHA1
d117c71b20f76a99b24f941dd62b0d9194d900cf

SHA256
f3b818c26c1a54d190b2841e9bb2d28faf153199553e3cbbd14e319a1a391a92

SHA512
acddf5f0f7fd791f038d5e08cc3295aa9a9337e892ee6dd8ae84b4a195c845ba09c1597e2bf5a2d31276e53a535370e2287c23a6c3e7c7789a4a79f249d788e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
26b2052519b58ca8ce7ce93614ba804a

SHA1
a8b7a71fabc913fbf0fc6dac0b63162ef35d6c6f

SHA256
8d2909edbb04f6cebb76188ef52761ca715c88a70491ab6aa2e8cfd5ac97c8d5

SHA512
1b736209553ba87a0778983405dbb1d600f416426fb2a06be2e8ae77f8af9326330b76235c40d5c1552cd61b387ddf08a4dc5295947b9fbf3a24625654847e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1e8d2c5a2133855c7a3b90138facf061

SHA1
dc00de577b876f364ab870c14fd0ceedc9b5cc7f

SHA256
c18c611ef85c55c2e1b3d31002b86b1c3217a4c925a51adb53b44c2099e60642

SHA512
9e741ce225c6828791cad9898d51723d74136f38f1cc6c1dc05572fc53e4a17ec4ad691d7f79adcd47a379d8ae92bb0c17d83f4cbab767d85bfbdad82b062a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
02b8a9e4621063d897c9e12738bbb6ce

SHA1
9be9a63343caf4feb5921aee53d10e766297fc8f

SHA256
5ee19368c1dc740ba2f51e0eb65a31d9a33f004fa4ac56cc7ec28e3290c871f5

SHA512
43034efe4722f154b9cac61688099bc8ac3c0ff7172e7aeec76b066bbfa3dbf33344f4346462d7764d38c542ffd796e1d2f14f8e7bdd5f46f51484136bd229ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
36e23e921a52b2a2cb89b72b54622dd3

SHA1
53cbbe4fcc1e3a54628b0554efc43ee87bd428b0

SHA256
394bf4a596a925941ecfb1ec63d5621b427ca4f52a0c4e43f0dc78d56a4d8672

SHA512
b7f12b55ad4c6e935ef03bbbe6581ec59350359305a3d0fbd822b2d04b86ee596fdcc856f29f5fe86f4590d19a1ffa26281e7ab795dc84bc3b2625db1ee6c027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
214195112733ff3127e6afbda5417a71

SHA1
62db39ee5a1908da353b8be6403b1903dc0b947a

SHA256
4a715949fe8324e8345dc68efbed7fdb13bdc7c1ab608e291008d75d77ef8e8b

SHA512
fa700798e256abb303629b8397a992567ddf92bb9fa2b5bd43d8858a31571128264a76fc7fc396b1a2fb2b3efa7f756321cbebed47598e46106254a4842c58ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9f050de594ae3122ff09be76417729cf

SHA1
1ff784581c9a23450be66376a2df0d46f553fd25

SHA256
8249c3267f53964e9092998772de16b033da7127e43bb7a9752dfb7c9ebb6914

SHA512
6cc92c7503c00810b8142a04511558f452686bd44132918c2c531659afbe1086170ec58ab48e07c1d5f041422980dc9c01fec925e7e601a1adfcea59ef595a12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
bd9d90050e97ee2c06ec268dcaa5f57d

SHA1
67d2db1759c1e769e558626a2773cf2426f386e3

SHA256
e41bad9757bdb69e9713d2153888b1a63615dad7882531d6d7db7e66494035d1

SHA512
fa0887ffe5b327578d4563f0c2692cb903f334ae07cc7fd1b8ea57c41a1c0b4c35d2d8b0b9ffcfbeb200f7a988190fd4a4c0f9278ba09667b50f99c32f026374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
69e60a7e8a7696d298a4a016ede884ad

SHA1
f66c265d2b9971f8e0175127c22dca31e51dabaa

SHA256
77fe38962ba9ed2261677142f25159533a96fc960efc395dd96b3b5b264588cd

SHA512
7fbbe06b026b4ad6e4c300a1223f1ca64b10c8a156d22813a3ad1d613238b315c3ca3d4512a7c4fbc57db5bb579ea8a43f17fe62ed45b224549515e93fa423b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
065d6dae7bc51cf1c790645bdbb0cdf3

SHA1
214c5115c5c44287f393b7660f3d5c0a3d3a9bca

SHA256
8df3f9b9fbbc735f6069a2f80241cd5f6bd60529c06bd455300a87aed4a73f9d

SHA512
faa0bb32c606e09f30593fb2db20dc3a36ab9a866163d11838374c5bcc13d13aaee48119736c8b21c3a8f32d5c3bb4218146d7987f1f8328f61a9c3c79f7a74a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
322289a9dc31016938cd5a0f7bf2c184

SHA1
9110f1a2426b6d4128e45224c2e68a62843a32c6

SHA256
1e7aa77c200070b5d8bcfd795651057a5de8396ae618bae7db43289ba310ac63

SHA512
d1308e3b1da1ed0bec40de4e99cb5e6d48ab4aef08aa76a07c0d2b6a3505ca71ed6ffbcdeb495e649697fdf4f65bfa0b694d42ba4adc008d55069d97598a929a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
114caeffdd3e1b6019f2a816bcf61e6f

SHA1
fae35f0edbb69b8fd0593af27b9374291490ae19

SHA256
9daf3ab10fb92d3d01ed8d8f6041d8105f5d34da17bc9ea41e624cf2da0ea3e3

SHA512
0ca9580bed5b6fd444e8552e4a92e3ad3703d65e040ae654988aa5ce0de82d7f99b0db6bf41cc25875fecbe1066ba5f05459d1e32f71e72603e385c30a8c3a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e3e74b0f-3e1d-45f9-a90c-a60daffd6145.tmp

Filesize
5KB

MD5
ce9894279f10151abfb41d1a7faf0fcc

SHA1
e563e0eef85e191d4a868814e71c91f23401a094

SHA256
0d221c8325925199012c438eefee6a075634fb59fe2ed82764f8b5cf847d1e5b

SHA512
6162d1fb2b6d793ccf7145b8d335e78f1df385ab7ac98c5d5d285126871e307dc87cd31370fd898e24d683cc8b058894cd2667b616242ed90b823a8870d2d340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
c5b3823e8aa1236e9d37b30c90252647

SHA1
6dc734d34a5dbeaa36c5ade08fb5d51f5e1807c2

SHA256
914025aaa55194605296e5641e5a197403f22479758b55007e49d7ab40c27c90

SHA512
d5bb227ebe86d25f18a0b8329f43754a346f749dfa86731c6881a5e835e615470681029d269ad8d412f6ebe99777f2af4adb6242e19b4cd30518c737d0130669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
fec602a92ae9ed231a3abe396cead978

SHA1
f532502bb3ae133b02ccd5ba503282244eba18e2

SHA256
537686802319e099b0c330885239e00579b39513c144260833a2e78ad51cc02d

SHA512
81e29c20c66b6c92ac4d1dab77086a51e47b3f110f7e5f5437b02444dd0358fc821c1635960f14f4e5e4385d67002eb6ca7d2ff5c343a9edb872525d854b868f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
ef4f8c22d96c19939018da77cf9c01a6

SHA1
7ce130b07763918794bddc360d5ecedf30b5ab7f

SHA256
916d604028c4d69279c2e7d9dca9081d8b5552119a445b9c1584e8ad196b3f31

SHA512
fc70dfddbc698c07756178e21baf9e96475bafc47e02ecf6125317cd73e2f288b52ba04ef70bc7aabc7c486b66bfa919334dac0d4a4cba86d3dd6778d88a6565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
b77ec71c14c0075ddba1abb0f067183f

SHA1
289344e88364b158f1db9d6ccfca373667e159cb

SHA256
1d2551fdd90a2011ecf6824c9fe660b792df1a61977c2f1cc4cf3014777faeeb

SHA512
d134c326d12b937189cff76c74fb71163b5d4e25fb7b4890778724846c5283748bcfc97bda8919b5399f35e2c74b1b1f013dbd3919c22a191a82db56b6875ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
ffa34cfa6f91553251aea806ab7009ce

SHA1
1fec67c76de715dd470a0a9cde41c18955721ec3

SHA256
afdaaf81b8c0e70c9cfb65d8ae6309e66b13d135863ce6da0bde9de4bc67c8bb

SHA512
2bb67efd7dd8dc6d3d039940c358d48ca32d91e281116808cdf7f1f1639c5ddf2653e05a03769a900f0227568b8ccd8c6240e9ccb084165dd0274b7bb48552a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4d649284f7ea8e829e4c8f481975fb28

SHA1
8650b44ca067ecea0279619fecd1228ffe6b2aa2

SHA256
d69f3f142b22e00a33ac7ae85bf09c344f42395a9db444c08371e067c4dee899

SHA512
a9af5bd3d554590f0f4790c4404e49d0ffba2ba2f3a90bea044f70b3ca2e8d4f09e8f510a7f9551616b3f913d94e35f96afcb80893db6dc16bd4455ce4ad438d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1809168279b440ba57b4f1b414d84ff6

SHA1
d6c71171060f816acda48940095eb65144ac631a

SHA256
261fcc59cbab3fb699508b16a7b9ff3460d24de2c78dcb476f496be16a91369c

SHA512
6358e63077c11bc98e2a3f59c5d3aa8a8a97ccc67b13933c244840fda2c4b16876be03e80cf4f00b566b6dd39cf65d33c075d807a33e7847998be95c67ec22d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d6014d8badab97f979a61d7b73367d5f

SHA1
daae2c51e6f8d95e954848b032eafe63ea3c7764

SHA256
b7823bfb7bc834ee8926fc58c232685823e2e1102497436ed92f842363453890

SHA512
efb2301ce01cc5ddf40dc735dfd143df1f7ca1b04ade423c3fea0ac1ae8e2b63b2d96a30c0e08ca8a691c1119345673738357fc85c03af6870b93e25d08e445f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
24002812fd6716652c67378c3b40945a

SHA1
c59014031153eaaedca37f6e350258e03295ef42

SHA256
083d9bef40759cc23280811250481e3fb46bacc04740e1a90e0f8a522f6a1a6c

SHA512
800134b408ad031da88c2cb17e89b435eb67e794f63bb75096ae308e432bfb4e938577d81443b0676fd575781ee60e2b56c5215aac1e8c855e00707c31322822

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

Filesize
40KB

MD5
48c00a7493b28139cbf197ccc8d1f9ed

SHA1
a25243b06d4bb83f66b7cd738e79fccf9a02b33b

SHA256
905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7

SHA512
c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

Filesize
64KB

MD5
7c5aefb11e797129c9e90f279fbdf71b

SHA1
cb9d9cbfbebb5aed6810a4e424a295c27520576e

SHA256
394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed

SHA512
df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

Filesize
36KB

MD5
b4ac608ebf5a8fdefa2d635e83b7c0e8

SHA1
d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9

SHA256
8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f

SHA512
2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

Filesize
28KB

MD5
0cbf0f4c9e54d12d34cd1a772ba799e1

SHA1
40e55eb54394d17d2d11ca0089b84e97c19634a7

SHA256
6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1

SHA512
bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

Filesize
8KB

MD5
466d35e6a22924dd846a043bc7dd94b8

SHA1
35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10

SHA256
e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801

SHA512
23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

Filesize
2KB

MD5
e4a499b9e1fe33991dbcfb4e926c8821

SHA1
951d4750b05ea6a63951a7667566467d01cb2d42

SHA256
49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d

SHA512
a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

Filesize
28KB

MD5
f1656b80eaae5e5201dcbfbcd3523691

SHA1
6f93d71c210eb59416e31f12e4cc6a0da48de85b

SHA256
3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2

SHA512
e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

Filesize
7KB

MD5
b127d9187c6dbb1b948053c7c9a6811f

SHA1
b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9

SHA256
bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00

SHA512
88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

Filesize
52KB

MD5
316999655fef30c52c3854751c663996

SHA1
a7862202c3b075bdeb91c5e04fe5ff71907dae59

SHA256
ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0

SHA512
5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ADVPACK.DLL

Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Msvcirt.dll

Filesize
76KB

MD5
e7cd26405293ee866fefdd715fc8b5e5

SHA1
6326412d0ea86add8355c76f09dfc5e7942f9c11

SHA256
647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255

SHA512
1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Msvcp50.dll

Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\W95INF16.DLL

Filesize
2KB

MD5
7210d5407a2d2f52e851604666403024

SHA1
242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9

SHA256
337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af

SHA512
1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\W95INF32.DLL

Filesize
4KB

MD5
4be7661c89897eaa9b28dae290c3922f

SHA1
4c9d25195093fea7c139167f0c5a40e13f3000f2

SHA256
e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5

SHA512
2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\andmoipa.ttf

Filesize
29KB

MD5
c3e8aeabd1b692a9a6c5246f8dcaa7c9

SHA1
4567ea5044a3cef9cb803210a70866d83535ed31

SHA256
38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e

SHA512
f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.dll

Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.hlp

Filesize
11KB

MD5
80d09149ca264c93e7d810aac6411d1d

SHA1
96e8ddc1d257097991f9cc9aaf38c77add3d6118

SHA256
382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42

SHA512
8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.inf

Filesize
2KB

MD5
0a250bb34cfa851e3dd1804251c93f25

SHA1
c10e47a593c37dbb7226f65ad490ff65d9c73a34

SHA256
85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae

SHA512
8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tvenuax.dll

Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuAE59.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuAE59.tmp\nsExec.dll

Filesize
6KB

MD5
132e6153717a7f9710dcea4536f364cd

SHA1
e39bc82c7602e6dd0797115c2bd12e872a5fb2ab

SHA256
d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2

SHA512
9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1

Download Submit
C:\Users\Admin\AppData\Roaming\Data\2.bin

Filesize
353KB

MD5
8766dce04feb646bf62206d64d6eb0ba

SHA1
91c5d588028c6c949e9cbcec950bcfaa35a791e4

SHA256
f87e1ab69bef059744ee9244f37b0f21ef7d7b06fc5245094cfa22637ef6ae9d

SHA512
0bc8fc880bb94ad55a732f2be207d88a6bb0ae8d97f91819e889d04420a71ae5d91af21861bad351c5fd7f4e944c1899b17df326bf19d310cc31a95fd38ee6a3

Download Submit
C:\Users\Admin\AppData\Roaming\Data\8.bin

Filesize
408KB

MD5
5ada580c290b53327fc8db29d5cd66c5

SHA1
a504aff6a9fa93bf4ccb69df17b5238804c659f9

SHA256
5dcf1f4b285a6dd70ec7acd77eeb5752a3d381a8a697eafd394fcde615f3ba63

SHA512
36da1958e7b4fad5367b257d9343c4eab59d50b01c610514d48eae2d0eeabf7efd06dd8fc63551a0a7e11df91aa3ceb063003cdd9c30c6755431ba218524fd49

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
21KB

MD5
5761ae6b5665092c45fc8e9292627f88

SHA1
a7f18d7cf5438ee7dcb4e644163f495d3fa9c0ef

SHA256
7acabca3631db2a73a5e20abd050097e44390ead1d74717aed936601904b73c2

SHA512
1d743b407663e00a296c2ae45cb5a05a0866657afafbc9e8220e4c1839cbab2c09bf2a3510ec8016f902ccb7254edddf2a3412e7f5a4cafcabbeb5724a67b46e

Download Submit
C:\Users\Admin\AppData\Roaming\data\12.bin

Filesize
5.4MB

MD5
9e0ab3181d32ac9950dbe1026b197207

SHA1
d8b53f3a93d5e2df9507b6256f2e414712347256

SHA256
a3091d14161d268924a4d6195f820c64b1811d6afbd6948dde29e267ecb56cae

SHA512
424f8f0a6e945fcd831ca0d0f73f898dad0214f38cc477cb3be8b161836e349cd5d629444033e134e2fd6b8c85cae088f177aea4e26d7192a4f60a5739584c2e

Download Submit
C:\note.txt

Filesize
133B

MD5
910efec550edf98bf4f4e7ab50ca8f98

SHA1
4571d44dc60e892fb22ccd0bc2c79c3553560742

SHA256
7349f657a8d247fc778b7dd68e88bc8aba73bf2c399dc17deb2c9114c038430b

SHA512
320de5e34c129dd4a742ff352cfe0be2fac5874b593631529e53d5fe513709ac01f5d1d3dfae659f36a2a33aae51534ec838f5d3748cd6d1230a0f3d29341442

Download Submit
memory/2136-1904-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-2002-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-2485-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-1498-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-2325-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-1373-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-1623-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-2251-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-1380-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-1677-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-2350-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-1789-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-2165-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-2987-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-2536-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-2986-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-2128-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-2526-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-2089-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-2985-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-2387-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-2980-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-2981-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2136-2984-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2212-48-0x0000000003E50000-0x0000000003E60000-memory.dmp

Filesize
64KB

Download
memory/2212-52-0x0000000003E50000-0x0000000003E60000-memory.dmp

Filesize
64KB

Download
memory/2212-51-0x0000000003E50000-0x0000000003E60000-memory.dmp

Filesize
64KB

Download
memory/2212-49-0x0000000003E50000-0x0000000003E60000-memory.dmp

Filesize
64KB

Download
memory/2212-50-0x0000000003E50000-0x0000000003E60000-memory.dmp

Filesize
64KB

Download
memory/7744-3005-0x0000027525DC0000-0x0000027525DD0000-memory.dmp

Filesize
64KB

Download
memory/7744-3023-0x000002752DFE0000-0x000002752DFE1000-memory.dmp

Filesize
4KB

Download
memory/7744-3004-0x0000027525DB0000-0x0000027525DC0000-memory.dmp

Filesize
64KB

Download
memory/7744-3027-0x000002752E120000-0x000002752E121000-memory.dmp

Filesize
4KB

Download
memory/7744-3025-0x000002752E120000-0x000002752E121000-memory.dmp

Filesize
4KB

Download
memory/7744-2988-0x0000027525CB0000-0x0000027525CC0000-memory.dmp

Filesize
64KB

Download