wannacry | hxxps://github[.]com/Endermanch/MalwareDatabase

Analysis

max time kernel
585s
max time network
585s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-08-2024 15:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

10^/10

wannacry bootkit defense_evasion discovery execution impact persistence ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Downloads MZ/PE file

Drops startup file 2 IoCs

Processes:

WannaCry.EXE

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDCE3E.tmp	WannaCry.EXE
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDCE54.tmp	WannaCry.EXE

Executes dropped EXE 49 IoCs

Processes:

WannaCry.EXEtaskdl.exe@[email protected]@[email protected]taskhsvc.exetaskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exe@[email protected]taskse.exetaskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]

pid	process
824	WannaCry.EXE
2296	taskdl.exe
1332	@[email protected]
1528	@[email protected]
3056	taskhsvc.exe
2756	taskdl.exe
2152	taskse.exe
3592	@[email protected]
5676	taskdl.exe
5692	taskse.exe
5700	@[email protected]
5920	taskse.exe
3020	@[email protected]
5940	taskdl.exe
5528	taskse.exe
5332	@[email protected]
2896	taskdl.exe
5888	taskse.exe
5564	@[email protected]
3400	taskdl.exe
3396	taskse.exe
5704	@[email protected]
5520	taskdl.exe
5380	taskse.exe
5400	@[email protected]
628	taskdl.exe
3840	taskse.exe
4516	@[email protected]
908	taskdl.exe
1744	taskse.exe
4508	@[email protected]
5704	taskdl.exe
5436	taskse.exe
5840	@[email protected]
3228	taskdl.exe
4608	taskse.exe
4664	@[email protected]
4604	taskdl.exe
5516	@[email protected]
2644	taskse.exe
4604	taskdl.exe
5456	taskse.exe
2120	@[email protected]
5668	taskdl.exe
4148	taskse.exe
5984	@[email protected]
4924	taskdl.exe
1220	taskse.exe
712	@[email protected]

Loads dropped DLL 10 IoCs

Processes:

taskhsvc.exe

pid	process
3056	taskhsvc.exe
3056	taskhsvc.exe
3056	taskhsvc.exe
3056	taskhsvc.exe
3056	taskhsvc.exe
3056	taskhsvc.exe
3056	taskhsvc.exe
3056	taskhsvc.exe
3056	taskhsvc.exe
3056	taskhsvc.exe

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

3956 icacls.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

pid	process
3956	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oefimrcpcbg941 = "\"C:\\Users\\Admin\\Desktop\\tasksche.exe\""	reg.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

60 raw.githubusercontent.com
61 raw.githubusercontent.com
100 camo.githubusercontent.com
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

[email protected]

description ioc process

File opened for modification \??\PhysicalDrive0 [email protected]

flow	ioc
60	raw.githubusercontent.com
61	raw.githubusercontent.com
100	camo.githubusercontent.com

description	ioc	process
File opened for modification	\??\PhysicalDrive0	[email protected]

Sets desktop wallpaper using registry 2 TTPs 3 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

WannaCry.EXE@[email protected]@[email protected]

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	WannaCry.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Drops file in Windows directory 1 IoCs

Processes:

mspaint.exe

description ioc process

File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

4112 1528 WerFault.exe @[email protected]
4236 1528 WerFault.exe @[email protected]

description	ioc	process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

pid	pid_target	process	target process
4112	1528	WerFault.exe	@[email protected]
4236	1528	WerFault.exe	@[email protected]

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

@[email protected]cmd.exetaskse.execmd.exetaskse.exetaskdl.exe[email protected]taskse.exetaskse.execmd.exe@[email protected]taskdl.exetaskdl.exetaskdl.exemspaint.exetaskse.execmd.execmd.exe@[email protected]taskdl.exeregedit.exeTaskmgr.exe[email protected][email protected]cscript.exe@[email protected]taskdl.exetaskse.exe[email protected]reg.exetaskdl.exe@[email protected]taskse.exetaskse.exe@[email protected]@[email protected]icacls.exe@[email protected]taskdl.exe@[email protected]attrib.exetaskdl.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskdl.exetaskse.exetaskdl.exe@[email protected]taskse.exe@[email protected]taskse.exe[email protected][email protected]WannaCry.EXEattrib.exe@[email protected]taskdl.exemmc.exetaskse.exetaskdl.exenotepad.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mspaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCry.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Taskmgr.exetaskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe

Enumerates system info in registry 2 TTPs 21 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{7A478B07-B13E-4303-965A-9B828517FF59}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{386E96E2-42B5-4310-8F50-E2E16967BE0B}	msedge.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

2716 reg.exe
NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 900963.crdownload:SmartScreen msedge.exe
Runs regedit.exe 1 IoCs

Processes:

regedit.exe

pid process

5732 regedit.exe

pid	process
2716	reg.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 900963.crdownload:SmartScreen	msedge.exe

pid	process
5732	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe[email protected][email protected][email protected][email protected][email protected]

pid	process
2256	msedge.exe
2256	msedge.exe
2424	msedge.exe
2424	msedge.exe
3664	identity_helper.exe
3664	identity_helper.exe
1548	msedge.exe
1548	msedge.exe
2820	msedge.exe
2820	msedge.exe
3568	msedge.exe
3568	msedge.exe
464	msedge.exe
464	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
2420	[email protected]
2420	[email protected]
2420	[email protected]
1012	[email protected]
2420	[email protected]
1012	[email protected]
4064	[email protected]
4064	[email protected]
1012	[email protected]
1012	[email protected]
2420	[email protected]
2420	[email protected]
4512	[email protected]
4512	[email protected]
408	[email protected]
408	[email protected]
2420	[email protected]
2420	[email protected]
1012	[email protected]
1012	[email protected]
4064	[email protected]
4064	[email protected]
4064	[email protected]
4064	[email protected]
1012	[email protected]
1012	[email protected]
2420	[email protected]
2420	[email protected]
4512	[email protected]
4512	[email protected]
408	[email protected]
408	[email protected]
408	[email protected]
408	[email protected]
4512	[email protected]
4512	[email protected]
2420	[email protected]
2420	[email protected]
1012	[email protected]
1012	[email protected]
4064	[email protected]
4064	[email protected]
1012	[email protected]
1012	[email protected]
2420	[email protected]
2420	[email protected]
4512	[email protected]

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

@[email protected]regedit.exemmc.exe

pid process

3592 @[email protected]
5732 regedit.exe
2104 mmc.exe

pid	process
3592	@[email protected]
5732	regedit.exe
2104	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
4884	msedge.exe
4884	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
6060	msedge.exe
6060	msedge.exe
6060	msedge.exe
6060	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
4456	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

WMIC.exevssvc.exetaskse.exetaskse.exetaskse.exeAUDIODG.EXEtaskse.exetaskse.exetaskse.exetaskse.exetaskmgr.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	3944	WMIC.exe
Token: SeSecurityPrivilege	3944	WMIC.exe
Token: SeTakeOwnershipPrivilege	3944	WMIC.exe
Token: SeLoadDriverPrivilege	3944	WMIC.exe
Token: SeSystemProfilePrivilege	3944	WMIC.exe
Token: SeSystemtimePrivilege	3944	WMIC.exe
Token: SeProfSingleProcessPrivilege	3944	WMIC.exe
Token: SeIncBasePriorityPrivilege	3944	WMIC.exe
Token: SeCreatePagefilePrivilege	3944	WMIC.exe
Token: SeBackupPrivilege	3944	WMIC.exe
Token: SeRestorePrivilege	3944	WMIC.exe
Token: SeShutdownPrivilege	3944	WMIC.exe
Token: SeDebugPrivilege	3944	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3944	WMIC.exe
Token: SeRemoteShutdownPrivilege	3944	WMIC.exe
Token: SeUndockPrivilege	3944	WMIC.exe
Token: SeManageVolumePrivilege	3944	WMIC.exe
Token: 33	3944	WMIC.exe
Token: 34	3944	WMIC.exe
Token: 35	3944	WMIC.exe
Token: 36	3944	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3944	WMIC.exe
Token: SeSecurityPrivilege	3944	WMIC.exe
Token: SeTakeOwnershipPrivilege	3944	WMIC.exe
Token: SeLoadDriverPrivilege	3944	WMIC.exe
Token: SeSystemProfilePrivilege	3944	WMIC.exe
Token: SeSystemtimePrivilege	3944	WMIC.exe
Token: SeProfSingleProcessPrivilege	3944	WMIC.exe
Token: SeIncBasePriorityPrivilege	3944	WMIC.exe
Token: SeCreatePagefilePrivilege	3944	WMIC.exe
Token: SeBackupPrivilege	3944	WMIC.exe
Token: SeRestorePrivilege	3944	WMIC.exe
Token: SeShutdownPrivilege	3944	WMIC.exe
Token: SeDebugPrivilege	3944	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3944	WMIC.exe
Token: SeRemoteShutdownPrivilege	3944	WMIC.exe
Token: SeUndockPrivilege	3944	WMIC.exe
Token: SeManageVolumePrivilege	3944	WMIC.exe
Token: 33	3944	WMIC.exe
Token: 34	3944	WMIC.exe
Token: 35	3944	WMIC.exe
Token: 36	3944	WMIC.exe
Token: SeBackupPrivilege	3016	vssvc.exe
Token: SeRestorePrivilege	3016	vssvc.exe
Token: SeAuditPrivilege	3016	vssvc.exe
Token: SeTcbPrivilege	2152	taskse.exe
Token: SeTcbPrivilege	2152	taskse.exe
Token: SeTcbPrivilege	5692	taskse.exe
Token: SeTcbPrivilege	5692	taskse.exe
Token: SeTcbPrivilege	5920	taskse.exe
Token: SeTcbPrivilege	5920	taskse.exe
Token: 33	3232	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3232	AUDIODG.EXE
Token: SeTcbPrivilege	5528	taskse.exe
Token: SeTcbPrivilege	5528	taskse.exe
Token: SeTcbPrivilege	5888	taskse.exe
Token: SeTcbPrivilege	5888	taskse.exe
Token: SeTcbPrivilege	3396	taskse.exe
Token: SeTcbPrivilege	3396	taskse.exe
Token: SeTcbPrivilege	5380	taskse.exe
Token: SeTcbPrivilege	5380	taskse.exe
Token: SeDebugPrivilege	5876	taskmgr.exe
Token: SeSystemProfilePrivilege	5876	taskmgr.exe
Token: SeCreateGlobalPrivilege	5876	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	process
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of SetWindowsHookEx 49 IoCs

pid	process
2720	[email protected]
1012	[email protected]
2420	[email protected]
4064	[email protected]
408	[email protected]
4512	[email protected]
4336	[email protected]
1332	@[email protected]
1332	@[email protected]
1528	@[email protected]
1528	@[email protected]
4708	mspaint.exe
4708	mspaint.exe
4708	mspaint.exe
4708	mspaint.exe
3592	@[email protected]
3592	@[email protected]
5700	@[email protected]
3020	@[email protected]
5332	@[email protected]
5564	@[email protected]
4336	[email protected]
5704	@[email protected]
4336	[email protected]
5400	@[email protected]
4336	[email protected]
4516	@[email protected]
4516	@[email protected]
4336	[email protected]
4508	@[email protected]
4272	mmc.exe
2104	mmc.exe
2104	mmc.exe
4336	[email protected]
5840	@[email protected]
4336	[email protected]
4664	@[email protected]
4336	[email protected]
4336	[email protected]
5516	@[email protected]
4336	[email protected]
4336	[email protected]
2120	@[email protected]
4336	[email protected]
4336	[email protected]
5984	@[email protected]
4336	[email protected]
4336	[email protected]
712	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2424 wrote to memory of 1020	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 1020	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3052	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 2256	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 2256	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe
PID 2424 wrote to memory of 3852	2424	msedge.exe	msedge.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Views/modifies file attributes 1 TTPs 2 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exeattrib.exe

pid process

1964 attrib.exe
1416 attrib.exe

pid	process
1964	attrib.exe
1416	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
2⤵
PID:1020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
2⤵
PID:3052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
2⤵
PID:3852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
2⤵
PID:560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
2⤵
PID:2060

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
2⤵
PID:2808

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
2⤵
PID:1588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
2⤵
PID:3648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
2⤵
PID:1160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
2⤵
PID:3404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5352 /prefetch:8
2⤵
PID:1936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
2⤵
PID:4780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
2⤵
PID:560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
2⤵
PID:3168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
2⤵
PID:1464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
2⤵
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5504 /prefetch:8
2⤵
PID:768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3812 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
2⤵
PID:2656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
2⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
2⤵
PID:1876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
2⤵
PID:1548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
2⤵
PID:1528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
2⤵
PID:364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5336 /prefetch:8
2⤵
PID:1964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6636 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
2⤵
PID:1636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
2⤵
PID:1620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
2⤵
PID:2488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:2096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:2624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1012

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2420

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4064

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:408

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4512

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /main
2⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4336

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
- System Location Discovery: System Language Discovery
PID:312

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
3⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
4⤵
PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
4⤵
PID:1608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:3
4⤵
PID:2240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
4⤵
PID:2212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
4⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
4⤵
PID:2336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:1
4⤵
PID:3060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
4⤵
PID:916

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
4⤵
PID:1852

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
4⤵
PID:1808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
4⤵
PID:5148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
4⤵
PID:5156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
4⤵
PID:5336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
4⤵
PID:5344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
4⤵
PID:912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
4⤵
PID:5312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
4⤵
PID:5752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
4⤵
PID:2628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
4⤵
PID:4080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
4⤵
PID:6036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
4⤵
PID:5892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
4⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
4⤵
PID:2096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
4⤵
PID:5692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
4⤵
PID:3652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
4⤵
PID:6072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3680 /prefetch:8
4⤵
PID:2644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5976 /prefetch:8
4⤵
- Modifies registry class
PID:1028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
4⤵
PID:5820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
4⤵
PID:6056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
4⤵
PID:2560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
4⤵
PID:6096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
4⤵
PID:2336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
4⤵
PID:5648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
4⤵
PID:5768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
4⤵
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
4⤵
PID:5304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4984 /prefetch:2
4⤵
PID:3252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
4⤵
PID:5244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
4⤵
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
4⤵
PID:1108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
4⤵
PID:5476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
4⤵
PID:4732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
4⤵
PID:748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
4⤵
PID:5744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
4⤵
PID:5892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
3⤵
PID:6116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
4⤵
PID:6128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
3⤵
PID:5708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
4⤵
PID:4032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
3⤵
PID:1540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
4⤵
PID:3288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
3⤵
PID:5332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
4⤵
PID:6028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
3⤵
PID:4468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
4⤵
PID:2808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:6060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
4⤵
PID:5788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
4⤵
PID:5524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
4⤵
PID:5488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:8
4⤵
PID:912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
4⤵
PID:5624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
4⤵
PID:5132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
4⤵
PID:2368

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:8
4⤵
PID:6040

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:8
4⤵
PID:1288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
4⤵
PID:2212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
4⤵
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
4⤵
PID:3068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
4⤵
PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
4⤵
PID:5160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
4⤵
PID:2260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3444 /prefetch:8
4⤵
PID:5844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
4⤵
PID:5344

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
3⤵
- System Location Discovery: System Language Discovery
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
PID:5732

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
3⤵
PID:5464

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4272

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
4⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
4⤵
PID:5152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
4⤵
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
4⤵
PID:2240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
4⤵
PID:4004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
4⤵
PID:2128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
4⤵
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
4⤵
PID:3000

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
4⤵
PID:6044

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
4⤵
PID:452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
3⤵
- Enumerates system info in registry
PID:5236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
4⤵
PID:5132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
4⤵
PID:1684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
4⤵
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
4⤵
PID:6052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
4⤵
PID:6044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
4⤵
PID:416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
4⤵
PID:1948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
4⤵
PID:3176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
4⤵
PID:4584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
4⤵
PID:1200

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
4⤵
PID:1852

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
4⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
4⤵
PID:5688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
4⤵
PID:5444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
4⤵
PID:2024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
4⤵
PID:1160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
4⤵
PID:2260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
4⤵
PID:2724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2136 /prefetch:1
4⤵
PID:1444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
4⤵
PID:2720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
4⤵
PID:6136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
4⤵
PID:5284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
4⤵
PID:3004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
4⤵
PID:2720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
4⤵
PID:5712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
4⤵
PID:5316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
4⤵
PID:4924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
4⤵
PID:5392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3392 /prefetch:2
4⤵
PID:3540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
4⤵
PID:3064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
4⤵
PID:3852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1
4⤵
PID:4332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
3⤵
PID:1936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
4⤵
PID:3024

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
3⤵
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
PID:5976

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
3⤵
- System Location Discovery: System Language Discovery
PID:4232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
3⤵
PID:5352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
4⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
3⤵
PID:840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
4⤵
PID:1176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
3⤵
PID:4360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
4⤵
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
3⤵
PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
4⤵
PID:4196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
3⤵
PID:2888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x94,0x98,0x9c,0x104,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
4⤵
PID:5484

C:\Users\Admin\Desktop\WannaCry.EXE
"C:\Users\Admin\Desktop\WannaCry.EXE"
1⤵
- Drops startup file
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
PID:824

C:\Windows\SysWOW64\attrib.exe
attrib +h .
2⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
PID:1964

C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:3956

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2296

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 283191723216873.bat
2⤵
- System Location Discovery: System Language Discovery
PID:3064

C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
3⤵
- System Location Discovery: System Language Discovery
PID:3532

C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
2⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
PID:1416

C:\Users\Admin\Desktop\@[email protected]
@[email protected] co
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1332

C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3056

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
2⤵
- System Location Discovery: System Language Discovery
PID:3516

C:\Users\Admin\Desktop\@[email protected]
@[email protected] vs
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
4⤵
- System Location Discovery: System Language Discovery
PID:244

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
5⤵
- Suspicious use of AdjustPrivilegeToken
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 248
4⤵
- Program crash
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 248
4⤵
- Program crash
PID:4236

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2756

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2152

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+buy+bitcoin
3⤵
PID:5536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca4718
4⤵
PID:3216

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "oefimrcpcbg941" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
2⤵
- System Location Discovery: System Language Discovery
PID:4604

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "oefimrcpcbg941" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
3⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:2716

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5676

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5692

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5700

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5920

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5940

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5528

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5332

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2896

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5888

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5564

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3400

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3396

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5704

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5520

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5380

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5400

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:628

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:3840

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of SetWindowsHookEx
PID:4516

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:908

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1744

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4508

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5704

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:5436

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5840

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3228

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4608

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4664

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4604

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2644

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5516

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4604

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5456

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5668

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4148

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5984

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4924

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1220

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:712

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:1612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1528 -ip 1528
1⤵
PID:748

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1528 -ip 1528
1⤵
PID:4424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3916

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4bc 0x4b8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4028

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:5876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\AppV\Setup\@[email protected]

Filesize
583B

MD5
7413b45735801b9688a426b954144567

SHA1
287926e4df92fd70c56ddc1cfdf5740017af81cf

SHA256
102578929605bafc29cb002ba9e4b3244b31182e62c032214ac198db6f253b81

SHA512
efc24d50f7d9d4d2bca13ea2253e5ab4a9facaebffd667011c774868be2246ce79ebbf5c0541681e18d500ca5137c5140373481d3340aba8c37cf868efcc500c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c7571cbcc1448aa5246016ad0feba7b4

SHA1
36490fa23f20b45bdd8cda5f72facf47583ebb10

SHA256
8dd3ff85971dffecaac0e59a8bbb61259e9df57ccaa51ea8c316cdaaa91eedb8

SHA512
c17b5de201915e4909e3207d3ded218310e714057ec6c98e0f93fb7b75de7366bab85081cb8d8827df0123509fac176e3d201ac36db7cf25edfa649dc95d766f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
83e6d0bf4f148f075eaedcccd4ce57e3

SHA1
2e0977f229e314490f5761c622f6cb04a3409e32

SHA256
81a1bf635bc913773e162e3367caeb6aa17ad91b211aee06ccc1aaeb6abb8d18

SHA512
21132a003b85fb4741ef3a9a03f4b0079c1c7761df32e680635ae63c1e3d6b8dd2ac7a75853299fa706c4fb0590d60b0fee50c3b17b3eba62df4a859f192da28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
de6bfb97f7053f2a9bccb4db99681bac

SHA1
1610ddcb911d76d024bd72d5f1eccae76b775fe8

SHA256
cc772ba8bbdd7f0b913a5d3a154a6725c4f092589eff63508376e3f20196f46d

SHA512
c627fdcf29a6d73af775103fcc50e8481c4bb2f08b021551c707bc1947f22c6aed7974f56592a6dae1383ba9ec5d27e2f9a681f33abad8648145322cc7cc30a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
943b881cb295a917ac5c33a96766468d

SHA1
533b641cba852b3101db30c1140be65e64359ff7

SHA256
41a4e14dbb2c8e0d046a730325d17b220a9ca01d3b56553423acffc5d62f8e6b

SHA512
4bb21f697fb8470ef45f33e5f58bc1f274f86dd0b8932b41221101f52eef83cf33d11c5b886de526848e0cb5b71664c29004637c3188f797f0d8d4dd96e60d44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bdf02139bae8328034646ff0482002ed

SHA1
7a3386e5aaee13c1afdb1b4b8594511eb576640f

SHA256
2cb5cc189c41789ecf7db19d48cd86db8b4868b7bcf0db880905fc08e336cd56

SHA512
b9b539ce90975ae7e1236310c16985a72b7092777a3b4b12eade77724a2657364f267318e8f49342da16b7770e060f6882a3b4418d7d1ac2f9c2e05b671584f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e17bc73f23d69d8726f5aa4792028b1

SHA1
5e2ab5b3e67f6e9fdc06ddd0ffb07fb774fbd866

SHA256
a42d129ad26b9e871fe6a5fafea5024ccf726068a53d237fa5dffcaa311645a3

SHA512
ee5a2f3586aa4d8a7f6f3d303345ddf514ce1876ea3c324e699fca6e9d90ed908f7297ba570151bb79897dc85fa1e7dfb52e5673b58a2550d3589b482b8977de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
98e1ebe1d47a5c85ff6845eb5411559c

SHA1
a7bff28ca513eb97450ac611924688871e595a9d

SHA256
5fde89ba9ebc7d9db7da439e9f11918920017ce246b11a07357f4cdc8c517b53

SHA512
6ff48d11aa13b959d9f13d172cc203e8afdfd5f513bb4657ef4798acdbc2ccde7c5bcb43689e88a5eddcde71fa98ed5d69515ec0c971251b85b251403feb0766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\817a208c-fb40-4f02-8ea6-64e0dcbee749.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
41KB

MD5
00d4cc262b70dd3d386111ff78fb0812

SHA1
628d4dcee1e82d04ab3969c29e256cef10101407

SHA256
956916ddd6bb5ebde0f5df3605a524d1624ea335cdc6bd5bf26681d3a5ac5239

SHA512
12f3cf77c4ee58eb00b08ced394d35e35237da4bc9ca62b1408c6dca4350068aa94d3a0e98132aa0e6cbcbdb7dee9c2b9c5399ba7c4780442200ad37a4c2b1a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
1.2MB

MD5
3f06d90f781a40e2014b2b3a97c48b41

SHA1
660682729eda776fef2b49c1e4be9860a032bed2

SHA256
c051c48247b58ba107b7ded31e6a3913c8e0c890e547047080132f4ad81545e2

SHA512
ebaca5aa11d984601460b0def00e974411397a00efa251b221145eab261a8180c8e35347693e1ec3a1528b8dc206259593f21fc1618fa79840f588286c7e6224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
820KB

MD5
02e604f7843389afb730ca36ffb02f57

SHA1
a8d72bbe97f6934bfcbf42d279bbed0dc96120a2

SHA256
efb317934f9e8cc3bfbcd81977199c2a97b22ce3e51f8bccbef475b4c158690b

SHA512
591f1fb1e55f314852daa23d45cd3b46881142e881d7f96307b376eb4192e32df372873b1e89f4fb90090642184892500f4a53c774e00b8e4210751e13429808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
d6c54b07bbf9d0c92a18bfa9e855aa47

SHA1
50cda5dbe2a20c7a399962f305857c8afe03de6d

SHA256
05f413f716ac68a408f0466a3aa6c09e0a7be647a8c441e4e4fd5a003afddec0

SHA512
d7c90e7a155f53a6d938ea16d52b84400df689387168d8d6eaf68b94ca705c2a60481215ac29679d93bf9fb4b428a164a4f665db3bdb2bdeec195b583c5e6b52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
bc3271f83b545612d30b98e17da52bd0

SHA1
4b00798ac3520f9d5054ae1a6aa67c76d982eaf5

SHA256
1f268320cc3242eac4d2af5e54f03c45a27cc665288eac58f9874e09ff047e74

SHA512
ca7e492eb22a9238eb36dd3dd1d17714a10662a9de9a8d6816476e181ef1c1f2b108417d1c378281961da135908851f75d8a04fc839108eb431f278205ecec80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
9d69ffaa433dad09c2b052aa43326591

SHA1
1ad6eacdd8b7d8d90028fd1014ffb0d78a302f71

SHA256
4b3d41ed31d46fda58ae53a2b93aabc56757cad1f583520f0818d5ba1c136c5c

SHA512
95b9b7a16069d2f513e555f30385e6ac4473facdf1c0df667eb7d811a93327469896c6723ac5568c133862557bde9a4495099f4076c1972be6279d92a12533c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
084c0bb9ec475efdd86bf687cfc2e7ac

SHA1
0f3c789db1da1988f0da66f037d98e00cd9caa49

SHA256
cf0f4e7c3cfaab2cd8330cf2ad1826ee4c4ecc39a0f1681d36af5d7ac07ae0b9

SHA512
0b746f55ccb81bf150ff3f3351b7535d68df655d96c3a352c665c282e2cd8baa906dd7acda17dc6c40dc47e8b329e1e2aa0a033f46b34ddf2bc728a5d3d84389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
4479b5dc76210bddb0aa9cc1fb5ef3ae

SHA1
62720f574c9cf9bf32601c2811090393cec4bc57

SHA256
ba230cfd105eca4295cb4c194d12a0060a3aee0e4eb14f2d66d678aab13cc793

SHA512
ffa75377991797df786c68795ff07dd63121cf3b8692aad2bf79330c96f7f185110296a8e14509714f497dee9152d47904dd1daa428a345902952b30498d6bc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
40fb7e77a6fe6be1fe635157613c9867

SHA1
1dfd24e3e1768b33c47de8e73589409a331ef793

SHA256
4114d11758488350859ac1bb72913a38dba68740202f7ec613e6fc9db52e01d8

SHA512
1c0ed5eb16e4465eb8f112be5216f877ca1844cba49968af60457abf6009ef340659c36c232d3918f29dbe9c76c34ffb81f5bd8c345426f89ff244eb95462935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9767147a4a26865d2f8abf63c170c8bc

SHA1
b081f423192b80cf47cfdf16f571227a88a0da92

SHA256
86cde2d88d69eeb080d6a9cf402994a0b2f1b4a8ee0d13af26b6f031d2ff36f0

SHA512
6a02bb0dd91c517a8e83108ce0af5a58e54d14ebb9684e278a22b3b648cf37a3d19b90b8262d9dd316849c040f260ded6bf8e058d4fef60ccf9fe315ef31b387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
23ccbeb7829959ca1fbaf3bf2596d4fe

SHA1
0641c63c96264044e0ac5a5a45fd161d3af22ee0

SHA256
af13ea0304b45c82065a1c871714286ea8915e3d99a40f8e81007979b018b4af

SHA512
17b58c60e77edff02ecc015f469403a42ba1e3b84c890c1afa2f7dda9b60d9e21ccbb29c96100d0dcdd2cf4ac2edefe70c4be2ce81a0e1591e1e9a17df7ee36e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2ab8d011f66d98e1f13706acdd79b572

SHA1
06956fa5d061ccab56b52c74a78e6dbaabb8d852

SHA256
bc302c8f134a47d96d8dd9061c37c81e5899d3f3e881658b356d9db33225910f

SHA512
489b4bf8235425d9aa225275ff40b6ade5e7139ff1c9055f2b20f7dbb6ad0a999d2fa36b9823a404b04980ec568b45a946deae2e9845a2d89c6a58fdd9add8e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5abb81.TMP

Filesize
4KB

MD5
f7c08b3561015878cf728971405743eb

SHA1
1c8f37969e6bb3ee68d35b6cccf5b85056b84a3a

SHA256
9b8f878da14be9fd8a850ef6cbf904b597c92a986aca4ad7a408b1656f1b067d

SHA512
c55eeab349f11a4beabef8fbd1b34453708ebe1abe33d16c4e9c655c5f60e307fea9f4d7957e673365075f9519ff14642975cefc80df148d1f274a76c0353c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
b3b6bbacef136a4186c5c60598e45ead

SHA1
6798bd669721754360cac65702141973252097fd

SHA256
73c5a89b6bec4d4b9a77faaed8e278991a33f4402b6a1990f6fc5db3eb6296e8

SHA512
e78c55638dd36f7394ad19230e74acab9e9c00ecc0b5c71e623fc8fd5d624b556a06318d9264ae842a4d57c91f42d1642c410293ccec8303493b824194d9f142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
2a3f3e0f4d87b63f70bf2d3adbd1683a

SHA1
f86e1f6d969258bf46eb9d57ce6e48d804f28ba5

SHA256
d4b9710e8de719174630a186a8d485a441df94eea73a009b7bef5a0c42faa9f7

SHA512
8dfc69c89ea3b5a6b73f8fdceba2185a79f85b216cb2e2d48c8fe20a20a01bc783e4cf5a94b74f22725bb594092f3a889515c4b2dffab4ea59b1623893e0c87d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
9a7c70340c70c0c564956af620efc03d

SHA1
1d02cbe822b73f1be8a99c0ecaaa2055c3b73128

SHA256
be847055ea25af94da19ac412242575ca86ac2a0bcb190f36c5e5345825c0748

SHA512
0b31e98ccefe106d0f17073be06f7f371df3233d3ba06d7b541ed32bcb611cc37873275e635f12abbd3b2fb0de8042d0b3ea66d47194413994f77b2b71eca983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
8a7099522f9c09dbdbc974b48f9ed2bb

SHA1
680bd94a9d20a6f4526b5b54425f7d66401eea33

SHA256
79db0aacf2a399201c4fbb0d6b26b7e192ee07f8fa1dfb43282f07ecb5a245b7

SHA512
f936b70f0e2d0b225622bc165b4388d493510c1eb776814a11ac6be32e31f1e09a67c1db0fde273953ba868ae676806982553a5501ce70735b0c170cee397b91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
4e4d08185c05ac430a97c3428737e50e

SHA1
70f90983c1d041b530c55126767ade1509eed3ec

SHA256
54a2b44ea77627a25232d770879417b90d5efb0c8f5ac8f2b67ebd80bdc26bbf

SHA512
417768c427abf3dbbc3145256f55642e4ce6981c635608804ed890f2c20ea5afb0ed74406116e74ab5988ee2a1eb2fbe220a9c85cc451400918b0d32198e01ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
5KB

MD5
fe7bef998d4873b5a57e8bdcfafafaaa

SHA1
dcd7bc7da6650c4c01ceea0cff1e1edbe4378d86

SHA256
b46bb2a36ca2a62013e45fe86d2ccc79cb9c83dd7437746078d065f069455633

SHA512
b45d9ee74135f7f862a3e55ae5c34f0ede3e94216fa780887f2a64e2f42dc0f79226f4550e9aacc1b8bccf25a68adaed41eff1c4365cb57f141623c0f7ecc077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
32KB

MD5
fb1fb1aa49d956fb2cd2822072b2514e

SHA1
cdf1266ce78fb9a8670dffaacd295dacc5c3ed7e

SHA256
aeb5f195cfd114ae349cafac1854011cc055184b2d6e43c64b4ed016870b7e7e

SHA512
48cf39aa6ba310bb7945ab57691524ac7238f7f7b2ae1fff4c68226862600d52b22db8d342a52259051421e6b6726cff90f74f383d164f33cae80197b48baf14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
2b51f6c62270e8ec578962b3d0fb9df3

SHA1
a6f37901bd404ba23bdd5e95ebe6f8dee4814717

SHA256
27fb58704a04bf223e6a9ea6b4b17651d00fd03c3ae58b938ecd5b713fb4c6f6

SHA512
67cdce2208c0b446a3196bb61a32007ca3c6a4944e900cb9fa5a5d881140a36fa1dda6fae72fe60f9dde6c31aa332a5ed0a6d7d0d75192827928783430d402cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
950105af3c81fa622057b1813df97ea7

SHA1
e1692e303df33970f27371719e15e9d813c57847

SHA256
518da3c1e78cee30d56cab5ed37b75dbfcc56fdf34483a088c4cc01b6700bef9

SHA512
9197a12af5ac2ca8f4bef8bcbc9ea31a0c57f253b4e5a251a8478d0d54a1f323cee87a7b01f54950d430e0338efeae588ea01b976e3077d0dcffce5a78a7d7cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
9f3e47d278e93bbe54b2422686098686

SHA1
80f42afbd6b087cbe17159b85a4b3e86272407a9

SHA256
9a90b3419118a6162b9a37cd67f94e276a2640080c1c07f1b3e11bc2e78914ba

SHA512
e764005439736db056ef44abc31a5ee45fd069e63cb16acd18eefedb6d5bf03a5617de3c05afd0dc9de437b135e0d53dbe235f822e21e4df8f71c54378794d34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
cf73e46b0ff0c7513e755b97255e930e

SHA1
6ded46b8877ff9360539b59566efc85fed8f7af9

SHA256
e866a4029a08d1abe5f1fdbc394d1e5e161acacf812bd9a0b6e418061695b509

SHA512
5fab25a46af8107c026b881974e126a3d0ef3ca41b6e7333cfac337aaadfe04f7606184f883c5493961237ca6d65e097ae09ce67eda1fe30fe3ecb5b3e887129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
865B

MD5
9485afbffca621334330da44f0526fb5

SHA1
8a667edecc18473c58416b60a80346082d74f20c

SHA256
3b0c26c6ec293b8a224d0f5901742a346dfdadcf9d4217981d32148ecaf63767

SHA512
fde2652d970b18e4afa87662ef557efb7292fe1e62ad4dd58781844458cdb4d91032beca3f2b1d44cadcae481e0e0fe5f9e6ea0ae4785eada4332ba2f8ccf82a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
865B

MD5
cbc5ada5d1aed538b672f7a0bdc5c07a

SHA1
0a4c4e3a0f693f1542f3511f6db8484b3cd85622

SHA256
364466e5ab92a4992699839c582e0df3e138fbb696c7b99af024902b5dbb062e

SHA512
99dd038edbe7d4e5ecd6b8deb0bcaedb608c55515b7ef9b3ab3733793f2eb5b1e0d347c35a3916a6fad843f8f7770d0e963fca0992bbfc6e053c81d639900315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
1b01d055b0347ca2658f331b3caa33a3

SHA1
37d395094c184078d190965f1f70ef2fdec6a82a

SHA256
c3f04256494dc7f0a925b572468610267a8ea3c2b2d0364a993294b2be7f4f18

SHA512
33150d577d8dec83318a03024bc90e8683e60348db2b56f080a8471f09884b6cebb7efb2b2d2a12fbf8cd5d3f5b5990bee3945ab72d2494c35090bef83242205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
ee92ce84489d99c1463009a93c54c8df

SHA1
439abbed81c9153c229f6bf3684edceb21da4c5c

SHA256
98e4e6394cf310d7d457d4cf6f73a7258bfe8649c7aa52437d13f2f3e784ed07

SHA512
bebe16439ad5e1f4aff3e311e9c853920e50c71b5fc7d4f32cb3e1d8d6c39482568e80d09bd4c17c0006efa251e3668b79d4af35a3b822cb56bdff672ddd47cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
1b2196bcf883b9ab311b9f3656962ea2

SHA1
17e8699d4af6dec123812cd2b463f2ba1fffc721

SHA256
ae3e514eda1a74ee9ae1aacb525ff95ff40a178b8e3b8e83fadbad9344d0899a

SHA512
d03be2a80846752cb4b5a3b77e57fa6a37a83c1da58a867c5b3bf5a9052c7295a58f18ddd537b011b79832d7f323023870404509e7f3b836b27b2049c91d0bfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d184c066a733e01d1644964adf096244

SHA1
2c1d49e0de301ce4a97f2e49713e1e0c027f6235

SHA256
66c5f9c970aa71d1c94d9eead71a1ce41ae3907d9f6434584ff7741d0e400c60

SHA512
688a3c07695d70396938f365a6c1d53bab7b6205af2483ae1c4c0b56149e56754d1bde50f9330f521b0d9099a5d316465b9322d744e40d33182422bb0f8d5988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
7646eae24a3b2447c4623320f7896219

SHA1
0c4eaa832c133ba2f513ba7c951d66797b5cdb6b

SHA256
f94c13aa0dd9d3467ee36558fd193fe5f756ff75cf66c95092347103c50a9458

SHA512
5bd322b5738c8249f4a9c82bb10f75ad73c39de078337189225fe4ac759beb1282891f5a2b776e98a44a1e7089b188103cfa4c5a45d707640e4604f9da296c74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
f8e3ffc71f65e763f3f2d94a10bdf6a1

SHA1
27f21983f0a103c654e9f27070000af878b2bbdd

SHA256
aba1aec6fe99e21834bd79f61e2ff22e80bffa04d2bf202b020de39e192763e8

SHA512
8213fafba1c6bb3cf377fd0bdffff9ab7a93c822499f09320f7a350af029acc7d5f740d78631bee4fb81b6c611bb4c4d78647b862107bca8fa8e1289cd772792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
05c1af1fb549113f70c43a7547484d6c

SHA1
ad781cc9a469dfd6a6d88bff696446df0325725e

SHA256
6c1523490a89500c77f02e4f268fdfa4e05700b7c3a692b44be808688f2d873d

SHA512
a33d62503a99653b4e1807a13f559f9affcafb0bc2b3ba06ffd45d396f25662d64c988b2b549840ad1b1573bf6eaf1c6371062d555a68fa7422acce1c35386ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
44777568f508267ae0d4229c26ce550a

SHA1
83f837e7b66ca2104b541aec3599d762181ddc69

SHA256
02eeade535d7665fcc1f78764baefc6e3656463855ceed483826aef6900197b9

SHA512
dece6e9c070ff4c6f06a5fae1b32395c43a8a62a3fa3e9a3ac21fe138c06d18a403e2dc2a00f948a8d2e53d510cc722a0fb7a333e93b6daf190f9f41d5e2c228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
0a2124e3e9413e290e93a250dded97e8

SHA1
e9ebbd98f57fbbe1375caff12e3987d08ca8d668

SHA256
e4d1194be1b67975716d76613cc6d75e3b70d5186a6ef44cf39472a9b3070cea

SHA512
9b734c2f374425b3be4fd5af6d6d90ffe40f7e518b6fa84fc9867aa7b19b34d892bd0204ea804a8606a682e5d53ade203a9c1f2724b96b0b5c5e7f8154963813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
01cb745a65c6581b8ab64c9053036190

SHA1
afcdb409cb351b6583a003ade3dc46dbabb34efa

SHA256
266a6057949bc8f880aeddcdd1a24d8a03b61d5218d37024a81198aae9ff0ff0

SHA512
79bd343efb883fdfa6ce1a65382396a9880ebb9d348a6b01d4b4dcb1290fcdff1d6f6cb4168adb484cd3f13a51ff2729c54ea46928af02e1189dd36115ba467c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
e7095fc1263c54dc2075ebfd21ea01e7

SHA1
80c87ec952de4f72731e17ffa306a5caf30642e1

SHA256
68f91a7c8e53b114ca9fd61d7fdc39c51393920eb6f8862d2c5616ce3060141a

SHA512
d5fea0eab77cda272940e83d38d5d7df232ccbca762ff850316860b00677b105cf0beb0dabbbcf6deac412fb58d78e6543270cb8b44d7de2ca490b1bfa094bb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
29e99b59bfa55575d51bb21d4f0852c2

SHA1
fa87b1782942a14ce4429b4bd0384a2cf37cac58

SHA256
ff26bf08ca15996c39bc5fad1147171a1b688e82330bb55c1e4aaa38487072b4

SHA512
eae02d5dfce34a8cad3d2c14dd0b0539425885228452bfb7e6da72caa2640b80742d4e1ddb5a1c96da497ad52bb57ff5ac7f90d2dcaa0936a072088f5ea3185e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
4e40d744e8fee1e94ed9c3c722b35efb

SHA1
9ce98af55406158eb3dff7ee47ee0199dab082c2

SHA256
862c05fe168c498a41d4baa12c81759cfe911c6cc748bb6fb1466560f47818a4

SHA512
1cbbb3b719d1f317a68c0fd55ae5ae95e40fe4952f6b975eeccc572d9b19d0dad16e57e7ea2306892f15144e8befd0d286973d5e7e5b74cf3e6c6d7c3e18adb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b698a4fe505d8cbbc2fa5034abd3c823

SHA1
22894d03d1c5965e3ffffc520aa2b75d6bbc994d

SHA256
f6b2b3817dc6a8b3e54a4c55bd5c13956eb8edb3ebc56bb424854c06ca810fd4

SHA512
feb1ca63385a8b8e005fb94f2de4bf70c2720415ac86711076c9fb7a61790baa8c495d9b5b9babf6ca3e23e8e1997400643423d64ce4dcae6d03e1e8d8566501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e5697fcb2ec5f3bb5b0b157d91118e74

SHA1
497a552f5dda42dbed2d01ad1324df0f5fff09f4

SHA256
f139d60a2ab0f6e2044aeec943578f7af1885f458a2897556f0967b9c5557623

SHA512
01ac09410a1fc002ae50385100830b72f37d078153b7014b9318bb259fe48c371ea3733ea28337db73624ae95c53c5a5201a64026212a69bf74ba07b37bbd0a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ffae3b1ae141282c586665b7230b9dbf

SHA1
21bc85f106a2dfe433d4863687f786f6aca8ddce

SHA256
9991120688ca2791632347874cc3b31b7cbbd400076d216004ca584d06d0d820

SHA512
95baf6095a70ac4cd492f1397a15c62b30254ad66671b7f1330718bbc2496fb9ca092e9e997787e8699c0e1fa4983852fbe022aff8c6bb76149a093e952da24a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4191516bb9dd5fe819eb6df7b9b8d21f

SHA1
6b86dd91ba52422d50f8914c281ad603b07c571e

SHA256
e9ac96bb226597a18229af18d781ddb98a940a7f4767d0dba1ae38ffb8e067d8

SHA512
65a031a3901e5ce24fafb3647adfb3c35c9e0044dfb522786da07a68489adfed467cb5429a2a55fac5a63f6ee248039e140f8a165b858d382e51615a610d4df4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7dcf0476d7140b175a4957fb8743edb1

SHA1
7141a5a457b42754ba78d2d4e404bfcbeb3440f1

SHA256
3ae2ad869695ec42a854551c78e7cb7739723248555a4000b1aebac49cfb3ecc

SHA512
44db79e6c729fd37b42aabc123b495545a536a5f65ccd61222e32437dd050d873a6448f82094a6a199cf5167ee480b7340b3fa4a7478a8a5dc54bed7481a2836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
88c34451c2296e6008eb7fd4f1422f2d

SHA1
71fd2499e39898e6db341df85c6f664d6f49bdc3

SHA256
a56e0f11154668f581521ecb4ceeea376c566ab64deb1cffb94f28e82eda3791

SHA512
81d5a8d6d31fc2915f05906571239df41c62ff1083fc5b81a658398de195412efd1e47d1ec6b94dd65363599d9f8b337a5bd01555ecd0345ddeb7f15f8faba56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
074d700cf6064e7e3e292a289a5d7b3c

SHA1
f3747945124d1276bad203ac5c00361d7e22e478

SHA256
86ba16cd25b47c4cb965c29abdf72eb895e00cd1072472c7df5730b9fb61ec57

SHA512
2527cd695393331ffd5627dbaf12492ddf988a286f4fb04b57cfd1a93741309e4506f7eb64e87c564d9b9f1e97f8e94a08046f00ded25b2b288d651f29f1443d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
f60edc99a3b5dfb1654266f8f0f4e7c0

SHA1
c77d91c7c703277303e8275b0de3bd354da2d47b

SHA256
5d79a41da957dd503710d95f9237a9e71310a38048b660916deab979789af07d

SHA512
4b559d522fb44019a478011a08ee8e6b75d88068f5a7f72d952bdd669630f21713da295907d455d79a42190e93be62ae09ac04db4c0cfd2679b69441064d231b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
cf604a634c7530768b976104f2f93645

SHA1
47048ccfca0a0b56eb0acbb7069e918d5ec19dea

SHA256
deb7999b294e0aa5d5d948d2c449ec71a129494543dbd3b340da3537383cf12b

SHA512
c989b49272003745f0af720d511ef87d2cd8bf1f7567a7c68b86043c9f62849cb3f27047287e41c2f13f75f3d8ac669adad34587839e9759acaa986f798dcb31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1fb45a7b43b06abe9e3108eed12e719a

SHA1
00dfbc37e06bc19ac06e98326317d4a37ee07bed

SHA256
61d6aa18355493a5c549a80c14aaf857d6e93663aa7aa72ab185476e95ccc2e5

SHA512
f288ce7bcf8825651e0dee137b7251e21ca5506bd3606b62e5d0d64e75edcc6c198a262148eba57addbd19d9c98563bc3a1c1e3695841d522ddb309ad5b65258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
a912242ce95b01893f8afa12dadc0442

SHA1
5f03325ffdff32d6ce3fe611fe363cc34b0441c6

SHA256
bfe8a9fa53fde263b62d05c2af68a003a2bac3f4e717021903d921bcdce8876c

SHA512
ae4f13a298b96ec121b59f67f9e18eb0f03e85704d0458667be46e3ea16173571fa2b836568d9785873b263ff66b8b622fef357bfc1b3bd4a4308431e89ea2af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
be1ad8b8882e2c59e04c4947e7d6bdf0

SHA1
6716f94a056c8c36d598b92abe6db7ad21865c2d

SHA256
95e3e2f49976242b88873d0f1bffcfe007e0010a6d4da5a881b13a4e02de6933

SHA512
8ce194cbc2b06694ead9d4db19dcbf1a633b21e1a45560686ce624aa25792dac6c333e5c86abb275a7e620c682dd565b9fa18d21cb16c3798a389e531b921936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
1c302c39c66fdb10c13103d1b683b4bd

SHA1
30ace08b5ad160c244ea8049cfca7eff6843def7

SHA256
dfce76cb768e10c66e07b1b8b9f3de3dd95b112be6322cdb4173bfec3a9ea37a

SHA512
170e00563e34cee97518391ba5b28f5e2a09383bee7c88a31660a11a8516ef2f86cad3efe09e34e4e9d9bd3dbbc8f845dfa247f38afed398bc929b2fa7a6bf66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
71409904bac67cd8797ce5cda4269a17

SHA1
a0af02ffbee1669ac9311fe1e1faf0a521da4b26

SHA256
feaeff3328dc1257ed27e5173198f1eb393e79f28006b5d099dc0ec5c6f5c892

SHA512
3cb45a5210e2e61e12e5d5408a77615fc2ecbb945443483c494bed56f98f11f81dfe646f5c4bcd66caf6b3c56c6efc0b4148691f7a50a341af4f88fa237f07a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
003466de8c326495308b8cd26460a759

SHA1
ee475e6cd00e23575050deb2a497d5c6abd4c057

SHA256
7f33b8bd6131d7d466f752aae27077216e49f1c86955da3b924341b2ab064494

SHA512
652200134079ec287cd9c156ab2706fd447b86494a3d43963cd034d1cd238199f0b91edfa7af55e669d0c9b430667ed988507129694e4f69ff290495e0817608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e85ee225c32c7856831ea28a1129119e

SHA1
941fc804514ece7038cdeb738af8c5cabd412fd1

SHA256
5c30f5eb8bb530aad8774c9bd8143e7e4902377b8b9c5e95d641e55da524fdb4

SHA512
6fb785667074f1cbea4b74c6c1b007da982ff91117d6a754d682686c59e5497abc8634ed3dae94c8f5ffcaf20528fe805d89edb8d1ee401f50155b1c1e3a2541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000005.ldb

Filesize
453KB

MD5
64d4b191e2559b80ba200657ab9c1bdf

SHA1
394b3c1ae87b45b7f1c7cbd03c3a3885692f42d0

SHA256
16ce3a53b693376f40f5bd58dfb7bb6b0eec8175ba7b3b608068307309037b2f

SHA512
db8b6992ff5f08cdcb042594edb4eee71f1c52cb39db0a4ccd33eb3a49578aa0667556dc604c7ddf2f72c9228c3681a552a4583024c8a128dded9a8912a838e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000006.log

Filesize
1KB

MD5
3448919143fb934e2d9a46069484643a

SHA1
d0eae616fe25917795924297c83b6a6e64c0156e

SHA256
b96eeecf756edf282e57178182de7032363b095b16206f9252eb508a76269b53

SHA512
ce6319ce3baa03a9917487e827c0b19e579885a9152fab7c5efd0511bb6477a6fd5abbbc2d87cdc10e2135e1d0dd0a78da6a7ca090378a9f3289578d6ebd4c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000007.ldb

Filesize
388KB

MD5
6fdc1f2e221e49d5310c0cacade157d3

SHA1
e0c51ba4569a850e3f16c6ca6cf7069a9665315f

SHA256
41dd63762a7bef41583b41a24d799be039427083ff7af6e9a1ee176b552a89bd

SHA512
b674347b8a8fa33cb5eb774849a51110473a3adef78b1d76df076677f1f7a14775780f2367e645272695ea9d16742084bb51f79f741163c5a3a595db05b98e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
641B

MD5
839def0464ec9d1c66aaf8c6df31a972

SHA1
4d73dcbf95396161736e44d7914028b6173754d7

SHA256
98a1d8b570dbd3fc63966bb001aeed146c4b01cbec2446144f2955ce5d470bdc

SHA512
fac1c1b3ece8268d797adb7003249b03469d0e5ad831982077763397dd620512ea16625bc175c3b491132296184b0b23e28be5d0200f578bd21d1bab2f4f58c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
298B

MD5
09b4fc4c9d7d6c0d9366fcd7de92eb59

SHA1
845e1e56790f4db401aeb8950d6faf91161cd520

SHA256
0be345c63327b6dcd49b63273216207131888a13cce509ea254c738e6e84ba32

SHA512
1ccd34cc47bc5b83cb24631b32013b44b1e72eb4b4677eccae63b30f5ed1d8bac3925c2e14b0223ddeac36ee9d945ae823ef1c4468140b6a1e744830d7190aec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367690342313809

Filesize
29KB

MD5
626815adbd0de00b1526cf8c7e366ab7

SHA1
d8bc12c5fe078ef186c65981147d477f088905af

SHA256
64e5c13a8d4fb586e31c0059d3db67884a732ed8dfbdb3f386cf45cee15889a7

SHA512
d781975dde77394ebbbb29b7c89f4b67eae774b054947cbdf9a3b20fd3c2ca5a5fea6a62eed05288887585663b47d0df488195ee863f9093d2743310ee2f6769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367690773618673

Filesize
78KB

MD5
eb391f30410db998759db92d105c1ded

SHA1
4a55dafc25ca140567479467ba9f6e2a382b67f1

SHA256
dd7cf35b7c19b8af3276a0356667dbf5b3d87b5482e17982bc02f8f8b6c6933c

SHA512
f4bbc31cc1dda461e312b4983fff2c1c1aebe63f25da269290403731ea948f1850d9dbfb8e920fea1c5fba353529454a708602f9035b9f4dac6ad2bbc48f6a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
256B

MD5
3e2d02e2bb79df1b595108b225670c6b

SHA1
5c715be833a5fd8a244719a38cf9c09434001a39

SHA256
1234340cdc130ca1b9c51dec0935cf6e761d8cb275f0030772585bb144d5aee3

SHA512
04dfa3694ddc7fc496ba35370bfff7e051f2f01c06c3d43833e6758fad5323c826b6d5221621596f4b4cd642d25f9e48e3834f02e719d1756cf3c63c5690b094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
c514e24b5386247ea67936b8790c3b51

SHA1
dad85d1dc010e6bcac8db84992cd9f1db6ab05a2

SHA256
68e5b72ea6259bd25916eb9e07984047d2cda94f8b0013314efc1e46073f6ad9

SHA512
d61a17e50b00e1ee6b43af7ea922310940cef2d7595fa7f6e42a84686ec51f997062317554e24142c9acb3f5e208c8c220ac8611b79264f506d22a9516d47761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
ee46eb623f25a08d61877fc83e071f6a

SHA1
52c81e283c429e7261c7c1669da0eeb7965d41e5

SHA256
20202f0e56946106101cf2e5d65d8a7414dec4f6ea2e3381876e717354de76ec

SHA512
df1e0a9df68eb260fb42ce0e3747c050a3cbe0e1503e1dd210e1014fea9d0ebdf83a2c9ce97d8573de0ea3f66c8304c16d36c8c9b223e6fcf1fcfd1023a75d86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a00f5088782a08be0b9492d6f151f25e

SHA1
47ce69d3e5f6c337e38b7ff2d10f7b5434e5b8a5

SHA256
3c5a5c5e88c918c59215a4e16bc93f4982d612a033c170e790d33586a5cc3674

SHA512
d8c13b3d04bf8e3db6ac6527cc3bb59a0d9bb134d7eb9ef93da650a4357969fa03e099c7fd8a67a0c453b662f8bd1ca1a95818bb0f36cf0d6730aeb6ae8e38e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e847c3add8ab16b096563d9cfc577be6

SHA1
43ee2bab18627f989744045a2419a8edb3cb3693

SHA256
b59f19cad1dd9ea0d32b827d4f8957b0da757e20557a10fd757348745c30b555

SHA512
7edf5af311c3396f758939f9be31f100dfab65785439125ffe3043c727a89f97e69276e0f28c99c6f7d4d1bf5ca27a8c8edc80b102196a4085bd6fdb783dc2b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d33e82e7eeec71d9c404dd79f93799d4

SHA1
ba4492f0ee518b4a0aca8a8676890598c2bc6390

SHA256
433d25eff47cbfffa28055365e8d3aadcfb8d8e615b4909df2cf5bcb42e95f16

SHA512
16b80d39be9a45c4fe77f080b0d3065383019f003e4f99f093e9fc2986d4310417c0acb12ed753caae6b4a8829d7d16a22102b1c4c35ec6ea10ab82ed0fea8e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a4ae4066085b652039ac5c85f5e8347d

SHA1
a1a107c1ab8b6e0e8fbcb48545bc09a5a37011cf

SHA256
b392fd10b2a2c260cdba84b8c8a7f200e037ca9b11cf019382a95338a7a7e376

SHA512
0302fc4a8e22058412ee3fe288275f1f09ac38dc4c188d0b42eba8e50d15409cb3dc6908bc9e9f46f039a1461b6bbb4c5745eed5b15d8e5c1a250c7c3b471044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
498f5b2d2c49e1929c010f8b522f53db

SHA1
668b72e2b37d1a38d9aacce8f652c4a10f6208fb

SHA256
541f10ac8c2cad6aa8bbb83b47566f5f179fab8915910652d93782718b99ccb3

SHA512
2379ab7d57a7f6cc4fe0b2fa47d3e0edc72aa3a7e3c9606e06e750012db11b2ebcc039d78504c4031cf51cf7f50437c14dcc45e47fe1a19b5e5bba52bda30e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
45c06b4fa73b6c2b68063e7b53a1499f

SHA1
b660e019522434198229ff544acaf9f276b05349

SHA256
6c47e5929c912bf7f5ce7dc7bd1bf5749a34542af456d64c81fc9eba44fe9bda

SHA512
54f15d2cab3dbb0adcfd88f627f5c4fc4b3dd2a4734423d444b33e7c32e4a7cac544a28cd306f5dc99ab0c0d5a7047647c0b9d00042e5edf956f258b23c89760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
42e01c7a3d19913bcccb2b6df0a4261c

SHA1
646ebc8adbb2b0a3f4768468288196196c7d0e96

SHA256
f479455898fcaadf5424fc58373e3fee63b03c597c74a59a1be674581d72280a

SHA512
cc1f66197ac57dda4bea5c95f26c9e1240147cdfd319d2327aa7d8a57dce459761b99c4272c08e33310bfc796e1fb10f09def21eb5319e5369de42fe745842ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
01d51b8f5cfbd430998c1d028e6915af

SHA1
6409398280c49e6b6edb119e4663fccbdc9dd12f

SHA256
9282a6172a9a9999dcb6176570812fc31d413a2180b926d4785f9546e74c4c31

SHA512
d9ad14bf8856580f3510d1ffd567205142f6b97a24f4710e7505fd540cbaf0bc318296fa7d4aa44e539b1509a386f8f225d063d7679a3f8a46663b4324e2747b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
72429025b80e33bf8d66b71935ec64a4

SHA1
e800090fc8479baa6d6931049764378cc8b7d139

SHA256
aa7b4ce4378d456d606ffaf947c92f2bfcb327539aad2fcd6c291c9c0b3f843e

SHA512
4ca3fb50392a905a9ca3c059aefecfde5c025e5a17dc1b328bd8590f24dec7aad09f06d3555ad787e06461fef2d34f653ea8d4eada4c98f9dcd6cab54f9ed4ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a726548ffc8ef8bbacd773c9847881ed

SHA1
28d1942cf5fa2659d8beb331b81e2b41c56b37b0

SHA256
05720ffaa240619c80e59f449ca2b91c50898096d4197b41f4879c471fd3942f

SHA512
dcc476b48f444568ea2cea039c5b430225ef010c28d7b6c4ef5983cc1ab513754ca1accca5ad57f94b26eb5d1582be8926df8497dbcd229db1d708169cc5282f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
52a0b05a8f8ce939c48d070b8e54b358

SHA1
36b89e4b6d3d30727002fa41268bb07d524e0c6b

SHA256
fb7accbcfafa82b2fa975a13d8ff4e983562d7e0698253f2d1b2a00758080929

SHA512
c4cbdbe7948e96bba700234798703e6165fd802de4b2fa68aea2d91d84035a43378a474848a048cbeffffa8c84d6729112d1c413bdf2dcb82a5db82c20b7a50e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
785107e5ed4ab408440b3bbc044bcb63

SHA1
b7b7be616f25c469178dcf50b1afa69b14249099

SHA256
ab71fe3cb53dc3578ee8e65f619b33d5ee4983b69895cacb18bf4718e91d57dc

SHA512
dd84c0d5ea5a276ed6d44db152575ef7c76cc5798a94d165193fbbe1d20fb941ebb9a834e98cdbebb35f7de391d06f301abbc668033e49e8d3a4d002c1bb58a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
aaaa63cb370b395823d66f11e483583d

SHA1
e78b03f4d1d500f4e6c71a8b56fee90c108829d6

SHA256
c02d6fb82a5f83949547ff6ea974d84d84b5d6c2f8545d82c353681ec7b01352

SHA512
6985fdca3cd1b605b373b8c6b4bef0c410557c2c1ec25a603c40a20e5b6fc090394caf4923eb3e30b54c5c1edc243e56d0c4dd6beac16172ba43222f655884ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580858.TMP

Filesize
1KB

MD5
2a345663b859d39e01c34f684782e0e2

SHA1
1bbea85456483dc2a0e8def992841fb38c22ee81

SHA256
82acd09e92919ecccc308b7c7416619280b07db4d1647c33a7a42a80a7b4b545

SHA512
06ef12042f28400bec8b643165e61bac621368ee3a7714db06c6243bb1f5679239bb44346842ea1ef8e8f4d86f91956b87800c34606e943979bfa486bbef595a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
fcdcbbdd0df87fc4b4504ca91692b153

SHA1
5e5e97744f12d1a2d5a8b42ad3d320be4eff74a9

SHA256
d732e6b7df65a485f62ee3b29988dc95a30b3efe57f45fcac206e95ddc8b6d7d

SHA512
23f78376dd3263b81220572e2514f9bbcaa3350e5d7bac2e47f15fec4bd0b59a89c1d216106acaedfd6fbad656de791a8ee44465dbadde9c370fc7ba6b1969e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
ac510c553e037c04129a8671df7620e8

SHA1
a1643b467bb5627e7fa45131a1e96ec856b18011

SHA256
2421a0abe682b5da6ec0b86b36927b839b8bdd9a8e5a22dea46d89a80c1df081

SHA512
5343f46f0adbe41d77a9597865c7b4926eb1df8d0092a843e2a345e08f9b12b8f562fef8adf869f9545a48130a4b8f0b35f4075e0422cc912a7902665fc64190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b4eaf094-5e8d-4677-93e4-73c4307a78e8.tmp

Filesize
6KB

MD5
fe98c5c35832f831515bf74b719af34f

SHA1
c408043992168042093f44ee57a00759b1e59fa5

SHA256
925c02cd4510e5a2cc8a909c754fcfefc12fc049fd180675be49afeb7678ae7b

SHA512
b73ba273ab4dcebd6d26b9da9b5ea0cff656c2515f8d80ceb290b133417e9ee935fa018ad5c852ed60585772a0bf69b34204a8fc3f8e71350c78c482c105d307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ab6ab31fbc80601ffb8ed2de18f4e3d3

SHA1
983df2e897edf98f32988ea814e1b97adfc01a01

SHA256
eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8

SHA512
41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f664a245-aec0-467a-b4ea-18d232274924.tmp

Filesize
12KB

MD5
44c93b22564adf59121e50c793341654

SHA1
e08fe07b6598a3c89ea6b9caeeab7ed68fc3738c

SHA256
ab82e5968f7f325ee391b3e44cdb22d9a35afa89fb7baf7a6a58c21111044052

SHA512
860783e4b7c963933f284daf5647e866ba544f2c37727a5c1061309fdd0b1a6bb23f2b4352c698fee9fc738b8187020ffa1ef25278e4f5e283bd8d1e35bad47b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fec93854-63c0-4b2f-92f2-eac73689e19d.tmp

Filesize
6KB

MD5
16e9b9fccf496907f218282b2e26537d

SHA1
7d5a33ebb23046e06556f03951cb4387d0b28245

SHA256
3d16bce063ddd9eac27dcd437f94d5448390cb6e10ba456bf1995d653938b06f

SHA512
364dba83b6967ef2bf5e6a0e4aecb6af147dd949f27fb23e783408e41e83ce91e69b1854748b51228aa6cbfe4eed10a9bed9978196c3b9f53ff6b965ac78298e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
80KB

MD5
d8980a1476e48ee02c7f4fd9d16d3649

SHA1
c5957f3573cd88d08e5ae1a864e380f4202188bd

SHA256
4c8c85986a1c3f9b2db7ccaccadc9797368e5476fb88edc53fba2e0d5bba7264

SHA512
69abd3bedd9b00574a7c53d2e75fb4dd84d6627debb06cacf82e13b51a7cef589e2f44aba57c827456eb24d8c0680c7e601c5ada173c61615dfdec8c81780892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
6KB

MD5
2a1b57b0d81d156e50608ba390594ad4

SHA1
5399a98d2262625c0ce1840fad8d4bb11a629a61

SHA256
4fd7e57c235338d8b5063c4e17b8911b7e3b5f0c08bd70168d5f56c1d06f182e

SHA512
f1a577824a389979968842bbddb1ce1669371f3ff1ef16b86a4fee9a269f0b00cbfb94053aa55ac60287a23d9a2c0df053b0221e17f752a7fce45dc717130464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
6KB

MD5
05654d6f33298ebedfdd5357334b5f9f

SHA1
6d61e9c3b15e3c818abc3c624d1e96364194d160

SHA256
19a30623ff20f2dd6302409cbeb2305b80ead590508c0543c7232e14cd3f310c

SHA512
29b178401271882539628cbc46a04beecdbde67e2e0854eea79da0de64067e04b777b3e2f6673f9f79258b58a1123c760a69768cf08f3ccbbf81efc1159f6ee6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
2eb3681d80debab2310dbd47315cf27f

SHA1
543038d3c97318138953875371326a50d8a18286

SHA256
4760b23ae748f46f89a8a054e9e31656aa7bdc9bbeda94f2c5ff201578d581b7

SHA512
71cc2224d7955f4982762d335a27504f2826d066e8700eef5ea391adf2dc9d8019ba3ba4db5ff826b6efe51a8af55f3a59a4918c4c7c1e4eb86557120bb91e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
114da86f0e752725ec4402bccae35443

SHA1
8f0e968d8affc73eea0b3132ae5cf2b56a1b6e37

SHA256
56e023128f893831ab6ed3105a0f7e73a147b874bf5b53ed193d88f9e463f6e0

SHA512
1b8b6e5ab015ac86aa28400e466af7737d60ddf9376bb0bbf98c8b2a1924deda4b8c40ca4c84af1dea9145597b3e54501225949550255072c6aead87c38b1dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
b7ebe87db97ec4025b5efd4e861e5c63

SHA1
e2c8dfd1a0be30d2089d4fa92db9d27ea9e66952

SHA256
ccc4b7d2b1f8c42e518ffc461755803e22eb4e4a2c37ee306cf5b574bdd636bd

SHA512
1f3e86acbd5dbca5a53ed82cb6a837a315cc767eab79b961cc0641353ff16d2e8abd6ab0d374d75aa3c1ea6c82b74c3b580e976c900d801460f1cf4fedb38f94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
2d4cd38f6bd0045b399ef602bffbb448

SHA1
6d28863bed5951980ad801ef6242f99f120628a9

SHA256
d05273f199bc473153d887fb07cef76e9453dcf9a79901530ab08879b0eb015d

SHA512
92c6b7343b8ddf9898d2f00a8f15be78f21ba7c9bd4c95cd08191a631a534798cfe2cb4db43d21401f494fc3271e95313e5b0c50a7b3787905d6d3e0ebc71db3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
1e458d7ba453d0c5e8a88551efae4da5

SHA1
3bd2433e281697bdded659a623984e72216c95c5

SHA256
a33a60cd6e74673d6b896e894f17d24d07904bbf33be54a1f0b9c139ac698d10

SHA512
df990b810f8b7f38f42de192b3fc14fd1b8a04d49edb63ecd1f67c6b754f83b94a73d15698dbc95ce658a0fd996c523f6c704e454ce26263fb1ecde2aab6e5e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
8c3bae226fbdb1b45893ddde5c35fe8c

SHA1
a97a5a390d6cc6e9523371c70c060662ff52107b

SHA256
59f227c5de85f70cf471b224f1e8f9fe5ba48e6f722e236126bc6edfcbf600aa

SHA512
3e9feabe76653387a5f55507426acda55b115fc9dd5f70c0e4cd243f95ad58882a8a1f2db580f5440ad822f1e186db45859922beda9a3805d0d75e7b4f927bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
860d3586a817ea60d1aa76f1a5c68429

SHA1
b54a83173b03270666164787a9d9f976e25a65d0

SHA256
4b94f0c98a93bb2e4822da47032e279b64fc10a7c8bab5faee256f7d8a1177a8

SHA512
fb5332053ce38226a4796795536732a75c0197835622056bbcd7e87503c563208b70645e33e2af25edde2c68f113ade5f46e21773c9f4172dddc030b285dd62b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
abd2e3fbf6ea8213ecaad0e64fea53f9

SHA1
9b54af8e324428d0d5da715fa3bf317333313389

SHA256
da54834f78c1540f5072c48c6168a12a150d1f9d0b38c33db4e9a4421f420bdc

SHA512
518d9d48135cad15e811f8ed47334916acd3f15aa90c3a0451ab6342ce787e936918e6eb89b7f2d13e78c46e36a25f253b10e6f7c81fa63592dee611d60b0cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2149f110c7e511fca7074ea97f8d4980

SHA1
e0f0a3c5c271f8c2aee9dd1fff1ebe17dfe3438c

SHA256
52892da1e678e1f0f948d5154cf5610cca055f625cda0afb10679043e9dcb0c2

SHA512
b029a46e2101999e7cd808f29bc986e2ea92b04ac51de95fc920ec27ed8b4e23ea9f6752e705ecd8fa38ee931a9e4a38d9f22de26a4560f691968dfde355c539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f0a7c4b57d6ce571e983bccfc58b7ed4

SHA1
174dc84678603a35eff25049a3b6e9aa177402a0

SHA256
c2f8cefaf61a9b30c0fc02376944c6e7ae4a1012996405e217fd214270413696

SHA512
fddb1ae9bfdb28902d81bcfad88a0d2d6dd4f72bec6c0e9446b66b6443cdbce46f80ec96b7f0e40748a3eb187a6c9ca8bbcf48f2e147118c871135e98895d4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
86c2cea5a5b747bc9cf90dd8d5cbeffe

SHA1
7a92c459537eb0812dcb67c8b17689a222bcc34c

SHA256
d8d61d98f1d21fa8cac655ae193b1a7818094c037adfd13f157fe56717aeb9a7

SHA512
50e5e0ee6433c90272aa79fea739c4202a1f82c5b0f993d6b7af565757078a2ea3cf3674986d54cff6abb5220d28171aebb466f21f41e648cecca7dd5e583161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
069bc3b66d80db74fff0a0be3b193181

SHA1
bad5a47fc0e666c890e08b36ae4295a637c62287

SHA256
1f45f4786c077dc611824062955c79663e7be5310a00b94827b8edc15e849507

SHA512
e1fc42baa203b13b5e74308b47bd1303406571a4969e60dc6d699766228c34f41fd57c7145c77a268a18bdf41b94e7b99f2d122fb7afbaecad8d08b2d7182f31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2f9536a193dff508b584c2674009141d

SHA1
65cd256a223cc391e0a07f8cdb8f0d2c54161489

SHA256
2949bf57d39753cad5d845d9f3d990f8031fb3631a8c5a94a1e64328028f7773

SHA512
15b5854851b348f5b209af8719c53cf03122455319dccff7872a0c8ab556ed7ccc7eef0896c33790928b7a0fc289813103c9e2c0294164458957f2d6f0c5ae95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
167e5536acb626a5f3f9241ad381177b

SHA1
5f941b98fe56375193f9e5ccad29d7b3d8833df4

SHA256
75b6447edcc018e24a588f5aed3a1365a5887c6c3540ae63c4d60a08b865e1b6

SHA512
bbba2447b7d647a589e0846d20391b12187dcb5dbde44b019d84b0de18cb2a38b796de09e53f619ee1b808e2bcae09873b154fbec3811a6aeee21423cdff12cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
236b8bb31e520c725126fbab8b1a8291

SHA1
5db2500db72dd4da437c1ac6dc514917ba9ff015

SHA256
a098cdc7bd7129ff9cc2800b0856c7d3219084b2505708368c49c22e5c370abd

SHA512
69176bc3fe5a6e638617b762646eb559d8b0bd75eeaf993cf6aa6e9b19903528a515b0c42c0350e4ba5641f26523b29635f88f6ee9d99ba3e96667587acddf7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6a3e408b0d4e38656f64d068e9eee7ec

SHA1
df7155ad6ff7f8ba63b0eac785e4bd31ce8e6f6e

SHA256
3968448de685a0ce8bbaca3dbecfd103171b12bda73af67796374430b80e0ac3

SHA512
0f3019d433afcab1dd0a954771a513bc9fb64f5851d5452c989f28b824769307f95117ba90f70a8a9fae1a863058dec056bf16dd08da7a017e5e388fdacce7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f5b4f37c5ebdd8fa0b77c14d30c57ff3

SHA1
42ab0c2131effb0c1b76eee01e71b647508c650c

SHA256
719e0ebcbb613acfb14302b8c0feab7ca53658c1acbff1f3016728ea9d0ddde5

SHA512
77641012093a70c1edd74c9169dfc1e8253d04e731a966c7712a36926fbdde729353655d100a7786e1c35e89d3a9fd18b7f589d4f56cd502df97743df0f5be0b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
4d17f60f43ffcff2f1a7224227570dc8

SHA1
4afdac536ba987de8d32e63766327845e44c75e5

SHA256
99d224383ea4b8fedc22e2e9b62b2778f1e54c7f1191b939253dad041cf0d6e8

SHA512
4de1aafc21336ee106ea2dc134ee44a1ffd1e1b43f4b01ea9eac3ae2edd1c03c2168428b84a9cc5fdba6dfa75e613eb063ab86aa442526f973ade71495d07d56

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
b3103623d1b1b545078108bd520bf0f0

SHA1
4c61e5038e8f379bb0ff5c9ac4e237ecd6007fa4

SHA256
cb747d485eacdea6d8374ef9697a5d44c9b8f8601af26f8beaa2d30489327392

SHA512
714d504da7606e684567b43a4bf4831c5485864c51f703d33d40e3e87f60399ef3c7e806d9c60f64d8199765973022be3a60bbf108fb3fc3ed73b020d3cb2278

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
cd89589b358746d8ed2866b6e27b02cd

SHA1
bd3a690def44abe60428d76c9fe6e43254587779

SHA256
2baa28a77a7425467f5be626ac26138651a5c414161e44a6dbd28563032ba0c0

SHA512
53ea718b16b244c8e2fdf2dc41818f768120b424489a47776c8901d8d2efdc6f1b45b0934b74b99e60773c7075c48a7b911a750e731efea8dd731eb60d31363e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
24cf9be9c34a8fc18d390ce7a3852425

SHA1
4072a2d414b7d0ed7ff60dc26575ddb718bc5478

SHA256
95983ea9f9a5682495d0d06f2e58352b8f75480b1b2b3944c603dd707d29242c

SHA512
cd31dba96d2e62ea41059df69b856ea3b2c9b5a167a2b7c4cd72c6074ba8830e1bb2979c087d037deaa7d611b92f1fd9a36378cb6868fad2cb91313647d68a3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8e6a5fe9d33d3c185d1759e247d1a745

SHA1
13c7aa2cf2f5ce3e82523b5b2c3ed14200467004

SHA256
81f01176a056c932e1fb9d8917fb793704d1ee671d524957675cd703e1544b08

SHA512
054f88d17b91282375268fbdb6187a6e1a2ca962ce04c839161f9a81b08e8d6017b19d3145afc70e48ec54eabf23f053eff79bfb4da8e93ebd734e8149bf867e

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
6.3MB

MD5
a29fd1ddc8d3cb0d2a4bb897d863a5b4

SHA1
e7a2fdfd0be839c3e145e8e8575fa8b6fdb85880

SHA256
a18b2fd6294629121db173d60e709b3ff24eeae96f6ce33beba76383df8c45be

SHA512
56de5450b013a90a9d2f6d792d392800d503d8b34acd4d5ab1063758d427996fee6a27844cfc05917d59a3f06f9c7256be5a3bae0b136824ccd155090f4d105e

Download Submit
C:\Users\Admin\Desktop\@[email protected]

Filesize
933B

MD5
7e6b6da7c61fcb66f3f30166871def5b

SHA1
00f699cf9bbc0308f6e101283eca15a7c566d4f9

SHA256
4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e

SHA512
e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

Download Submit
C:\Users\Admin\Desktop\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Desktop\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Documents\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 900963.crdownload

Filesize
3.4MB

MD5
84c82835a5d21bbcf75a61706d8ab549

SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
\??\pipe\LOCAL\crashpad_2424_XJUIYXARBCQSXYOJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/824-1200-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/3056-2682-0x0000000073BF0000-0x0000000073C12000-memory.dmp

Filesize
136KB

Download
memory/3056-2710-0x0000000073920000-0x0000000073B3C000-memory.dmp

Filesize
2.1MB

Download
memory/3056-2685-0x0000000073920000-0x0000000073B3C000-memory.dmp

Filesize
2.1MB

Download
memory/3056-2684-0x0000000073B40000-0x0000000073BC2000-memory.dmp

Filesize
520KB

Download
memory/3056-2683-0x0000000073BD0000-0x0000000073BEC000-memory.dmp

Filesize
112KB

Download
memory/3056-2664-0x0000000073C20000-0x0000000073CA2000-memory.dmp

Filesize
520KB

Download
memory/3056-2680-0x00000000006E0000-0x00000000009DE000-memory.dmp

Filesize
3.0MB

Download
memory/3056-2798-0x00000000006E0000-0x00000000009DE000-memory.dmp

Filesize
3.0MB

Download
memory/3056-2681-0x0000000073C20000-0x0000000073CA2000-memory.dmp

Filesize
520KB

Download
memory/3056-2666-0x0000000073B40000-0x0000000073BC2000-memory.dmp

Filesize
520KB

Download
memory/3056-2705-0x00000000006E0000-0x00000000009DE000-memory.dmp

Filesize
3.0MB

Download
memory/3056-2686-0x00000000738A0000-0x0000000073917000-memory.dmp

Filesize
476KB

Download
memory/3056-2723-0x0000000073920000-0x0000000073B3C000-memory.dmp

Filesize
2.1MB

Download
memory/3056-2718-0x00000000006E0000-0x00000000009DE000-memory.dmp

Filesize
3.0MB

Download
memory/3056-2934-0x00000000006E0000-0x00000000009DE000-memory.dmp

Filesize
3.0MB

Download
memory/3056-2667-0x0000000073BF0000-0x0000000073C12000-memory.dmp

Filesize
136KB

Download
memory/3056-2668-0x00000000006E0000-0x00000000009DE000-memory.dmp

Filesize
3.0MB

Download
memory/3056-2777-0x00000000006E0000-0x00000000009DE000-memory.dmp

Filesize
3.0MB

Download
memory/3056-2907-0x0000000073920000-0x0000000073B3C000-memory.dmp

Filesize
2.1MB

Download
memory/3056-2902-0x00000000006E0000-0x00000000009DE000-memory.dmp

Filesize
3.0MB

Download
memory/3056-2782-0x0000000073920000-0x0000000073B3C000-memory.dmp

Filesize
2.1MB

Download
memory/3056-2879-0x0000000073920000-0x0000000073B3C000-memory.dmp

Filesize
2.1MB

Download
memory/3056-2874-0x00000000006E0000-0x00000000009DE000-memory.dmp

Filesize
3.0MB

Download
memory/3056-2665-0x0000000073920000-0x0000000073B3C000-memory.dmp

Filesize
2.1MB

Download