Resubmissions
17-06-2024 03:53
240617-ef1fwashle 715-06-2024 06:53
240615-hnsb1s1fre 715-06-2024 06:47
240615-hkmblavfmk 7Analysis
-
max time kernel
292s -
max time network
302s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
15-06-2024 06:47
Static task
static1
Behavioral task
behavioral1
Sample
MEMZ.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
MEMZ.exe
Resource
win10v2004-20240611-en
General
-
Target
MEMZ.exe
-
Size
16KB
-
MD5
1d5ad9c8d3fee874d0feb8bfac220a11
-
SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595
-
SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
-
SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
-
SSDEEP
192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
MEMZ.exeMEMZ.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation MEMZ.exe Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation MEMZ.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
MEMZ.exedescription ioc process File opened for modification \??\PhysicalDrive0 MEMZ.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
Taskmgr.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A Taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName Taskmgr.exe -
Enumerates system info in registry 2 TTPs 18 IoCs
Processes:
msedge.exechrome.exemsedge.exemsedge.exemsedge.exemsedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629079517583158" chrome.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exepid process 3600 MEMZ.exe 3600 MEMZ.exe 3600 MEMZ.exe 3600 MEMZ.exe 448 MEMZ.exe 448 MEMZ.exe 3600 MEMZ.exe 3600 MEMZ.exe 448 MEMZ.exe 448 MEMZ.exe 1596 MEMZ.exe 1596 MEMZ.exe 448 MEMZ.exe 448 MEMZ.exe 3600 MEMZ.exe 3600 MEMZ.exe 1584 MEMZ.exe 1584 MEMZ.exe 3600 MEMZ.exe 3600 MEMZ.exe 448 MEMZ.exe 1596 MEMZ.exe 1596 MEMZ.exe 448 MEMZ.exe 3436 MEMZ.exe 3436 MEMZ.exe 1584 MEMZ.exe 1584 MEMZ.exe 3436 MEMZ.exe 3436 MEMZ.exe 448 MEMZ.exe 1596 MEMZ.exe 1596 MEMZ.exe 448 MEMZ.exe 3600 MEMZ.exe 3600 MEMZ.exe 448 MEMZ.exe 448 MEMZ.exe 1596 MEMZ.exe 1596 MEMZ.exe 3436 MEMZ.exe 3436 MEMZ.exe 1584 MEMZ.exe 1584 MEMZ.exe 1596 MEMZ.exe 1596 MEMZ.exe 3436 MEMZ.exe 3436 MEMZ.exe 448 MEMZ.exe 448 MEMZ.exe 3600 MEMZ.exe 3600 MEMZ.exe 1596 MEMZ.exe 1596 MEMZ.exe 1584 MEMZ.exe 1584 MEMZ.exe 1584 MEMZ.exe 1584 MEMZ.exe 1596 MEMZ.exe 1596 MEMZ.exe 3600 MEMZ.exe 3600 MEMZ.exe 448 MEMZ.exe 448 MEMZ.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs
Processes:
msedge.exemsedge.exemsedge.exemsedge.exemsedge.exechrome.exepid process 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 4864 msedge.exe 4864 msedge.exe 4864 msedge.exe 464 msedge.exe 464 msedge.exe 1412 chrome.exe 1412 chrome.exe 464 msedge.exe 1412 chrome.exe 1412 chrome.exe 1412 chrome.exe 464 msedge.exe 1412 chrome.exe 464 msedge.exe -
Suspicious use of AdjustPrivilegeToken 43 IoCs
Processes:
AUDIODG.EXETaskmgr.exechrome.exedescription pid process Token: 33 3836 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 3836 AUDIODG.EXE Token: SeDebugPrivilege 2412 Taskmgr.exe Token: SeSystemProfilePrivilege 2412 Taskmgr.exe Token: SeCreateGlobalPrivilege 2412 Taskmgr.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe Token: SeShutdownPrivilege 1412 chrome.exe Token: SeCreatePagefilePrivilege 1412 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exenotepad.exemsedge.exeTaskmgr.exepid process 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 1728 notepad.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
msedge.exemsedge.exeTaskmgr.exepid process 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe 2412 Taskmgr.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
MEMZ.exepid process 3516 MEMZ.exe 3516 MEMZ.exe 3516 MEMZ.exe 3516 MEMZ.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
MEMZ.exeMEMZ.exemsedge.exedescription pid process target process PID 1300 wrote to memory of 3600 1300 MEMZ.exe MEMZ.exe PID 1300 wrote to memory of 3600 1300 MEMZ.exe MEMZ.exe PID 1300 wrote to memory of 3600 1300 MEMZ.exe MEMZ.exe PID 1300 wrote to memory of 448 1300 MEMZ.exe MEMZ.exe PID 1300 wrote to memory of 448 1300 MEMZ.exe MEMZ.exe PID 1300 wrote to memory of 448 1300 MEMZ.exe MEMZ.exe PID 1300 wrote to memory of 1584 1300 MEMZ.exe MEMZ.exe PID 1300 wrote to memory of 1584 1300 MEMZ.exe MEMZ.exe PID 1300 wrote to memory of 1584 1300 MEMZ.exe MEMZ.exe PID 1300 wrote to memory of 1596 1300 MEMZ.exe MEMZ.exe PID 1300 wrote to memory of 1596 1300 MEMZ.exe MEMZ.exe PID 1300 wrote to memory of 1596 1300 MEMZ.exe MEMZ.exe PID 1300 wrote to memory of 3436 1300 MEMZ.exe MEMZ.exe PID 1300 wrote to memory of 3436 1300 MEMZ.exe MEMZ.exe PID 1300 wrote to memory of 3436 1300 MEMZ.exe MEMZ.exe PID 1300 wrote to memory of 3516 1300 MEMZ.exe MEMZ.exe PID 1300 wrote to memory of 3516 1300 MEMZ.exe MEMZ.exe PID 1300 wrote to memory of 3516 1300 MEMZ.exe MEMZ.exe PID 3516 wrote to memory of 1728 3516 MEMZ.exe notepad.exe PID 3516 wrote to memory of 1728 3516 MEMZ.exe notepad.exe PID 3516 wrote to memory of 1728 3516 MEMZ.exe notepad.exe PID 3516 wrote to memory of 2364 3516 MEMZ.exe cmd.exe PID 3516 wrote to memory of 2364 3516 MEMZ.exe cmd.exe PID 3516 wrote to memory of 2364 3516 MEMZ.exe cmd.exe PID 3516 wrote to memory of 4052 3516 MEMZ.exe msedge.exe PID 3516 wrote to memory of 4052 3516 MEMZ.exe msedge.exe PID 4052 wrote to memory of 1968 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1968 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe PID 4052 wrote to memory of 1580 4052 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main2⤵
- Checks computer location settings
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵
- Suspicious use of FindShellTrayWindow
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c47184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c47184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c47184⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+20163⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c47184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:84⤵
-
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"3⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c47184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system323⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c47184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2452 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c47184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c47184⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x51c 0x5141⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8c7faab58,0x7ff8c7faab68,0x7ff8c7faab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2092 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4384 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4680 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4964 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4292 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1968 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4804 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
860B
MD554e51ccf742e8202151e40decd3b54b0
SHA14c844b78f2633da61907164c8fdd15a29143be9f
SHA25679be619b73f5bb6279e180306b6ad810a311918560471eae22c3205dbd7e52ad
SHA5126906bf49375f90e373c73eb6338369502184496d8bb9143bcb3068063c8d0f6c1b18a1933a836037e35e00ad4b78d8a4125ec7ae1169c83994615a7f2125df16
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
524B
MD52887e1f05ca23beb54d4071a0f6d30bb
SHA1476477fd93b066d98d12a91c3f5bb327803d592e
SHA256912af05119c9ee080d4b6bde04cf705a3b818e72a1f9ed9f4920b9d28b74e800
SHA51222e3a4ee5885bc836b3c37cc6b20a7ecdbec3e5941a33665faa1650a822a9a211e4e4afdd1edab539033965b2796c96539615844cd2e1fa2eda56cf28943305b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD599a32725623f1aebe8f3400883514f2b
SHA15f2ae5faa16234bfbe4e8287493723ca98266b9d
SHA256467f0464e5df28911bcd38cd95aaea3a089511c3212acbe0994fd98969ed42b4
SHA512f4b4432176fe9f3596939e0b5e942228fd88a1ff787e67818fe50c79197d6c554ee4451cecbbc31711ab9a3cc612c02dd4e6bd39fbf167c274263f9808da27fd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD590aec54f1e1e375f2ef3ec838f18811f
SHA1f2c4dcc036b31f46fe36c69562f806a87139eab5
SHA25605bca8fdeff0b0a8ff0a0fade1c5f2da3529999ee74979569e47573b72959fe2
SHA512c892725107cfd9c5b35db5973f706d981c066f881efdcce4dc257877e6f09c81e792c6b0fab8534e39bf1c3ab8761e9451ac196f08ef2c7a097015bbb17e3287
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
16KB
MD5d66ba6d7b86a90fe8a60c46b6356593a
SHA1ca90843c5df5a0a0dc2014611718d4eb96b09c43
SHA256f5aec6017010f990c2d5d5413391404d6178aa40d023466b9b79fa67e46ca9e3
SHA51211d87643df6cadad1ffd71ec268c2159376627b0dc8f0a7e958228ca6fcbb38f0699287fcd47275d6fc4da71125045307378f311ffe115b5dfd56a519d11b5f1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
176B
MD5245f118ca187fd3a1fd98488c655d287
SHA1406c4a2787987afb76be0521961f29f846c0c1bf
SHA2561f8d52de0c378c0d83c69d7b423dd6b3cde0dca764c6fdcfd8958a4964cfeab9
SHA5120dbb505b5878e86e15de81b5102f5b227afa3f853d7e1a8f617db8765bccd90a98fb23399e1ebe8c34bdccf0b2def900fd18b0aafc68d7013a130108bd7243d5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
112B
MD5f842342d491b6d87432380ec6a4954c5
SHA10516e7a4bc949d5f0c0f22420a5f77ba3e52e133
SHA256097951fe3b2e6c5c1edbf189784c4ec611e59f8292464c94446cb011bdc64fff
SHA5126d07b353a92f066b897df6a01aa00e8dab0cc7bad74bb3639ca2a14f49d335d6d36ba2ee6e24a20830b662193509e954841b304db55ff47ff26823988b609e01
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
186B
MD565d3e1d6205d1eaeda8f0f0d2b52aac5
SHA1756f1f090ffbc4abd2681fb7488938def3a200c6
SHA2565a01e763529cb5b92b01137be55b62b19f4bd522a2009412541608c1b6715b92
SHA512e4e26b52a8cfd686b4d1da5a25bd323b40ed3d1825b74be16bc7e6c9b47a7314a9b2856856ad4bc1271a96b54e0b6ef9f08bd719cb4404c224e5bd21c8b3706d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5bcc93.TMPFilesize
119B
MD5c2b672056637ee4cf96d9230244260e4
SHA1fbb74704b7d5914b97d761f613b322e516a39bbf
SHA256600ef711b2722d561ae12631ea823a6dc06aacbc7f616736adf744c0e55b0578
SHA512aa98c1c23033e2bac84692a6d9b24672323a7d9ff877c846a24cf3c7119bb0d42fecab2ccb10e43e9f671b6bbb0af7466872343240ecba22447c32dffa5e3b7b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1412_1415607311\Icons Monochrome\16.pngFilesize
216B
MD5a4fd4f5953721f7f3a5b4bfd58922efe
SHA1f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA5127fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1412_2110446408\Shortcuts Menu Icons\Monochrome\0\512.pngFilesize
2KB
MD512a429f9782bcff446dc1089b68d44ee
SHA1e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA5121da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1412_2110446408\Shortcuts Menu Icons\Monochrome\1\512.pngFilesize
10KB
MD57f57c509f12aaae2c269646db7fde6e8
SHA1969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA2561d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA5123503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
276KB
MD5d9f71c8631851e200182b6c39d66a899
SHA146442f7e2ead7658f9b30d9793466dc41a013556
SHA25633e93738c5732a404305322284a73222a41785128b847c7ef2437605becd5629
SHA512558c12bac0036c36dde9e6434e8cf77b4514bd0f87038614a5cd7e515fedf43012dfb0b77f0c5bbe869682164e56365bf75abd6a591dfe51197ad88cfa911f44
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD53d1ee7c537a9b7b8b43f7446567d7a75
SHA1c879f1a95651c27e99ac3789fe1c28a4088d2372
SHA256cd0c5fb888cf75a8f3b509b58b62ff80602061dbf2e43cfa600e85173f96fe79
SHA512f2250cdfdcde2d54054b8e442ac8fe6a6c77b4f72a1f9eea47340304b00c22ad888c7c46e3fa4c47781a55c8b905c033fc919db9cb216efea5e969029aebc3b9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD56e87a33c286e1bf507f1d16c50064e29
SHA1aa28da19d2f521c9c89a9a0359c266ba7730f9d1
SHA2560ccbcc49ec5858b84acbd0f0551f6853ffbdbcebd65c072bc322368fca071a11
SHA512e292be7f783674474ea146df295a74d3e195d3734b71cab90ebf0008f4cbfdc9cc7a67b548045419bf6eaedfe8f54cad7d03afcc9e08331a94277c5caf4c8e46
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5010724764331d1b10a95c7427956d488
SHA1d0a75e37c39894cdfcb282dd08ba0bababa2f3b0
SHA25619b2c52500f2cbc0bedc7cc92b46a699f3c4ce37d59ebc1d8be2e0225cf1dfab
SHA512f4dce4986d6a00ff45606c8c55b69a628d68383e726981f44c53f04c80f7f43f876fa7a05b8c1da108011c7ab9d9f4f3515cb487348ceed6b9894529fcd9a561
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c02a138e69f0f854df9b2c6ddbad1919
SHA120d8f2271b1515501c6fd5aa1d3092bc6b43478b
SHA256505fbaa2f4549b7283a059475a4fdde8bacca86a0d980ec29fcea506b380e9d5
SHA512fe33add3f143ad223d13b8799357f0b29c5224a1b31e2073999d11f389db199d1082e40f271b4a9996a232a349a0118e71abbb7c9264dcdf0e25a4e0ace1b003
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0Filesize
44KB
MD5f46eb6d2eb1c1c38a8e249ce30fe14fd
SHA16d0aac14098b5b30a090aa1ae791a5924dee9beb
SHA256d01191d271a94a722d1bfd65f8896a3b8fb7da89a47ea5a1f2df80490460a746
SHA512583290a13a1c1358d4aaa7d399611f17b8c124e4eae1b6c43ad9ca8bfc734118d2bdc8e93d6e6289b5ef0be97e6233bae0193ea0496dc1f97745439a91a83189
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1Filesize
264KB
MD52da44708b498c213fe0963aded24ac9b
SHA1c2eb286d182d2d5417d6618551e66b9ce15baf26
SHA256748b7b51391b8bc80c45f0f20765031c489c0934759e4d4ab5e156247064387b
SHA512284c7675507e8d69171b36240be58f60d5b5c8339c0fc0f8573e81ff6f811561b4a6411974558a15ae84f05ead824132db7114b4e42398bad87a9b49d8a1db49
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2Filesize
1.0MB
MD590e4af347139064003cd98dff7abf0e8
SHA1f21dc2a7ca741da1c537f66852d2105cb4aefc8f
SHA256df621ed33b92e11a1f6e8bad4acfe7ae005a174cab09f942c0e073150a3c1916
SHA512952ebe4666a1388f32269bddf16212e20ae25d4285c15a10287b33b6b422985de8f7e666a122b330895fbeca6b21820df31b5255ada0350cbdb1364efcd65ce0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3Filesize
4.0MB
MD548307f91e9b6f504db45f9274baa957d
SHA1c1730d2d588c5f0f1a5ce31011b115c8eaf8e412
SHA256bb17098e7cd29454a53b70514362d4d464ae157c92693a732a3db3ddba103fe2
SHA512d14def6edfff66a4aaa5af3b0f695013fbd69516f11fb62d08b22fdccc15b1bccd224e14eda709e647311f65608daa8390b56b3287dbc46c7cb6770157881d56
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002Filesize
24KB
MD587c2b09a983584b04a63f3ff44064d64
SHA18796d5ef1ad1196309ef582cecef3ab95db27043
SHA256d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003Filesize
68KB
MD5f0c27286e196d0cb18681b58dfda5b37
SHA19539ba7e5e8f9cc453327ca251fe59be35edc20b
SHA2567a6878398886e4c70cf3e9cec688dc852a1f1465feb9f461ff1f238b608d0127
SHA512336333d29cd4f885e7758de9094b2defb8c9e1eb917cb55ff8c4627b903efb6a0b31dcda6005939ef2a604d014fe6c2acda7c8c802907e219739cf6dab96475b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
96B
MD59e560303a165b48968c64015c3ab0a88
SHA10ad4b09da8697873e955f91256bcdec663200d8f
SHA256e228d9930d583ffcc5c77b69ace0786e054a87ce63f2a810e6070622f1b52888
SHA512dfd59c4e5c2af6547e23bdece9ee1e54d0f8a23ad59ae14a71c542a24deb120f3f7b5215a36f4387e4bc9c863fbbe2e228961cc67e4e99f1c7ec5a0e6574e1f0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
96B
MD51e566f48e0a3bd792f57593e3bbb24d5
SHA1f2484bba8bd1615d59dd3d14240f2510c929a305
SHA256edd09708c6f63c3b667dd443600336232b5f07b39312e5f3927cbe90b999867b
SHA512343dafb0894c47038306f2f4454fecedd800d5a05a790fad08a4c7b7b7e4989bebbe62d4e85e6adba5d73c93d5b0a4144de088cbaa51a54c178dbd0eea88913c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
96B
MD5d5be2bb9e1d4f90a05587ce523e7cbfe
SHA12f5f4ea57e88d61ff0b929dba44837cee2ea1dd9
SHA25658ea758e1a8dc5667707214ce5c86923a02baf3b9819f463317f6f7cd94ae22a
SHA5126b8ad57e9c4e7a89e8d33fb334fa96194d66c344a1c0ae9729a66e3facb0d5d7f11b8de105744f5dc240453c821fea09ebd1892984f172bd62ed17d16b5190f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD5108f3c1b744ddfa9bd78db6d07519953
SHA1a57ba9175faa34dd5257d77c12ca00b6c6f489b8
SHA256d3f4d8ace157f22a167604162204cb56ddfa6a8d536cfe8db2776ee71871c308
SHA512399e9ac1e2c99c9ff60017162a0cbd1c496ffe36eb8b0655b21888f2b06ced9c59e3b360849668e0f360db33074801485275566b058cc8f9eb84c392f08cdc69
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
96B
MD5dccd817eb23bc5f6c915ae00bb8b438d
SHA141e4e04bb77fdc3cd9040e25dadcc82df3577f8f
SHA2564c1de2a5a3097e527064f34ae5b04fd040820b0c344baa9c3f426b4ac7f5644b
SHA51237772c4ac18c374cefa9258318b120205c0b2db43edfbd2079a1181cb8032f7aca34b1d8509d69491910d695aa7f8bca44aef207efd75e16e2d9ebe9842d1975
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
96B
MD5a3da60819d62ad4aa5842f152e1e3b47
SHA14a273e74c85e4ea9bcea1ff36e884e218da75eb2
SHA25643c42f7bc3f8f059f2ffb84204e074fd75a685c657d9eb0a2315b13ea012f05d
SHA512c06b36dfe44b367b2910848efe370a73dbefea1bed62f4508e0bc2b9b169379225fc31d0729bbe13d72467462f6d5e4226670e54c6c5a5ddfdf896deb5438f66
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\CookiesFilesize
20KB
MD5d703e6354467c496bb4cae31d0457c28
SHA10f0285164739bc9920a83ef32fdf497a017eec75
SHA2569b225ba31a9ee9a9aa28d6fca9666b22d2896427318e68597c6ed908cccca429
SHA512eda11f70a76dc67780dfdedbf0bac51e72abd72c302e1506b995aea81cb6b3859b85d4083b7429af66cf9d98f445888e298109f878394179aded6f348c56af3f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOGFilesize
319B
MD52e6924a832bd40d17278c74a026d92f1
SHA1e1d4af7ba59ca72d1abde9b2a1ea906724833bb6
SHA25666d381cb4542a314eb724e5982cb2e1b4c7ccf8ab0a7eea945a9dc8e204b2b64
SHA51239c310af647d28948c55901d1d3333689a223b9e02e716becdccd106341494df992739e2ab3bee9e886538af605135dc5ca07d74c5b85e6878a95df20888fdd5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\FaviconsFilesize
20KB
MD56230a6a239d70817087bb2fd2f95cbee
SHA1ec5f19740740bec2d29828c078ce78ee48f02fd6
SHA256618d56da45a6afd2202c0691d7b54a69192e50564652c39efdd33007036b7434
SHA512c819e17878e55494ce2bd4ea9cd1def1518b95166fcfc86d3325796686a4fc0314d98ac781ba2b7e58552f65592122df35fefa7990f878cfa50bb104d44ed5d1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1Filesize
264KB
MD5793e7a81f5c6c258515960b7473cadf9
SHA1633ef2c4da364b1aa2adececb0cf8b14bb488712
SHA256c9cb6545e2e2c1ffd5567b19d216c4069e25872037c0782621f2e526a0c0bfac
SHA5129e7313cf0d00a176d92ae0aa28944e3b6104bc3ff444541e3fc56cb68f041e8ba6deb059395a849dd41fe8d0d13dc94df210a479bc92224f7384f2727f95c2ba
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HistoryFilesize
124KB
MD5c63fd958b9130ff018a2c99774ac7ce3
SHA14c2df67e756f03f353499f2f1447563277a91335
SHA256dc71d0fbf1187e150bbbe374c05030110420760fe23e85494c0c0dd166c0673b
SHA51221064a8f42d7127aaa9cc1b48d07aafbe1f1393ea1fa40067c5911989e1c2e1e94a1b9b4dfb86f11bcadc72135e5ad2f7b18b9b111c97cb979d4c1cccf133683
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider CacheFilesize
2KB
MD502f7fa5e8767d95b275abe27472e91e8
SHA11ad4b77eb5b7d50833e5804039ffd8a1d7a71913
SHA2567d28abf3186a971363c4be303f496aad27075709688ed6469cb83a69fd9833f1
SHA5122db32980ccdce80a82fb345d2812cba9f2aa423c9ded184030cb4eb2b39d89e96037dcc8e293f9beb509801595cee3cd3c454db0b92f960864b87bf7ab6c7fab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journalFilesize
28KB
MD51b63ffa8325609f7f21989a5a7717fea
SHA174d137782c56504a7d09d6c27dc8e2e3985b4f8f
SHA256880f695c5069d1901c6a06fa00f2a5cd0fcac3c73d3ca08c00b2c844ff4cb44a
SHA51271403fe5b46e3db725d03295a2e16eccd25ac74c5f0b4af78c304f1d7f55a03a5c7a7bf97c1e0475116c9926e0c05bafaa4d9d3735930102f598a6644bc21e19
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOGFilesize
331B
MD5dcfc059c5715d7b48baee3de35811ffe
SHA1da2198c33256ed9c001e6d1bdfba9eb92b1fd647
SHA256cf6b810e3a1d52352b37e7ed79d0c1c0b149ccc3e1dfa712e2046b9eb6119d33
SHA512a21c1aa0a47c3f1424ccb79362681283b094354f11491567a8cfd600bb8e540dc228d84f4ad6c767870119d19fb89124bb51a6b728bface3e67c0621941859db
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1011B
MD5b69f7f82e0f6164bfaf2f1c8a1562873
SHA166ca17c3ecfeaebfec1ca1348bcee7a208853b3c
SHA25659538c681016ad79f667f8caa8c718f03f819794e0903ad0c99d832a3b795999
SHA512db5ae986c37b0235c616041068353d8987b297075ceb832a994158973e184cc0e655180b80e16e96e7e248893c344445f53951da7cbea1488021989fb57008d7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
949B
MD596b5880f2ad674efcbf426b52642e5dc
SHA10d413330964eeff6ae632aed05466c23f10e5539
SHA256b24f4a4659b5cf0ade394c93b7b2dac5a6a24c5f246cdda80f303debd305b5db
SHA5122e2356b5b8ff91aca1965d6bd054e9b6f30f29bfe6100b6e1a4311d1d6970f4596d709d9bec9a6507f583a653f50186c8dcb76edf66af1f167d85c0b3824aff0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5b5e765c04d3001a4b44a62e14b24b715
SHA1d262e00b848b40f75ce8354c5a78d48de701ca66
SHA256040f38e36cea838117afe7b5ad86971a49e26fc73c709525b3ef0151a517a816
SHA51242db932305b8670492fdd39d96d298f54fc3f2f35872ab814fe6cd3bb88a396ec1c5ae5692f057922a22b21142b361f0e1019dbc3285fe1aed0c416da2303fbb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5b7f3242ef02abcad4823c5c44a24c3d6
SHA14b739b5e66e33e18514460442db88da2a961ed9f
SHA256201c915f11db4c47ecac8d467e38672e59ed4a17da7bb1c69190cdbc6759c825
SHA512055dc5327dd65a87039a0127b42b6f92960faffc1282214b9acd578259440a24aac00567ece68c2cb81da5077c3f184375135017b487d55c2b2e08bafb26a768
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5901c022cef580715c969fe4d1c9206e7
SHA19e0912ec8abe7c2da9235364d608fdf60c21e311
SHA256a144e34b1ee2146cb863bc08ef077f376e4890142c477b2fac18769cc0edad90
SHA512175f6e0a027e035a03324a14260039cd9b8a4ec47345113aed9029286990cb1b887d586a32f4c4eb24de2bc6b58627d34337d3f4c31fc774a80a9d18674ab7c6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5e662063e48ddbc33eb4685f8ed8d4be5
SHA13009a24f9971cb77745820dcb18586a78d3b2f89
SHA256ae584a053120ce8209fbf6d767e6feebab5aff251f2d5037fbdbd1e955e95f7f
SHA512b5a900dc7d04939a2f9f37c38bd32e0db24b9a3b05af2744b5ff2496a2c76e7fc4e3a2c9e8730182fda68b003bf7dd378fe4cdb667714d332b46033ea5bac256
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5734c602d0e2ed269825dbc755a32bff0
SHA191008c2175055f242b9c236dc7b1f095092143e2
SHA25680f335974d46d59874d36f5673dee30bce9e763cfa7fdc59fe95adaaddf1d3fa
SHA5120d5e30f4a2c7523a5fab5668d027f88a0b2185faef2d26d24bce22c1484d1ab2e7d9290683a074e7ac0d7db4df2439fa5f13f8a0bc209853c9e7d0b01a7dd6ad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5cae014fa22817ef9d75388daeb50d7db
SHA10a1c72bcba281da32bc5ce0dc1960cd015233b80
SHA256313f06d1db89e13ea9c4511d0edf274abe8e697a94b82222167bde1b9ac54efb
SHA5121f93fa8b4871f5eb0b034fe0d53bd70d80480198a65ebed149ff7876e68fb17c5ffce3200beda1378a325fc2745c381a13d342555ec1b8e03a6d7f020f711e4c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5bb1270527ba95e03a6799cccc1161fc1
SHA1edbd4b8c30fcbdd524bd16d6910edbad205b065c
SHA2568ee0ba62a3dce006bb229e1631b2f33465e0f91dc6566fdefe4c9023ea960cfe
SHA5123659fb8a037492853032b27d59d7e432e615dfdeb10a4be316c884c2a0706079820e654528e2de25e4f71b8d001c72f2c2c1f60c5744178e2fa235e2c4ece8e6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5abdd527f820ca3c398fbb1aaf57f944d
SHA12def7680e487a0bc6973b5314003834340e4aa19
SHA256ec7030b1ad21a22ad090424b6ec00c26b0ac1569a79ab5effac78eef34d3830b
SHA512f4f95885c99e3f01f1db3a251400a79aecb8be96877fa123cf6c94adcb279803a30b36463ddc13f1be15ab8beec61a641d950a420408ee18389e3a8e18022a00
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5eb36ddf57f1a042d7f2bdb6a11c4c382
SHA112315a5c49052b6043b4acad82bba8de0bb3e406
SHA25684b73826ace13010294e0b65bce92ed33267ad91304d5a100ff53562f9ca41e1
SHA51258a7156c63e8944c865c4edbbb0cf3a07470ac40708b23caf0533539b580a63f43a98ea557eb60cbccc984e29e3223c7c6079cbf77f00c21161c617897136a30
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5ff33323a53e8badfef9118e54d96b017
SHA1f503642c00302af1363f518472a76b009e709bf7
SHA256686c99bde3744da62889a159b19c857f95c270e3be3e8d7ba8876695e02968af
SHA512cc034ba78c94e6c57971135bdefb2b143b63ce5069c6b68afc05e052037c25ab858c49af2e1745b94d3087e303743629087e651994425ded9b10ab1e9f201670
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD555f1a52aae3c2080d2311c9cd64d7dbd
SHA120cb0089f4d3dc9ff4b12d21ac7dd0b716690544
SHA2567befd04271323dbf8ee879b106ecdc783594b4efed8443126a978514a3ea89fe
SHA512b812bed9a7b0de95e238eaf3d274437e0125f196ec3111557153c2a65ca7b056fb34ebaee60c501526f3ff0c6682804aa3e5086ec5e24834e3d354cc61081d7d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5d67a75d7a98fb846d438e81b8e2133bc
SHA17ef2a2ecd78de8ff6172ea8b9c7950b22660bae8
SHA256ec8a08c2fc443fda511987d2ec9668b79fc823a214e32040b342ab539bec625d
SHA512bdd5913b0e1650e8ecaf516aead0039236813f892186e4393069dd74786bd9026fbb195ad240518a6e019f35fb7cf486a29e8fd484dc7302c3e370e670eeea0a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD574c9e992b8246ef114a6fc128564f16f
SHA1da03b492967ae22c3d7fa27baa2ca340d7a7c7e3
SHA256048e57cf65977c4bdc0cf5bce12933e2321214694d2745682ef7a205872a98e5
SHA5120c6d0a5bc093009f1be43994a255860f9ea7d6bd6b97f678d944024ae5fecc6173750c6627bbb74967388bfe4c148dae24ba1a70eee97e4818c6bac1e5287d15
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD54ea08be08f5b746381e913ae602ac603
SHA118c3752b0398d0d3617eea5382b56cc4464610c4
SHA256f71df8dabf16ca191dacbcc6712f5bdf83ff1ca57d01f0582d780820be7a817b
SHA5120e18427b99a1c59dd538cc9785352acda3d2bff456080052b61ecbbd153e2d3f0b84f6b7b0d449202a875b0ecc5f36e83093f7d29bfde2307706d809ac44d659
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD582f6550d1153d16a7dc935a5d855d8d5
SHA15abc217ca9022eeeecfd22b79e9a853481dfc42d
SHA256f5d667f8258cafd355615cca317235a31b02f6de05084807dd1ab1d00525333b
SHA5123d198ca977af031f8f62f69305c1e6051f3a2b7c9331e7832a6261cfeda3242df5fad8d53533f23f998560a4b9d18ae3620bc4e1e201640bb850dbdd4196369a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5d1c5daf849867410d9811aa5a49cc917
SHA1525644a4a784c60bf51bcabe9eb3b574ca6849af
SHA256c3ca3d4fa2c1b93282133b6d98c7a6e9e48023f453848a7f98a1c966c1fd3f97
SHA5125fe02e26eaf9b01a069b763c4fae73350275ecad1cbbf5db046ad8687cb09fd70d350b06a4d93d797e733f1e51c5c031fcb09c6d64731f107a4be333a298b8fa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5839512f5beddb3c64c569c37b51474f8
SHA1109eb964a7685ba1d7ff201c062f52ed7e158e67
SHA25658246ed2f3cbd137b363f1c5c3de564c60f0d49f5347288e649d8c578eaa1a6e
SHA5121cd43e6df6f8ee505eb7b6ea9df93c27e399735814b15a036e99f2f0583182d79dbc99c138998297d89e62583c4867495b3f7851762aee4947a9176894fcee36
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NELFilesize
36KB
MD575a37ec2b4901291b36638c37c9f08c3
SHA19b7ff05636a614f9a183258b4b60bc54a1add1bd
SHA25665ec9d7a5de15dec20c969ee25c956d334e586100f0826f881a51ff297825d9f
SHA51210534b2f959c95ae3e0289a864a2e9666afa68a654a8e95d92eecbae9879c76bb35269eb30f5d59b4be6bfdcf6bf3142dadc7cb98e4218c9e21cc4cc170c28cf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.logFilesize
194B
MD5d7d9437445aa960dcea52ffe772822dc
SHA1c2bbf4ac0732d905d998c4f645fd60f95a675d02
SHA2564ff49903bec1197017a35995d5c5fc703caf9d496467345d783f754b723d21c1
SHA512335eb1ba85670550ed1e1e4e14ea4b5d14f8306125bf147a42de4def5e5f75f14c422b014414030cf30378c04f748ac875cf056adda196511a0b057b3598fe9a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOGFilesize
319B
MD59e90058d715fd594983b6825c85bc51a
SHA1ab2d2b47132c07e80a7800c66beb30e2fc071565
SHA256b55ff15fe4b8198bba3aad035d4fbeaa77cbd9a24e504526ab97658e423f1b35
SHA512c7cd946786424c73b6d3165d96b9a28971a3aa3ce518d239797888133b510d2630ff44f4e08bd98edf3e3ea9504107b18916544036922d567f9222d061dbe5a8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13362907749929547Filesize
3KB
MD5159c987548d8d5aab630b34179a3a358
SHA1909f46d269d4d2bd68c5ee7e7fe4dff69bd242be
SHA25673edcdd334d6c13ccf0be089ae96c78fc184fe5b202f879b1350dc4bad6e7f02
SHA512d2f966b682d2822f9cdffc7da8c7c8df54a5045f657a44d3d46ae4b30a8d07cf509323f33fc9fdd03a8296ac558e60b1d0aa66dbd5db69d0e2dd701a51fe67b2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.logFilesize
112B
MD5795b3dcfa5a5f9e8cc22bc9faab2b7fb
SHA12e239557c8dcd0199cb8dd6998e5358db4c84624
SHA256ba55569f1908f672483d6429d372f1a20de31748aebaf87bee5c478a0b1dcb8a
SHA512aeb0e9f7bb6eaac17fa8dbf04aeb9f337070293a98355a4527d51e93f09683f313846cb1c309dddfb8e8a25a295d842ea5b4175ea2c8a4b2badc9a44fff7e1d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOGFilesize
347B
MD5e9f3b7249d4f3b178a7a1ab8c1e4329f
SHA1eca4cc68ef94376e2d4739b1d7de5fdb3412c55d
SHA2561b5dd44b41790e6d6f80c1da7b7bff9ebcd3743a00291fe622cb292cbd47eb83
SHA512830d9e82904ac99360bd0d19f63d7aee599b4febd0cf7cb3082d129c859b43646d4efb9c18f078d3b66345f27f6c8ed3925517ae315901269295d94170749989
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOGFilesize
323B
MD58aaaff3c635d1f9fc3e466569e60e43f
SHA1b7d1ab6718f6c430442111112598a424e986ab03
SHA25666025826b4254f1f51c90d3984f0674b8ed04ad012f105ce86b030f36aa72f4f
SHA5123ea831e1246a4f72f7af1e8ec091a8eab92a88e5c35476bba5ccfaac437a31c8f8d44198a57c319f9c040e0cc77d24aa10a719801cb4d901c14c524dd64b9009
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
204B
MD5fea27f26364b1348bf673230ef7222b7
SHA1a5ba3992c08994b551c7489defec3cd476b8808c
SHA25611bf114e6e75f926617eaa2b613de2f98e0e02ecfa6346fc380493b0d7f3d721
SHA512dae38a696381f6a2d50ec90c2d54adfdd68d333d408392a2fd4404f66d6b136c114ac1f7e1dfbe08a37a71cb68d5fcb26dc27e154243faefc01479434a6198cd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
204B
MD5cddf968a7be04dcefb7e7db15e6dd68c
SHA1321604486e2ff9f74836467a6881dcf382f20e34
SHA256e2731ff20556d6f941ac53be34d94c02d4928053abb66a0d8f3ee41f316f3be0
SHA512574f1ce96b451c91e4a1640e0ae57733779cd3ef8940ea4850d88d288a0467941c72dbf6cb9c4ecded0456c5a3f74d4eb99df2a094a49d41080c80d6b0855fc3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
204B
MD56eef01ee12911509499e17161654ddf5
SHA1c81cb75c6cbfc169e2100ca8f64524219022c137
SHA256a45eb94200c8caf0f5f26733d8348a4a97e4f4c2170a3d04a2a19f32b392a580
SHA512feed604196d74fadd0ff076b6ee2a2f90f5696b8897a9dded0f137fa164d4e049ebdf2a04be94c0f68098fc6015c6ce56da0a6c2e1209b4290c1bb94b54c38eb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
204B
MD5a8bece7812aac81ea862546efd768354
SHA14a7a7debabd4e5bffa741b81bbe14d20641cef03
SHA256f4a1079072501a27b65766a88738227d76dd899c30a153cb428169875bb996ac
SHA5120c79026b43f2b3b1b96e333c0b7e21d0876ad284458eddc582e43007da0dd177229e904e99f8ff83a1999958f5e48771978db30fdd094cc336f654be7903a015
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
204B
MD5793ce78d8ac8d52642b7278dc69f6a0b
SHA1e7d3abb7a6a316d2b3611970e65ea1e3813d3a46
SHA256613371e4df4790d47cdc8478ba59181c2c104f3e0348810c52a70d6205100d81
SHA51212657b6a6a10ee8904113ef4ea126a45cfba95ea524a2a3286b39cfcd07e2a919326d1e7b300869fb649445ab221b4fd34326726d207839a8bd97b9ff131a2a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
204B
MD54cf5ab574953aa6825a7c91209e5ba84
SHA158ae2e3ab1764129beb366c31540ea643b82ce6c
SHA256f9fb7ab249285c9931fdab9fed827722a84510f80bf58fcd649cf277d26cc8d0
SHA512db4f20e7963942d2f25c48a5b8c2a67bc746b09201ccd0f2ff8f91add26d56eacedb7107e3dfb2898d1fb0c83528aed897f132925d16094ab668534ada149ca8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59042c.TMPFilesize
202B
MD5d81cb4065fb0e61d653fbcf0a00e941c
SHA1a0269b0d4ad26f84e0ac2124b2c59945bdf3ddc6
SHA256033c515ca1e1ae0eeec8c4925909d2e87cf36a90386e6db2d5908710157625da
SHA51261e0ead8ac06de9c1a5c7f6d45baa551ef3f428c1f9cfd4229f6aa1ee29ef4aed6e35f64b8850a716edf3d9c1ed97d89fe1937b3ba8032e66c14bd6663d82890
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited LinksFilesize
128KB
MD564654cd31a3b72b6d667ccd5a0219c26
SHA1348dbc76d24df967ca89ef588ce553ffcbea343c
SHA2568698d37bd3e0e729ce1f666ade7c6bb3a02fd7910e4bc7eaa67c8f4da5a2276f
SHA512d3f0fb7c7bbed59a98542cff06f637f19cddb5cfda8cc8613c47cb425b39d17b3d58344a8e174f47fe1c16b86f88cd215208128d1585fc0c694bb233ca5200a9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d9ba9f38-c107-44b2-b3d0-ee08ba6e22c5.tmpFilesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD560e3f691077715586b918375dd23c6b0
SHA1476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5589c49f8a8e18ec6998a7a30b4958ebc
SHA1cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA25626d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.dbFilesize
44KB
MD5bf1c5dbf8cda076ad08135545b9ae348
SHA19344c91128e39b814e7c00df047d476712cb6c9f
SHA256e9c21f54121fa71cd51749bf7e7756df77148e63db2800ce66456513d1eb8fb2
SHA512a32dff0d9f99b5cfc1e48f66762278bfbff220c4ce1ef98d46de57788d23852b3be551eac02e58d7eac06e9703f84ae098581561c9ca41cb38f0e2c50cfbf536
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.logFilesize
187B
MD5248bfb3f59fc19890e35b17a97b5b191
SHA1f41fb7533ae53915a30296d9c6efeae4abe40e00
SHA256eb35192d5d05b0ea8b396761ee1e6244ac95781408a3e39ef7bc22de5a6f0ab1
SHA5124a45e9ce826982ff40ac0f7b6d510c4880bc9b5eef211d71fb18b7a8186c877a2c626cd378cd652a0e86fa9474a624fe09b800ff156b2cc2229aedc5a3fffc5d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOGFilesize
319B
MD521b8675e5235b6995df5390142c80224
SHA11d18ad08046fdb894ab8f8f4e35a4ce2a1581298
SHA256567502edf8beaa1fae5f6b0751b9b3401557cc139b33e346bc236fd7b453b81e
SHA5128663f8d28bd1ce3bdd3940c1b677392f146d87eb67aeed99f87d5b956f9cb841fd12a0dfb8d8ca08502cd9393fbb56307526ef7d0b423f58a383e6a1c7b1f1f8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.logFilesize
536B
MD5606e591b4617bd3cddcc24092669a854
SHA1cd130908396738f4f5914d2179edc4d7f460a87b
SHA2565e88d16a53fb9ca262fdb191e8241721e907554d04fa32a2f140c330275c3aa3
SHA51258ab52e55e3de1c6c4ad0c8574306ac54a1f5e4eb3d205ea912c6ba25e16fd5dfd0f996ce324952f59ec218818b40a60e1bef7c5bdd68ce6f8902e4e7cfb77bf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOGFilesize
337B
MD5162e64d3202d3001666aa7d4beef0bc6
SHA12cbe30ed99d0e8b3a4fd0ca5a586e12f5455418d
SHA256f9eb1864ff43b56a899bc2deb866d45246d45769789de0003b4704269f7aa9f0
SHA51243a604f8f86819ce498af2732fd25a9645c9d280fe7df4080c0e439c546720883fbe20e43bf064f2dd9e4b6e0bdc7165e6077b76ecedde103f0d083756842869
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0Filesize
44KB
MD5c2662c208907c0dc34b1783b85c57739
SHA1b153d58a1e3bd9bb022f3b6e62a0500b0f23ba3b
SHA256f1ca13157b8725157f66758d013a2faa73808f85977b935e7f0efbeab1ee685d
SHA512b773017905844ed61e13cef92356a423db13574b10e4971d24040e854b3cffcaf1885110fad08cf8ec9939a23f625ad3f388a6c267dffb578ea858da75958ce7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1Filesize
264KB
MD5d0cccd3feac888bb3ecd424d83b3a5d0
SHA190f4cfaf314bc83ba42419ef6978ef9d48540b54
SHA25679f0d001fd0b5e1fc6bfa51944b24f6c04278213968d385af810ef46cf24356d
SHA512626f7a720cb38901358480159614fc04ddc6039cf79b94a3809cfd7b02f150ad6752f2ce7835e47bc7b6a0d720ee7394f801c9edbe7f612f20368fc6d47c583a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3Filesize
4.0MB
MD50e0a11eb250813ecca2a457b0a8ba116
SHA13c0320d5661f416f0713022086339382e77c922b
SHA2569e96ba8d54d8ebf47930edf13a549b6591536fe7901a7709e60235a09834d49a
SHA51212f60e086f803fba6328aa1f9fc9336ad857c77273f1b91f902f298e0e28ebc87e97b92c21c90dd6be8504ada6e0a08405a81588558f05eb376f6a2ea9b33fe0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001Filesize
17KB
MD56bc4851424575eaf03ebe2efee6073ab
SHA12d014fe2feb929d03a46322645a94556ca5c9e96
SHA256abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e
SHA512af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002Filesize
17KB
MD5fc97b88a7ce0b008366cd0260b0321dc
SHA14eae02aecb04fa15f0bb62036151fa016e64f7a9
SHA2566388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e
SHA512889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last BrowserFilesize
120B
MD5a397e5983d4a1619e36143b4d804b870
SHA1aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4
SHA2569c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4
SHA5124159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last VersionFilesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD51f5836b28e207348725d05c8a0a00b57
SHA1ba366ffdfe87239507ab2bb6336222ef4161fbff
SHA256d0b8827e71ed6b5b0b317d5d7968632e19b0944bab8fd8c688ee04c1757df8fc
SHA5127b3463ac143673c5f438e0e62302f54882f7580d0b7014e5c0ceae9d423ee6d2e2a56242779403c673ac230242ada653f696f3d7b1ddb5898fc8b5e9ac49b6dd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5583de979c44741fe2cf67b694dc54638
SHA1d7108736ba484e6ebaf557a75641e786b313432f
SHA25639a7c0858efcabcde21911e9cbb542eb25db0309f03b27b56d53ba97ad8b2e3a
SHA5126ad9597b8f575d77b52986a261a94e3521123724b6a24dce8e81d347d4800d63a6aa7e1b0931d4a7b7ef56ffc83c72605868a4cb4618046df2931d0c837c1c30
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5ed99b22ad2eff29076752d0448b762f9
SHA1137d12fb2400f6b9f5829b1f5508bb77348f5570
SHA256182f0f7b9bb171840329e2bf3f1a165257e775cebdacf3634ac765109f8c2404
SHA512cb1a4722a434ebd6e650bb8ef9f9d841fee0c99ead147383a9466aea8146c4b2666c592b8698ce6dd5bed5b92fe993f84dac1de1761d926f69651eea13fb3ca5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5fa7cccd1dd018a86ce9a27fb26e2b6dd
SHA16e1aa65defc5824f2eea253d9242b7523c85f945
SHA2567e2085089df5875ec0f5b6dc235ab6557b1e4f7a86f46289fa888505536d80ef
SHA51286ef5ef14dc2429e0febb7d8642199fb7755c11a76d30ba2563ef72abd5cae4ba15c78df1600a82a2e47e016baaf93934a454e1bcfdf61624a43b9d2023d15a8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD55dc723eacad643d6c287f7d664a25306
SHA1868c25d22f42b8b57e176f2a49cd45e5b87b0bc9
SHA2566fed4b7456ec653c8d710498e982b98b8926d26e5d4f740d75c2b84fb652ee9a
SHA5127a203bc7ee69253eebc09b14d3024e1b9d1ceb52a113a63a65bf02420ff5c74404ba7d587cc13447b904691d56e97cb8d88e315db3fbf6c08f995921db3ece7e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1Filesize
264KB
MD593b7a8babcead9bf086975ecbe638f65
SHA19c1187fc19d612e9aa9cdb6543cae96a8e428edf
SHA2561c7be503844ee7810f9cada30bb348137d41f3b1ab1f9a0bdf943f02456bbde4
SHA512e3228fc2dbaaa3f24fe2edb7d1c236995c0674ae0070af1887261045d555803d7f06e98d749170673f7397c8cdb6775f1640250ede5929923004498168f9383d
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbresFilesize
4KB
MD55ee64372f98a3910a4977bf012e01cb2
SHA1b0289055f87c3e6eddae029f3a072ce02a76576b
SHA2560e6c51be7a9d5ce6675093a8b13419648e71914eb234987707c17617917bb01f
SHA512b25fadb8aac5e4e7a0219e10b2e9b3e2f0f6b24f001bdeb01bc5366a28a6aca6f20eda7324e3c0dbc2646f91162a5e46b1baae0ab2c6fc1e047410dc1d9a9437
-
C:\note.txtFilesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf
-
\??\pipe\LOCAL\crashpad_4052_XWXYACBFFCITWIZLMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2412-535-0x0000000005180000-0x0000000005181000-memory.dmpFilesize
4KB
-
memory/2412-528-0x0000000005180000-0x0000000005181000-memory.dmpFilesize
4KB
-
memory/2412-530-0x0000000005180000-0x0000000005181000-memory.dmpFilesize
4KB
-
memory/2412-529-0x0000000005180000-0x0000000005181000-memory.dmpFilesize
4KB
-
memory/2412-540-0x0000000005180000-0x0000000005181000-memory.dmpFilesize
4KB
-
memory/2412-539-0x0000000005180000-0x0000000005181000-memory.dmpFilesize
4KB
-
memory/2412-538-0x0000000005180000-0x0000000005181000-memory.dmpFilesize
4KB
-
memory/2412-537-0x0000000005180000-0x0000000005181000-memory.dmpFilesize
4KB
-
memory/2412-536-0x0000000005180000-0x0000000005181000-memory.dmpFilesize
4KB
-
memory/2412-534-0x0000000005180000-0x0000000005181000-memory.dmpFilesize
4KB