a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

Analysis

max time kernel
456s
max time network
439s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 18:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[email protected]
Size

14KB
MD5

19dbec50735b5f2a72d4199c4e184960
SHA1

6fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256

a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512

aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
SSDEEP

192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	[email protected]
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	[email protected]

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	[email protected]

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Windows directory 57 IoCs

description	ioc	Process
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe

Checks SCSI registry key(s) 3 TTPs 20 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe

Enumerates system info in registry 2 TTPs 21 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5024	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2820	[email protected]
2820	[email protected]
2820	[email protected]
2820	[email protected]
2196	[email protected]
2196	[email protected]
3904	[email protected]
3904	[email protected]
2820	[email protected]
2820	[email protected]
2820	[email protected]
2960	[email protected]
2820	[email protected]
2960	[email protected]
3904	[email protected]
3904	[email protected]
2196	[email protected]
2196	[email protected]
4600	[email protected]
4600	[email protected]
4600	[email protected]
4600	[email protected]
2196	[email protected]
2196	[email protected]
3904	[email protected]
3904	[email protected]
2960	[email protected]
2960	[email protected]
2820	[email protected]
2820	[email protected]
2820	[email protected]
2820	[email protected]
2960	[email protected]
2960	[email protected]
3904	[email protected]
3904	[email protected]
2196	[email protected]
2196	[email protected]
4600	[email protected]
4600	[email protected]
2196	[email protected]
3904	[email protected]
2196	[email protected]
3904	[email protected]
2960	[email protected]
2960	[email protected]
2820	[email protected]
2820	[email protected]
2820	[email protected]
2960	[email protected]
2960	[email protected]
2820	[email protected]
2196	[email protected]
2196	[email protected]
3904	[email protected]
3904	[email protected]
4600	[email protected]
4600	[email protected]
4600	[email protected]
2196	[email protected]
4600	[email protected]
2196	[email protected]
3904	[email protected]
3904	[email protected]

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 58 IoCs

pid	Process
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: 33	5028	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5028	AUDIODG.EXE
Token: SeShutdownPrivilege	5024	explorer.exe
Token: SeCreatePagefilePrivilege	5024	explorer.exe
Token: 33	2360	mmc.exe
Token: SeIncBasePriorityPrivilege	2360	mmc.exe
Token: 33	2360	mmc.exe
Token: SeIncBasePriorityPrivilege	2360	mmc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
460	[email protected]
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
4212	notepad.exe
5940	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5940	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe
5780	msedge.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
1656	[email protected]
1656	[email protected]
1656	[email protected]
1656	[email protected]
1656	[email protected]
1656	[email protected]
1656	[email protected]
1656	[email protected]
1656	[email protected]
1656	[email protected]
1656	[email protected]
1656	[email protected]
1656	[email protected]
3840	mmc.exe
2360	mmc.exe
2360	mmc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 460 wrote to memory of 2820	460	[email protected]	96
PID 460 wrote to memory of 2820	460	[email protected]	96
PID 460 wrote to memory of 2820	460	[email protected]	96
PID 460 wrote to memory of 2196	460	[email protected]	97
PID 460 wrote to memory of 2196	460	[email protected]	97
PID 460 wrote to memory of 2196	460	[email protected]	97
PID 460 wrote to memory of 3904	460	[email protected]	98
PID 460 wrote to memory of 3904	460	[email protected]	98
PID 460 wrote to memory of 3904	460	[email protected]	98
PID 460 wrote to memory of 4600	460	[email protected]	99
PID 460 wrote to memory of 4600	460	[email protected]	99
PID 460 wrote to memory of 4600	460	[email protected]	99
PID 460 wrote to memory of 2960	460	[email protected]	100
PID 460 wrote to memory of 2960	460	[email protected]	100
PID 460 wrote to memory of 2960	460	[email protected]	100
PID 460 wrote to memory of 1656	460	[email protected]	101
PID 460 wrote to memory of 1656	460	[email protected]	101
PID 460 wrote to memory of 1656	460	[email protected]	101
PID 1656 wrote to memory of 4540	1656	[email protected]	103
PID 1656 wrote to memory of 4540	1656	[email protected]	103
PID 1656 wrote to memory of 4540	1656	[email protected]	103
PID 1656 wrote to memory of 1244	1656	[email protected]	110
PID 1656 wrote to memory of 1244	1656	[email protected]	110
PID 1244 wrote to memory of 3616	1244	msedge.exe	111
PID 1244 wrote to memory of 3616	1244	msedge.exe	111
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112
PID 1244 wrote to memory of 1308	1244	msedge.exe	112

C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:460
- C:\Users\Admin\AppData\Local\Temp\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2820
- C:\Users\Admin\AppData\Local\Temp\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2196
- C:\Users\Admin\AppData\Local\Temp\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3904
- C:\Users\Admin\AppData\Local\Temp\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4600
- C:\Users\Admin\AppData\Local\Temp\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\[email protected]" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2960
- C:\Users\Admin\AppData\Local\Temp\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\[email protected]" /main
  2⤵
  - Checks computer location settings
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1656
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b19c46f8,0x7ff8b19c4708,0x7ff8b19c4718
      4⤵
      PID:3616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2637622520134347350,12625677564366960090,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
      4⤵
      PID:1308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2637622520134347350,12625677564366960090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
      4⤵
      PID:2268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,2637622520134347350,12625677564366960090,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
      4⤵
      PID:4708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2637622520134347350,12625677564366960090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
      4⤵
      PID:3404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2637622520134347350,12625677564366960090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
      4⤵
      PID:4016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2637622520134347350,12625677564366960090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
      4⤵
      PID:3812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2637622520134347350,12625677564366960090,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
      4⤵
      PID:4368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2637622520134347350,12625677564366960090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
      4⤵
      PID:2756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2637622520134347350,12625677564366960090,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
      4⤵
      PID:5176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:5940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b19c46f8,0x7ff8b19c4708,0x7ff8b19c4718
      4⤵
      PID:5952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6016996129789377123,7661403459415083013,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
      4⤵
      PID:5340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,6016996129789377123,7661403459415083013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
      4⤵
      PID:5328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,6016996129789377123,7661403459415083013,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
      4⤵
      PID:5384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6016996129789377123,7661403459415083013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
      4⤵
      PID:5476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6016996129789377123,7661403459415083013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
      4⤵
      PID:5504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6016996129789377123,7661403459415083013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
      4⤵
      PID:5620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6016996129789377123,7661403459415083013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
      4⤵
      PID:3184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,6016996129789377123,7661403459415083013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
      4⤵
      PID:3740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,6016996129789377123,7661403459415083013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
      4⤵
      PID:3040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6016996129789377123,7661403459415083013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
      4⤵
      PID:4796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6016996129789377123,7661403459415083013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2792 /prefetch:1
      4⤵
      PID:2328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
    3⤵
    PID:2976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b19c46f8,0x7ff8b19c4708,0x7ff8b19c4718
      4⤵
      PID:5204
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    PID:4212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:5780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8b19c46f8,0x7ff8b19c4708,0x7ff8b19c4718
      4⤵
      PID:2248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13413184091016185960,2775688284582488951,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
      4⤵
      PID:5768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,13413184091016185960,2775688284582488951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
      4⤵
      PID:5824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,13413184091016185960,2775688284582488951,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
      4⤵
      PID:4324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13413184091016185960,2775688284582488951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
      4⤵
      PID:5180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13413184091016185960,2775688284582488951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
      4⤵
      PID:5476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13413184091016185960,2775688284582488951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
      4⤵
      PID:3900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13413184091016185960,2775688284582488951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
      4⤵
      PID:2444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13413184091016185960,2775688284582488951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 /prefetch:8
      4⤵
      PID:5212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13413184091016185960,2775688284582488951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 /prefetch:8
      4⤵
      PID:5708
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:2268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b19c46f8,0x7ff8b19c4708,0x7ff8b19c4718
      4⤵
      PID:1216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4679661539779853264,17390961332202426292,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
      4⤵
      PID:3392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,4679661539779853264,17390961332202426292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
      4⤵
      PID:4128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,4679661539779853264,17390961332202426292,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3028 /prefetch:8
      4⤵
      PID:6068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4679661539779853264,17390961332202426292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
      4⤵
      PID:5384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4679661539779853264,17390961332202426292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
      4⤵
      PID:6060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4679661539779853264,17390961332202426292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
      4⤵
      PID:3336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4679661539779853264,17390961332202426292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
      4⤵
      PID:1512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4679661539779853264,17390961332202426292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:8
      4⤵
      PID:992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4679661539779853264,17390961332202426292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:8
      4⤵
      PID:2408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4679661539779853264,17390961332202426292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
      4⤵
      PID:4388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4679661539779853264,17390961332202426292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
      4⤵
      PID:4724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4679661539779853264,17390961332202426292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
      4⤵
      PID:1556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4679661539779853264,17390961332202426292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
      4⤵
      PID:3260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4679661539779853264,17390961332202426292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
      4⤵
      PID:4288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4679661539779853264,17390961332202426292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
      4⤵
      PID:5544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4679661539779853264,17390961332202426292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1
      4⤵
      PID:4880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4679661539779853264,17390961332202426292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
      4⤵
      PID:3752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4679661539779853264,17390961332202426292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
      4⤵
      PID:4872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4679661539779853264,17390961332202426292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
      4⤵
      PID:1180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
    3⤵
    PID:5648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b19c46f8,0x7ff8b19c4708,0x7ff8b19c4718
      4⤵
      PID:5816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
    3⤵
    PID:540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b19c46f8,0x7ff8b19c4708,0x7ff8b19c4718
      4⤵
      PID:5752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
    3⤵
    PID:5152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b19c46f8,0x7ff8b19c4708,0x7ff8b19c4718
      4⤵
      PID:1320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:6100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b19c46f8,0x7ff8b19c4708,0x7ff8b19c4718
      4⤵
      PID:3664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,17083393780002056358,12420112028835040157,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
      4⤵
      PID:3756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,17083393780002056358,12420112028835040157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
      4⤵
      PID:4288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,17083393780002056358,12420112028835040157,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
      4⤵
      PID:2912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17083393780002056358,12420112028835040157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
      4⤵
      PID:2460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17083393780002056358,12420112028835040157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
      4⤵
      PID:4816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17083393780002056358,12420112028835040157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
      4⤵
      PID:4192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,17083393780002056358,12420112028835040157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
      4⤵
      PID:1756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,17083393780002056358,12420112028835040157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
      4⤵
      PID:3452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17083393780002056358,12420112028835040157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
      4⤵
      PID:2052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17083393780002056358,12420112028835040157,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
      4⤵
      PID:5036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17083393780002056358,12420112028835040157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
      4⤵
      PID:3000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17083393780002056358,12420112028835040157,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
      4⤵
      PID:4556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17083393780002056358,12420112028835040157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
      4⤵
      PID:2644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17083393780002056358,12420112028835040157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
      4⤵
      PID:4560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17083393780002056358,12420112028835040157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
      4⤵
      PID:1332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
    3⤵
    PID:4748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8b19c46f8,0x7ff8b19c4708,0x7ff8b19c4718
      4⤵
      PID:4352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:4676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8b19c46f8,0x7ff8b19c4708,0x7ff8b19c4718
      4⤵
      PID:4368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,620256363800906929,1614250716911236496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
      4⤵
      PID:2804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,620256363800906929,1614250716911236496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
      4⤵
      PID:5156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,620256363800906929,1614250716911236496,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3008 /prefetch:8
      4⤵
      PID:5032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,620256363800906929,1614250716911236496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
      4⤵
      PID:1808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,620256363800906929,1614250716911236496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
      4⤵
      PID:3396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,620256363800906929,1614250716911236496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
      4⤵
      PID:3472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,620256363800906929,1614250716911236496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
      4⤵
      PID:632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:2932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b19c46f8,0x7ff8b19c4708,0x7ff8b19c4718
      4⤵
      PID:4212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
      4⤵
      PID:4444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
      4⤵
      PID:2952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
      4⤵
      PID:3228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
      4⤵
      PID:5860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
      4⤵
      PID:5008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
      4⤵
      PID:4564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
      4⤵
      PID:2416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
      4⤵
      PID:4492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
      4⤵
      PID:4464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
      4⤵
      PID:1040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
      4⤵
      PID:1352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
      4⤵
      PID:5192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
      4⤵
      PID:6092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
      4⤵
      PID:5508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
      4⤵
      PID:5100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
      4⤵
      PID:3784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
      4⤵
      PID:4476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
      4⤵
      PID:3872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
      4⤵
      PID:1248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
      4⤵
      PID:5972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15308625754795882608,2844172756031440190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
      4⤵
      PID:5336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
    3⤵
    PID:4264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b19c46f8,0x7ff8b19c4708,0x7ff8b19c4718
      4⤵
      PID:5588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
    3⤵
    PID:2236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b19c46f8,0x7ff8b19c4708,0x7ff8b19c4718
      4⤵
      PID:2188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
    3⤵
    PID:5328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b19c46f8,0x7ff8b19c4708,0x7ff8b19c4718
      4⤵
      PID:728
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:5016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
    3⤵
    PID:3608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8b19c46f8,0x7ff8b19c4708,0x7ff8b19c4718
      4⤵
      PID:1432
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2792
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3840
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
      4⤵
      Drops file in System32 directory
      Drops file in Windows directory
      Checks SCSI registry key(s)
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:2360

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x470 0x4ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5212

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:5024

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02aea04510b74d0e8d5c5d2946f9877b

SHA1
4ad4abeaa078e2d2016e424f36f6d458fccc58f5

SHA256
6770c8bc95eb27a14e27ef5b136293015d2bf0bf573972b0e4a843c24ddc9c7a

SHA512
bb0073230b65654350e96cfbca604d72bbc5a597250c1a4f0e80cc702bce7190386373fcfe82b2f558e789b5da9490e5c789f936c6a03c1e61f47cb6f1db4dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
08f39d30a9abc6c3f29b11bd197f22c5

SHA1
c74dc3fd0cf7f06d1f32e1a1838ebc4ee3d09898

SHA256
62ac5eaeeeb2d212f2ed9aa331cee95432deaf66db76966c55d909be63ffa746

SHA512
fa0a4b9cc192bcd18c518b8480e8b95cf9affd969946c9268eb565810fdb5af70da92824e7038d6c694237bfea84ef64918b1ffe98fabbc82a40e76b3b184166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc3ce42f5a495b4083ac12e6db4b9c5b

SHA1
b69d25919ada106f8bf3bd4fff492b420794e36a

SHA256
3a36b5b9aadf102c9389416f4c618673b3c92064eab0dade1e79f0829a5868b2

SHA512
2213be8df9fae82566ac09f3349e2d6d1c6390710ded7c862328e68d88eb4771f409d01e08d7203b88c9546139f2aa975e84fa3c9608b1466b29775c40e269a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
68e91cadf7520486dcca2fb1bb02dc1f

SHA1
59b471c8d9d866de83f8fca78e2f747f1a6166bd

SHA256
3673263377fc42c97ceda0ce8f75c736e6a55aca61b2f678757ac4d789b89876

SHA512
1325ae0bf8a88a22fbc4cd2a6b7bce2d470ec760ece60ad0a0b30233f8d0cc97cd34a11aeaf7c7b851d28260f64c7cf1137e8f68b1ea44c9dba915d77444241f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae626b1b1f06c0fe55d0097e5d3de991

SHA1
c690719c5400a78c448b208be34223c7eda4ba8a

SHA256
0277cc5b4ea977c426286ccc5a57c1983478975cd0427fc603b560bf60ec6983

SHA512
ae2d61580b20dfaa6d7e601859e9cbe37d3bfb5ed328059bbe969326edad48ee389195dcfb5597e457257ad5cd16fc98a721f33d56b66d83eefadcd586ef5a52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16d2d1d3dc226009bd1d3c8827c12764

SHA1
56c1ac2f89a7e1c09082256166bb472a9f7757e3

SHA256
d2348a17664a90a9854ab1a6d411d5a598ae8033462a75176a042e56044f1033

SHA512
dc7c497cacac1ffc81acff0f54fbfb43563d91480a4a7ba6c1ea3f34f2d6817f645ddf14084a3648fc16ae62a02093e9fe6974d8e30763c3ff7da95fb4d11cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f17be5101090ceaeb38b54c101494410

SHA1
0ab3aa9d1e5e4a850dafc7c9390a2e8c60fd6df1

SHA256
c848cba4ae652f8761ff56de196e215e46ddaf7e0126b99dc77f922c50fe000a

SHA512
cb7dec6b3b17bffa7472ba1ba0e26b8115bcd4851e9186786e8506c952308dcd5431f03fd1b3d9d1d89d0dfbbff0e628114869ab6839d466bb9716b288b0de60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\398f1932-794b-48d6-82c2-07ab04cb8155.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
9ecd3a13cd1d13e6fd9cc54c5c41e6f9

SHA1
709a410065737e84e712273cad152e65165c272e

SHA256
56d39c85fd0f5eb0159fc71001b914863d88a9f3482713589964a34296c0ca27

SHA512
4324129e549ced734bf86c322c611c5d0cbacb260407bc8a1ab782f30b2ca742989e64455416f2b953bfb44869d308a08d4b8dbfd8bf50b05d9717bcf18b4fc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
64ebbcb45e7181d4e16ec48ac60c37b3

SHA1
6387225c1ee51bbab3c631015a3d6b83dc76dc87

SHA256
a859d6eedb3941a95572996cc2da14fe9cb7c5e6412cd752beb18933ce606e42

SHA512
645ce888cdca8368d2dab50e63b744f9c63cc9cf5c449be0000580c96807eb65a76ff064619d64eadc156ed79a8341d0242d301a6cf3adcff02728f3986da18a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
55c1dd8240457c56907255cd086a7bf3

SHA1
4cec7f24361ac554e8a521bb3b067973c68986f0

SHA256
f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617

SHA512
9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
ac13f957f979fea6f889fa1ebb62c7a9

SHA1
c0433ba02d9425c3f0fa92e8b3c574b6f4ae1d70

SHA256
1e4021a2c324c44cab5bbd5bdef28941c20fea162ae750d93ea39a156ee45440

SHA512
af7baf1342c69495f7d29c9d877eb433a5c7884d8a653aba6e60f9ddd6954b845ab662ec7404a2293257cfbc6bfd0da43fa4641b8d8e2471bb3df29538c27aee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4a7dfe75c92f84ca_0

Filesize
232B

MD5
a1a2971e5f772a014bacf728cf1710de

SHA1
99c3cd613fe6d04af8385a221183921c5f209831

SHA256
1e7923a9e9cfe27fe0ea9b26925eeadd42de3a77ff502456699814b5c96d18e7

SHA512
ea1ca58424914d5abb1c665bd93e5bc4a056bdb758d12dd0180888c276d3e0488b688e10ebc9639814971083f3f6d767ff788d62daae21bd0805c49734a768f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c08ebc849c2c0cda_0

Filesize
240B

MD5
bf25858c18aa5bb72c372d7a0dda0124

SHA1
9bfaa6bdc063516d7830c23578e62f074ed37d81

SHA256
5665ab22cecd995122a512b15048a139dfa105f918594515f8ffcef4b34e4f10

SHA512
73d0c548c35e154af11769518ea4d9fdcd1c613e4634aa10eedf6434119b3e4c78b3571631ed8fce0517fe2c4bddd38985d6d4cdb2a3cfac231b17f9cd86e3c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d4dc45a00ac60815_0

Filesize
597KB

MD5
0667fe7f8ba4a7baca56de6fd1f6c2f2

SHA1
523b6c80dd895ff428a3384c11244b0fe6313ae5

SHA256
21b702b54de80e4c35a87728c6b540c5f966f95897426f85e1bb519087798fb5

SHA512
e191a0da844b0621268bd7c5bff0a1f328a56059871ccfb1c2d6c6f59f6fe60db1713f5b5dd79c35397b7c4f96606ec54b300da1afc404e11bad119fb9553856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ec5ea768045d5c65_0

Filesize
289B

MD5
8db90f6a35a93c15e515d92a36a247aa

SHA1
bea97ffbd8c595674ad03c4c0b94df50c238fec0

SHA256
104bf0b9c2969dae013af6f43d739442cd14cf60b4f8351ba276a5bd2b7876ff

SHA512
2a22d241658e8a0ba138109199ccca7387620b24c136f5062fb8d1b88286d6c4e75f4824c4163900cfbf5d634708992f4330d8eeef95e1c5356b909f91ab903c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
07bd8c247eb494a1596db08edf6b765d

SHA1
abe4a9b7f61edea65aa535c5a63ebc196e8ef8ed

SHA256
f06c654317de096659d35b57c4cc13720ccd394db1acfc48ca5996f978d9a5db

SHA512
fa371ba356145f0a5bc987fde04eb75c7dff9a7feaf9c63f3a2cbe2ed7943d7420e979cceae1ee203a0ff42eb2b32fccd614b019ecaebaa82006960f125e7e95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
16e397f7a7f7e5dc936690c23ce8d967

SHA1
feb03002cf03ac776f7556ccf8fcdd1521f4ee36

SHA256
f3cef5f8b0beae86912cd6c7fb7626c6cc2c2c905e3ae1c5b38a307538bdeb56

SHA512
9d8ce420568c1cf64789f892bbbdf449a35c2780ab35b02ff4c9c8a3d106560daa24bd0ef8a513f45d43c8ad2e6dfa9f895600c5c36a374fabd3ab1c79e2af23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
259c4f7dac108b0bca5c09e0d6085884

SHA1
db21b37ed1b01a0c602779e12c9cbdcbe60026c7

SHA256
135058f9f63d040de0e3a623151cd553fa74abe8ea5eacab89b5a8c91df114de

SHA512
b47f5688bfe73a10957034c38a9ff57218d51a45318c5dab37f66a340e30f10db57473a919be184c25a2cdf2d2b0346fdff628b0aa42e160e8d652b669c56ef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
dd75316470a83296e6122c3749b3a97b

SHA1
2bf493e3bc1148341ae957fd08ceb4dfe8b7382b

SHA256
b3a7f1a897e85b4913cbd8e31521c51a9383c3f0253a180fde19e0b9f20e4020

SHA512
7feceec0302bf06fa3bba08fe577f5513598937da98de73feac1c687c44bcb1f00eb665ed81e205f4738f5bb46211e1b332525d434f4e5c337c5cbdb3b890c9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b89ae252785575a08b71e7142863e34c

SHA1
d223de9cbcb881c05a4ea8ef73f1ee88100605d4

SHA256
9710d4cf47629ff00d64cc9f7f4991e5bd1c25d633e15e721e028a2c5633b635

SHA512
0578c7cc3d81518761eb3ebfb463edd297dd7b6ac70506237ff901d3fd819357dbcd37e1972ca21fa0dda6290f9bf16039313c33190dd51d021fe4aa23b15483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
198bf7216540e8ba0456407a2eda5a16

SHA1
805d414da300e0b2ebfa9b75fcc4456201113999

SHA256
a90c0956c02465d7af0f26b755667ba0dd78266c9942d258293e5810b517aa45

SHA512
5c4c06474589f0baa9edca5d7618b9c1ef24d9ad75a486ce3c810b1c4cca146eee4f904c7607bc07bf99463cb2334e4aa29f4aaab8d289b0e9b400572a853e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
94b0d112ffe3b485230f4607de3b92c5

SHA1
b12111c462cde39d8a5c30b4863dc311b620ee46

SHA256
460084b6b002fb841053333f42397a28c6f36678b9643c77440c58f836f02e57

SHA512
caa862f3896bc6c583349192dbf5b018f3ef56056d4181eacde384d19c977db430f5c72b652a064cb41db2948b11649e990a5dd116a6b441fc47e66514915960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
239bb84a7a998b7922978b67ff48373c

SHA1
5f54432022e0c3ef2eacb3f657194c09a6652790

SHA256
4d2c5f2c3cf8901951a1d2b957b449efde34cfe24dd8b904bac9d8f143eb9c38

SHA512
90abfb6c21a5cbdacdac30a81ee24347e9c04e6aed682082a2c4dd61db36ce09a75e26f64daad615f0140f51f0c0f6d4e227ff04473feee7e98e0baffa55bc8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
66a0dd19fa9d4e30c7aa1beea070d747

SHA1
eb8e59d7a745fd14a228bd2dc7e2c19841e894f9

SHA256
a4e477b2823242f5d6df67621b3077b584979d0c617ff1dd7616cd98b3816ed4

SHA512
63a61441452ab37ee072f6823075bb217536c18ffb5dad2754153ad763e683a146845f90205456fce422b997650e0d327368e3a0684aff5490fd78c37f08048f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
846c88eb37ad7cf566417c6e83c0006f

SHA1
5920398a00d9b6007d2c3fb39fd26eea6d03ce64

SHA256
9d4acace0b187b5b76e93adf729c66764d5ec15584b750a6e4a710c11f052685

SHA512
c3166b74426e834f6fdf654ce587249ffd1b473d558271036587d4b15abc370903e0369db6f7d1a31e52685dbd35b7fa69f37c226e12d2cba8be94addfbf19bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
abaa03d85e94ca26c820b7623f14d26d

SHA1
6dfa9f946abf2d8a69b729192ac4f96470b816ef

SHA256
d0985c6e892a685dbeecf291ce709c70b60f1f1dd97194c3dfcaf03d25de1864

SHA512
156cdae54d9c76bb5f7e994f92713ef9a5bcdcf503e7ceb152ff1d8b4a148a311f6537b16fc573e26792c49b2fc91d5f0401907b9fdc2597bc2317af7f82199e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
43f968cfe34a5a306fd99b49252aec95

SHA1
61cbdd3b5eb7c3877715538a1547b49bcff15ecf

SHA256
c92308c22159fd47da5d188bcfefceb512dea7a815114c127e2b59ab71304a17

SHA512
4c430cce83a8f9b0d43d8d59b98b87d51b4d66def5a90dd4b89bad58d7b3b7c7295b25e4f7ad40d97236c07982e0573127d7c068da9dd1c38fabd6e4d70528e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
337894ba8f51ebfdb17886e5fe859126

SHA1
1137a20375b1cdc17adae734aa1ecbe4922633c7

SHA256
fda1668a62130606dce05acfd5cf27603f4122e0b933d673d2e5a104cff7c09a

SHA512
9a2bd1bbfc8955b189d6107cc3ea40fb9e1315ae79826ab48fc0b71eadc8a822350ec017371be6bd5096ea90351b2dde923de11a7bfd9f7300ebea5135425b31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

Filesize
6KB

MD5
0e8534303adbb550b3a0da6c88357850

SHA1
5d3a0b7a654bfae4bb2437736f50b59113a4780d

SHA256
f046e97a7e00a90366050fd686533a886fa55f852bee2d897ed4416d3ac3e9b6

SHA512
99f72c8907f46a80ec9bbd96170e71e59b2da75f826da58db54448f373101ed257b12ab01b192e27affe1a5f5393e3934a41f5e0c703790950968758743989c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
4c5b4c06e8f4db151ade13877f1d2614

SHA1
5678909a780846ad88e4f59a2151f255ddd09cee

SHA256
081754f3e4eeba0300216f9c10f69b95aa0168831e1eb9ef7399a1aa52d6a3f8

SHA512
4e2302f98e0aca2e75dc1618aeb2dc6ed77e791df88ff81cbd000c626af076948d61e6570f49cfd24a081ab22177cddd9fa76c26ccc01a3fe819a5802a3f46b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
34e0731a78d2a377e27a15753b4288a8

SHA1
ddd31c26a4fcc6c591215ef3a5fa6849b010cbc7

SHA256
215fafeef0f6eaab2ab8408ee4ca8fba4c2bda6598e87ebea51229fbc26b8b7d

SHA512
1247e27a53e4613fff12dd8d2840e44b3be35be59a1e4e66f8752db23b3d512e6185f3bc5537a93afa550b9bd36f8bed696d28672204ec3452301f4b3402852e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
607e2a9fb9a574346c9c44b48d74145e

SHA1
4a87681e3aad3db9b488941952f776a4248d812c

SHA256
9147fba44ef4fbe92d78b2a5e684fbf146d34aad1999ff2f42b64283f9cf1491

SHA512
5360a183fd5ffc462f3525aa58b2484d9e4c35c1a2e2ab6a99a3095a50564d4e44f30c9acdec7ed8a96761b9e4b5e530b72bd8d99b71833a4562258eea993a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
121B

MD5
e379af354f12217c2fb0d50f8311f087

SHA1
7ea49fc7c6b7c76414581a91e6e318d906864d85

SHA256
64355e06b8d4bdbf3f425c75f2306e404772d72e773c956abf59041638de3dbd

SHA512
fafa05d56a3425e634aaf0207cce0b5b1f0adb791d01f9e503154eefe1bae044b4c560eb41226d0a82639771075d8dbb4bcc1320ffa6d6b378a1082c6a3e89c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
ceda2aab9fa57d9c54906947e866b324

SHA1
875ea57dc423118b7ca35a0e8f836cd9f88d1607

SHA256
bb40a106e9cad57e5bb0d64a0e47d61482f052251ca68c74e32aec6eabc65e38

SHA512
cb478e8511a85f216e5312a05169df285ca637cc69035e21692d231650c5fbd509dec0a75e1b473fe8bb511976a427c85c624d8cb6dedbef6bae47bc27d5678c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
814B

MD5
d9f0e1a59beeebf42728c916fd425512

SHA1
56b6a207e7f238510a0b41598f69b2afa8abf0e5

SHA256
82b6ab8ddab06c1c4188793d424095b85c8625a4a8da25cdb580e8bb3c067688

SHA512
dd425415aa840622bd0b5ab2ff1fe76a9a1d5c303aae6c5319f29f8ea0aa571dae3f3ee5a46fa677dff1823849d8fc9bee0d778b823929d23f94ed09f0735d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
162ddbebcf072ed92c40af0fcbe3a54e

SHA1
e36b47a3aec1a6c1682eda8b88ee19df15054f35

SHA256
f8e2e1f4957a5613d8e2f01b94411a9af85ce607e72dc0a774b249599d06c642

SHA512
d325eaecb2609f59a698ef3bbad4cf175b97628b666c1594d0dcadfe82fc28a8fbdd47fa6f57069ec66a5558773b8ee7b7b2604ca1ba0b98c626e0303f661883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
908B

MD5
dcfbe532d7a077cc2648985011cac43b

SHA1
6304262244ff5a15036226092e1d7453393ad3e2

SHA256
c6f56c481728216d3c799d2f0aec6043a54206e09daf3f761ca8d58c7d6cd3e6

SHA512
454fe53a0422611db856c08cc3d50daae94e55643b1c5a71e847c2b2e2ebe12f286bc203afbd15b68e4f5e1a15c4c6ac6993658253c67b716aa5beb980556c07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
908B

MD5
9e9c5a6d144dee2baff785a50055f1b5

SHA1
db5516dda1672ef349898813f884559b4801ce53

SHA256
610c3385203c90948ef6eaf003e59b1990ded1d2afd666b7866e3436d6a794f8

SHA512
8afe316110b9310398dded63686f50eb82c8330f3fe39f5e0816ebb164e5c09692ea76a54e99e8785f5320ebd062013a295b5a87b708860b78966910fbced2b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ef8145894b59c58ef0dfd4d6509193f0

SHA1
a4f4fe53e54a7bdbd8796d4780744a3663f42f96

SHA256
d185b883afc65c39ec28a806ee7644511c1a92b358179cc593a2c082cd5f4d14

SHA512
2679af1e25611f61bb6b0fb112cea09e7ad4b1f5a31fc2f135c2ab5a30a22c6a9bda06d292d3650ac69306d1b47ac741cb6c7cef597e98987903c1ea193ef248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e8aebe6e87dbecd6fe10fd87f8d7f132

SHA1
8b908b882db61d3f83058feee44eef92155472ba

SHA256
f6bcfc9f46e67e5143a4d26c2d11ea04881cf0902ed827ae15be18688c7d869c

SHA512
ac9f667eee842f6052d641131abd3d34e1dcaef83e6a682326cbdf19063d8b2f1f1b92873f7ba742e47e7fbcf86d440e2cd4aaeb4041d5e330cf6dc8272545a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e6f927036da3d9bda2b8396a80fbc3c2

SHA1
78232c61f1e4d0c2a11f763a400dbee08047dc26

SHA256
e6c9f7feb0cdd13a636676bd168445d02e9e9c8c90ded3061ee8aa83f2709e99

SHA512
afba16b475ab38142d95389f56f56390c4e21caf93541bb69d5fdb2d218afb7cb4341df5a3240007412319665ae0969a5e467f4efae43a9cdeb8a060912783e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1b7d4100d320d1196ec4e5a469c12a8d

SHA1
18ca91cd8cf3603cfff34adedc134bf7043297e9

SHA256
a8e88e7974a5c0a706917daa791f5c216bfe72d3e979abb6c434cf55a8dd7e0b

SHA512
3a3e06b402e4e7f7a9b714c65bd7f5cd3b7799c9b7b846a57e6cb82f9f3826e3b18f1bee99d19deebaadd8c22c6f165174f8d393b2a9947b50e8c9fcd095e473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
733d1252ccd1f396b7295019a97d851e

SHA1
cd1ac789e93a530a081dc9e2a544b392aa4adef5

SHA256
12a90ed32a81d71921b5fd0cec99ce3a29ede142b15fdc7d3c187b622828b574

SHA512
b73382f0c0aea6d481e40a364ff45ee7ba76795ff4dca8c7a004e1e1a861b2f37942392aa927ae00b2668112ef9d09cfa7845fe06e984266b1cc429b24d7afb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7298617ce6fb3250e6c057827de49a6a

SHA1
5594f8019e296aaf9b17f91b580e20b0d60ababe

SHA256
6b3cec40c7871666d9e87509718f62fdf20acb4cb42d491a8dd4a61dbfd2f9bc

SHA512
7ba8cbc0872dfda8ab7eb8347100843707934e8b835c5ad161ac5ff196e672a99e171fe829d16d57e8ac9be26500e9900061fca98786ff0ee01cc6c18a5a2e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
db163d5109921604f98717bb361aa6c2

SHA1
90c95d63d5db55db8f1840410c27dd881e02aedd

SHA256
53c76f29a74f0c10b433880a9ed82595fef7abb175a07ae12fe399fad62c8e29

SHA512
5d8f101fbfa814fd77cf862d2a9c8fcb8565ea3e4b43d1e09184f28d46fb5af869e37679c857141121c2291d085d9bcaf29a09ae76a33b71174baa947a61305a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
45ed45777a027c039bd5b1dabf0ff810

SHA1
8eb43c294dec3a8073b5fb31e88c9566e0d44044

SHA256
2f146d33f72ea8162ed8626560c5765d56a516339f75b8c1700d850673f696b3

SHA512
184d38cb2443e480079814ae584559897885d8a0eabec02924635f1cd0a0678ce01d9a0c0539764161222c82221e4c6d5609f3c1da520f4dd96d780d75f53c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af1ef21b2349b3c2b59f807e79bb576c

SHA1
2e7c8f30cd97695b68f468b240eb5234807a2a9d

SHA256
75d4e03315961cdf5e5854d59c649cddaa347e27e8e80ecf0fc38f6ba714f14b

SHA512
496403aecf5f708643258d2802e4d82f6c293ec1b4db728ef6841ea2de7ceba147ae431a2d2e32834ecf23f720aa355890eb2f42c1b8f68d8d8658b41d5db119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
586fac7ed2cd7967d9d4ad0107a3a8f3

SHA1
8a92a535036ba384da50d739e480d48f74afe4b8

SHA256
7f1ff5074deb499dc53e253a1d4d1530f7ac6e4c8a60d5f28f14bcbb8d313bfc

SHA512
e72420971fef08a6f37f5330023c2e70f5c872954a020e170d9f0f063131a4fcde04a8820262d4155f6e0a4cd84f081ccc278b4825b6a26e11806f380baa2668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5655847e4bd6e335a367ac5bac2460fe

SHA1
f002feec8645b0ea116091df1106b31a1de857e1

SHA256
5c94ca2ea9703ff8df08fbb3c5eff51e98b1ebc50f94c02df8585beb4267b92f

SHA512
d38bc97e9779d8f891c8643627e6be61660df68b1aba931bfc4664fcfb0b5e2f7f10dab1383a6efce1266c3b38a5e7cb75a3aebd27054e7fa1f026b8ec9c22d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2c76460ef8a4cac38896396d07f10a4

SHA1
9416fed0a73b2fd70a775369b0c6b4236712038b

SHA256
009946ab4dcc8d6f6593c56591c836f9634c3add62382d2a99552961b3ceae1f

SHA512
8b29552050dd2a99b552602226edfd9d741fbcfd7aa0162b0ac68ade8d58eba3abeed0197e0d19dd1bc69a10400afe66572b4832a0981c52f2a46eae2fd44bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ccceb5594f8a163c2844c27f2fdb45f8

SHA1
bd1fe27296362a1f918512c0122418772f95d21a

SHA256
7a7a4d5f9f3fc671eb79cd0ea437c44575ca64503bd3ac502be4b1bb8332bb6f

SHA512
f6227026637ba247f7a712bc4c97e634ae8e256e6ae0b8ffecadd66a6c963caf8654c3eee82d2d4d23b2c7bfc6fab0140fb34472599005bd83ab2c5c3c5766be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
692e54d674480839da07f92ce088010d

SHA1
4eab8b48c6c1c65e13b862869bc7b03abaff4912

SHA256
fd3779b83e620191d7a26665266237d9fe601d95af1d078f4a1c86059bb54caa

SHA512
b33be54a451f5a6e8b40c39012bcec9f81e50a4992ff31021d93a1e081f458e5167e84c590dcdd06a161f41fb375ce3dc7d0765ab1fd5c4ed62b875d5a750f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f10c09ecf4369a71924d3eea63ed7db9

SHA1
1cae542fd07ea4ca874684ea4a132dc8acc65f93

SHA256
f13b2a5ebdbb476da2f3c3d7bf79e3f7ae2fd360481811ec6747c099d78ee015

SHA512
e8fe1275f26c699541a2fb485b629afc953fc9572bf60daf478654f4a30fab9f0d677388571d2b17e2b3f1440aa0342d6e3c3f4f5dfdaa2612fd27ea16ec71bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3758a8f59cdda750bd612584dab5cae0

SHA1
426ffd437d14708fd1a26f6985705eb81a72fcf2

SHA256
3754de674d75c9eaa55c77c296314a96b070a4f8da49d8126ea3beb64ef59171

SHA512
93ee1da7852580dfb61d5d3085aca3a7efaedf136c3ff15263cc9630b1454d6d9b80ea9e8df9b3108300a4c225859dcd803c68b9f6b45d8a89c48feb8850fc8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
277ae1ee2540502f56acec3e0db57c56

SHA1
85c1b44ed3f05594214d24e614d71317c9938545

SHA256
240aca1402f97b0239880a0ad8af204733b934c6759664c93875e72ad09b166b

SHA512
2a554aeea47e648427cc28a18b4926de0aa9398c37200122520b9088614890f537a43a9d4528e8813f5c026cff8ffa047c4a8a59e1ac21b23806c55ec2be3d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5a2160dc5b919c15e7ecc14d63faecef

SHA1
faf252f7d925bcfbaa038e7fe47b9d275728f304

SHA256
937623a5fc27c27decb95c41504ba29f67e0173138ac576ac0632fb661d1525d

SHA512
0a4afed6a74209f0d9eb3e76c8dfba8ecc11c732fa7aca97c8539780798878c39558b46fc89ed1a0b4abe879adf3773032dd92eeab60696f8ff9c0fea4958d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
208b7bd5444706dc6fdef32707ed40bf

SHA1
a1c9cc3a538e97d0cfe83fe07b7fa9c449ea8d26

SHA256
7c51eebcd3f6176eb8e5eef2163c7ee26a68250e942ab623bcf24c9e264f8110

SHA512
c0c61134ea44be94da3bf38e3d3c723b8db776b192334e093ead3ac2f4798a3ac0a2cc09dcd99af9c682ada8845b98b93998df41a1bebd585b22888616f00d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9d9b25122304e65d11deb25b66fc7823

SHA1
9f9d69247c26fba79f0f4c3dd49b3b6be9fea8fe

SHA256
c06ecdb6437a5ab93760b272e2b5304cc46ea6d971d2b03b8dc86db3cadf1169

SHA512
7a86fdb0c3ca3789892021381283335556d8435ccd0dd3ddf7f2dca012f0ed5da0d95956e89643f2abae81612d26ccec9e8a27a849657303c67c7240ff788a0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
227a24466a9ea8b59975b01fe09e7e88

SHA1
f3b85539c995dc7b3a734ec8c2cceef721cac912

SHA256
a7dc30aa1f127af77538b4e348ac024ce1f65cda6382a205b12993d8d0f553a6

SHA512
cb9c3c2fcb4682ac248e37a904b20db4bbfa03cc702fab84d8601119c61764cffad00875a969d42aba502bcbd523158c68fa5b4b4c422116520d1c81eebe550b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7f281bdd1704aabe752dc18599c9f4f8

SHA1
6c8a07f394825f6dd9fc958c253c43ca755cc512

SHA256
06ee6ae4564636b19778aece90fb1bbd6556b95abb2d8a1342493fe227a43f87

SHA512
c64bf3d7ae1a291870fdf962b1d1ecd3fa561de588ea6b70688b7d5f8a81d5427a02df17ba3fd9869779a8f5b037fd4bbc97f4a51f2ffbbe24969e9b48594311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1dfdaee8cb59acec63a96169f2c947cb

SHA1
4eebdb7d58b3ca6dadd40b484aea97af39ad14fb

SHA256
5fcf3e80c32177741deb9e0568d69be1a748230e6c171f4ac01a715246884c8b

SHA512
dd0559f35b42d9ec8987a536e0b959c4b1c1a3de95a7af151fb395af3935036808ed3715d6053481b51e2997596cdc029e8ca5996ecf382bc1f9cfab416bd604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
019c022bfc6a6d670ee9465945e5e0dc

SHA1
26f6e9db68f54cf7176846e9f8503654b5281a9d

SHA256
25f64d38719ea318e9aa568e19719d490b73f6ae23700403b2f9bc0ca819e330

SHA512
f71177d4fea7fd00ebefc4dafd2544a4ad0e22b5b0c8b5921bb34247c9b211a9f990ad8e67b55878b7df25f82fe654ea8c3d1fb353f6f2e1af3cc767c0777f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1620e43f1e096491c6d21f095882966d

SHA1
8e66e6894a8f5c0e820a61854249e8dc65fae3bd

SHA256
e9429d50cbeb62237b0ba501cea0106e314151931880ce0a6119a6b6a5514d35

SHA512
d9ee2b3baa35cce3cd1216607e8d9d858b539f96fa44478734df474ae86c8f9a34cf746a0aa61c0ee24cefeaf0114960524f49969f17d08e8bcef0bcb4b46c43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a9b1554534b135539fe2bb39611184fe

SHA1
98a52cc378507c7932661cb5e8afc512161a4f49

SHA256
90977dc18d1e112c58190f051f852d1238611bfb5c117ca6f102e5455cb24b87

SHA512
849f4260089abde2a377d29ab8a85669d197337ffe830fabddd564b5630cfdd2ff8861b063c8cd7e988d7ab3888080d7d87ab9881cfe1616613bb93e1507af88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c6daecba607569e85347dd4ff3160ff8

SHA1
a68c3897e3f3d79dbd5c0f21ad4dc68dda4a4f32

SHA256
8e9d6d3421e75aac746bf5ff74fe6232052f4774484528c2913122f99fc5441f

SHA512
27a5ccf6f94ba0ace040d7c546683e435d0192622fc13d8fe3a1c97c3b6e479f53496a0318d4b125415455b1a472944375bbc7e230bfb96c998722e08d33c8d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c4621e22f3b403820eca495955fac77b

SHA1
dfd0ac1ff82c78d1616bdd35ddadbdc693b72d47

SHA256
19017981e517b6a4e187c0d12b9cc3252fccc72879b157e0893e2c0c6cb7ab67

SHA512
fd78c27a004835d497397bd77e1586fd8a57969a804ee05b29d503c06a314e3fee3b4c3ffee8effb896d1b32767dc96034ab648244a8856998a41bd7d7476390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4bd8e437979e59fa92364b3f1560f3cf

SHA1
b7e7e756dcaec15d527c02f5803886d0fe62b760

SHA256
9e6ec16888799f7ce7d3f2f18d4fb15d77d09adb6255aad4da4a5ee1578db5fe

SHA512
65fde4b1b98c0158af2bd32306531e580ccd0cf466ba78766ef4abce85f997262d8a47a30ffe6ecbf21138b7a5c86ef71a4a653aa3cecb899b21cd268474ef8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
a6a135d928b97a4fcae468d4a0483c1a

SHA1
d6fb3e7d3c1469fe54292495cec4b70093bdd876

SHA256
9942e709f04c5d20d48ef9c0100a927739465c04409d8bcc00c088ce31822e76

SHA512
ae8c6a1a83180c60bbeacaf26c6dda54c31b1099854d5d81519a57e6fe10fe9394d02fc1cd5347ed2c99aef32a330f79e65398f38541db25aa42d23334df14a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
538B

MD5
c626e87030c72219b18f24282daca8d5

SHA1
9e43308847304bb96f5f6d516817e62f0d0209e6

SHA256
e0b2f3d30a139bf1cef7004c3aadfff3a20452f3a19b40c2542996fc92f5cc4d

SHA512
c992ee28424c35ee23da94fdee6cb9b809237ce85ac5c9419a40f6c18471ff40cbba7248beb19aae28cc87caa5cf2bb87f686efaf1968b9ee8ad082969b3d218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
c02b98b28d4c0ccbe25c91ad1caa77e1

SHA1
6fe6ecf5634106a8c1273c1735f810fc1c024b02

SHA256
dd96b8b941e89ad504bf997195d7e11a6953a7d61d949124bd0ab65316e076ac

SHA512
f98539a86b36939a4c92a5be54d8235a1412c8f884cb906905f44ce34ea6bf1ff3d3d1fee6cd8c4f6a55f99cfbe33c0d1e9f79f7fa12a52f501a7e3b23de0177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13366234806625429

Filesize
10KB

MD5
67a558d963211297876e9b3920a77913

SHA1
80e827fe5fed448d2eea3590445a90b90575baa7

SHA256
3bca65d42609a2ecadc3e637b5355e10f9526a64e768d2628342a2906763729a

SHA512
cdf1fe9ba3be00d81a3c2db642726af1c3a2ff225a2fb9f89ff8a92e162567dbfac5e41756e9566d2b0bb7e19e57bf2b176ce27ff1ae505f06f433e04eaafed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13366234806768429

Filesize
2KB

MD5
6708fb2ac2fbafb2c4dac8d54ff60415

SHA1
1eaaf3d6e73d33974d9af0c2dd54d8208b8606e0

SHA256
f0d82fc5f98d05eda557f109c7e2b0002fe6ec5e865d95268742236aaeab52aa

SHA512
61918d3fb27cc4e42f4e0424fc91583b41c470148d438163b0b95ddb758af8f3620f41867626ba60c2d88d69a5221da0d2218c19e5419e417cdb54a8fb5c8806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
e088d60ef457b040c37d8eb0f2c4ae50

SHA1
675f3405339bc4342d329b40cb0fb143c1bbe5f1

SHA256
3fadaaa80e650dac1a36f1a200e380de1930c4cb80bd2b7c2268c57ea222e0a3

SHA512
a28d999a1b8490e9b878b259a9d168f65b3a1fe35760166798b6d0fc322bb0de82419a46153b9a8138081968e0fcee3c96e05e5b35d9825d14f5a0c7df22b01d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
a29723753bcf3dedacb344c1d56d8bdb

SHA1
6fe40898e63d6be1e8174fea3fc1a2fd293c4dae

SHA256
ed17f37c76240f0f8af1452d536bc455a7346d7ea5248a8bc790b3812be11c2f

SHA512
4e486625a85ae647808fc51ce1fb536a6a535c00672e5ca8f317908962fb7c47cb9c3641c23e528a0d6897565edb58d6032f9f0041c8492d85e00ea8dfc761b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
fb469ee56461307d09b9425f3215f86d

SHA1
1843337a38ab1da7307dee6f120ace2956db396e

SHA256
3d38002367375ae110d47eb6ebc7ad05c2de4e794ff13ace17c32da40b694613

SHA512
a94ef05f89dc86f271b4421b1830b37c8ffc7c374f49efc7b3c9e49b35526d40bc0b6b449d4f180641d4a3c5b6e461e0a7b80c5209b7f7716ead5ea9a46df8ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
151b62152256f7bf8c3d979c2f6cdfcd

SHA1
d6db6a119b88888543dc312298d4a7bebc732a53

SHA256
00f4ee0e9ed39bb75d9a04161a8101fca208fba5424391642384bc9df19e2d9f

SHA512
fbd68e81c1945b7cd3fd505f351eab61f98c599ecdc5863a85294952192fe850fc51d6a5904745ce00d051bc0982d6478b6042e145555e9f459edbb2813100e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b7285a72-eef2-4b30-9000-27e6d6a404d3.tmp

Filesize
7KB

MD5
6d58ba842a45ee904df085ce0cf6d114

SHA1
ecc3d6a48764218224c53b287ec2b86a2b0c09d0

SHA256
944b1873ea0e9755f08883f14b04c4fe6d1f31382f363aaac43cc99a4d24a166

SHA512
fd292782c67fc8c028e066dfec86011b49ffc8de6be218a61d2696441be097c89c447832bb8cfc20c0526169b75cfd4733c2215412f42e02b50f80c9f697ac7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ab6ab31fbc80601ffb8ed2de18f4e3d3

SHA1
983df2e897edf98f32988ea814e1b97adfc01a01

SHA256
eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8

SHA512
41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ebc863bd1c035289fe8190da28b400bc

SHA1
1e63d5bda5f389ce1692da89776e8a51fa12be13

SHA256
61657118abc562d70c10cbea1e8c92fab3a92739f5445033e813c3511688c625

SHA512
f21506feeed984486121a09c1d43d4825ec1ec87f8977fa8c9cd4ff7fe15a49f74dc1b874293409bd309006c7bbc81e1c4bcba8d297c5875ca009b02e6d2b7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
9ab2fff05a166768956a6d3cb805942f

SHA1
d3d6d785c2ee66bf02af7bcc90b9341bbe82d001

SHA256
026947e27bc1db04d1bd995fbba10c8b5cb9ba704813d85f5e171ddfef9ab949

SHA512
b722840ce7691efb5b8441b47c4b36431ad9e73d291c97b2f697b5d5c8b15944dcd65fd6f313957a47c22c7cf5eee9fad242053201b172a1824ba7e85727b9a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
7dfc4147800cb6a0fbea2c5fae37023c

SHA1
5764e7043bb4e83e60141028dabf141e28c36a0e

SHA256
eea4420afbdcd206bd3bc3559c2eabbbb6955cb73834fd0cac43f702f46256a0

SHA512
a090b6a2e6f904349ad3e36542c05d345f75a5ad44d4af08adf21c4d4e3612f697376e089b6fcd04032c0ea2cb2337fffb8737d097c34c2ae9cbd37fe11e569a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
c3b5efbd127d7b3e3100c130b3392379

SHA1
1b85db3eea3707d3885fb3ba7c4135a3e06f819c

SHA256
bec10b599f3a81f255f75a43dc65623a2df01e190bd4446ae4f0408bb11bb0d1

SHA512
e7cd696d72adbd293575900ee60a8cabfa9d293eba07dc90e3a3a2f7c93a3b00d44714c0b7b66863d42c25510170f96b41cafd1da2d0ebb22d4b2f27c2b31569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
d01648dce4a4cc2d310e51db3ffd92bd

SHA1
3943571ae5ed982e53b65408a1dbbd8e541da2da

SHA256
910a29b542fb80d9c8adaa1c77d0dd21e336dc3e91cbad747aea2c7a276bcc9d

SHA512
b642cfac1e50513c5a9257698d1bec47879d20f28e2f05dbbc4a619f865ffd09b8c8453f5e79f141486dab0377cba377f1abde234e50ed3b31b05db0510700d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
d0ad953429ddba8d242c0f4096dabada

SHA1
ccc019c9ddcc44b00204fc260541eeefc1aedaf7

SHA256
7f415e5b402564a71eac2137344bf3b84718a2ed18c93fe5f107244815487742

SHA512
3f02cd8363442328fb70fa3418b55beb4fcc07d17a44c529f876f50e6cc52211433efdf0de4c7a7d6edc7c3266e9d20a6b907d60e0eeab6e95a420377052fae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
f449d10e445de326c21b1189b018fa2b

SHA1
51d7fab810dc0a8324d94229976d3c97028c83a2

SHA256
822d34f55e3d098dcac9562f9370623ded848e6e73c2fc18e25a659cd241edb4

SHA512
920cb9ef9e619a756b975546dec2fac3314686013df9efeb0a7d391b4d6dcb0a1f75596b214072774c2da84c9ee9bba89ec4db18b0d5913683f59086500bba90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
c7b4e9431c6864464aec194346c238d4

SHA1
534b79c8aad080c96032652c60f720bbf814e931

SHA256
c40702bc3b0489f3c8f3e4021e175347de13b1d90ec289e0324eb79d5880a955

SHA512
f518b5273e5b4481bb57701505fe4afd14782b54c166d7bf0577c78358bc76892ce180959687a3d1a34aba894d4e4dd3fe92fe4caed52d35470c5d842bb8ee8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
60cdf4d1f5f2ef8e1266e6a9a45b76ff

SHA1
006dc62cc81279ee2c977facdcbb1531bdd1c171

SHA256
93e02ecd26b68d5d5bdb06fb436e868ba4cdbf86b1016b5100dc7a6064302b64

SHA512
c919caee365072648f803d5bab421b3928bf7474046a872140f15475a2a96ca7c1316a28fa84a7095c90b45b3457abcfd6163480d00e7aff08311b22422730e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
a9a65f5f39a4ecc5d86bbdab3dbdd0aa

SHA1
d194eb394b145df776745d3be62a410cc438b6f2

SHA256
784068337014de09f018998e8772129d47140df444393cf1285ad4cd5c7b252c

SHA512
8cc9672fe5c0eb87dc99a42f8fcd7c462d1e3b5d56a1e02bad85d2654c9b17addf29c50170ed6d8d167e8a92d55d200491752d2ca3aeacdf79f81ff31b417a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a4b1b801f3ae269c5996c7699312b19a

SHA1
7679218028d419351dcc6d6cbc8c1cb0510f691b

SHA256
3f563e8a8c7383f675e7299e3f9328cbeae8917a0f685190a5394b1cdaffb683

SHA512
5bf458781bf5e0e79911a9a82e87e1d001057edace20f1a375d97e65c55f33af6905e07c538e241b00f1a71cc9a7ec1fd4e6cc91c6e6a3cf27bc98195ff05430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b275565556becee20b4c679ce816acdd

SHA1
bba2919f402cc25bae6e7548666aadc3b2f58c9f

SHA256
d8b1e8eb3747ac38a7a07a3ce4cb161541d258335775d90af31d8633b05c4469

SHA512
ecea0d155e6920c18718489d423b1b5fa06ccbeb8e0df4a81a9a94e4fb74f4274d755e099ca9026ef444747a31d794bddd22975b4fa7db0ae9cb4e873cd5004c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9c1307be387242541eccbc8784302cd2

SHA1
805fc9b6da7c187f93cf6f8d3f519ceaef38c630

SHA256
50f1b179c16b6322a2d44e7311066eb58741ba32e64999505085aa756a720a9c

SHA512
1d056d902ace9c97a741d93082a29d2fcb87326fa3f0f10ef04a658b46f10901247702221af582fddb14184205e727c41eaf79cb9be5acc3dc79f181e38cca2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
411d72335d35492c8556df3203f66f34

SHA1
a93f8f3d375cb81c77b4c6a10c09cc1e344fc4a9

SHA256
5b808b9551a09c366235c45866a1667db05ee481cfb042a0e283f8a866a8d822

SHA512
21dddf66688b15ca8b97ab3e322429d4edad8cceda3214d36d07d877922601afc9c1d9cad20344521d4f48400dfb695d94854d98066fea29d4cdeb9637262424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
932f15c233601c6fc204b7a1b6fd8b8c

SHA1
bf0ec7dd9595d480d8cbfe12e421f96457685695

SHA256
460e9bd37cbb34fe3ac8c3c6d5d4a90ce32b5a6d3b8d064b35fb3d4bbb2c60dd

SHA512
2c1c0903a4494a30b77eb59aaed68f57452615299f9bb85523ec49d4b66c5a1c36636ff48ff2c05dced2244591e45e9143c490c21b711041dec4983ae455d492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
285c953cba2ebfb213bab203013c21ed

SHA1
068c1a7eb48e640fe3c426750d3cfd0873972097

SHA256
d6498795e2d6406a65324f2a8948602926e79be6dc8deebfb0f596726986bf34

SHA512
1581705822fc8912c1732d5dba7fbf8d8cb1952462a0fa70cb274171db5e926958a7dd5bafe6403e123f4795f2aa97e95bf152ec528af3fde491292ac781bfa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
faed5ea4a8d01126c5d531e122b459a4

SHA1
65ef271eb37f6c232d47f4b51d94962e81b39afd

SHA256
9c6fb2a60930cb29e62d7d5741126546f74f0b857274d3671c29ef655dbf4756

SHA512
acced7033d47747f5cac825d6e6562e4a7a9ea74841d5657270b9f7e2f653ba418d6c0438ff82baddcee0f1e331fc152c43aa3ce36d155e55d3fcb953c4a4912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
55b0112161b4ab70145ef43046de79b7

SHA1
84387cd4e06e45fa9014e1fdf39c66959d52dc77

SHA256
9c98731baf272192c4a56ebaef2bf02afc83dc81e3676b8a25be88a3cf6f435f

SHA512
ec4225acdec1a92fda989615bd3d8c3adc6ca9a2b5815afdd04ca9768a332a002192c3134e944e3a3c695b732f879a5753e75c62ec4ccfff5ee10a25ecd355c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
59966368acc6178cf01956696315ba5a

SHA1
78db881d003f3fd7bd789215b1c6872d909da532

SHA256
c73c0ddd23b3099f20ed4262c7143d592bbbdbf7742f094841fd6cea06b9f433

SHA512
cbf5f2a5886e3a398eb2a4ccb467f91e93c1037237c676765d325c37521293799e224fe880befc9eb435f86edee4ef41cbecf12d263417e1c2266576af36f925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6b4bdfa2c7454e4dd27321ed90a602a5

SHA1
a392c38f8283811fc097f715819fc08c98e736a8

SHA256
0da828c5608275a4032ef6a19d9002b9c471a75e167634e6858637b59f792fe9

SHA512
139a9145bf43ee98b2c159071ecbf8c2e33c3d411a24fee8473d066284aa98a66b05f591ab0e35c8d0f1423d83309c4df00abfb11f0de2ac4c813d4ebd424385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d29db5c6da166db8976ac7b8ad8a9046

SHA1
6a6d5567e918175fd3eed53e6c7f8b7e47b6d57c

SHA256
8cb82e43ef1ff138dd5f3da792fa058558df2d88de8d9dfc5a96e0f39117ce16

SHA512
5e32a14933c57a21a1ebbdc05d94a6fd6c2b7bedf9bcb2f937e11cde375e00ad479b02ec8d0c632f039e628d3a176e484b0e21193163bec3635a3fafdab48e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
432a598ae946384596996d9382122d34

SHA1
476d657ca726bb33fb3b24a2bf215ec7a2f54189

SHA256
b25b189dc9e11ab0bdcc15c32a74b1e3b71c5aa576d749dd9e3d9b7c3582254a

SHA512
c0e89918f822146243c827e142917eb6eb4148e563828af9fa4dacfd576967acdc5f6d184ce3d8f47bfbd67cbb5e51f2abfc30d0fa5f591f5d08bab4c7305e69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
a81a1b91e9218f907c2fc9fa2dd73a1a

SHA1
87ffa982d7607205c786f55fbb03decf9bb16dc6

SHA256
61411bf609322d5a09326b10ff0ce6614fb826c3aa45f02be491697535e3e51b

SHA512
76cb304e98c3fb0aeae25b4828d8b3161ad03e933a66ac83dfdc3a0e7224d86659ca154f47db73b04398640b1a2126038c261e35df67acf74c4521b440443c96

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit