Analysis Overview
SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
Threat Level: Shows suspicious behavior
The file MEMZ.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
Writes to the Master Boot Record (MBR)
Enumerates physical storage devices
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Checks SCSI registry key(s)
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Runs regedit.exe
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-15 06:47
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 06:47
Reported
2024-06-15 06:50
Platform
win7-20240221-en
Max time kernel
127s
Max time network
126s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\MEMZ.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60dba31cf0beda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000050570ed86928c64d9dfac5cf88fb98c800000000020000000000106600000001000020000000d0d7f0112a7a3b390242f73552acbdf98dcfb429ff37779232db6853e5e0625a000000000e80000000020000200000008116789feef33337b2d6ec2c95aa9835847cfa3df13078b13a96d0ae729e24b09000000054368e8d32a0677fa65c84ffa40887722320a18377149057ae226eee41a38ad7559f2f4f39735c6ece153edf6d926a1b8e1dfd1fa5477b494d6f73de887494663cc4436d114debd4071186dd3c028627642a60e80c8f63c53da837837243c86ea3d2b076bd08a7e2f548164872bc564384e401f09fe335f97e5b4833a5ab233101a9868c8b26cb5a6ae4ab6ca304e6e940000000b09703b29f8ec9e7c3b8cb3a51d47763f3338680212718681f88aa11b1aabbbee63a464d51855bd6e68f4d8d88e81dff5e99c9e85e4cf89c055a9ba8a79c8a23 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424595976" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000050570ed86928c64d9dfac5cf88fb98c800000000020000000000106600000001000020000000e3a3062a740a19af5fbb4be38f33c01ab3a0a4010b8283b20556b30e6138b541000000000e80000000020000200000003190403add59b8e3659aa340c886d066e916eab2700a0b96293fb4d2144125d220000000216a8ed28656e0194e78cdf0ea7671c2aafd17462a7174436c8361e66f049c3840000000a567bcc2b35aca5418044373b7e88a8c1b09923098d05c30397eae11ae411de530cb43d635180b620b7ee83ae95b1071de102b6b68a57ada0b5ae22672fe0670 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4566F9B1-2AE3-11EF-873B-52ADCDCA366E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Runs regedit.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=how+to+download+memz
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:275457 /prefetch:2
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:2372624 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| US | 8.8.8.8:53 | consent.google.co.ck | udp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
| GB | 216.58.201.110:443 | consent.google.co.ck | tcp |
Files
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\favicon[1].ico
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\3pl5scb\imagestore.dat
| MD5 | b6df2e4a08713dc61ca51df110225c93 |
| SHA1 | 3aaaedbb018b88fc85ea9d7aacd1d0a668222bd9 |
| SHA256 | 084feedb2f22e5438db986226777ee68b289f27d6b48250c031f57c2fd145983 |
| SHA512 | 0ad8b1984e1ff8f9677a706e4b87f64c4e1283246dedccdcd1653c5d2428067500fbe96b4af97b4fb702d9cd4eea9564aca5719133a694a02f8ce213a73ed9d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52289ebd78680ada0894f005c0b814e0 |
| SHA1 | 0bf069a356c2811b2b0b81fb793419fe6837270b |
| SHA256 | b9e5d899554b18f40ff52438c694c2364b81267c9040849710563000c069042a |
| SHA512 | 6cecc0527aa2cc566e67e323437dcde3bcb94c5ecef2f412aa3db26407ede4b2aded38ea88016263f0b5432e3e615e954a478939a8effb8e8febebc56ad56262 |
C:\Users\Admin\AppData\Local\Temp\CabCE38.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarCE4B.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarCF1C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7e13fc16bb74f325bb69e975e97fe45 |
| SHA1 | 4e5f8dbf1e8dd9e5720c38940b5348ce0af6e842 |
| SHA256 | b3a78cd92ee5ca59a7e0b022e897f60caad889f736537934bea63ba1c14d1e44 |
| SHA512 | ea5f291afcb63a7437d818ca7322afb6ecc772672a1d2bc6709cb46b26f047c008216d68b71f77e126b29fb1e5b078c0b8e259417c789fee0485b44ce2faa9b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8833b3a65d705008489dec63d15744b8 |
| SHA1 | 743dd58598c205c42452c2f0c5d1352dc3cb6324 |
| SHA256 | d4cf7e0e6fafaa855b57593ee02d67104f99c10841acdefa97188b311ca40251 |
| SHA512 | 501beefa88ee885b30572c7a84eb7f7c8d1eadfa2560881a8547234fb70160d88d1ffe983c93233165bf79b683f75c6ee7e12d22b08fa3870190d61fa813f7e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06e495a40da58f719fdb332f69087b00 |
| SHA1 | 6ac2f7f1de855fad180121cfbaf95470fd84b860 |
| SHA256 | 0b98f847b3bc957e0549e859494066365dd0068c46bc08ca8957d99ae44e0aad |
| SHA512 | 4bcdff75c9ac74a9aca18f0f0d94f32956ef6d5e8ab438bd2aeeeebe0a17abb0145ba51e2e7d9bfbcc10463fb352fcd64c30635bac48cbcd0ad7092071197bed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7731cdc478a1d3ad1a09bf9de56ec62 |
| SHA1 | feca263046e9201cfe800bbd73901cfc29a67630 |
| SHA256 | 515396934d98c124b9f574b036ed093444307e08d3a468528ca48858541af6e3 |
| SHA512 | f54a22041140a817fe5115de63bbfb75a14c6f75006853ba58837e04ef7ce6b7b6c3bee4b339c56a99fb661c621d1f88f1f42570ab49a58d2855e912cd13c46e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97420bbc74589d65f76d42704677549f |
| SHA1 | 068a92a10124248ea4cc8eb17a643cb41e7c4616 |
| SHA256 | 8bf1e1a60fd8c535928465785dec96316e4e77eff6124b7f1bf3e38136489bc7 |
| SHA512 | 7fedf52ebcca24060a6bcd900e6b01a9076f9d98c61d85e62cea2bb79b160a3560059b278608a77169d95b7288c6dae2f35bc25824f8e871c69426e57cca1669 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d87a5835eb4ca5c8f4b386f02149af2 |
| SHA1 | 54151e348b1428f40a8a1c6f44d2743695d7f263 |
| SHA256 | 1cf88df5689262cd0a4ac0cb4102f3ee371759f9caf06df0907914cd7303182a |
| SHA512 | 0b61ea9eb4c2a53fdc2140e0047eb2246f3bf9668bd313236a657162d3f66a41ce9c387529c71e29e749fda64e59cf8852c832052ed8fd0a98e6250844ea116c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a43d9b9545aaa1a4ce7e512e14e4df5 |
| SHA1 | 02fa8e8e5029e562ae7126989368ddad804bc41c |
| SHA256 | 3e66a295ae669b7eda6716628cdfc0dc5850d40974533c5ca81063d3a04c963b |
| SHA512 | 2cb4d706155b6aa65ca6479081facb68c6be3bb3cf5cc27421843f037a9dd223d17689d569459a6e38cd38f26e9158ee7adcf3b889e64271f965dd3224f5517d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac7a057e306569dddb1fa9bbdf8ec22e |
| SHA1 | dd2d440eaf1fd86a769a58e31d00170398227713 |
| SHA256 | d3fdd8dba2257e9b735785b52017f20f791cef567f77bb20f6edcfc196c57be3 |
| SHA512 | 3421d9cfbf87461a0f8fd3068b826caafe7a4fddd75544d68f82600ec1616eab952cbe4f0c4ccc63bb9524b52b1dd95c1a5a6f36de4a33bbba43f466402a6fe3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f2d3b783bad9c9d6099f777174f505a |
| SHA1 | 442aac1ba6994aba6c8825a7d4569d4bfb4b55ba |
| SHA256 | f6438da1dd25eeaf11cd55bcc27125a03ef824b3067a20aa6a81b4dfcab34c00 |
| SHA512 | caac5fac2fd7e8b7c2328d6095b14c49fb888cf9fd2c0a31cd36760c79464f46770d3c2ba738f693e01c090152fd4be31a3b7a7483c9a03a5f8189aae38a128b |
memory/1936-524-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/1936-525-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/1936-526-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fbb29dba297a8040aedb1cdc78aea1d |
| SHA1 | aa8121bac4e975db635598bd104637d1aa3f5865 |
| SHA256 | 81a1b10cc2accd7a08631701fee1672ae2b2563a606c74c7bdee07592d75ffb7 |
| SHA512 | 5b1ed0d9da322aab4b62f842dde3ec2e387fcbbf3dc78c0d69f895e9d54fe88f70c1964ed379f0dbb1c83f1c6f935ca0295be5027e6ebce1678e1041ab9b8b90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 578308e2761026281da2110e55761fb6 |
| SHA1 | 287b669f6f5ea39099696d1e636991a8590b4980 |
| SHA256 | b4cd16e50933d8a32ad92bd81f695d10a1cfab2b30f1ac8010105d97328c2c1c |
| SHA512 | d6d44ab945649b67394cc9728049164f61eda27fc3c88c81c8de3a41c139dea5993a31d068c58e9e857f589b4ae0c83cbab10b73c08db77f8a92ab120ac826a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | e1280da82c06bf8541dab4914de40d37 |
| SHA1 | cc016c6ef520b1f95a908ca4afc02301fbd2e144 |
| SHA256 | c1510641aba6298c61da7315c58af2d14e4d12aab3d637de3e7e63b889e5de1e |
| SHA512 | effe4be57ecb5f167a22eee42ff7fb60c83328cff29670e8549d1f31971df616b6fa4e5ab34bd41b4a740a38e8df161dc4908f31f8dc584ca3b44800748b1b72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6cc8eda2f6e880bdde840d3b4692dabc |
| SHA1 | 8112825b280b001990ca1254b8241ada3134d98c |
| SHA256 | c0e106096e499f63d05d134dbf0a63aae10343d62c31a5a915cbedf8617a88fe |
| SHA512 | 0b6679935cdb9e0906e92b0cdad6fcf3cb9dba684a8c252a6038980ca5ff46efeb818642a6ae6bd358137cfb56eb91005557a1732b0a76aace773467ef9a634d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5770da85cc6d1114cd2e4d60456a16c5 |
| SHA1 | ee5a6acd0f6a55779e9992584cb21d6ebcce48d1 |
| SHA256 | acf38e701c48abeb1ea563bbf3d6d1fe9ab9fa618b15e82c6fb43d4d91d0f50e |
| SHA512 | 4b81d56fcfb0b319b63e08238ccb8f11994c38dbeddac85a322cf924a795b8ac1a25a34358045ab107d2236f76a9a1dcc8ab9cd3042abe52c2895d811a426a3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e15eb24b879b5b8e8e904b22f48869d5 |
| SHA1 | 2da0def051133220ac9f7b57554156f16f61d8fc |
| SHA256 | df2727bb8c294acdd7d6df0e271b8a7fd85a2da77cd114337d8afdea93a84eab |
| SHA512 | ec3e48e0de2438dab66f4c368653ea43a9c19e67881cac16e2dbeef68d8f4a6a3f62bc9e9eaca23f77d06df14a0e544f0ad2f0b62f8f31ef2dd62edd8895b2fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28951fb3f4e99d889efc6d099dfca036 |
| SHA1 | cb4376d476593942c6a462e33ca44a06daa89940 |
| SHA256 | d90b829b80749d8c8b670cf8cf026f5b99cd98176b27792e3b32ac03f17e1169 |
| SHA512 | 1209347db65baaf838f37337ed7027472f31f784c0157ae8acc82b4a88eb89779ca7976caf58d5f0d0d528daa822d7530e74f55562b9244e089c92affc8cc255 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 85bd77b83f1da5bdec196810cb854792 |
| SHA1 | 5e5d6935a66ce38eacf1a5991cc6457667e93d88 |
| SHA256 | 0edab1407c35d3eec3896d72ec4a8665d6ff5760080de24960665b40ca33ea91 |
| SHA512 | 79b12327ebeb6300fad4dc431bcc1a7a7ca8e1d83efcc8afc4f17338f5a41d9087256a4897e8671ac82a1ec73303d615135d8417afd7e6f9d53f65d50380b910 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b4264ced9846e0a222ff938044d7678 |
| SHA1 | 8fd032b8bb433fb46db4d340374218f4362c5b8f |
| SHA256 | e6b85d40893b7eb134e448acb30a2cff7d148858d0db92a0c685d1680a28ce7b |
| SHA512 | c1219c7eb818aef1eb400adf562f036d907fe7db685dff4de67c6f085d9a2e5ba6a6af702a14596adacb2437a2a48fc305c46ec4622ec7c6fbf5d2c7e1be0edc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6ab001f1ee9df8fbdffd60b4360900c |
| SHA1 | c5edd05d13cc88c13930bbf8ff503aed33ae38df |
| SHA256 | 9aef7023c686f3a62f9d23d7d4870ec9e7f63031d250b8c9052504a5f4cd74d2 |
| SHA512 | 40d9b688306ef371f573bdb97b5cc93fce0f378b4fed221509119850caca549616f242349b0bc1c36c973e6cfa51999c904b4bc13495dc4116ee98867dc0a188 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ea402d95b4e2e612ef77b1459d6131a |
| SHA1 | ec70d803dda225f198b91287ec15a6c023b9ac81 |
| SHA256 | 430b9cdd226601cfd4bf1ccdb4cee35e5f65e56326550e0de47464506c9bbf0b |
| SHA512 | ab9e9b787c37ad4ba629e303a2ac3456309a902c26d2036587d27bf99b0ead7920e71c290e5d6c24e504c4681c8f0323b15d402acf1100479c8c044aff954377 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06b5d1ac98bf21669215a2d56e68f598 |
| SHA1 | 67cd5b3d73a0f50c941e146059dc0c769e617b3f |
| SHA256 | 92f31fc60a16f183f77bc4917d407744b9c4c8bc66d35714ba8a20a8eacfd565 |
| SHA512 | 236af038bf03a169a26e5238db73a7daff0c26ebb5758a5b7d498df40e6d29e43e677ce933924bf3cb308dd182a3eaefa220e778b63b853a38cfce9fedac547c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QTEFF1W8.txt
| MD5 | cd1b81130e35c449240379eb21aad3cd |
| SHA1 | 58f843e8b8d04bc055ca2f70222bcb9beb92e67e |
| SHA256 | e58a8384b02bd403e948c93880b37338df55ea4e6bd4d2a44bb0e3efe674cfbf |
| SHA512 | 73a5ac727e91ca53ee90eb35b008057df83a67556471247c824f80512d886890fa3db79e8d707a236ecf488c46945504a338fe7dca3ce77d3100e61c6990d31a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 5aeb15dee8317eff4275df3e82b95a46 |
| SHA1 | 40c02b7fe0f5b2e90645d0d0c64c3e9153937ec9 |
| SHA256 | 0b21095e4efde5cbb77cb9b5a7f5a67745ba421f7aac5018591c3b18def3028b |
| SHA512 | 212aef72b96cf530a3dfde5317be0be3f111b37c922c06a1c6d741d89e1a108b3e49413a153546c65fd35702f24ba7a08992a67927818c37990312cfaf76cd75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cb067f8925985608a74147aa899c29d |
| SHA1 | f2ce610e5f3e905563f42817624ef297b43d97cb |
| SHA256 | eeca1c436060f7e4b6f5655d77096b434b1aede20e7de80f5556abf132463cc3 |
| SHA512 | 2e9c7f4aa92e371a4a70e2ca41a524385fd31a7472ab78a1c62140f0f0ba705ad0fe76275f0df819cdaf8e91fb8860abdae234dbddede20c1d9ee084e713b0d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | ac5336f1f174cbec803904fce0e8256b |
| SHA1 | c3f4bf7a2f88953e56db56275921a2695269503f |
| SHA256 | e26d49105fc12539a2bafdf47186ccf74046c5da69b2f4e8f8656da386118b93 |
| SHA512 | 3b05ee314e3d041efa9ba89a458850bcf544e576aed810034490e3219605a1407b625d031481970f87b7b934a0a83756122f93043cccec71fd3a6a1494981f0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 2df41969ad596ca9381f7e4b1c9fa13c |
| SHA1 | 8cf571964b2d671bb77f58726947c5045b42ab30 |
| SHA256 | 55761743cfa5a222eccf252f1dd6001198d02a25d5a82e6cd0938367e3f3364b |
| SHA512 | 77f18653a9815caecdab1c3248fdf37a1c72d746495a20b329068c27e6d3e675f9b0d8ec20871b675174df6c7737a5d7b54406e33cc1f8fa704a49363a10f09b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_A34D3B1C2EC7792CC8F97AA4FBCEACCA
| MD5 | 8d988f4975d833a8a5965909a6736784 |
| SHA1 | 4bc6c629faa5d8842ecb55dba62812bdea4d9a4c |
| SHA256 | 21a6e72528c8e6b98e5c5b4ff262b58648d8d532881ba4dc2b4e0727c6d448fa |
| SHA512 | 45cea9c59c28e22a82a646342b34fe42180d7ca673211750c75f5f01ed616b81217ab6deab29d0a926449eb2e60213b6828de6148408edf2c2eda2ab474c3bb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_A34D3B1C2EC7792CC8F97AA4FBCEACCA
| MD5 | 120af9d6d30ff08f89fc5ddfb4a9e8ed |
| SHA1 | 395572a2d0071e57c4cd354efe94a46cf047c12e |
| SHA256 | bfd9450bac3e1a1a53dba6c5283d37893130916745112c96861eabec68610043 |
| SHA512 | 385a4c5a80d8fee272060d626937e338b0c2709788976a5a26ffe5adf8bc36bd7c07a61770b4829acd98fd6ef00fbc2ddfc24712eeab1a4f638e2befedbac801 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322
| MD5 | 4182f0e25fba923f1901b9de3bb14a40 |
| SHA1 | 73403b5efe56d62ff1ea5520e937bbcf2eec269a |
| SHA256 | 8cac4921af175e3c1c904d8494edfcc6bb289881aaa5a6892006dc2a32a34844 |
| SHA512 | a64d067384cedecc443e34874c9d2b599a9002f6110e5a1b866f18ef89fb3133c9add2f26824b4e5b2e4f65cf2b6adcddf325ec3eef905a9b543746a50519d54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322
| MD5 | 6bc7c000cc721a095b633207e9e77dcd |
| SHA1 | 7700369117f80f018ddc62bcf7a3db1963c7987a |
| SHA256 | 816835bd12fd04ed09692c77c7acc7c84003bd12dffe33085e88159e9f81a2bf |
| SHA512 | a2901dbe38eb6cd80c9343fa3ee38a73c984cf084fb2e6f245356a14e275bf5a38c1857d3aced7315b7bee3ecdb51840a19e281b1a05cccb566f3d51d0dd3935 |
C:\Users\Admin\AppData\Local\Temp\~DF800AF6FC56613D32.TMP
| MD5 | 8525cbbf8148f93684facd4f9478964c |
| SHA1 | 83953a540119fefc67fb600393793ad9f8ea5764 |
| SHA256 | 089c28d1ad2196b9f0afa3ea4331ca35819fe2d99cd57d4e345618ca88f18060 |
| SHA512 | 02fbc24128259100b50c5e7334181624d2e7084f1f1994ab0a612f250ad7fa507f17eb81773f8f0a0a9e2581678575c318f5694cad04b44b4e5a3551843c2b25 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 06:47
Reported
2024-06-15 06:52
Platform
win10v2004-20240611-en
Max time kernel
292s
Max time network
302s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\MEMZ.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\MEMZ.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\MEMZ.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629079517583158" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\MEMZ.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1982311123210711348,17808970029315059824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c 0x514
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6753418409688205930,2402098076850788932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,7869529948910772021,9554239690853562717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,16506853934534884142,8464794561562086080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c4718
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8c7faab58,0x7ff8c7faab68,0x7ff8c7faab78
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2092 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4384 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4680 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4964 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4292 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8c84c46f8,0x7ff8c84c4708,0x7ff8c84c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1968 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4804 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1880,i,6090220207473825395,2406160443351692364,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6454703127463595184,2162916668307773485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| US | 8.8.8.8:53 | 228.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| GB | 216.58.213.3:443 | www.google.co.ck | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | udp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | udp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | udp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 216.58.213.3:80 | www.google.co.ck | tcp |
| GB | 216.58.213.3:443 | www.google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| GB | 216.58.213.3:443 | www.google.co.ck | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 86.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | rr4---sn-q4fl6nsd.googlevideo.com | udp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | udp |
| US | 74.125.3.169:443 | rr4---sn-q4fl6nsd.googlevideo.com | tcp |
| US | 74.125.3.169:443 | rr4---sn-q4fl6nsd.googlevideo.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 74.125.3.169:443 | rr4---sn-q4fl6nsd.googlevideo.com | tcp |
| US | 74.125.3.169:443 | rr4---sn-q4fl6nsd.googlevideo.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 169.3.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 74.125.3.169:443 | rr4---sn-q4fl6nsd.googlevideo.com | tcp |
| US | 74.125.3.169:443 | rr4---sn-q4fl6nsd.googlevideo.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | tcp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.200.46:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
Files
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_4052_XWXYACBFFCITWIZL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 734c602d0e2ed269825dbc755a32bff0 |
| SHA1 | 91008c2175055f242b9c236dc7b1f095092143e2 |
| SHA256 | 80f335974d46d59874d36f5673dee30bce9e763cfa7fdc59fe95adaaddf1d3fa |
| SHA512 | 0d5e30f4a2c7523a5fab5668d027f88a0b2185faef2d26d24bce22c1484d1ab2e7d9290683a074e7ac0d7db4df2439fa5f13f8a0bc209853c9e7d0b01a7dd6ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1f5836b28e207348725d05c8a0a00b57 |
| SHA1 | ba366ffdfe87239507ab2bb6336222ef4161fbff |
| SHA256 | d0b8827e71ed6b5b0b317d5d7968632e19b0944bab8fd8c688ee04c1757df8fc |
| SHA512 | 7b3463ac143673c5f438e0e62302f54882f7580d0b7014e5c0ceae9d423ee6d2e2a56242779403c673ac230242ada653f696f3d7b1ddb5898fc8b5e9ac49b6dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb36ddf57f1a042d7f2bdb6a11c4c382 |
| SHA1 | 12315a5c49052b6043b4acad82bba8de0bb3e406 |
| SHA256 | 84b73826ace13010294e0b65bce92ed33267ad91304d5a100ff53562f9ca41e1 |
| SHA512 | 58a7156c63e8944c865c4edbbb0cf3a07470ac40708b23caf0533539b580a63f43a98ea557eb60cbccc984e29e3223c7c6079cbf77f00c21161c617897136a30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 108f3c1b744ddfa9bd78db6d07519953 |
| SHA1 | a57ba9175faa34dd5257d77c12ca00b6c6f489b8 |
| SHA256 | d3f4d8ace157f22a167604162204cb56ddfa6a8d536cfe8db2776ee71871c308 |
| SHA512 | 399e9ac1e2c99c9ff60017162a0cbd1c496ffe36eb8b0655b21888f2b06ced9c59e3b360849668e0f360db33074801485275566b058cc8f9eb84c392f08cdc69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cae014fa22817ef9d75388daeb50d7db |
| SHA1 | 0a1c72bcba281da32bc5ce0dc1960cd015233b80 |
| SHA256 | 313f06d1db89e13ea9c4511d0edf274abe8e697a94b82222167bde1b9ac54efb |
| SHA512 | 1f93fa8b4871f5eb0b034fe0d53bd70d80480198a65ebed149ff7876e68fb17c5ffce3200beda1378a325fc2745c381a13d342555ec1b8e03a6d7f020f711e4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cddf968a7be04dcefb7e7db15e6dd68c |
| SHA1 | 321604486e2ff9f74836467a6881dcf382f20e34 |
| SHA256 | e2731ff20556d6f941ac53be34d94c02d4928053abb66a0d8f3ee41f316f3be0 |
| SHA512 | 574f1ce96b451c91e4a1640e0ae57733779cd3ef8940ea4850d88d288a0467941c72dbf6cb9c4ecded0456c5a3f74d4eb99df2a094a49d41080c80d6b0855fc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59042c.TMP
| MD5 | d81cb4065fb0e61d653fbcf0a00e941c |
| SHA1 | a0269b0d4ad26f84e0ac2124b2c59945bdf3ddc6 |
| SHA256 | 033c515ca1e1ae0eeec8c4925909d2e87cf36a90386e6db2d5908710157625da |
| SHA512 | 61e0ead8ac06de9c1a5c7f6d45baa551ef3f428c1f9cfd4229f6aa1ee29ef4aed6e35f64b8850a716edf3d9c1ed97d89fe1937b3ba8032e66c14bd6663d82890 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1e566f48e0a3bd792f57593e3bbb24d5 |
| SHA1 | f2484bba8bd1615d59dd3d14240f2510c929a305 |
| SHA256 | edd09708c6f63c3b667dd443600336232b5f07b39312e5f3927cbe90b999867b |
| SHA512 | 343dafb0894c47038306f2f4454fecedd800d5a05a790fad08a4c7b7b7e4989bebbe62d4e85e6adba5d73c93d5b0a4144de088cbaa51a54c178dbd0eea88913c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 87c2b09a983584b04a63f3ff44064d64 |
| SHA1 | 8796d5ef1ad1196309ef582cecef3ab95db27043 |
| SHA256 | d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0 |
| SHA512 | df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | f0c27286e196d0cb18681b58dfda5b37 |
| SHA1 | 9539ba7e5e8f9cc453327ca251fe59be35edc20b |
| SHA256 | 7a6878398886e4c70cf3e9cec688dc852a1f1465feb9f461ff1f238b608d0127 |
| SHA512 | 336333d29cd4f885e7758de9094b2defb8c9e1eb917cb55ff8c4627b903efb6a0b31dcda6005939ef2a604d014fe6c2acda7c8c802907e219739cf6dab96475b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bb1270527ba95e03a6799cccc1161fc1 |
| SHA1 | edbd4b8c30fcbdd524bd16d6910edbad205b065c |
| SHA256 | 8ee0ba62a3dce006bb229e1631b2f33465e0f91dc6566fdefe4c9023ea960cfe |
| SHA512 | 3659fb8a037492853032b27d59d7e432e615dfdeb10a4be316c884c2a0706079820e654528e2de25e4f71b8d001c72f2c2c1f60c5744178e2fa235e2c4ece8e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a8bece7812aac81ea862546efd768354 |
| SHA1 | 4a7a7debabd4e5bffa741b81bbe14d20641cef03 |
| SHA256 | f4a1079072501a27b65766a88738227d76dd899c30a153cb428169875bb996ac |
| SHA512 | 0c79026b43f2b3b1b96e333c0b7e21d0876ad284458eddc582e43007da0dd177229e904e99f8ff83a1999958f5e48771978db30fdd094cc336f654be7903a015 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 96b5880f2ad674efcbf426b52642e5dc |
| SHA1 | 0d413330964eeff6ae632aed05466c23f10e5539 |
| SHA256 | b24f4a4659b5cf0ade394c93b7b2dac5a6a24c5f246cdda80f303debd305b5db |
| SHA512 | 2e2356b5b8ff91aca1965d6bd054e9b6f30f29bfe6100b6e1a4311d1d6970f4596d709d9bec9a6507f583a653f50186c8dcb76edf66af1f167d85c0b3824aff0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9e560303a165b48968c64015c3ab0a88 |
| SHA1 | 0ad4b09da8697873e955f91256bcdec663200d8f |
| SHA256 | e228d9930d583ffcc5c77b69ace0786e054a87ce63f2a810e6070622f1b52888 |
| SHA512 | dfd59c4e5c2af6547e23bdece9ee1e54d0f8a23ad59ae14a71c542a24deb120f3f7b5215a36f4387e4bc9c863fbbe2e228961cc67e4e99f1c7ec5a0e6574e1f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fa7cccd1dd018a86ce9a27fb26e2b6dd |
| SHA1 | 6e1aa65defc5824f2eea253d9242b7523c85f945 |
| SHA256 | 7e2085089df5875ec0f5b6dc235ab6557b1e4f7a86f46289fa888505536d80ef |
| SHA512 | 86ef5ef14dc2429e0febb7d8642199fb7755c11a76d30ba2563ef72abd5cae4ba15c78df1600a82a2e47e016baaf93934a454e1bcfdf61624a43b9d2023d15a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 82f6550d1153d16a7dc935a5d855d8d5 |
| SHA1 | 5abc217ca9022eeeecfd22b79e9a853481dfc42d |
| SHA256 | f5d667f8258cafd355615cca317235a31b02f6de05084807dd1ab1d00525333b |
| SHA512 | 3d198ca977af031f8f62f69305c1e6051f3a2b7c9331e7832a6261cfeda3242df5fad8d53533f23f998560a4b9d18ae3620bc4e1e201640bb850dbdd4196369a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b69f7f82e0f6164bfaf2f1c8a1562873 |
| SHA1 | 66ca17c3ecfeaebfec1ca1348bcee7a208853b3c |
| SHA256 | 59538c681016ad79f667f8caa8c718f03f819794e0903ad0c99d832a3b795999 |
| SHA512 | db5ae986c37b0235c616041068353d8987b297075ceb832a994158973e184cc0e655180b80e16e96e7e248893c344445f53951da7cbea1488021989fb57008d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 93b7a8babcead9bf086975ecbe638f65 |
| SHA1 | 9c1187fc19d612e9aa9cdb6543cae96a8e428edf |
| SHA256 | 1c7be503844ee7810f9cada30bb348137d41f3b1ab1f9a0bdf943f02456bbde4 |
| SHA512 | e3228fc2dbaaa3f24fe2edb7d1c236995c0674ae0070af1887261045d555803d7f06e98d749170673f7397c8cdb6775f1640250ede5929923004498168f9383d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 795b3dcfa5a5f9e8cc22bc9faab2b7fb |
| SHA1 | 2e239557c8dcd0199cb8dd6998e5358db4c84624 |
| SHA256 | ba55569f1908f672483d6429d372f1a20de31748aebaf87bee5c478a0b1dcb8a |
| SHA512 | aeb0e9f7bb6eaac17fa8dbf04aeb9f337070293a98355a4527d51e93f09683f313846cb1c309dddfb8e8a25a295d842ea5b4175ea2c8a4b2badc9a44fff7e1d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | e9f3b7249d4f3b178a7a1ab8c1e4329f |
| SHA1 | eca4cc68ef94376e2d4739b1d7de5fdb3412c55d |
| SHA256 | 1b5dd44b41790e6d6f80c1da7b7bff9ebcd3743a00291fe622cb292cbd47eb83 |
| SHA512 | 830d9e82904ac99360bd0d19f63d7aee599b4febd0cf7cb3082d129c859b43646d4efb9c18f078d3b66345f27f6c8ed3925517ae315901269295d94170749989 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13362907749929547
| MD5 | 159c987548d8d5aab630b34179a3a358 |
| SHA1 | 909f46d269d4d2bd68c5ee7e7fe4dff69bd242be |
| SHA256 | 73edcdd334d6c13ccf0be089ae96c78fc184fe5b202f879b1350dc4bad6e7f02 |
| SHA512 | d2f966b682d2822f9cdffc7da8c7c8df54a5045f657a44d3d46ae4b30a8d07cf509323f33fc9fdd03a8296ac558e60b1d0aa66dbd5db69d0e2dd701a51fe67b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 02f7fa5e8767d95b275abe27472e91e8 |
| SHA1 | 1ad4b77eb5b7d50833e5804039ffd8a1d7a71913 |
| SHA256 | 7d28abf3186a971363c4be303f496aad27075709688ed6469cb83a69fd9833f1 |
| SHA512 | 2db32980ccdce80a82fb345d2812cba9f2aa423c9ded184030cb4eb2b39d89e96037dcc8e293f9beb509801595cee3cd3c454db0b92f960864b87bf7ab6c7fab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | bf1c5dbf8cda076ad08135545b9ae348 |
| SHA1 | 9344c91128e39b814e7c00df047d476712cb6c9f |
| SHA256 | e9c21f54121fa71cd51749bf7e7756df77148e63db2800ce66456513d1eb8fb2 |
| SHA512 | a32dff0d9f99b5cfc1e48f66762278bfbff220c4ce1ef98d46de57788d23852b3be551eac02e58d7eac06e9703f84ae098581561c9ca41cb38f0e2c50cfbf536 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 793e7a81f5c6c258515960b7473cadf9 |
| SHA1 | 633ef2c4da364b1aa2adececb0cf8b14bb488712 |
| SHA256 | c9cb6545e2e2c1ffd5567b19d216c4069e25872037c0782621f2e526a0c0bfac |
| SHA512 | 9e7313cf0d00a176d92ae0aa28944e3b6104bc3ff444541e3fc56cb68f041e8ba6deb059395a849dd41fe8d0d13dc94df210a479bc92224f7384f2727f95c2ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | d703e6354467c496bb4cae31d0457c28 |
| SHA1 | 0f0285164739bc9920a83ef32fdf497a017eec75 |
| SHA256 | 9b225ba31a9ee9a9aa28d6fca9666b22d2896427318e68597c6ed908cccca429 |
| SHA512 | eda11f70a76dc67780dfdedbf0bac51e72abd72c302e1506b995aea81cb6b3859b85d4083b7429af66cf9d98f445888e298109f878394179aded6f348c56af3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | dcfc059c5715d7b48baee3de35811ffe |
| SHA1 | da2198c33256ed9c001e6d1bdfba9eb92b1fd647 |
| SHA256 | cf6b810e3a1d52352b37e7ed79d0c1c0b149ccc3e1dfa712e2046b9eb6119d33 |
| SHA512 | a21c1aa0a47c3f1424ccb79362681283b094354f11491567a8cfd600bb8e540dc228d84f4ad6c767870119d19fb89124bb51a6b728bface3e67c0621941859db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | d7d9437445aa960dcea52ffe772822dc |
| SHA1 | c2bbf4ac0732d905d998c4f645fd60f95a675d02 |
| SHA256 | 4ff49903bec1197017a35995d5c5fc703caf9d496467345d783f754b723d21c1 |
| SHA512 | 335eb1ba85670550ed1e1e4e14ea4b5d14f8306125bf147a42de4def5e5f75f14c422b014414030cf30378c04f748ac875cf056adda196511a0b057b3598fe9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 9e90058d715fd594983b6825c85bc51a |
| SHA1 | ab2d2b47132c07e80a7800c66beb30e2fc071565 |
| SHA256 | b55ff15fe4b8198bba3aad035d4fbeaa77cbd9a24e504526ab97658e423f1b35 |
| SHA512 | c7cd946786424c73b6d3165d96b9a28971a3aa3ce518d239797888133b510d2630ff44f4e08bd98edf3e3ea9504107b18916544036922d567f9222d061dbe5a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 248bfb3f59fc19890e35b17a97b5b191 |
| SHA1 | f41fb7533ae53915a30296d9c6efeae4abe40e00 |
| SHA256 | eb35192d5d05b0ea8b396761ee1e6244ac95781408a3e39ef7bc22de5a6f0ab1 |
| SHA512 | 4a45e9ce826982ff40ac0f7b6d510c4880bc9b5eef211d71fb18b7a8186c877a2c626cd378cd652a0e86fa9474a624fe09b800ff156b2cc2229aedc5a3fffc5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 21b8675e5235b6995df5390142c80224 |
| SHA1 | 1d18ad08046fdb894ab8f8f4e35a4ce2a1581298 |
| SHA256 | 567502edf8beaa1fae5f6b0751b9b3401557cc139b33e346bc236fd7b453b81e |
| SHA512 | 8663f8d28bd1ce3bdd3940c1b677392f146d87eb67aeed99f87d5b956f9cb841fd12a0dfb8d8ca08502cd9393fbb56307526ef7d0b423f58a383e6a1c7b1f1f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 2e6924a832bd40d17278c74a026d92f1 |
| SHA1 | e1d4af7ba59ca72d1abde9b2a1ea906724833bb6 |
| SHA256 | 66d381cb4542a314eb724e5982cb2e1b4c7ccf8ab0a7eea945a9dc8e204b2b64 |
| SHA512 | 39c310af647d28948c55901d1d3333689a223b9e02e716becdccd106341494df992739e2ab3bee9e886538af605135dc5ca07d74c5b85e6878a95df20888fdd5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 606e591b4617bd3cddcc24092669a854 |
| SHA1 | cd130908396738f4f5914d2179edc4d7f460a87b |
| SHA256 | 5e88d16a53fb9ca262fdb191e8241721e907554d04fa32a2f140c330275c3aa3 |
| SHA512 | 58ab52e55e3de1c6c4ad0c8574306ac54a1f5e4eb3d205ea912c6ba25e16fd5dfd0f996ce324952f59ec218818b40a60e1bef7c5bdd68ce6f8902e4e7cfb77bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d67a75d7a98fb846d438e81b8e2133bc |
| SHA1 | 7ef2a2ecd78de8ff6172ea8b9c7950b22660bae8 |
| SHA256 | ec8a08c2fc443fda511987d2ec9668b79fc823a214e32040b342ab539bec625d |
| SHA512 | bdd5913b0e1650e8ecaf516aead0039236813f892186e4393069dd74786bd9026fbb195ad240518a6e019f35fb7cf486a29e8fd484dc7302c3e370e670eeea0a |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | 5ee64372f98a3910a4977bf012e01cb2 |
| SHA1 | b0289055f87c3e6eddae029f3a072ce02a76576b |
| SHA256 | 0e6c51be7a9d5ce6675093a8b13419648e71914eb234987707c17617917bb01f |
| SHA512 | b25fadb8aac5e4e7a0219e10b2e9b3e2f0f6b24f001bdeb01bc5366a28a6aca6f20eda7324e3c0dbc2646f91162a5e46b1baae0ab2c6fc1e047410dc1d9a9437 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
| MD5 | 6bc4851424575eaf03ebe2efee6073ab |
| SHA1 | 2d014fe2feb929d03a46322645a94556ca5c9e96 |
| SHA256 | abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e |
| SHA512 | af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
| MD5 | fc97b88a7ce0b008366cd0260b0321dc |
| SHA1 | 4eae02aecb04fa15f0bb62036151fa016e64f7a9 |
| SHA256 | 6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e |
| SHA512 | 889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 0e0a11eb250813ecca2a457b0a8ba116 |
| SHA1 | 3c0320d5661f416f0713022086339382e77c922b |
| SHA256 | 9e96ba8d54d8ebf47930edf13a549b6591536fe7901a7709e60235a09834d49a |
| SHA512 | 12f60e086f803fba6328aa1f9fc9336ad857c77273f1b91f902f298e0e28ebc87e97b92c21c90dd6be8504ada6e0a08405a81588558f05eb376f6a2ea9b33fe0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | d0cccd3feac888bb3ecd424d83b3a5d0 |
| SHA1 | 90f4cfaf314bc83ba42419ef6978ef9d48540b54 |
| SHA256 | 79f0d001fd0b5e1fc6bfa51944b24f6c04278213968d385af810ef46cf24356d |
| SHA512 | 626f7a720cb38901358480159614fc04ddc6039cf79b94a3809cfd7b02f150ad6752f2ce7835e47bc7b6a0d720ee7394f801c9edbe7f612f20368fc6d47c583a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | c2662c208907c0dc34b1783b85c57739 |
| SHA1 | b153d58a1e3bd9bb022f3b6e62a0500b0f23ba3b |
| SHA256 | f1ca13157b8725157f66758d013a2faa73808f85977b935e7f0efbeab1ee685d |
| SHA512 | b773017905844ed61e13cef92356a423db13574b10e4971d24040e854b3cffcaf1885110fad08cf8ec9939a23f625ad3f388a6c267dffb578ea858da75958ce7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 48307f91e9b6f504db45f9274baa957d |
| SHA1 | c1730d2d588c5f0f1a5ce31011b115c8eaf8e412 |
| SHA256 | bb17098e7cd29454a53b70514362d4d464ae157c92693a732a3db3ddba103fe2 |
| SHA512 | d14def6edfff66a4aaa5af3b0f695013fbd69516f11fb62d08b22fdccc15b1bccd224e14eda709e647311f65608daa8390b56b3287dbc46c7cb6770157881d56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 90e4af347139064003cd98dff7abf0e8 |
| SHA1 | f21dc2a7ca741da1c537f66852d2105cb4aefc8f |
| SHA256 | df621ed33b92e11a1f6e8bad4acfe7ae005a174cab09f942c0e073150a3c1916 |
| SHA512 | 952ebe4666a1388f32269bddf16212e20ae25d4285c15a10287b33b6b422985de8f7e666a122b330895fbeca6b21820df31b5255ada0350cbdb1364efcd65ce0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 2da44708b498c213fe0963aded24ac9b |
| SHA1 | c2eb286d182d2d5417d6618551e66b9ce15baf26 |
| SHA256 | 748b7b51391b8bc80c45f0f20765031c489c0934759e4d4ab5e156247064387b |
| SHA512 | 284c7675507e8d69171b36240be58f60d5b5c8339c0fc0f8573e81ff6f811561b4a6411974558a15ae84f05ead824132db7114b4e42398bad87a9b49d8a1db49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | f46eb6d2eb1c1c38a8e249ce30fe14fd |
| SHA1 | 6d0aac14098b5b30a090aa1ae791a5924dee9beb |
| SHA256 | d01191d271a94a722d1bfd65f8896a3b8fb7da89a47ea5a1f2df80490460a746 |
| SHA512 | 583290a13a1c1358d4aaa7d399611f17b8c124e4eae1b6c43ad9ca8bfc734118d2bdc8e93d6e6289b5ef0be97e6233bae0193ea0496dc1f97745439a91a83189 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 162e64d3202d3001666aa7d4beef0bc6 |
| SHA1 | 2cbe30ed99d0e8b3a4fd0ca5a586e12f5455418d |
| SHA256 | f9eb1864ff43b56a899bc2deb866d45246d45769789de0003b4704269f7aa9f0 |
| SHA512 | 43a604f8f86819ce498af2732fd25a9645c9d280fe7df4080c0e439c546720883fbe20e43bf064f2dd9e4b6e0bdc7165e6077b76ecedde103f0d083756842869 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
| MD5 | 75a37ec2b4901291b36638c37c9f08c3 |
| SHA1 | 9b7ff05636a614f9a183258b4b60bc54a1add1bd |
| SHA256 | 65ec9d7a5de15dec20c969ee25c956d334e586100f0826f881a51ff297825d9f |
| SHA512 | 10534b2f959c95ae3e0289a864a2e9666afa68a654a8e95d92eecbae9879c76bb35269eb30f5d59b4be6bfdcf6bf3142dadc7cb98e4218c9e21cc4cc170c28cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3d1ee7c537a9b7b8b43f7446567d7a75 |
| SHA1 | c879f1a95651c27e99ac3789fe1c28a4088d2372 |
| SHA256 | cd0c5fb888cf75a8f3b509b58b62ff80602061dbf2e43cfa600e85173f96fe79 |
| SHA512 | f2250cdfdcde2d54054b8e442ac8fe6a6c77b4f72a1f9eea47340304b00c22ad888c7c46e3fa4c47781a55c8b905c033fc919db9cb216efea5e969029aebc3b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | 1b63ffa8325609f7f21989a5a7717fea |
| SHA1 | 74d137782c56504a7d09d6c27dc8e2e3985b4f8f |
| SHA256 | 880f695c5069d1901c6a06fa00f2a5cd0fcac3c73d3ca08c00b2c844ff4cb44a |
| SHA512 | 71403fe5b46e3db725d03295a2e16eccd25ac74c5f0b4af78c304f1d7f55a03a5c7a7bf97c1e0475116c9926e0c05bafaa4d9d3735930102f598a6644bc21e19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 8aaaff3c635d1f9fc3e466569e60e43f |
| SHA1 | b7d1ab6718f6c430442111112598a424e986ab03 |
| SHA256 | 66025826b4254f1f51c90d3984f0674b8ed04ad012f105ce86b030f36aa72f4f |
| SHA512 | 3ea831e1246a4f72f7af1e8ec091a8eab92a88e5c35476bba5ccfaac437a31c8f8d44198a57c319f9c040e0cc77d24aa10a719801cb4d901c14c524dd64b9009 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 6230a6a239d70817087bb2fd2f95cbee |
| SHA1 | ec5f19740740bec2d29828c078ce78ee48f02fd6 |
| SHA256 | 618d56da45a6afd2202c0691d7b54a69192e50564652c39efdd33007036b7434 |
| SHA512 | c819e17878e55494ce2bd4ea9cd1def1518b95166fcfc86d3325796686a4fc0314d98ac781ba2b7e58552f65592122df35fefa7990f878cfa50bb104d44ed5d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 64654cd31a3b72b6d667ccd5a0219c26 |
| SHA1 | 348dbc76d24df967ca89ef588ce553ffcbea343c |
| SHA256 | 8698d37bd3e0e729ce1f666ade7c6bb3a02fd7910e4bc7eaa67c8f4da5a2276f |
| SHA512 | d3f0fb7c7bbed59a98542cff06f637f19cddb5cfda8cc8613c47cb425b39d17b3d58344a8e174f47fe1c16b86f88cd215208128d1585fc0c694bb233ca5200a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | c63fd958b9130ff018a2c99774ac7ce3 |
| SHA1 | 4c2df67e756f03f353499f2f1447563277a91335 |
| SHA256 | dc71d0fbf1187e150bbbe374c05030110420760fe23e85494c0c0dd166c0673b |
| SHA512 | 21064a8f42d7127aaa9cc1b48d07aafbe1f1393ea1fa40067c5911989e1c2e1e94a1b9b4dfb86f11bcadc72135e5ad2f7b18b9b111c97cb979d4c1cccf133683 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ff33323a53e8badfef9118e54d96b017 |
| SHA1 | f503642c00302af1363f518472a76b009e709bf7 |
| SHA256 | 686c99bde3744da62889a159b19c857f95c270e3be3e8d7ba8876695e02968af |
| SHA512 | cc034ba78c94e6c57971135bdefb2b143b63ce5069c6b68afc05e052037c25ab858c49af2e1745b94d3087e303743629087e651994425ded9b10ab1e9f201670 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6eef01ee12911509499e17161654ddf5 |
| SHA1 | c81cb75c6cbfc169e2100ca8f64524219022c137 |
| SHA256 | a45eb94200c8caf0f5f26733d8348a4a97e4f4c2170a3d04a2a19f32b392a580 |
| SHA512 | feed604196d74fadd0ff076b6ee2a2f90f5696b8897a9dded0f137fa164d4e049ebdf2a04be94c0f68098fc6015c6ce56da0a6c2e1209b4290c1bb94b54c38eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a3da60819d62ad4aa5842f152e1e3b47 |
| SHA1 | 4a273e74c85e4ea9bcea1ff36e884e218da75eb2 |
| SHA256 | 43c42f7bc3f8f059f2ffb84204e074fd75a685c657d9eb0a2315b13ea012f05d |
| SHA512 | c06b36dfe44b367b2910848efe370a73dbefea1bed62f4508e0bc2b9b169379225fc31d0729bbe13d72467462f6d5e4226670e54c6c5a5ddfdf896deb5438f66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 583de979c44741fe2cf67b694dc54638 |
| SHA1 | d7108736ba484e6ebaf557a75641e786b313432f |
| SHA256 | 39a7c0858efcabcde21911e9cbb542eb25db0309f03b27b56d53ba97ad8b2e3a |
| SHA512 | 6ad9597b8f575d77b52986a261a94e3521123724b6a24dce8e81d347d4800d63a6aa7e1b0931d4a7b7ef56ffc83c72605868a4cb4618046df2931d0c837c1c30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4ea08be08f5b746381e913ae602ac603 |
| SHA1 | 18c3752b0398d0d3617eea5382b56cc4464610c4 |
| SHA256 | f71df8dabf16ca191dacbcc6712f5bdf83ff1ca57d01f0582d780820be7a817b |
| SHA512 | 0e18427b99a1c59dd538cc9785352acda3d2bff456080052b61ecbbd153e2d3f0b84f6b7b0d449202a875b0ecc5f36e83093f7d29bfde2307706d809ac44d659 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b5e765c04d3001a4b44a62e14b24b715 |
| SHA1 | d262e00b848b40f75ce8354c5a78d48de701ca66 |
| SHA256 | 040f38e36cea838117afe7b5ad86971a49e26fc73c709525b3ef0151a517a816 |
| SHA512 | 42db932305b8670492fdd39d96d298f54fc3f2f35872ab814fe6cd3bb88a396ec1c5ae5692f057922a22b21142b361f0e1019dbc3285fe1aed0c416da2303fbb |
memory/2412-528-0x0000000005180000-0x0000000005181000-memory.dmp
memory/2412-530-0x0000000005180000-0x0000000005181000-memory.dmp
memory/2412-529-0x0000000005180000-0x0000000005181000-memory.dmp
memory/2412-540-0x0000000005180000-0x0000000005181000-memory.dmp
memory/2412-539-0x0000000005180000-0x0000000005181000-memory.dmp
memory/2412-538-0x0000000005180000-0x0000000005181000-memory.dmp
memory/2412-537-0x0000000005180000-0x0000000005181000-memory.dmp
memory/2412-536-0x0000000005180000-0x0000000005181000-memory.dmp
memory/2412-535-0x0000000005180000-0x0000000005181000-memory.dmp
memory/2412-534-0x0000000005180000-0x0000000005181000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d9ba9f38-c107-44b2-b3d0-ee08ba6e22c5.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6e87a33c286e1bf507f1d16c50064e29 |
| SHA1 | aa28da19d2f521c9c89a9a0359c266ba7730f9d1 |
| SHA256 | 0ccbcc49ec5858b84acbd0f0551f6853ffbdbcebd65c072bc322368fca071a11 |
| SHA512 | e292be7f783674474ea146df295a74d3e195d3734b71cab90ebf0008f4cbfdc9cc7a67b548045419bf6eaedfe8f54cad7d03afcc9e08331a94277c5caf4c8e46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | abdd527f820ca3c398fbb1aaf57f944d |
| SHA1 | 2def7680e487a0bc6973b5314003834340e4aa19 |
| SHA256 | ec7030b1ad21a22ad090424b6ec00c26b0ac1569a79ab5effac78eef34d3830b |
| SHA512 | f4f95885c99e3f01f1db3a251400a79aecb8be96877fa123cf6c94adcb279803a30b36463ddc13f1be15ab8beec61a641d950a420408ee18389e3a8e18022a00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ed99b22ad2eff29076752d0448b762f9 |
| SHA1 | 137d12fb2400f6b9f5829b1f5508bb77348f5570 |
| SHA256 | 182f0f7b9bb171840329e2bf3f1a165257e775cebdacf3634ac765109f8c2404 |
| SHA512 | cb1a4722a434ebd6e650bb8ef9f9d841fee0c99ead147383a9466aea8146c4b2666c592b8698ce6dd5bed5b92fe993f84dac1de1761d926f69651eea13fb3ca5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d5be2bb9e1d4f90a05587ce523e7cbfe |
| SHA1 | 2f5f4ea57e88d61ff0b929dba44837cee2ea1dd9 |
| SHA256 | 58ea758e1a8dc5667707214ce5c86923a02baf3b9819f463317f6f7cd94ae22a |
| SHA512 | 6b8ad57e9c4e7a89e8d33fb334fa96194d66c344a1c0ae9729a66e3facb0d5d7f11b8de105744f5dc240453c821fea09ebd1892984f172bd62ed17d16b5190f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e662063e48ddbc33eb4685f8ed8d4be5 |
| SHA1 | 3009a24f9971cb77745820dcb18586a78d3b2f89 |
| SHA256 | ae584a053120ce8209fbf6d767e6feebab5aff251f2d5037fbdbd1e955e95f7f |
| SHA512 | b5a900dc7d04939a2f9f37c38bd32e0db24b9a3b05af2744b5ff2496a2c76e7fc4e3a2c9e8730182fda68b003bf7dd378fe4cdb667714d332b46033ea5bac256 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b7f3242ef02abcad4823c5c44a24c3d6 |
| SHA1 | 4b739b5e66e33e18514460442db88da2a961ed9f |
| SHA256 | 201c915f11db4c47ecac8d467e38672e59ed4a17da7bb1c69190cdbc6759c825 |
| SHA512 | 055dc5327dd65a87039a0127b42b6f92960faffc1282214b9acd578259440a24aac00567ece68c2cb81da5077c3f184375135017b487d55c2b2e08bafb26a768 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4cf5ab574953aa6825a7c91209e5ba84 |
| SHA1 | 58ae2e3ab1764129beb366c31540ea643b82ce6c |
| SHA256 | f9fb7ab249285c9931fdab9fed827722a84510f80bf58fcd649cf277d26cc8d0 |
| SHA512 | db4f20e7963942d2f25c48a5b8c2a67bc746b09201ccd0f2ff8f91add26d56eacedb7107e3dfb2898d1fb0c83528aed897f132925d16094ab668534ada149ca8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 010724764331d1b10a95c7427956d488 |
| SHA1 | d0a75e37c39894cdfcb282dd08ba0bababa2f3b0 |
| SHA256 | 19b2c52500f2cbc0bedc7cc92b46a699f3c4ce37d59ebc1d8be2e0225cf1dfab |
| SHA512 | f4dce4986d6a00ff45606c8c55b69a628d68383e726981f44c53f04c80f7f43f876fa7a05b8c1da108011c7ab9d9f4f3515cb487348ceed6b9894529fcd9a561 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 55f1a52aae3c2080d2311c9cd64d7dbd |
| SHA1 | 20cb0089f4d3dc9ff4b12d21ac7dd0b716690544 |
| SHA256 | 7befd04271323dbf8ee879b106ecdc783594b4efed8443126a978514a3ea89fe |
| SHA512 | b812bed9a7b0de95e238eaf3d274437e0125f196ec3111557153c2a65ca7b056fb34ebaee60c501526f3ff0c6682804aa3e5086ec5e24834e3d354cc61081d7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 589c49f8a8e18ec6998a7a30b4958ebc |
| SHA1 | cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e |
| SHA256 | 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8 |
| SHA512 | e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5dc723eacad643d6c287f7d664a25306 |
| SHA1 | 868c25d22f42b8b57e176f2a49cd45e5b87b0bc9 |
| SHA256 | 6fed4b7456ec653c8d710498e982b98b8926d26e5d4f740d75c2b84fb652ee9a |
| SHA512 | 7a203bc7ee69253eebc09b14d3024e1b9d1ceb52a113a63a65bf02420ff5c74404ba7d587cc13447b904691d56e97cb8d88e315db3fbf6c08f995921db3ece7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dccd817eb23bc5f6c915ae00bb8b438d |
| SHA1 | 41e4e04bb77fdc3cd9040e25dadcc82df3577f8f |
| SHA256 | 4c1de2a5a3097e527064f34ae5b04fd040820b0c344baa9c3f426b4ac7f5644b |
| SHA512 | 37772c4ac18c374cefa9258318b120205c0b2db43edfbd2079a1181cb8032f7aca34b1d8509d69491910d695aa7f8bca44aef207efd75e16e2d9ebe9842d1975 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 74c9e992b8246ef114a6fc128564f16f |
| SHA1 | da03b492967ae22c3d7fa27baa2ca340d7a7c7e3 |
| SHA256 | 048e57cf65977c4bdc0cf5bce12933e2321214694d2745682ef7a205872a98e5 |
| SHA512 | 0c6d0a5bc093009f1be43994a255860f9ea7d6bd6b97f678d944024ae5fecc6173750c6627bbb74967388bfe4c148dae24ba1a70eee97e4818c6bac1e5287d15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 901c022cef580715c969fe4d1c9206e7 |
| SHA1 | 9e0912ec8abe7c2da9235364d608fdf60c21e311 |
| SHA256 | a144e34b1ee2146cb863bc08ef077f376e4890142c477b2fac18769cc0edad90 |
| SHA512 | 175f6e0a027e035a03324a14260039cd9b8a4ec47345113aed9029286990cb1b887d586a32f4c4eb24de2bc6b58627d34337d3f4c31fc774a80a9d18674ab7c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 793ce78d8ac8d52642b7278dc69f6a0b |
| SHA1 | e7d3abb7a6a316d2b3611970e65ea1e3813d3a46 |
| SHA256 | 613371e4df4790d47cdc8478ba59181c2c104f3e0348810c52a70d6205100d81 |
| SHA512 | 12657b6a6a10ee8904113ef4ea126a45cfba95ea524a2a3286b39cfcd07e2a919326d1e7b300869fb649445ab221b4fd34326726d207839a8bd97b9ff131a2a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c02a138e69f0f854df9b2c6ddbad1919 |
| SHA1 | 20d8f2271b1515501c6fd5aa1d3092bc6b43478b |
| SHA256 | 505fbaa2f4549b7283a059475a4fdde8bacca86a0d980ec29fcea506b380e9d5 |
| SHA512 | fe33add3f143ad223d13b8799357f0b29c5224a1b31e2073999d11f389db199d1082e40f271b4a9996a232a349a0118e71abbb7c9264dcdf0e25a4e0ace1b003 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 839512f5beddb3c64c569c37b51474f8 |
| SHA1 | 109eb964a7685ba1d7ff201c062f52ed7e158e67 |
| SHA256 | 58246ed2f3cbd137b363f1c5c3de564c60f0d49f5347288e649d8c578eaa1a6e |
| SHA512 | 1cd43e6df6f8ee505eb7b6ea9df93c27e399735814b15a036e99f2f0583182d79dbc99c138998297d89e62583c4867495b3f7851762aee4947a9176894fcee36 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d1c5daf849867410d9811aa5a49cc917 |
| SHA1 | 525644a4a784c60bf51bcabe9eb3b574ca6849af |
| SHA256 | c3ca3d4fa2c1b93282133b6d98c7a6e9e48023f453848a7f98a1c966c1fd3f97 |
| SHA512 | 5fe02e26eaf9b01a069b763c4fae73350275ecad1cbbf5db046ad8687cb09fd70d350b06a4d93d797e733f1e51c5c031fcb09c6d64731f107a4be333a298b8fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d9f71c8631851e200182b6c39d66a899 |
| SHA1 | 46442f7e2ead7658f9b30d9793466dc41a013556 |
| SHA256 | 33e93738c5732a404305322284a73222a41785128b847c7ef2437605becd5629 |
| SHA512 | 558c12bac0036c36dde9e6434e8cf77b4514bd0f87038614a5cd7e515fedf43012dfb0b77f0c5bbe869682164e56365bf75abd6a591dfe51197ad88cfa911f44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 99a32725623f1aebe8f3400883514f2b |
| SHA1 | 5f2ae5faa16234bfbe4e8287493723ca98266b9d |
| SHA256 | 467f0464e5df28911bcd38cd95aaea3a089511c3212acbe0994fd98969ed42b4 |
| SHA512 | f4b4432176fe9f3596939e0b5e942228fd88a1ff787e67818fe50c79197d6c554ee4451cecbbc31711ab9a3cc612c02dd4e6bd39fbf167c274263f9808da27fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fea27f26364b1348bf673230ef7222b7 |
| SHA1 | a5ba3992c08994b551c7489defec3cd476b8808c |
| SHA256 | 11bf114e6e75f926617eaa2b613de2f98e0e02ecfa6346fc380493b0d7f3d721 |
| SHA512 | dae38a696381f6a2d50ec90c2d54adfdd68d333d408392a2fd4404f66d6b136c114ac1f7e1dfbe08a37a71cb68d5fcb26dc27e154243faefc01479434a6198cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2887e1f05ca23beb54d4071a0f6d30bb |
| SHA1 | 476477fd93b066d98d12a91c3f5bb327803d592e |
| SHA256 | 912af05119c9ee080d4b6bde04cf705a3b818e72a1f9ed9f4920b9d28b74e800 |
| SHA512 | 22e3a4ee5885bc836b3c37cc6b20a7ecdbec3e5941a33665faa1650a822a9a211e4e4afdd1edab539033965b2796c96539615844cd2e1fa2eda56cf28943305b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | d66ba6d7b86a90fe8a60c46b6356593a |
| SHA1 | ca90843c5df5a0a0dc2014611718d4eb96b09c43 |
| SHA256 | f5aec6017010f990c2d5d5413391404d6178aa40d023466b9b79fa67e46ca9e3 |
| SHA512 | 11d87643df6cadad1ffd71ec268c2159376627b0dc8f0a7e958228ca6fcbb38f0699287fcd47275d6fc4da71125045307378f311ffe115b5dfd56a519d11b5f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 245f118ca187fd3a1fd98488c655d287 |
| SHA1 | 406c4a2787987afb76be0521961f29f846c0c1bf |
| SHA256 | 1f8d52de0c378c0d83c69d7b423dd6b3cde0dca764c6fdcfd8958a4964cfeab9 |
| SHA512 | 0dbb505b5878e86e15de81b5102f5b227afa3f853d7e1a8f617db8765bccd90a98fb23399e1ebe8c34bdccf0b2def900fd18b0aafc68d7013a130108bd7243d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f842342d491b6d87432380ec6a4954c5 |
| SHA1 | 0516e7a4bc949d5f0c0f22420a5f77ba3e52e133 |
| SHA256 | 097951fe3b2e6c5c1edbf189784c4ec611e59f8292464c94446cb011bdc64fff |
| SHA512 | 6d07b353a92f066b897df6a01aa00e8dab0cc7bad74bb3639ca2a14f49d335d6d36ba2ee6e24a20830b662193509e954841b304db55ff47ff26823988b609e01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5bcc93.TMP
| MD5 | c2b672056637ee4cf96d9230244260e4 |
| SHA1 | fbb74704b7d5914b97d761f613b322e516a39bbf |
| SHA256 | 600ef711b2722d561ae12631ea823a6dc06aacbc7f616736adf744c0e55b0578 |
| SHA512 | aa98c1c23033e2bac84692a6d9b24672323a7d9ff877c846a24cf3c7119bb0d42fecab2ccb10e43e9f671b6bbb0af7466872343240ecba22447c32dffa5e3b7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 90aec54f1e1e375f2ef3ec838f18811f |
| SHA1 | f2c4dcc036b31f46fe36c69562f806a87139eab5 |
| SHA256 | 05bca8fdeff0b0a8ff0a0fade1c5f2da3529999ee74979569e47573b72959fe2 |
| SHA512 | c892725107cfd9c5b35db5973f706d981c066f881efdcce4dc257877e6f09c81e792c6b0fab8534e39bf1c3ab8761e9451ac196f08ef2c7a097015bbb17e3287 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 65d3e1d6205d1eaeda8f0f0d2b52aac5 |
| SHA1 | 756f1f090ffbc4abd2681fb7488938def3a200c6 |
| SHA256 | 5a01e763529cb5b92b01137be55b62b19f4bd522a2009412541608c1b6715b92 |
| SHA512 | e4e26b52a8cfd686b4d1da5a25bd323b40ed3d1825b74be16bc7e6c9b47a7314a9b2856856ad4bc1271a96b54e0b6ef9f08bd719cb4404c224e5bd21c8b3706d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1412_2110446408\Shortcuts Menu Icons\Monochrome\0\512.png
| MD5 | 12a429f9782bcff446dc1089b68d44ee |
| SHA1 | e41e5a1a4f2950a7f2da8be77ca26a66da7093b9 |
| SHA256 | e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37 |
| SHA512 | 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1412_2110446408\Shortcuts Menu Icons\Monochrome\1\512.png
| MD5 | 7f57c509f12aaae2c269646db7fde6e8 |
| SHA1 | 969d8c0e3d9140f843f36ccf2974b112ad7afc07 |
| SHA256 | 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f |
| SHA512 | 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1412_1415607311\Icons Monochrome\16.png
| MD5 | a4fd4f5953721f7f3a5b4bfd58922efe |
| SHA1 | f3abed41d764efbd26bacf84c42bd8098a14c5cb |
| SHA256 | c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3 |
| SHA512 | 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 60e3f691077715586b918375dd23c6b0 |
| SHA1 | 476d3eab15649c40c6aebfb6ac2366db50283d1b |
| SHA256 | e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee |
| SHA512 | d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
| MD5 | a397e5983d4a1619e36143b4d804b870 |
| SHA1 | aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4 |
| SHA256 | 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4 |
| SHA512 | 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 54e51ccf742e8202151e40decd3b54b0 |
| SHA1 | 4c844b78f2633da61907164c8fdd15a29143be9f |
| SHA256 | 79be619b73f5bb6279e180306b6ad810a311918560471eae22c3205dbd7e52ad |
| SHA512 | 6906bf49375f90e373c73eb6338369502184496d8bb9143bcb3068063c8d0f6c1b18a1933a836037e35e00ad4b78d8a4125ec7ae1169c83994615a7f2125df16 |