hxxps://www[.]google[.]com/?safe=active&ssui=on

Resubmissions

07/01/2025, 22:05

250107-1z1rms1kat 3

04/09/2024, 21:58

04/09/2024, 21:55

04/09/2024, 21:38

04/09/2024, 21:22

Analysis

max time kernel
915s
max time network
975s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2024, 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/?safe=active&ssui=on

Score

9^/10

bootkit credential_access discovery persistence ransomware spyware stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	tv_enua.exe
Key created	\REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components	MSAGENT.EXE

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 14 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe\Debugger = "rekt.exe"	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "rekt.exe"	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shutdown.exe\Debugger = "rekt.exe"	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonui.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shutdown.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe\Debugger = "rekt.exe"	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonui.exe	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe	MEMZ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger = "rekt.exe"	MEMZ.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	CScript.exe

Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004

Executes dropped EXE 11 IoCs

pid	Process
448	MEMZ.exe
5724	MEMZ.exe
1448	MEMZ.exe
1712	MEMZ.exe
3320	MEMZ.exe
6836	tree.exe
7444	Installer.exe
5644	MSAGENT.EXE
2320	tv_enua.exe
4808	AgentSvr.exe
8724	BonziBDY_35.EXE

Loads dropped DLL 16 IoCs

pid	Process
7444	Installer.exe
7444	Installer.exe
5644	MSAGENT.EXE
2916	regsvr32.exe
2320	tv_enua.exe
6116	regsvr32.exe
6116	regsvr32.exe
5844	regsvr32.exe
7328	regsvr32.exe
7340	regsvr32.exe
2912	regsvr32.exe
6776	regsvr32.exe
6896	regsvr32.exe
1268	regsvr32.exe
8724	BonziBDY_35.EXE
8724	BonziBDY_35.EXE

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DesktopXmasTree = "C:\\Users\\Admin\\AppData\\Roaming\\Data\\tree.exe"	tree.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet"	tv_enua.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 8 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	Installer.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	Installer.exe

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\SET7A16.tmp	tv_enua.exe
File opened for modification	C:\Windows\SysWOW64\msvcp50.dll	tv_enua.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File opened for modification	C:\Windows\SysWOW64\SET7A16.tmp	tv_enua.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Data\\Pussy.png"	MEMZ.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20240904215051.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\67be5154-d097-4847-baf1-a2febe3ec685.tmp	setup.exe

Drops file in Windows directory 57 IoCs

description	ioc	Process
File created	C:\Windows\msagent\SET78EA.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentDp2.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SET78EE.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\Agt0409.hlp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\Agt0409.dll	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\help\SET7A13.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SET78EC.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentMPx.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentPsh.dll	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\SET7A11.tmp	tv_enua.exe
File created	C:\Windows\msagent\SET78D9.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET78E9.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET7901.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\fonts\andmoipa.ttf	tv_enua.exe
File opened for modification	C:\Windows\lhsp\help\tv_enua.hlp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SET78EB.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET78EB.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSvr.exe	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentSR.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET7901.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\help\SET7A13.tmp	tv_enua.exe
File created	C:\Windows\msagent\SET78ED.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgtCtl15.tlb	MSAGENT.EXE
File created	C:\Windows\fonts\SET7A14.tmp	tv_enua.exe
File opened for modification	C:\Windows\INF\SET7A15.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SET78ED.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\help\SET7902.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\intl\SET7903.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET78D9.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentDPv.dll	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET78EE.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\mslwvtts.dll	MSAGENT.EXE
File opened for modification	C:\Windows\lhsp\tv\tv_enua.dll	tv_enua.exe
File opened for modification	C:\Windows\INF\agtinst.inf	MSAGENT.EXE
File created	C:\Windows\msagent\SET7904.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET78FF.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\INF\SET7900.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SET7A11.tmp	tv_enua.exe
File opened for modification	C:\Windows\lhsp\tv\SET7A12.tmp	tv_enua.exe
File created	C:\Windows\MsAgent\chars\Bonzi.acs	Installer.exe
File opened for modification	C:\Windows\msagent\AgentCtl.dll	MSAGENT.EXE
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\fonts\SET7A14.tmp	tv_enua.exe
File created	C:\Windows\INF\SET7A15.tmp	tv_enua.exe
File opened for modification	C:\Windows\msagent\SET78EA.tmp	MSAGENT.EXE
File created	C:\Windows\msagent\SET78EC.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\AgentAnm.dll	MSAGENT.EXE
File created	C:\Windows\msagent\SET78FF.tmp	MSAGENT.EXE
File created	C:\Windows\help\SET7902.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\SET7904.tmp	MSAGENT.EXE
File created	C:\Windows\INF\SET7900.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\lhsp\tv\tvenuax.dll	tv_enua.exe
File opened for modification	C:\Windows\INF\tv_enua.inf	tv_enua.exe
File opened for modification	C:\Windows\msagent\SET78E9.tmp	MSAGENT.EXE
File opened for modification	C:\Windows\msagent\intl\SET7903.tmp	MSAGENT.EXE
File created	C:\Windows\lhsp\tv\SET7A12.tmp	tv_enua.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 38 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	grpconv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BonziBDY_35.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tv_enua.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tree.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AgentSvr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	grpconv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mspaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VineMEMZ-Original.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mspaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSAGENT.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe

Enumerates system info in registry 2 TTPs 38 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchApp.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchApp.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133699597731693737"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search\Total = "0"	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F6B-055F-11D4-8F9B-00104BA312D6}\ProxyStubClsid	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4043742-AC8D-4F86-88E9-F3FD3369DD8C}\ = "clsBBPlayer"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FF-5C6E-11D1-9EC1-00C04FD7081F}\ = "Microsoft Agent DocFile Provider 2.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\MiscStatus\1\ = "148628"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB64DF2F-88E4-11D0-9E87-00C04FD7081F}\TreatAs	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\ = "IAgentNotifySink"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B2676D5B-8D53-4569-AF2C-A55A0D90C132}\ = "clsAddressBook"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8563FF20-8ECC-11D1-B9B4-00C04FD97575}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\ = "Microsoft Agent Control 1.5"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lwv\ = "LWVFile"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\TypeLib	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4900F8D-055F-11D4-8F9B-00104BA312D6}\Programmable	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\TypeLib	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ = "IAgentExt"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F8C-055F-11D4-8F9B-00104BA312D6}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentUserInput"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA141FD0-AC7F-11d1-97A3-0060082730FF}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913410-3B44-11D1-ACBA-00C04FD97575}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6B1BE80A-567F-11D1-B652-0060976C699F}\1.1\0	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\TypeLib	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\TypeLib	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.CCalendarVBPeriod\ = "BonziBUDDY.CCalendarVBPeriod"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character2.2\DefaultIcon\ = "C:\\Windows\\msagent\\AgentDP2.dll,-201"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings	SearchApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4900F8D-055F-11D4-8F9B-00104BA312D6}\VERSION	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DACB7A39-CC0D-4B85-908B-10D2451761A5}\ProxyStubClsid	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{916694A9-8AD6-11D2-B6FD-0060976C699F}\ProxyStubClsid	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE8EF600-2F82-11D1-ACAC-00C04FD97575}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB27-9968-11D0-AC6E-00C04FD97575}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F}	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4043742-AC8D-4F86-88E9-F3FD3369DD8C}\TypeLib	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B1BE804-567F-11D1-B652-0060976C699F}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Regicon.ocx"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD9-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlCharacter"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Server	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F8C-055F-11D4-8F9B-00104BA312D6}\Forward\ = "{B2676D5B-8D53-4569-AF2C-A55A0D90C132}"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1DAB85C3-803A-11D0-AC63-00C04FD97575}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\TypeLib\Version = "2.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\ = "IAgentNotifySinkEx"	AgentSvr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\TypeLib\Version = "2.0"	AgentSvr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4900F8C-055F-11D4-8F9B-00104BA312D6}\ProxyStubClsid	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8DB2224E-D2FA-4B2E-8402-085EA7CC826B}\ = "CCalendarVBPeriods"	BonziBDY_35.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4900F67-055F-11D4-8F9B-00104BA312D6}\LocalServer32	BonziBDY_35.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlCharacters"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	AgentSvr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3692	msedge.exe
3692	msedge.exe
1800	msedge.exe
1800	msedge.exe
1748	identity_helper.exe
1748	identity_helper.exe
1540	msedge.exe
1540	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4248	msedge.exe
4248	msedge.exe
4396	chrome.exe
4396	chrome.exe
1448	MEMZ.exe
1712	MEMZ.exe
1712	MEMZ.exe
1448	MEMZ.exe
5724	MEMZ.exe
5724	MEMZ.exe
5724	MEMZ.exe
5724	MEMZ.exe
1448	MEMZ.exe
1712	MEMZ.exe
1448	MEMZ.exe
1712	MEMZ.exe
1712	MEMZ.exe
1712	MEMZ.exe
1448	MEMZ.exe
1448	MEMZ.exe
5724	MEMZ.exe
5724	MEMZ.exe
5724	MEMZ.exe
1448	MEMZ.exe
5724	MEMZ.exe
1448	MEMZ.exe
1712	MEMZ.exe
1712	MEMZ.exe
1712	MEMZ.exe
1448	MEMZ.exe
1712	MEMZ.exe
1448	MEMZ.exe
5724	MEMZ.exe
5724	MEMZ.exe
1448	MEMZ.exe
5724	MEMZ.exe
1448	MEMZ.exe
5724	MEMZ.exe
1712	MEMZ.exe
1712	MEMZ.exe
1448	MEMZ.exe
1712	MEMZ.exe
1448	MEMZ.exe
1712	MEMZ.exe
5724	MEMZ.exe
5724	MEMZ.exe
5724	MEMZ.exe
5724	MEMZ.exe
1712	MEMZ.exe
1712	MEMZ.exe
1448	MEMZ.exe
1448	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3320	MEMZ.exe
2696	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
5548	msedge.exe
5548	msedge.exe
5548	msedge.exe
5548	msedge.exe
5548	msedge.exe
5548	msedge.exe
5548	msedge.exe
5548	msedge.exe
5548	msedge.exe
5548	msedge.exe
5548	msedge.exe
5548	msedge.exe
5548	msedge.exe
5548	msedge.exe
5548	msedge.exe
5548	msedge.exe
5548	msedge.exe
5548	msedge.exe
5548	msedge.exe
5548	msedge.exe
5548	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe
Token: SeShutdownPrivilege	4396	chrome.exe
Token: SeCreatePagefilePrivilege	4396	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
3320	MEMZ.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe
4396	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3172	VineMEMZ-Original.exe
448	MEMZ.exe
5724	MEMZ.exe
1712	MEMZ.exe
1448	MEMZ.exe
3320	MEMZ.exe
5248	MEMZ.exe
5768	MEMZ.exe
5784	MEMZ.exe
2664	MEMZ.exe
4308	MEMZ.exe
5984	MEMZ.exe
2696	MEMZ.exe
6132	wordpad.exe
6132	wordpad.exe
6132	wordpad.exe
6132	wordpad.exe
6132	wordpad.exe
6132	wordpad.exe
6836	tree.exe
2696	MEMZ.exe
2696	MEMZ.exe
2696	MEMZ.exe
2696	MEMZ.exe
2696	MEMZ.exe
2696	MEMZ.exe
7444	Installer.exe
2696	MEMZ.exe
7340	wordpad.exe
7340	wordpad.exe
7340	wordpad.exe
7340	wordpad.exe
7340	wordpad.exe
7340	wordpad.exe
2696	MEMZ.exe
7328	mspaint.exe
7328	mspaint.exe
7328	mspaint.exe
7328	mspaint.exe
2696	MEMZ.exe
3320	MEMZ.exe
5240	SearchApp.exe
2696	MEMZ.exe
3320	MEMZ.exe
8724	BonziBDY_35.EXE
8724	BonziBDY_35.EXE
2696	MEMZ.exe
2696	MEMZ.exe
3572	mspaint.exe
3572	mspaint.exe
3572	mspaint.exe
3572	mspaint.exe
2696	MEMZ.exe
2696	MEMZ.exe
2696	MEMZ.exe
2696	MEMZ.exe
2696	MEMZ.exe
2696	MEMZ.exe
2696	MEMZ.exe
2696	MEMZ.exe
2696	MEMZ.exe
2696	MEMZ.exe
2696	MEMZ.exe
2696	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1800 wrote to memory of 1776	1800	msedge.exe	83
PID 1800 wrote to memory of 1776	1800	msedge.exe	83
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 908	1800	msedge.exe	84
PID 1800 wrote to memory of 3692	1800	msedge.exe	85
PID 1800 wrote to memory of 3692	1800	msedge.exe	85
PID 1800 wrote to memory of 1632	1800	msedge.exe	86
PID 1800 wrote to memory of 1632	1800	msedge.exe	86
PID 1800 wrote to memory of 1632	1800	msedge.exe	86
PID 1800 wrote to memory of 1632	1800	msedge.exe	86
PID 1800 wrote to memory of 1632	1800	msedge.exe	86
PID 1800 wrote to memory of 1632	1800	msedge.exe	86
PID 1800 wrote to memory of 1632	1800	msedge.exe	86
PID 1800 wrote to memory of 1632	1800	msedge.exe	86
PID 1800 wrote to memory of 1632	1800	msedge.exe	86
PID 1800 wrote to memory of 1632	1800	msedge.exe	86
PID 1800 wrote to memory of 1632	1800	msedge.exe	86
PID 1800 wrote to memory of 1632	1800	msedge.exe	86
PID 1800 wrote to memory of 1632	1800	msedge.exe	86
PID 1800 wrote to memory of 1632	1800	msedge.exe	86
PID 1800 wrote to memory of 1632	1800	msedge.exe	86
PID 1800 wrote to memory of 1632	1800	msedge.exe	86
PID 1800 wrote to memory of 1632	1800	msedge.exe	86
PID 1800 wrote to memory of 1632	1800	msedge.exe	86
PID 1800 wrote to memory of 1632	1800	msedge.exe	86
PID 1800 wrote to memory of 1632	1800	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/?safe=active&ssui=on
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6468 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6108 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,10398104817631789760,8440127405111671523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2576

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcffaacc40,0x7ffcffaacc4c,0x7ffcffaacc58
  2⤵
  PID:5452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,7949278826087256677,6898106932972512550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,7949278826087256677,6898106932972512550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2072 /prefetch:3
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,7949278826087256677,6898106932972512550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2472 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,7949278826087256677,6898106932972512550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3432,i,7949278826087256677,6898106932972512550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,7949278826087256677,6898106932972512550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4524,i,7949278826087256677,6898106932972512550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5012,i,7949278826087256677,6898106932972512550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4832,i,7949278826087256677,6898106932972512550,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  - Drops file in System32 directory
  PID:2940

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5048

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2828

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe
"C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3172
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:448
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:5724
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1448
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1712
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    /main
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Sets desktop wallpaper using registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:3320
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      System Location Discovery: System Language Discovery
      PID:5472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=myfelix+download
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:5548
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:4676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        5⤵
        
        PID:1208
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
        5⤵
        
        PID:1168
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
        5⤵
        
        PID:3472
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
        5⤵
        
        PID:4880
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
        5⤵
        
        PID:3468
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
        5⤵
        
        PID:6060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 /prefetch:8
        5⤵
        
        PID:1492
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 /prefetch:8
        5⤵
        
        PID:4540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
        5⤵
        
        PID:2704
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
        5⤵
        
        PID:2852
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
        5⤵
        
        PID:616
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
        5⤵
        
        PID:3312
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
        5⤵
        
        PID:1272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
        5⤵
        
        PID:5800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
        5⤵
        
        PID:3888
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
        5⤵
        
        PID:3500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
        5⤵
        
        PID:5000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
        5⤵
        
        PID:4504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
        5⤵
        
        PID:2416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
        5⤵
        
        PID:3552
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
        5⤵
        
        PID:5892
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
        5⤵
        
        PID:3744
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
        5⤵
        
        PID:5500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
        5⤵
        
        PID:3120
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
        5⤵
        
        PID:6056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4494444548857087577,1095301689095703378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
        5⤵
        
        PID:2848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=john+cena+midi+legit+not+converted
      4⤵
      PID:3144
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=cat+desktop
      4⤵
      PID:3468
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:5264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=grand+dad+rom+download
      4⤵
      PID:3052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:4872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=pussy+destroyer
      4⤵
      PID:3528
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=expand+dong
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:3176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:4752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,5439739867364566439,8594943728942784412,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
        5⤵
        
        PID:216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,5439739867364566439,8594943728942784412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
        5⤵
        
        PID:4696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,5439739867364566439,8594943728942784412,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
        5⤵
        
        PID:5864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,5439739867364566439,8594943728942784412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
        5⤵
        
        PID:5380
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,5439739867364566439,8594943728942784412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
        5⤵
        
        PID:5684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,5439739867364566439,8594943728942784412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
        5⤵
        
        PID:1432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=fuck+bees
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:3312
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:2204
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        5⤵
        
        PID:3316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
        5⤵
        
        PID:5960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3004 /prefetch:8
        5⤵
        
        PID:6060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
        5⤵
        
        PID:3524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
        5⤵
        
        PID:4892
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
        5⤵
        
        PID:1876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
        5⤵
        
        PID:3196
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5316 /prefetch:8
        5⤵
        
        PID:1412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
        5⤵
        
        PID:6116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
        5⤵
        
        PID:2876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
        5⤵
        
        PID:3268
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
        5⤵
        
        PID:3288
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
        5⤵
        
        PID:5532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
        5⤵
        
        PID:1536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
        5⤵
        
        PID:4844
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
        5⤵
        
        PID:1272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
        5⤵
        
        PID:3508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
        5⤵
        
        PID:4848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
        5⤵
        
        PID:2952
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
        5⤵
        
        PID:1656
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
        5⤵
        
        PID:860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
        5⤵
        
        PID:6116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
        5⤵
        
        PID:2772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
        5⤵
        
        PID:6476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
        5⤵
        
        PID:6568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2804 /prefetch:1
        5⤵
        
        PID:6176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
        5⤵
        
        PID:5732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
        5⤵
        
        PID:6720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
        5⤵
        
        PID:6800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
        5⤵
        
        PID:6612
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12741914688352450460,12271440960532125587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
        5⤵
        
        PID:6416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=smileystoolbar+download
      4⤵
      PID:3708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:1876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=snow+halation+midi
      4⤵
      PID:5728
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:1956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bad+ass+mafia+toolbar
      4⤵
      PID:6408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:6424
  - - C:\Users\Admin\AppData\Roaming\Data\tree.exe
      "C:\Users\Admin\AppData\Roaming\Data\tree.exe"
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:6836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=limp+bizkit+mp3+download
      4⤵
      PID:7148
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:7164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=animated+christmas+tree+for+desktop
      4⤵
      PID:7128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:7156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=succ
      4⤵
      Enumerates system info in registry
      PID:7132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:6572
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,9621987213409269881,7352960094983734286,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
        5⤵
        
        PID:5780
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,9621987213409269881,7352960094983734286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
        5⤵
        
        PID:7020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,9621987213409269881,7352960094983734286,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
        5⤵
        
        PID:536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,9621987213409269881,7352960094983734286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
        5⤵
        
        PID:4440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,9621987213409269881,7352960094983734286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
        5⤵
        
        PID:4596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,9621987213409269881,7352960094983734286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
        5⤵
        
        PID:6672
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,9621987213409269881,7352960094983734286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3916 /prefetch:8
        5⤵
        
        PID:6812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,9621987213409269881,7352960094983734286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3916 /prefetch:8
        5⤵
        
        PID:5896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,9621987213409269881,7352960094983734286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
        5⤵
        
        PID:6464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,9621987213409269881,7352960094983734286,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
        5⤵
        
        PID:4684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,9621987213409269881,7352960094983734286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
        5⤵
        
        PID:6068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,9621987213409269881,7352960094983734286,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
        5⤵
        
        PID:3780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/results?search_query=tootorals
      4⤵
      Enumerates system info in registry
      PID:864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x124,0x134,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:2708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,10645132219091161037,9722224115788071105,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
        5⤵
        
        PID:5020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,10645132219091161037,9722224115788071105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
        5⤵
        
        PID:5820
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,10645132219091161037,9722224115788071105,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
        5⤵
        
        PID:6664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,10645132219091161037,9722224115788071105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
        5⤵
        
        PID:3264
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,10645132219091161037,9722224115788071105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
        5⤵
        
        PID:6516
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,10645132219091161037,9722224115788071105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
        5⤵
        
        PID:2848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,10645132219091161037,9722224115788071105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
        5⤵
        
        PID:6932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2208,10645132219091161037,9722224115788071105,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5104 /prefetch:8
        5⤵
        
        PID:3376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,10645132219091161037,9722224115788071105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
        5⤵
        
        PID:5856
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,10645132219091161037,9722224115788071105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
        5⤵
        
        PID:620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=preventon+antivirus+download
      4⤵
      PID:4436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:6412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=cool+toolbars
      4⤵
      Enumerates system info in registry
      PID:5328
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:5976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2276,15458318983254522573,15334913174729844845,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2
        5⤵
        
        PID:1316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2276,15458318983254522573,15334913174729844845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
        5⤵
        
        PID:6788
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2276,15458318983254522573,15334913174729844845,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
        5⤵
        
        PID:4292
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15458318983254522573,15334913174729844845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
        5⤵
        
        PID:6060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15458318983254522573,15334913174729844845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
        5⤵
        
        PID:5960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15458318983254522573,15334913174729844845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
        5⤵
        
        PID:1460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2276,15458318983254522573,15334913174729844845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 /prefetch:8
        5⤵
        
        PID:1644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2276,15458318983254522573,15334913174729844845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 /prefetch:8
        5⤵
        
        PID:1044
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15458318983254522573,15334913174729844845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
        5⤵
        
        PID:1996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15458318983254522573,15334913174729844845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
        5⤵
        
        PID:2484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=free+midi+download
      4⤵
      Enumerates system info in registry
      PID:6856
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:6908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
        5⤵
        
        PID:4192
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
        5⤵
        
        PID:6776
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
        5⤵
        
        PID:6564
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
        5⤵
        
        PID:7044
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
        5⤵
        
        PID:1460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
        5⤵
        
        PID:6932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
        5⤵
        
        PID:6992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
        5⤵
        
        PID:5792
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
        5⤵
        
        PID:2288
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
        5⤵
        
        PID:1268
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
        5⤵
        
        PID:1420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
        5⤵
        
        PID:4900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
        5⤵
        
        PID:6560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
        5⤵
        
        PID:4132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
        5⤵
        
        PID:5316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
        5⤵
        
        PID:6500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
        5⤵
        
        PID:4292
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
        5⤵
        
        PID:368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
        5⤵
        
        PID:6176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
        5⤵
        
        PID:3220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
        5⤵
        
        PID:2208
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5420 /prefetch:8
        5⤵
        
        PID:6568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
        5⤵
        
        PID:6524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
        5⤵
        
        PID:3952
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
        5⤵
        
        PID:5612
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
        5⤵
        
        PID:7392
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
        5⤵
        
        PID:7524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
        5⤵
        
        PID:7880
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1448843378055205989,16129953626057550780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
        5⤵
        
        PID:7968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+cursormania+in+2016
      4⤵
      PID:6488
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:4204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=is+bonzi+buddy+a+virus
      4⤵
      PID:6708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:6296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=stanky+danky+maymays
      4⤵
      PID:6576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:5732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:5576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:1004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=skrillex+scay+onster+an+nice+sprites+midi
      4⤵
      PID:7792
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:7812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=smash+mouth+all+star+midi
      4⤵
      Enumerates system info in registry
      PID:7628
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:7988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,9455969266405977291,13665403377865714951,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
        5⤵
        
        PID:7952
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,9455969266405977291,13665403377865714951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
        5⤵
        
        PID:7964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,9455969266405977291,13665403377865714951,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
        5⤵
        
        PID:3184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9455969266405977291,13665403377865714951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
        5⤵
        
        PID:6800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9455969266405977291,13665403377865714951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
        5⤵
        
        PID:6740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9455969266405977291,13665403377865714951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
        5⤵
        
        PID:7404
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9455969266405977291,13665403377865714951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
        5⤵
        
        PID:7980
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9455969266405977291,13665403377865714951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
        5⤵
        
        PID:4072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,9455969266405977291,13665403377865714951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
        5⤵
        
        PID:6784
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,9455969266405977291,13665403377865714951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
        5⤵
        
        PID:3704
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9455969266405977291,13665403377865714951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
        5⤵
        
        PID:6160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9455969266405977291,13665403377865714951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
        5⤵
        
        PID:3268
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9455969266405977291,13665403377865714951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
        5⤵
        
        PID:7476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9455969266405977291,13665403377865714951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
        5⤵
        
        PID:2116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9455969266405977291,13665403377865714951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
        5⤵
        
        PID:8060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9455969266405977291,13665403377865714951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
        5⤵
        
        PID:6544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9455969266405977291,13665403377865714951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
        5⤵
        
        PID:3220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,9455969266405977291,13665403377865714951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
        5⤵
        
        PID:732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=bonzi+buddy+download+free
      4⤵
      PID:4292
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:1884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=cortana+is+the+new+bonzi
      4⤵
      PID:7664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:8124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=mp3+midi+converter
      4⤵
      PID:6564
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
        5⤵
        
        PID:5748
  - - C:\Users\Admin\AppData\Roaming\Data\Installer.exe
      "C:\Users\Admin\AppData\Roaming\Data\Installer.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops desktop.ini file(s)
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:7444
    - - C:\Windows\SysWOW64\CScript.exe
        
        "C:\Windows\system32\CScript.exe" "C:\Users\Admin\AppData\Local\Temp\Bonzi\run.vbs" //e:vbscript //B //NOLOGO
        5⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE" /Q
        6⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:5644
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2916
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7328
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7340
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2912
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:6776
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:6896
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1268
        
        C:\Windows\msagent\AgentSvr.exe
        
        "C:\Windows\msagent\AgentSvr.exe" /regserver
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4808
        
        C:\Windows\SysWOW64\grpconv.exe
        
        grpconv.exe -o
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe" /Q
        6⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2320
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6116
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:5844
        
        C:\Windows\SysWOW64\grpconv.exe
        
        grpconv.exe -o
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE
      "C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:8724

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d8 0x32c
1⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5248
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5768
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5784
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2664
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4308
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5984
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2696
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
    3⤵
    PID:5220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x98,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:5752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    PID:6096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:6112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
    3⤵
    PID:2576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:2000
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6076
- - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:6132
  - - C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      4⤵
      PID:5952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
    3⤵
    PID:4836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:4700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
    3⤵
    PID:3472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:6604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=g3t+r3kt
    3⤵
    PID:3896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:2036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus.exe
    3⤵
    PID:7320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:7332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
    3⤵
    PID:6944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:7752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus.exe
    3⤵
    PID:1636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:5460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
    3⤵
    - Enumerates system info in registry
    PID:808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:7216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12226360608294155539,15089513140545393819,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
      4⤵
      PID:7504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12226360608294155539,15089513140545393819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
      4⤵
      PID:1976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12226360608294155539,15089513140545393819,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
      4⤵
      PID:5236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12226360608294155539,15089513140545393819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
      4⤵
      PID:3668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12226360608294155539,15089513140545393819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
      4⤵
      PID:4312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12226360608294155539,15089513140545393819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
      4⤵
      PID:7880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12226360608294155539,15089513140545393819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 /prefetch:8
      4⤵
      PID:5140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12226360608294155539,15089513140545393819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 /prefetch:8
      4⤵
      PID:5032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12226360608294155539,15089513140545393819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
      4⤵
      PID:6352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12226360608294155539,15089513140545393819,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
      4⤵
      PID:7192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12226360608294155539,15089513140545393819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
      4⤵
      PID:6324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12226360608294155539,15089513140545393819,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
      4⤵
      PID:6348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12226360608294155539,15089513140545393819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
      4⤵
      PID:4584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12226360608294155539,15089513140545393819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
      4⤵
      PID:3824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
    3⤵
    PID:7300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:7548
- - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:7340
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\System32\mspaint.exe"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:7328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money
    3⤵
    - Enumerates system info in registry
    PID:7236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:4372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
      4⤵
      PID:6948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
      4⤵
      PID:7936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
      4⤵
      PID:620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
      4⤵
      PID:7196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
      4⤵
      PID:8032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
      4⤵
      PID:4568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
      4⤵
      PID:8148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
      4⤵
      PID:7000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
      4⤵
      PID:7376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
      4⤵
      PID:2500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
      4⤵
      PID:6324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
      4⤵
      PID:8132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6488 /prefetch:8
      4⤵
      PID:4304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6488 /prefetch:8
      4⤵
      PID:7412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      Drops file in Program Files directory
      PID:2208
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x7ff72c145460,0x7ff72c145470,0x7ff72c145480
        5⤵
        
        PID:6972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
      4⤵
      PID:5032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
      4⤵
      PID:7924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
      4⤵
      PID:8496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
      4⤵
      PID:8504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
      4⤵
      PID:9040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
      4⤵
      PID:9188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
      4⤵
      PID:7940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
      4⤵
      PID:1996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
      4⤵
      PID:6924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
      4⤵
      PID:7864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
      4⤵
      PID:4368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
      4⤵
      PID:9004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
      4⤵
      PID:5964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
      4⤵
      PID:9088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:1
      4⤵
      PID:8528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
      4⤵
      PID:4584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5128 /prefetch:2
      4⤵
      PID:3976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
      4⤵
      PID:8912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
      4⤵
      PID:8820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8060 /prefetch:1
      4⤵
      PID:2516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
      4⤵
      PID:7924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
      4⤵
      PID:1596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
      4⤵
      PID:8488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
      4⤵
      PID:3508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1
      4⤵
      PID:5900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1
      4⤵
      PID:8320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
      4⤵
      PID:6812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
      4⤵
      PID:8468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
      4⤵
      PID:7028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
      4⤵
      PID:3076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
      4⤵
      PID:5940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
      4⤵
      PID:3552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8268 /prefetch:1
      4⤵
      PID:868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
      4⤵
      PID:8788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
      4⤵
      PID:8764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8380 /prefetch:1
      4⤵
      PID:424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8376 /prefetch:1
      4⤵
      PID:2200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
      4⤵
      PID:6912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
      4⤵
      PID:4144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8832 /prefetch:1
      4⤵
      PID:3728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8720 /prefetch:1
      4⤵
      PID:2096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1
      4⤵
      PID:7652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8676 /prefetch:1
      4⤵
      PID:4832
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10815432380324050509,12021013524054365706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
      4⤵
      PID:8484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=mcafee+vs+norton
    3⤵
    PID:8872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:8980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    PID:4148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:7344
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\System32\mspaint.exe"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=mcafee+vs+norton
    3⤵
    PID:9084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:8860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    PID:8104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:7716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    PID:7380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:8312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=mcafee+vs+norton
    3⤵
    PID:5196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:4704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
    3⤵
    PID:3336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:6964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=what+happens+if+you+delete+system32
    3⤵
    PID:7092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:6380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=batch+virus+download
    3⤵
    PID:8236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:3024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=batch+virus+download
    3⤵
    PID:6664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:6720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    PID:8624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:3648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
    3⤵
    PID:8296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:7688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
    3⤵
    PID:8492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:7408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    PID:7244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:6872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=minecraft+hax+download+no+virus
    3⤵
    PID:7948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:8992
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\System32\calc.exe"
    3⤵
    PID:4336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
    3⤵
    PID:8764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:1680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
    3⤵
    PID:6348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:8608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=batch+virus+download
    3⤵
    PID:9004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718
      4⤵
      PID:8904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1124

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:6216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7632

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:7824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7504

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
1⤵
PID:7324

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:2172

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
1⤵
PID:4052

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
1⤵
PID:6600

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
1⤵
PID:1552

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5240

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Image File Execution Options Injection

T1546.012

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d8caf257f7a1b8002f4a7f20ab232d7c

SHA1
6082f8a80d3927c8908862ac852f1d095d0367e8

SHA256
265e91cc7932710008c4ad38659dc89894e4fb51ece8458bac2d31ed0a6c267f

SHA512
d1819686d47c5b381b2f5fe7b763f09b117f0999b9b00c2e2863a9402010a6ac7909dc6a25fc3b845f49d236c57f221ef6f87396cce35ecf466fda62a4025324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fe3ce44b0dd36c8d610dafee6073b730

SHA1
58ee7658151d6b7790e73f641814f717b1b10520

SHA256
1dcf034ef106879098c208864e2ff0c4e2b38ff76c82ec5b49fe4afcdedcf3d9

SHA512
0171dd0fb9c0bc6cf9c7de87136dc3926431f61a30665b93c372d7c5bcc5e6a7f26bf6b42877327fdfff10b8354c26f8514e9609f14b4f012c3e326b93bc6019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ae9ea492b1588828a3702a48325fca3d

SHA1
f1fe121a0d611f3b94e85bf10b6a4c08a4d4d78f

SHA256
f1d4515f2f2af00ed52a3de182816f915e2a2bdf0f6347372fc8c398c92a888d

SHA512
88148b8945bae7132bd0f8785165563e7b64ebe62de2780c3da6943df46b71f24f1ceb9df1f4a89eb336584a4ed6e89b4d5cc13d6022dbfc85dbe6edadfbe861

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
13412542069cc85fe3c83c1930146a06

SHA1
c4bab792c523cb6c4d3983e0e288b23f3404baa4

SHA256
b4e75685045d5573159ad872f918d47884549482d8e77de285a15dc29d7ac17b

SHA512
b437ee30d1e8162e2b0cf673a23d04018c747d4864541ab49b1151bff3292e62cd3792ffece134d5ca6dd4f629c4f0a2c2f9922ee32d854efd8d6dd3f50be24a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
497dad2d04447cd3deca3ec3c81d1541

SHA1
c6c184b21530dbddcf73963eee622693d747880f

SHA256
cdcb3a4fadfc33603b68d6c2c051ae973b475bbaae588e4f86ec84a59c40bedf

SHA512
18ac9148c88e222b9d238ee6aeacd00c6eed4477ba83a1b18ebaa75c0e9d891a603b79493be8518338f06659671257bf7556f03a5b4d6d18e059087838d75fce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0f3ff4c43382400656f0768066c2bbc4

SHA1
ffdb62516e58c2b8d8563d6cc5a7f44f3081965e

SHA256
e874d01b75f4fa05260d77196e97b0e6e70bd6b25c7cd9446f0847c75ac37780

SHA512
1153da91f25955e02561693e318ba19e3de7b03917bc0fdecac40fe8814062a2e354323ea7be1eb78702bb37ea6e71e1f9153b8f0afcccf04d7fcdf15fb7d117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b921ca120995f267e5cf64fbe187aa9

SHA1
57ea1a4c4f6fb5e78509760a65e120732779cddc

SHA256
14691e26f25b4a68adcc9e7598f260f31d0b86fa25b1adab8bb358f8e20133ff

SHA512
aa673f989aa99830e5b5ddd0255b7457bf5ddf5fca2d0d9dfa9b5481344526337bcd4e6886f46667822318dda66204c84e5d97bce2768307a36ed75b64c97efa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2b79202f977678b0a37f42acbc023720

SHA1
9f4f7f8cd439c6c7608f6db9a10938fbd1049b16

SHA256
6ac97c77aea6102abe7262ec400b2849b9f50176bb498cde39eb0a7a2b0ff505

SHA512
e3795a702fea0b71b42b9929253eef841c25eb57d59c313f95a47aaee083aa93899799ae6da48e4838a6f4955dc610be7444b4fe27be87f3596e9e23eef6e638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e25ee0544e91af220618f8e29dc2340

SHA1
5109caa35d02b5c043a70289ad5029df10485eb1

SHA256
04a5f145370cc4614fe697ba6531ac401d3c9dc15524d13f7fb03748ce798763

SHA512
75191db2ad36f68a48e40269b5a0063827edc7b97ced4bd5124c72af55c02a6bdb501b493db70c52d01dfb912e2c161d50fe6bd3667b19c4e2a0f0146ab9688b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
964a89c41f5f9fa8c8b5b7f77a9335d6

SHA1
39f3e2eca619560cc58031c8ad8c61b12361f932

SHA256
0d697ae8868d2b92d552da18e4600d586dbf8ef13827528a18fa836a08ec8605

SHA512
a0eb52d797f2a995c1701eb9d3879b8995939e3f0a79fbc581a00d4b65b2bb3ea1530962e2593e5cb51bd0051159a202b3a36a0c3939e1f4dacab5fc1ec60d34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f9fd6f2703be912f2479fe9d0a8e49b3

SHA1
39ec47d914002bf921ed19fb8cb134abff687db8

SHA256
54025daf890242a7f4a448e6ac813b9211772d7a088be2b5d3e1094263211e3c

SHA512
590ecaf16a662300848ef8bbcf69c267a78edf4fb7ba5884e4e60a161e1daee39b938812d1807730db4834a5c853642057e218802342752ad9d73ee07e7ed8c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
229bfd25f5424511141ce2238da12df7

SHA1
6e99fdab8e48476b4928366fb3af76b55e4e005f

SHA256
6e5bb9b38bacf61f7c89c2abe880574a7b61be9678e20c592438b3cdd4efbf4e

SHA512
32400a3b314e0a8add2f1336357a89b526d5f0c507e5f6ec7867f0804b8145ba3d57cf39acab455c8fbf0a74677af3f737cb1a04dd4414c7ce1ec57a18411623

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0d6e2d2bede53625b1acd1c254b37b49

SHA1
58efec43f18693b702a589f0d7146401ec9c5500

SHA256
c274858ecb55fa82d54bad685bc3c31d31aca2e36603d099d9eab6e359b32bb7

SHA512
3d93267ba79d3f844cc2461ee640a065125b1171b80439528d0049679507184cdef10549fd45c05a2d5c5e4f85afd4531f16406e313e1914e5ecd0c577a043c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b5a189c95459a80c38548f07a6f39e92

SHA1
22e1fcfd8041108f3faba77f0a68a35d49d8d287

SHA256
ef266f2a0251b8195b61a4af9bb6579f73bfa96611c055e14f47e8d0e3d6482d

SHA512
f9973897b621462bfd429c1655444b0f976542bdc7774ac76e397442e32f70720c6da26680b5f47c89ac1bc7b636baea7f2f5895b905727db7cb2fea60c56b7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b972b2462039a3be29e3b1b82aa9042

SHA1
8d8ef5d03b779ddfe53972cf527e500974588f43

SHA256
29b6381627bc69ca27c6fb0c196292092c820b9c2d2a33171a0847657d1af9cc

SHA512
3ffa1871db9189cc2732be9ffefc954efbfc82202ad9f32759ba05cb7a42d2f98d41dc5bfdccb6b1b147ea98803108afc6185c4f0b48e68edf5f3daa9bcdc811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b08743ed8cce44643d54f8ed1ae846e

SHA1
9e87bb631840d605f7d20ec79873851591ef23ea

SHA256
047dad693d9fd372726c3d61bc0e9fd4fb69cd63c13a3dcf285786320d601fe3

SHA512
27b36a4c3a1eac9f9486c5a0f68ec8efab4b67f3234e4e7002631f5d6b6d89fdf2fb46db405f0b6b4e2794a96d6ae32c21ad6e18d5053b0d0d3df5ee46664869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cf2ae1c7c2502a0614fe6f738c93cab9

SHA1
d90110fcf70f93b7e8ddefd605b8b19ac10a8a37

SHA256
8f506779d63a5b964a5b5e91f23b356a82c8bfaa73dee94f6baecd9a747a506e

SHA512
470250f0c25c771386f17375b24634fb96eedf4fc7ff6f47034afdfeff06622f57c96d9c137bf080328156afc0da4c05ec6d81d7cb25778c91661fa5be43557d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ffac764339cca0e589fc0853cdf2a2d9

SHA1
20ea2fe8bd0555b46efe0d74ed6cff12409cf115

SHA256
2b3a23c2d604ed0d7ddd7ca50e930afa55eb99d09013775b57d4a144308d6d74

SHA512
398f616185e8662ecaf51cca8e79691274146a42dfde16b6ba7fe323bcb17951f4a1e7ec4aa4e0d1560ce18e6cd21455b270d1ca5f083a592d12df3cc1482637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
16475100c974fbd98269de3bae7ab7fa

SHA1
ae586e41050f9d2c2caddab567a0d7f21fdec361

SHA256
bb2425d62e86b14f2552939a815bcd025e58e3df9ec599586a73f534b2be3292

SHA512
3bb92d6538091e8d933b01fbd98b69c59c79a7d8bca24d31ba4e3b794f4a5fe87c3c70803c4583784cbabdf9c47dc5b07ca8574296dc3b0a4ed196f100b10ee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
47afc437d50512ab620cc92191f1a0d4

SHA1
d489b95c6ccf19fcdef2f23cabe2da290816bc8e

SHA256
8c173d7ee91681c90db9009e693ec83a20088d52186cb1c9a5126a3185d6b2f3

SHA512
8273613b6129f092887e9b4496e7109186ae8187df271887e3c9b483af379cd35984aba41b226cd7f16d3b28f1fdd4726e64ed05526626710a299ea8e699af60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
64c432980c2a5b64895cffe1b66352d0

SHA1
24f4c132461354236d72646c2bc4016584dad110

SHA256
7d1afbde77354438b8f9cbd96db2189080d26c26ddedeec3e8a869bd6c5ac514

SHA512
fc6be764dd5d52a233759ae8ba5dd2016418d9f024d3dda915fb3efcd871947a2cd538a5ce98ad3fdc98ad1a7877300a680d45d438a601450248b45e0ddd5d2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
26d3ee9a21548e45d4eaf1d200ea8bb1

SHA1
a5660c97b84b31abc01313de85593412d5030d61

SHA256
b685383dedb977aaa586f75b05e5da7fae700908f76c51859573cbd202d8caec

SHA512
b9c2053c83a61f168cbca96242e707eb30d794fb71ce0803a71db6deefc65ebd2c6ea5266278db47fe42d8b9c53fb844c216fefa12abc79eec2d3c080f30e879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a9b9e676e0d10e8b910eb360a1ad0791

SHA1
edc51626529cbf40f4cce05b8a323ddc49a0649a

SHA256
11e300acb8004b81e65c8c7606aa24f219e844b2143d7bae645094c82d0b2434

SHA512
46dc34e43fe11c07c4a5b303186d1525b20d275ebf231c8fa483321d827e87f733cbd2afd570ea2494ae8d1bf05370677d8f4eea98f8172089904cf2bbb97a70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b7e662188fb0317c090b50e3c7e8abe3

SHA1
7167234c17869f4ebf422204414374c7d86ce824

SHA256
2441fd2ad738083b5991eb68156fe2a37a59635dd99246496bbf71af33dc852d

SHA512
df1c12686d8fb28193806fb23bb29d855a5d16c17fa0392e3c5ab5b9541c8b8765a235340e52b25eb8aa1ff7ea5be9e50779b064f34958669cbb4b02988b13e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8be15500fb8859b0aafecfabb1e721c3

SHA1
a8b1d90964808b9e4a78f584617ed2a6cb8eaeee

SHA256
f788859bb9af731071279a311446ad2c52f7e462aef42b4d7c6907114979d09f

SHA512
3abd4352e7d2dcbc6e081ed5fbc2ec7988c7d14675cd57b10bb9335d6c560c2a6164ddcbfc3ac9feb4f95d8d1c3329367930a8f0d682e54eb088e7d0beba798d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c30a0d661f89fda2dbbb4973092b7dfb

SHA1
9491ab2dae80b744b387f133eec12e7997d5105b

SHA256
49842863d5d0e609cbde9d57450f24d721bedb21af5070b4d6d4b58d0f7cf54d

SHA512
cc937febd646c23f4afab6fcafc88dd8bb869e9ab526a7f31a737f31e54814f05ea25724d1733230544e875a6bd1f753d5136b6312c9315ff1047b9954577ff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0a718072df3958d27ad5677f10b3ebc3

SHA1
f55b274ec79612809ec94b371f1cc40885f5c241

SHA256
29cf363b4e24119f12c5a1e2c9bd184519735eb16600c8d84be582ff6cae4c5d

SHA512
1edf4be9ea1923c3fd22ec230d6cf54ac4f14c65f0c996c3519773dbb83182eef83c93edf570a1ac316a62019bceb3828214265e57aa94e74df77f8eab77d54c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
beac0c3a0e99d0ce94006604bc2f5452

SHA1
e3c29ab5efdf573c07221e66435415019060e49d

SHA256
158f521e3857481990aae72385df7f1ebf06cbeeecad6af61f400eff4a38f9df

SHA512
0729c0fb7fd74fa3ec690af9cef336185983bb9ec4c16e9c051611a84ee114569393fe3b70f22f5f05590e6e5a537a424a9ee26fd1e2e2d66a71e862225ea72c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a1c69b4046b20d951b7872686f0d602

SHA1
22285df838b800d01708a759042856a778f2de93

SHA256
31e28cf1ccacda136fe9d490988cf5b14f281fea483096d428e16edf344826bc

SHA512
d96a3c904a4c0927489b7aba3ced74b4c891b4c08176e988eebb5117ae41190c925c6c12988eeee4b1b332d423d2a29467fd8e8e8bf0bf54c7cd9bb3ec74de69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f7605d7421ff4335625c25cd1f81c1b

SHA1
29677d6275a9a9c5f3fd4231025e430ae2e8b65d

SHA256
18d372f892397b359f2cc0cb897e0271fdf1cbf0c62aca90b31e0b499df0d47f

SHA512
af6dca24c4cc61eceffab65166058d73331eb73631d625fa0b2007f79141a128657dddcf88924d0f396cc2e6761d348e6bf82d07e0de243c076142888b6cbaf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4e7d328844262ff17bcc4c7d7b33c7b4

SHA1
121f4c11f57fdf3d929a5a216856f319ccb202ad

SHA256
c1dd68926b626efbc6d4550660febe7582f39f95f0618cf26aae29f559efadb8

SHA512
e5e0483d6f9e3074eff7bc42cb692b99cf75f3db505f7e781f0e75d7845a3581ca3712542b3ff32aa7a8f262989dde66703eea2e2e8e9e4025ba5daf0c285064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b0fb2621d224fa7cb7b6d9bf545ac671

SHA1
c132192f5a19155ff1a8c701343b8d4897925093

SHA256
c0283f8069edc3165a1f351fab21071327aee84638e0f0de32cfeed5b12d11f7

SHA512
7244ed9259e9928cd428dd6d89c0afe2bff1d2e0f8840cf7f6f305a778c47d0be9aacc2d20616218bdac7c102cabb5aa15bc76a0fa00735699a14241d36d132b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e0386a1f202095d2993bd90e0aa9324

SHA1
78d31427a9dbd92a71fedc6b33a2122ceeeb7289

SHA256
612f4b986a389ae50c20c94294e2a3f9df31a2c8fef804ed4acce1f5b59c31e7

SHA512
dacc3a279fad95be9d2905d18bb09434c55ea050a8bf174a61e7f8a1a874ef9ebe5e7e19d2630caf63f0d4fafee6f098fc1001cde91979342be3d27d215c1c2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c8f5418548a8c43d592e7b7f5f15f7a

SHA1
6242149894a282e957425dd7abc59a4dbe2d3a3d

SHA256
2641dbec66b0a7b58086673f440366eea5e91fb73ec5f051f51529bed9de481f

SHA512
f24e80cdda307dcd6a6dfc0b0bf8fef7250c038d16aca388e5adf63ff59d6b3ab7b87febb4af76367595c8d14a62802efbc6a4ebc0d68e5079444736e098549a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cf30ffae7b253a36506136c3eada50d2

SHA1
7ed3c791638d312b9fc6359f3cf9b7f5971ffe5a

SHA256
9dca86a8c1f35bb1f7cef88501030c3eaf7f664243a9ac8c8b9cc427a4821d24

SHA512
1c27e783254f9f144d4d31679ad80561a162ca13ec7e23c92651f56c1c773c0b4ec799c1faee63be968cda94e37cb37b05e77012a92582feeaaf20396128a6ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d66d5bc513323ad1aefebe4dba93fd8d

SHA1
c3690d3a2d92467162da4b8766f7439b5343e42b

SHA256
a7f6969e3c68dcbd3eae92bb51fab3604f837e6071c44832cb875dbadead2ccf

SHA512
602881a81879a3c47e50d6403a04b7d473542ef5af193e1516619d1b3c733f6e7c90e02bfc1a653a3704b5710ac43870b6b312f1927ca9b4ac1540640386746a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
04ff433555c937557107614ef7d38467

SHA1
a536d6738ae87f18e602db63753ad124ca2646dd

SHA256
1380a9e08feae4b5c470b8e893aeac793cfa70efceb2415d821c190cbb049f70

SHA512
e795fe588df624a10acdbd9446a0f471ecbb5803216e796d503cbbbedbb5a76010124cafa8938b4262939f4c8e7ac2696dec329863f91bc6f26ab8cbd380cc18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6191a1e4a1b0e332fae48948a8603174

SHA1
6ba425a8079785106e8b8bf8f9f474e6e364ef19

SHA256
11223049347b77d0718c4afe3bfc361472c38ca426c9f3fcc44cbffa7cb54a81

SHA512
d23717ba10bf5c35bf3c955ba619e5efd925efa192879301504fe5b4290791e09409aeec610f7e48a4913148fc25ba05634a9e3f74b4aa3ec55c928e17fa2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2189339a1bc67a8de68995795499a76a

SHA1
cec202914552f0148b78239b17b1a9ffd76f1a6d

SHA256
39334af94f7a42a5a36348615705913e9f413ae06637cabaac031727c9a03b5b

SHA512
f7563854540724b457d70c6390a7d0cd4f357b3c35ffa80221447920a6787bebe0305e1af771ad13cf72175d09d955d52f32d6201a7d7b208a86b6dbaf7cacb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4ea33a637c2b3c1ce042d0efa6cfea07

SHA1
d9a80ffa91c3fb80ec891d1c7e233a537fbdb799

SHA256
3da84dbaf31b0d4f287d262abfa0adb655bebbc6e1572e95f531fa26359dbc37

SHA512
57702540d555369a105f05485241e436c32afcc729e2bca8a04052db5d08f6d7e5fda7a08f477b60e32ee9964d80fd64134f05a123c801753bd714d0a8c661f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
334274157434ea050fcc1598db520f5d

SHA1
0890552b24a3fe74546454b2ec98bc4a5069c60e

SHA256
35f92032ee64c53021b102781452f05519516c16cebc72b3c2242d2c03bc16bf

SHA512
2c54358e0d99364397afb9e54758e5fe1e2c8e0608558f86e29e4c7e2acd14f294bab6a1594d2a8ade22b1f05d244c4a493c513aa5c1c172f951b62fed8d30c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a865611feaabe81703c7d948a49ce190

SHA1
158edeee3c2270d889fb90de9e03d0b3a5a3e9c9

SHA256
05ad7e935ed80ae241f11b7c5a3e044eff6016f103467173a3881bb26162dde4

SHA512
c32c05d3eb908846cf2b58d9fc14136e2ff3d2ecff92238fa4b3860c7f3b544efc8bc14c55260820254672f5372e21a22a953cac0c9a4a9f524f58bbfb7bd4a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8dc774fd3b1324fef3783075bfcd4531

SHA1
f976cebeb2644b52a9c439717db369d9ccca7571

SHA256
89d59104942dc3e78e23067d0491692db4456df45d360ffc3590fc0c90a1c55a

SHA512
f77d672f725ea86c4ca290ee70106e5f36cd5c762cb6982d0e28dad0848393d7067d43e0849341ae6acd80b560b622b0abc8663ee8699bea51ad14b4ea95494c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9659271b0bf63d860234b53ef24f281c

SHA1
e73c17362df242632a687a91d2034ad5ee0abd7d

SHA256
94ba13c215f132df61b9f10a4e26a65e500ede236be3426781d60a654165e2b0

SHA512
d488dd353047b6b1f7743bff53d94bdf4b3f9cb50a5ae6d2b0baaacc95aa879cce11ff202a6f984e092ae13fc704b824082969f40e8a0632bccd3d6bcbb0d4aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
abeaed6a617d99c3eac7d770bf694912

SHA1
8a7f1a3b44e09d75b3071164fa238a09b2d39597

SHA256
bb36de8989ac913acb4ed3d8f1b35e766d0cb4a5d98b2fd8d84c6195cc7d1d1c

SHA512
496569975b0656a2680d32f947219ac33f728882db06868fb74d13794e57a38677724da6d558b918137d4bf613e5b52891b13bb6fce3773c2aac6759374f2a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
343becba2fe6103ea42279cf1a644852

SHA1
2d29ab34e81bfb9062bc09383bf1c15b6ad7ef18

SHA256
3e256b193ad7ffaced3352d8b9a0266aea15cd6d29d7c2b4e6c2c85f2704f487

SHA512
7499dec6c10cb13303956397651e523cbf98bf0d41e41ec6f8b5d1281f513f0cc89f6f9f5fbd9b17c7a4a9f60158ae462c0607d34b42fba24458d48297b238d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ad008c918b5971840fe23d957d5ed902

SHA1
97b8dd37bda7344055d16298482ad55919851113

SHA256
e27d900641f5a03c97212ed032db016cc347d070cb2152ccb74bfcf7fb7bc63b

SHA512
4af73780eec4d32a400bd9199a58e8cb9b35df9c37f39351e0410b354c1c138224d4c52fb6c54d30b2795b27406de855bbf701b437ed6d12fc79974a0f1eec03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48f758114a786e618e8c0a3de3e65079

SHA1
19a7dee0048caf5871d8bf23a5a34fc55c46ee1e

SHA256
c908b9c6e4f41bdb151d212d69236d7da3c0610ce8a7c750f4853044a1e1778b

SHA512
c9caa2f2901df461188d5dc975e051baff83f09f71efbf6c097856c86bcdf3e07a39dee7bec67206eeec88fdb3b05cf338848f21419d99b5bc110d48bc6e30d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0607614d48e4a3a4a1b3221e9073cdc8

SHA1
144ac92a8760701a0f4f0a19cc07da7e616c93f8

SHA256
f9dd4fdee7bac0dd0f763c9ad0ca5070a5931ead325a8d64e0ae50f6285458b3

SHA512
2ce16ea40acf4f6a677af344d102dee2ba2895898095e281a11dcbe28f8a4118028f25e1f50106c2efcbb5d7da3e9c7e70bc4f2f2475be16c18e5d0b12dda05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a6709c703456f3c483c2a5204fb6d0f9

SHA1
acca54c289a65c2acb396aebc7f81702834399da

SHA256
aacfa6ed173357ab255a5ed2024ba98cfea82c31e7481fc92105f93870d5c253

SHA512
2cfa094cd7a0c7472a927fb403e22d27b52863e7d74768008da6b192428e8a2e07b0861ef71c22d805abaf06003ed72b9c362f466adc32f8718ee2cec4fce1ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8dc804be7c8cd442fa8f861f63df2d68

SHA1
b9765b1ce8c804b0e87111b0c4d8a8952aec6a51

SHA256
69b92c405478151967482f1423b577695650339fb8d8e434135ac5906e789198

SHA512
3264742cf873389d2a515f2bd9dae2de6433ad5411a14912444b5035607b0d4f7a13a6dbf7593c79c3d5b0359f3f930029dd6d9326ce484fd1e1a427a650631e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
03dc115978cf89057c351389538ca507

SHA1
886b919d4e162b7c78b9af1ab67e61f6ac39fed3

SHA256
0ff4e71c71b1ea40b0228b0edc2809f589b32b49ebb8a1c1092746140fd85705

SHA512
c1665ba4b329e83c097a81f398af457b6d08db7d1b59cb135406315acf8d859810a0c0a66f9e1e10fb3c3a1082fb0108410dfe767df3c3ea1a6f1404fdeefc4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
55c43fb22352996915b78c480b8f97b9

SHA1
b7ac6bb33eb7f817c43c57346c1abb8eef5dbd20

SHA256
fa14bd3230077ce1a1081b78e8beff649516d5e43688fcf5a416bd150cbbceff

SHA512
a97ad7f01c8ef500ccdeab21b68a4f65f958455d5170285e46691f688fb743127c76f362429513ab8fbe3c826a832e7432939aebcb71185c25b68892a12f937a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe61b2a6.TMP

Filesize
9KB

MD5
9f6ae35f6229f9eb43f3db61a91abb3f

SHA1
ab65304452333e572ae25637d961fc7e89f01cf9

SHA256
bb4fa972790a8987a422a254467d714e0bec72d77bead50a7083cfae804d97b5

SHA512
4dc1d6ce64094628d0151a4d8ad16a7e1f7232a295463b8f2a8c488ab2d0d4ead3e3bf1d7d79bce34ca6a9d982143e767167b7d07a108a55e2d72eb46a1cf718

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
19e95d54777462439d314ed09ad75856

SHA1
fa51e7b7ee648c9de00723db90aaebbcc19da47c

SHA256
588593783af203109edc54afa4b8589ea631400a2c3978f70113dad673cbf6f3

SHA512
99069d7ac111c8c0bd39d13d37cbb18db919f4f30e34227ffafbc734c7966cb532ca3bdc373e7bcae0be384b8beda47dac5ba77780911c3cc8d9141dbe701ca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
de3dba616d77eacddbc3f6d8c95b12de

SHA1
536d3e2dc568486fd45b71e1840779064c970686

SHA256
1629f09c3578962a2cd31781c0e80c9e9fdbe50656635beca8fe6eb9ada540f1

SHA512
d53deb3713c70c0ba834c8175e64d8efb0d869210ea18b5d9940511754c929490501598822070e1799ba2ee0d708272389ba2dc62167f8334a830be19e9d44fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
b92c287f706a03cf150f80e0188541aa

SHA1
79aa5595c0a88d577bdcae2e0d9778a3fd1e6694

SHA256
1262ec297574feab6d4dbc19f4ccd28da4675f9819df3fcb9c936c8e2a7cfba1

SHA512
cca009db46de48823e1c22db792ab269be466a3310fd9a7638ffc9bca619bae0f4cc1af458ff256cdaba530627a9a341f5c45505c7e99eeb1d60709341f0f6c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9c6b273c39fddd2b06b3096c2bfc7d3b

SHA1
a6d3dd9bb4d39ce1978e113201db97c6e68e1681

SHA256
7d4ede92be58a921a8f51a7b15c5a81ec7042511b0088805575fce30fd6f641f

SHA512
a1baffe7ba04e9733761533b36e92fe91a92568e58c1e41a17e28869a08582b75f9c9f215ecd48254d0c351a06ea70495978ad4a24431ae300f33e8e14442e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
391ae6d89ba2f4a8e8c54d929cbc3bb8

SHA1
77129e6d62355e4473f1d7a58639fd69ee0f9031

SHA256
4aeaa69fd26c24137b45ce8bb59314851e505be2d97f280e5564e4ae89728ba5

SHA512
4cfcd6ade1559a63ddd712572239de7cf3215b2de68382a4af03af96a66c4de28065a7e8a28bc42dcd4bd782ce138b5548046bd52593965dfcf8f11e687727a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
40d078d4b5fa9a79cccf87c8b139f87d

SHA1
195238702919ebe0661001687508dbe8bc578380

SHA256
a27bbfc86d553f1b5f9edc5cfae64997df873b865aa3bdc7bf064b78c87e72f3

SHA512
ca4d9ac6649caea4a8513ae64ef34dc310470988535e781280859ee326b937174382c5aacc7b823193910bd688883bf90591f85aaa57ac785cdef630b41a4b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bf177df9e051effeb7ba7060e8fb7bc

SHA1
739c165761204ab568a1e77b87b7d2988353b332

SHA256
b9e6cb52932d00936aedf7334a836a0fb133d0699ea14139f2c68ed7c2104753

SHA512
b3e0c9adf8af4a11d072d5f0c7ced349b0cfa7a663761229027957a8e6162871033069e02be367e054e33fb99ea1df147c76a2ae685cf726a0c1fc8c222ff092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1a7291914071cdf1a99e1a2d8d67635d

SHA1
1a2fb2dcc2a4b342f80e6ee5e0863b683d36331f

SHA256
41d0d0dec61823811b2462806cbd9f90cd0896ddcd8f0f6d191bb10057c3ea13

SHA512
e187992fc0c8a5bd3e848ad59c7e039c5fdcc594485cce334f015b87edc356fdac5b8ae66ec68e954dadb72cd12a0484e43f9fc8dafa81e5b49813c7952aff8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a4687805973fb206e206002c64a19f10

SHA1
e6dda2feaf70112c77f1cc43d60c5a7c68e0b891

SHA256
5baa96c25e88c43119ce1f55bbd80c8f3557a7a4acad3ae9c02c3a90c31231e6

SHA512
b9ef8269bf8e05515a8cdc962c720c6dd8633fe475ad1ec5210c4d1164b773a59326f9f94e3c4a62ea21c243c38c57b9b9527ed03852892229e99502dd5c9e28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d6ead0892bfb9ce58a0a10c06b1d0dd9

SHA1
b6fa25931d7ddac5bf09e0dc51b1b550ab486b3e

SHA256
4914058191c0bedf16b95058d1c459ea1dfee2a7c615af60f972613f49f98251

SHA512
2f9d495c62c1b9d64980f201657371cf49c8c4f7dd3818e77ab636a5ab002e715eb25d03523e5ec88548628ea28b25d939d6ef9228980b56381435170a1c6a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc0b1a6bdac8706f6eff8ee135c40f96

SHA1
d093d787eefcfe06f718c7f974c0a934b082ca43

SHA256
7a928816e9c1262f389620357eb2f4302c09cdd5689d7485a8dfa3012891c79a

SHA512
31d5a79637a1c02ab47ce664f8630ee516e0892ae2455a91dc8529cb954f99bd366b0e99191e729cea2702ddc80170729160ac973ebd77a63e94deb595a27804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3a67eca0560eac25da9ff09d0b0a3e33

SHA1
14a2f6bc1ea09cbc0a7367ba74259019cc900361

SHA256
186b173efc2607a08eae5c998448870f205cc0c66a0b33f1bb7398ad7b5e8037

SHA512
051ccfa3b63d35d1ed213192d977848678132fe7e789905c23b5b4364582c9793ff1635ec608a391e516d5b8c5df3361098fb6c4a367704eac9b01a0d94d07f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
df6ba2ae8b18ccb826cc7e392514c677

SHA1
7b1ef9c0bdbba607b9498f2693334a9b70e77ec1

SHA256
cdc40dca0955237ada94e8c87d315c39fa083aac4ec62555aaddaac961a7183f

SHA512
cfad11d5222601b6e918016298fa35c03801606c3c3d3d6b38c439a5dfe87717f38446ca5d43ed6ebf6f8bb81cd2f734838cb5f3f69d8c82125c4b451e15961f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
633e8edc0d50edaecf37dc317cfa91fc

SHA1
74e867ed7875e818748a9ee324ae15a3fe6648d2

SHA256
03f97a9ef3050819404ed9f6ff9f103819d84120f2594ec0670b351f410f844d

SHA512
161a7419d54b42befdcdd81e7c3721c1b9b57b4424113e752e85ca8c67b01b26c3e174c709ccd16b87d0dfa5b381390ba6f3d314e7accb134b34632d452b3771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c951af514e1d5302b2397644626477c4

SHA1
d7aa77c96990b3f03a2cfc0dab32ed734cc2acd5

SHA256
5c4c01fb7b70c3c256a96488f34a6050d9b302e64294ff717e44f1936b9a0ca7

SHA512
281053f64b0ae6e8c374a71a97f848c066462cc1b8b51938c288415582e68f2b544dcc0fb1be3279ea0fe07f1ab158c11818b1225bba2ba5dfd3dbb25952d7d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
68bf32a813c2c5252aa1df411af00db9

SHA1
49d903cbdaab635be22be1358a45aedc338da73f

SHA256
b5e9c2e7c54233232df0ceba15f5e4f42504a6bfeda131d9f177ac5e99a5fcfb

SHA512
032d9ad42bea3a7d1b0a4e61cc1d818e059c034959c8421afb11f3a706b176d151ab47112f72f41dd86f4a1c7c2966087642f123dcfa15cd39e6ed0998fff47f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\04f54bc4-a3ed-4912-9784-39556ab20aaa.tmp

Filesize
1KB

MD5
2206f81c9e64fcc3d0ed688e94ed9e7f

SHA1
422070d9ca344ab8e30f16f91175fb2620937fa2

SHA256
d93a551bd7ed9dad26ea00a7f4f75131391a403f3dea109aadf6176f61d17fd5

SHA512
319cd8fa9ce170747675b9f89c9a93435b9f935f15a59c513a011f01b293509cf833a4e365062990a9d9c8a1daa7e32cc5ac2532df37f05af1e55ca4b2e8425f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8a3e5751-344a-4bb8-8074-4ed63cd08f7a.tmp

Filesize
7KB

MD5
2d058a0decbbf63629b55bf464413a57

SHA1
ac42e073c8e764b645baae81684396bab4ec7ce2

SHA256
eff9f199ba59b6120de876c1378512bfbe18921ca09c873689c6da8e59396296

SHA512
0ac6dbcd0d453427842adca1959bebe8841c1dc6d74ea2d5306f392f365ac6edaaf8587191d2f927121a7005fad461414eafd5e95a516d64ac9f6e9fc591a896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
41KB

MD5
9101760b0ce60082c6a23685b9752676

SHA1
0aa9ef19527562f1f7de1a8918559b6e83208245

SHA256
71e4b25e3f86e9e98d4e5ce316842dbf00f7950aad67050b85934b6b5fdfcca5

SHA512
cfa1dc3af7636d49401102181c910536e7e381975592db25ab8b3232bc2f98a4e530bb7457d05cbff449682072ed74a8b65c196d31acb59b9904031025da4af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
38KB

MD5
bff21faca239119a0a3b3cf74ea079c6

SHA1
60a40c7e60425efe81e08f44731e42b4914e8ddf

SHA256
8ea48b2ac756062818bd4ee2d289b88d0d62dc42a36cb6eee5bdd2ff347816c7

SHA512
f9e5baefacae0cdb7b9c93afc43ad6ec3902b28c0cdf569e1a7013f4e5c8dfb7b389b5e2bc724b4ddfe554437320f4f2cc648642944c6f48ad2a78815acd9658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
1.3MB

MD5
c43c2f8324808dd8a0704d2b76faeaee

SHA1
114dd3386a2d579e702837ec0eca3469f38deeec

SHA256
16fcbec52a7bcf234dff408ea48e95d7185bb7a72718ce30e1b1920dc6298257

SHA512
78114c84c1f840d8463989795710d8980d6d42857921cb6c678caacf940c1691f9ae6038ff152ce2f4d2bd0850e51b449b331f131570aff919d612460c961268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
26KB

MD5
8ed693e50522be638c5187c667092166

SHA1
a19c268f14fa4e90637470597919e31d688b1e33

SHA256
7973da86f8629053c612f8518483be81fb64dad098fe87c99b438da0fed91a31

SHA512
1ba215b91c31106640971cc279f15bbfacb22118e83aef7673001b75ff2c272f98ca762fc243b4ce7baf89f128c843d2b6e9d600ca213e28d50482208c8545ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
40KB

MD5
56e6be029d77f578e709c24b614846c9

SHA1
489c375c9f3497c386174d83cad05129e537ba2f

SHA256
25f1d7fee2bd9cf97933b907f627a6ff47534b2ad58fb99676f17b472fb1cbba

SHA512
efe69b930590d01364af98e68539d8bda4538ca7becb19b8b38f6ad6838c3f42778bd5625afb6f76c12aa360b6d3a13d42419bc0a198cd4c043852130a90e8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
67KB

MD5
958e72d173944595320c1377b3015e44

SHA1
ba650126f7d4e739dd399fe8e2ab9939df2e359d

SHA256
0f26af205e088a2d95b5bf8a01905d6beca0acaedca901c6dfab31dfa114ac0b

SHA512
684a460c6f17bfc866d5d3ddd8486f068bb48ddebcc08c99a8117658a9a562fa4e982cd3ea64dcaca2336cd670d058d4be49de477cfe56b7db02014bdef00acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03ae0658db22f33f_0

Filesize
289B

MD5
8417628b306a6e1aa1c44c915e3242e4

SHA1
74b18885ea34316536b0dc336f9366156cc2dc78

SHA256
96fcfa0ef4467cfc5f87391bbc1e35dc6f5695eecbe732696a0802aac2d33172

SHA512
19552fa55e5a7934be137a82bfbe59fc875e0d57d00d8570a46852dc6dc1f2e107fb5f7c83ee6c9b9d8781f95966488166785c286080762d270ecf50342d1c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03ae0658db22f33f_0

Filesize
289B

MD5
b82d0ececb52e40a3f76d535c66767f3

SHA1
a47aa3f6976310fba81d089c9d56bf2126547ec9

SHA256
43de3bec58d45484b9d4e7002c899d1784639b17b68b79669a48eb0cf906ca08

SHA512
513a26afd691c84fd29eed3aadc46b1cf8412efda3c7b269be74c60c534d50b0bd03ff21e4d6ad5a9d1a775b24582052ef0533490c28ddcdea5a5311295c409e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03ae0658db22f33f_0

Filesize
289B

MD5
49cd0bcd42e8b027012dc8aacae603ff

SHA1
1c84ecfba443484ee9fb6f64748462cbc12cb6e8

SHA256
54a7b37f90c1c47006ab149220c11672feac41c915818b278fb97d80ce459d19

SHA512
a3b2d5e5450b2916ce0cd8d4222ad0a8c39067c28eac6883117d0f141069cc05b7882585f018edc67484f508efdcb28ad69c026431c504e76adb23ce0d91af65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\194a0ba25f28e77d_0

Filesize
19KB

MD5
d0de577fafcd3804e7588a03dd98f49c

SHA1
5fd25cf719a6e7d6fccf6387aaaaf4b4d29a9ea3

SHA256
2c6d9b0fea081b4020850724f0e2feb7cdf5d3415cd0afe33db3270f628cdb23

SHA512
bc3308e40875cba17d53efc8fd6d48ed36337fa5675fce245889e92ccae47ea0bfc4dd8e7f5621ff847090c003e85f58a15bf3e248368d3974d6f171b82772d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\194a0ba25f28e77d_0

Filesize
19KB

MD5
667684517a0d4a392a772dd1f48f64ca

SHA1
44d5b733cb4a9f35a87c000d0845f25ba8946fae

SHA256
a567b99827672252e469911fbe2e9ff275e2265a3d8285d5d062c9401ece1542

SHA512
bde92bafdcc1f21663444bf213c51a8c8da06a6b4322364acfd50ea36f6b90b7f7e0e617fb36bf95629c0dd69091a0b8ca8314becffca1f3fbeb8e180bd17ad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\596eaefefdddf053_0

Filesize
434KB

MD5
93f25780aab4e6b73efe7cd728cd863c

SHA1
0cd83527f27fbbd5a23c411128d4c20bf5b87f5c

SHA256
0e8179706ef4478f4b8385e2f8a5d3fdad52c72c4f2c754e746196b8b8fac29a

SHA512
0efe3a7090e20e8b24abde17dd2e761a65a7b77b7b69af9238a389c403cf9d23e807ddbc41f1866e457ea7fe3c6bc35ef03c0924c1b03358f4427cf74c80f5fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\acf3aa8878dc0ff2_0

Filesize
338KB

MD5
c31c3b772a0d9dd081d0908dc0258a85

SHA1
2424ecf87fa3bbaa7ac5d271f91c03d81da4690d

SHA256
8ed6150c16456f2fe97e2a4147a78099ba6a3022f1638bdda8ee8ccf49154b1d

SHA512
66effc2e1be227ce2c2f58640589ef44b184e20ea8a4cfdcecb49d1d4fbcd1c382bb013de8b33128e657f5f2e2e67cd38944326e6bacfaafe0926ae1f0594167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f50223356142df3e_0

Filesize
434KB

MD5
2413f5219be94eb1e106257b224c0b84

SHA1
85288f0fc41da6ba1baa952075ece4732e89b625

SHA256
4b9f6fc72012ba36f1a7646b7f6b68254076e2e651eb4dfab5862c90908a706c

SHA512
c9548affccdf347793069338e8d6d7ee9c2933e8c25ae516821f2797d6613851f48495d5ad4845ab4c9ea996d653016c2a5938719aa567582e91c0f7fc9a66bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
097e1d8709ad39c52bb2df1b49dc11ca

SHA1
6ffc13beed3cc8602668349963cdf73327feb0ea

SHA256
b9ded89dba17d922ddc0c9b5f7a3559d2fefe1e23b4715682156b603bc73a06f

SHA512
a961fd0f4d6cba78ed1700cf1b6bb76b2194fe1d7a793fcec489260af26ecc157276c5ce3c2a33996cd89d6ca2128c9400b25940f8f7ef73c64c328215c69d9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e18c533b2487843cab84917fac3041b4

SHA1
0835d4a75e5f2468e30f2ce9d92b342212a3f21b

SHA256
51575f9e75216e607fc4889e0ebe16045d197d40ca91470a1942c642bc8f588c

SHA512
fa6394068536961792a5b60fede76dd84c7824b6e1988978fb68d97581fbedc27e2777a1ec54e81857e98a15680ba2ae412e4119c30ceb23ebb0816046f19ff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
c8e78651858c86bef39798083f3769eb

SHA1
4be6b230372c498f95df5cec17807337af814a92

SHA256
97ce958cafcffdf885668ac18436d422e221c4209752e22f03fa112a145a60e6

SHA512
58bc1f7dd9dc0e897d51d5dd6db43b58205bc8631582d245d276330f68d981e30fbda1b2719882ce6c50c897c675d007f461c91b2de6f8f6476dff9c3a214688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
9f8be963a7ceef598c98176ed8c30032

SHA1
235a9dda1786311e764a1329b2f0be594fc5e275

SHA256
6a908b6b8f82a4fc6611fb5c38a85f11862acd8bbd3edf3ee3ae3aa1417b3293

SHA512
b9148d237bbb71e749c496649b00c8cf8e2e3767f97e739bc7f66b8d69d2e1432c845748d55911ade3f7810fd1d0a16e1949ed59f3cccb316ed9aa352c5f0463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
4ab057e4918d79e6ac0c7a73aa0cb341

SHA1
c758ac62c0b553269b1f81c5e1838e9b40965fbe

SHA256
2adb585913bf4b9ce5b0ee416a58d9c4b60d5fbe60df5fe4ea2857bd0bfa7b9f

SHA512
7684bd2b2add59ba75175e3fffc9a4af2e7080ed7f28cebc12ff139f24c84c07da8af4f74985ff276d9dd7aee593d84f61a393c087fc122c69e51329b22e147f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
4be02655583b7f43f1ae7970b5ef6383

SHA1
e70c85378ac122ca41729a15568d163ff7447e54

SHA256
ba9dffaf2aad52adf28b4fff5c35beab78e45a866d489f5c8c40b94a55c75c4b

SHA512
e3959068beb5646f7e4646dee69c4c3df28dcab0e7187b2526cc9874074c49aceadd0a5de29538dfcb01ba80022b2f61e7d3b38257b21e79f6e7fe781e7fcd4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bcc13196c93a0b1a12f970fbaa3288fa

SHA1
8d4514005e194d82a5e30c1cd91744429af02dee

SHA256
a69ecf02b25b54d18e750c87909a9c2e989c247679f57c1cf6f59c4172700dfb

SHA512
64bbb6e4fbe0c42751b28260cc851acbc1a9e235014b15fb8ad3f9addb6a606d60c7c9ef39d8f933f9c08ffed1b89bf4a916b67d80db7a7a67a616b09a4b8cc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f5931f92d74167db9e5a44fb50696ab5

SHA1
443ca82f87e6317814ef49dca270b64c2697d728

SHA256
5828397039cb8f12da193226fd30aec127b93b2c2998516d9265d23b303dda72

SHA512
bb460ae1f9327643258d469bb24b40928e95310fdce5198dee01295a33b571e77f5bb997f3ca1a50ac1f9f7efe4d1156d4880c8c39c585eaccf505ee9792e220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e939aa271982ebcbed45791241755be2

SHA1
8317e776fa3ff6fa2d23d5fa47c4ae0af9feeefb

SHA256
5a6e18336b880bb495e3bdb1e577e9afd1bfe629795e422670c93696a7ef306a

SHA512
a4c1614c3a00d7ff0a8d0c02cc287b880cd09572e7f48db1b954853a815e28eca059cce3a14eb3690fde83a21f3fc83284b1c111601ca131ee4757ef2ceae8e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
40f89a14aa816fccd0bb1efed805362b

SHA1
d17836698c67de484aec8714895614f480e92d05

SHA256
07c23d55a2439e02acabb9d5733f2efab6a4101fbf35347d868725c644c02359

SHA512
6ae03cfcdc57b50008ce798528c216e4a20d662fc40d859695af42d2bb2b3e5fc28daac948beca4fd47793b95e952edfa7acc0f8e8b2acf0fcf5e1c965c8b5d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
68a3431248abde977e808bab3baeb14f

SHA1
ff1b28eae6dd53dbf5c0107ec59dfb78ef22fed4

SHA256
c9949ad7225e8fcf18b23478e1949e6d6f976797e6b99d82286a78311f87aaa0

SHA512
77579c0bb111ddffb66d2b1831bd2000a1b3da3153bb8d00657da45bba24217e4fe939b9250683381f2f9de70fb1fe53985d20d0138716633ca5993309b5578e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f09e527feb6e75e5ddbb41a3c95d10da

SHA1
01b01a94c5a44dc009c3aa55ef582822c06f3ed2

SHA256
d7260a1f23f6f40d44949a7cab95d487067e78bd1f0360c26b4a4e1a49de7e2d

SHA512
dc5ef6be01f4dcab2ececeb829f329421e3d72bc91dae35b96e122f0be6db90aa2c0a8d304b716dda19ead22439624c0b7bbce0f96b1c74c9415054a45123b87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c982796822bf66c6cb59174baff6e183

SHA1
f65b35738795bb9812c01ad0334233a0bd9ba835

SHA256
8d12105392969b8d354f034e1500e097af68400dcb5e7944360230e0eef029b6

SHA512
1294a09207835d78100b2cde415c032ffd6e1b98c507d5d86e3cff637f2894eab802d2c49e9dd6a3bfb4a0c1e5debbba506049efa40ede3061701cfab722b35a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
99137b8925f5e4714fd22d64bb76e148

SHA1
fc01b9b0f80ced3cbcbcc12aa1b6a34e04a3c781

SHA256
8e20dbc79ac88e211fc793a2b2d01ab08b140b88dd50cf36463d09e597071569

SHA512
2e5313a7288277910e900bf876003260ff23a57c35fea93856896810ee6911f554a58755ae0a1ae0a0098206a865dfacdad0e75195f6bb81ca9e2fbdda773d69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a0cb17da1d8869bb6c46f3aeda322e95

SHA1
9eeca1c953390f883f1d14abf37486a47f93d11e

SHA256
538f286c630d7365372abe4488668b7687481ffdcec1edf2fd2ec58307f1bdaf

SHA512
7a8b0aad4a1c935bb968de30e140204fedbb7c69fcd108c1497d4b9549089d1881ce785718b8b1e76a3dc951c360c6952d1f9b47c93a85ddd092145cbc7a8b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
529be310beb7ed44d61abd8b986b2488

SHA1
43ad5d236c0a288f97ff6be6a27163ae7af1d9c5

SHA256
841366912d879bd711ac2f85596842d47d77d808e62b53bc58d141e6fdf776c0

SHA512
d12757d079582e52e078180f3f44c5d5de42c55ee04d54f9598227d4b707321cad44ee3a1cae9370ce136fa8cd838304f169832719b00cefa344fa8fa0c53946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c95539c0d646f1f4d68cfbd2764a7752

SHA1
b412d7a8a3e1d696a8fff37f04d941a28a7545e2

SHA256
89876bf08747b37f7dcc512e8381ac5e1cffb91cf013fd03d9a36fc48a999cb9

SHA512
6abb31b1bb3d90cc2b8341b7ae23173447567f0c034bce7bb337e41490248a866e6ae7c653ec0431a7943a4ffaab8cd5a6efee3d4d0e867d52da5efbc98a9040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe62b33d.TMP

Filesize
48B

MD5
cd5fdfb01b1eb670d795cdda5676cd1b

SHA1
697e5675508ee0cf930b3247931dc43c575241b9

SHA256
e166a3d382a50a54567a836781112e060b764771eaabc45b4d0c0ed04f745376

SHA512
30b68c9a566d83ac1806fe73fe079d6e1bbbb54f95f0d610a147aea273ddf9259777f0d0e5253b3f6092ae81c3d16d62e057f5b6bc5d1648a4acfa35eb3fede0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
5022ab1a6e14fa65eed40930bb40354a

SHA1
4ffde9ebadc484fc64a4b1650cf82fe3b7ebeb2d

SHA256
97f1e422fc6bb8d3830a44530decbe82db280afe5e6bff8ff4f48699652a092b

SHA512
00d48d6794f0ed81d099f525c92df07a5307612a477ebe4abb683e3bd383df41fa670e437a2c245e07c9e5296b851687f26697b7170f4360471da432f54cb8cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
d3c744d4e2dbf87f7fc7778beccc5c7b

SHA1
c22945d4e33f1d7fe0690a90c6d0985d1e991251

SHA256
d4b711612ca779438cdeaab010fc3fd2cc9f241aa9b3bce24a4bdfa81bd0e0bd

SHA512
98a73b22c36079aa0bd3840ef6fc64d46dd17ebb5967b247019ed97ebe942595098c1f7ec6fa282f13e1dd2ccbee55e41ba14d63ffa0cef5c866820def356b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
4KB

MD5
c1f141a76c443118f355e8a0858b1b7c

SHA1
8f6e5ec7de2ce89eeca34753acdf382539d69508

SHA256
f6ec4811efa19bcb8f6e4d8a22261151b18408c9ea72573ef33c44dcd7b2775d

SHA512
96c0a43af0c6f18536867fe3ec6dee7feb55cfbb577b1073b79cec277950acca807307af8e3d30df7f27b50d37974b34c57ebd684af7aa54196b8332386e82e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
417B

MD5
881f8241e8fd0df86e03f06e2a4a9549

SHA1
5e8e0c19cbb9675e4723ee5c533e677c7b644f32

SHA256
c95d3f3d7b4f7c65c3a3204475ae0d67adccbfd88660f9c4d3900376e6659936

SHA512
d70547eeb36983255af574ede0b0979c626b8d42a00cc4a2bdb396f764d2b9658c3b5cd2b8656d8a2779b69bed34ff8e8eed0d96f8f3543ab39f11e40415f729

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
328B

MD5
e6eaeef09462e185050881d8ce435db6

SHA1
b0f426fee31b9780d303e30434921f0159ae966e

SHA256
37b633de9236e3530b1216dafff5d56e8f6d0d994a9f580acaeeff4926e0a77b

SHA512
a09b1a03e828d5b3f843698bc17c951f004fb420a7deff69671ac2ec42f0d1f033c8bb770a074d50b4187c9558b5cf7537387cea707d043264c94269c1b4861f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
927fc81810d89448f0d6bc7a09b31512

SHA1
58e8d60c78c6da6bffef0f642c403cae0c126239

SHA256
cf78604ab1340cf75c10ca3b67d0bca5ea1bdb734287de59cdc068e6b47ec0a1

SHA512
0b6003cb54c096eab238bbb52a74ee5f775c6fd7386fd8f26748f48ec3443c200ca7d1ef91caad4a8441180a89d20b3f0b5bdafc8e0ab85758337889ee9f3faa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d487880284b8e24aa0ffac843419d7d3

SHA1
e2532ee85ec57fd76d459f91e83a1a66d80faa32

SHA256
9fe15b5e8fffe96427cf32d73cb769bcb7fcf9e24eb85f7b18aefd683bb18c59

SHA512
0678540e326767bb3b6113f132a0b82c813f103ba52ab4f09107047ba4b7afcb3933bb928275ab04468550f6080ceadc0bf1d7e7e54a12bab1cd4747725bffec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9ffb1d4a3fff5c6e85c954f9f0156306

SHA1
a1ce93fac5e535b83f62c961750b3fd92c3e6902

SHA256
eee0daed3e05fa535ad7155e0dd2ef873b160e5aaa659d16d1dc579f0338d19b

SHA512
cd395a62a0ef4cbd71285436c049f20b31c533277696ac2c5802fc9014666bd09eab88fd73ebf3387e2c75c81fcb1ea53e743d61bc91b6f39265cb7021891f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b86606e143b66de38870c244583218c0

SHA1
2a0c15a3c683938e1108dc21a467374334e22dea

SHA256
6506c889bf9ae158688ae6cf167bca45923c64f893828d16b52fe3e1bed16e85

SHA512
53800207f5a8f17942be21e22750ce2a39ab7001ae54699ca1ed1fe791720087064718d7e98db767abf09395eea01e16e2ef83e4d832d6dce693b811a27dc968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
06bc51452261efdaefdc11787c89f96e

SHA1
0c7072009b676019405a382f35728c6873234b07

SHA256
021b69b32cc209adab684ea51d3051fd4f12823d85006ef1822354f41e290522

SHA512
5d8a5c1774edaa4a6d6477fa28dad2ff1420ed761edff11bbcece749a708928d9a14db7d01588ff8e729b700bb81c03aca8037b52658ca13be0d97863b2218c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
aa7aa3977e1232c82570561a075f79de

SHA1
efcbeddcdf518b236a40fd736f727fe237597f1e

SHA256
20d1ffea4545c570b3967e27d600d9d658efdc1673b46e970b63771d57844884

SHA512
5c86f2ab58668009e55ae3fa3e27eec930ec621f4dba879cef4eb3335846d68266fbb192e19ad643af132ae80997b96726d786b8ef7e3274a8e50aa583f0c858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
efaac1e6858674b6d8734ee6d0e65a20

SHA1
759cd172da736f16d093b6593be917662068d0bf

SHA256
3b01247b8c5480d9bf6f60e676c83d146fd1ba289cf48ee161ceedf6f54af240

SHA512
16d4aad0adafd34e35749ae56fa3395938dac8271c26e850d412655bde03803e1d909bb079909799745b07af43b889876274f26e606ba6abc626a9b8df4327bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
919cbe0a488fdfd3376d87babb3a4669

SHA1
a81038704a7032641cad81c59cc403f2d7efaca6

SHA256
2ae1b47382f23be40d954149471a714a88518549b317f000c02e26cc909daa8f

SHA512
1497aa88c0445a4354a63b4ebdc9f1214a80014f7946e20c8ede9680df62e30fd6a195e4bc3527f45d2cd898b46d4d2e77de9ad012851ebf9bdf9339a1538440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c5a1d23d0c396b57960031dc810186f5

SHA1
0e4128fe723928abf43cf3f8e23d62a7b0893e33

SHA256
4d0f2e2c46e080f653aff358fd88a581dcfd97b2c496b61fc85126d02a151ab8

SHA512
33405061a02e0c44736d9bc8e354d2835b49c6745c0f19910504725c3dbbb35126c62f4266ea74760ee5e1a38fd25b79ded4ffb6312fc8ac96c8db8e82527926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
17630813d31d9a75644555ca03843552

SHA1
457ca089b830b03c5afa47ff1e39eb6ef75b0244

SHA256
6e2ca13f214133eaab34d93f58d8de5b48e852cf437020cffcd8121a8c2ddf33

SHA512
353a25237b3c8a1ad22adf25434e67d534efe56f5bc48a30ad3d05d507a2327e5445d1fd0a7916694ce4f45b6d1b243b68d1bc4fe664529ae99f20380a662cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
62245cc02d9a2537b0d216886c547fe6

SHA1
c8b72a471b574d62daaa105e615c57e072df6322

SHA256
f0f59dbd68d11eb4b896fc63869d514add20d63b8a50ca7550d05af8decaa449

SHA512
799236d877b739135f13b41b4a8d4c2a0d7cbc11bd78c83821c74efe09afd8083582e8a15dae5514ada6a32b88e5423f56de3c2689718d95bd3bd34252067c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
6b79d0a8158f684b8ce54b6d81175b38

SHA1
3c89d35ce23fabb148e3dcf81e93c692a7d218d1

SHA256
e78ef220e5636e43c0f970e032bc0d3accf40e3cfeb435bc05855c36f85854e0

SHA512
72cfa2628da501be5e3a7845a7f90824cb4b8b3b699859e751e9be014a034c47f3d22854806bb5311e53d8f057f0bcce299827a9cd8dba6640eb23e46a048af5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
3f1eb0383fd089330a4000781ed7f49d

SHA1
62084bc711a162c4af93fc8923f8532c3a977e14

SHA256
fa2aadad7e27c0af21cfa04e42cbed8ed64c91c53b78b852ca259d22177e817b

SHA512
6d3408cc63cec9b62e73a5a04f61b9b4ae5212f7a46295c749d010f554761aeff699bb221af4005286d9e93c6df22f5b8b4b87bd0a0f318c8e65f3b0081d7052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5993cbbd6b5a64309b5a45c629772aea

SHA1
924f147090190421e9fa8f641707e09627af40d2

SHA256
fb6d743d8617e80a96c2a036e24214248be8fc79cd83ea93bb0bbe9fcda3e695

SHA512
ea43c1150fdcb75ae2b3381bc4f85cfeff0925a60590c22241c14082cac57d2c04d06264761c827b860a9a54945264bdaa6aa9b26857f8f6bc6bb0143002325f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
1dbca77e201446d822f0ba4551539926

SHA1
0601c3dfab4e855e5753ff1d1a2a600a203bf1fb

SHA256
baf6576b1da5573cb687d5b166a529d6263a31dd0d0a3217a569b273289e1119

SHA512
2705dfa010944aeb73dd7f5030386cc1e6816069da614a119d8c9bee3a4260253b0b2926e35a43fc2505eef197ae354e635aeaa1d1a1d8cd7d718d490e30bab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a54569ba721e57c57d45b0d171b96a45

SHA1
ae62ac3a6e3949d29e012ea13069d7f2488fccc0

SHA256
f7ad8d65f8e34fe74eb9023143771e332e55a361e9a96e086899deca2f114311

SHA512
a9364407ee1c7283cf23f5a2d6572580013b27099b1602d6cdbf76334940ff950e66e4847ca007b326d98748b0caf3f2de5c00021da9a054c6e0f8202e8191f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
71acb4f2078d9f8d5bc4a4ff74fa3aac

SHA1
35541acaf609a0af84752bd3fc290228fa79cb20

SHA256
8ba5aabd023c685e84de27f12adb7bc5990b89515ae75d83418dfd87d1ce43b1

SHA512
5f867600dfa660770455a6e20c141832c611eed84a370ef5bfd4f79c3d48e455c466f80bb5d811efeeac6e5a92c145c14580aa858ed1b4ff8b2cb0d69a2d6297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
52863adfa85a77236e6a52c67c79ea05

SHA1
1e8e7501e51eb6f8810197dd5d45dddca752a063

SHA256
1403353aaadfa43d1d5d9a7f6d1baae686fa8717736210ea32653bf9753cb725

SHA512
d89784c776e291f4dddf3ae631677e3ebc7ef07061637b752e88ced2d72eabce08cf01bee8ac65fe62b325274a1c558c3b35d16ade9bd9491be6101e0816d7d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
e818834e3f1b5381e891cd38a485223a

SHA1
05b5d135acfb605d90bd45aa5f40c2f5cf4285ed

SHA256
f8099fa6fc11cca8db128b5a851c7f46f74a0c9f1c37f467113c1daffdc81755

SHA512
ee28a849a5ef08090c839fd0ea2f891f0f428ddd85a94e37dfe44d2c61615940676183cea868a428dfbaa20b75450ad94992f27790abfd9e0c9be2e9d08d3c63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
3f4a3cf838b7af911b140037410ef01e

SHA1
fe478a53efa1dc1b441c9ce220deed499b230cf6

SHA256
26d5de1657c1e425ffa89f36b6b07fc9e15c4a0fcbdb9e8d0ec81c36daa1f2de

SHA512
ce54d9e82a7d72460a2fb1e9f0c71affc6bacf2e0ada15a48c620b8ad9448f29412b40bd4858261192bff4f09c2184f67496e21bd88d649bd0a20622fab661a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
0cde25a896a2e1362034755b673bf58b

SHA1
b7c9ef4a485ebed251e8730b470674115dc3ab60

SHA256
2c25b77c28887c957bdce5472755be55ba093652ca76225cb3d9f9c1904baf14

SHA512
c072a367252bff272023778306678bf17379161dd83f92b32072b2842eee6152f574c9066043e6757d508855025cff88ca723e7008ee9b7a490e5537705ff445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
54285938bc6c752652f7f98e54036352

SHA1
e3d152ce04e40754861271508d392899723d31a3

SHA256
7b1828b66e51e5d4e9536c8aae326681bcdaf72196351285ae7da6b86518be27

SHA512
d83f5b7ce54c9395e87daf07f940b4936a45c98b3a35f14e68ac5b3974c5f2968fe734d19169df7927409b700bbd773377f875ac3bc3fa584d70afa461c0921c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
3ec910d0649c9e5f19a322240df9f738

SHA1
1008a888c2d0d061b7c8b150af5d91a51c80b109

SHA256
65055c7ad02a28c38af244ca6892af73b2105518cd8971a78e91a593304ce211

SHA512
fd890f8a0c4377720c91558c977c813c5203dd92a9f56c1d29a0bcb52730fb8f31d8d7d1767db03a0288e0144c5cdfbd60e782d3dd3dec5e5d43be1519d31e89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
0b5996c8c6407b322ac6e3b5657fc712

SHA1
b43d38707445b9b48c56c7a742ecb8a2a1881d52

SHA256
551efc845540d0a08d0ad0ac100c56b616f3f30048f3252c67114a0da39e2ae2

SHA512
3c12f7b21cc9fd62a655aa79255a7d9ce3d659697b0cfae3cdc261a6a91529ecc39947f29463176ad14d5b96d9ef45d78e0e270d05906e185141c0cf7a659cde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
5daad5ca1a0ebeac428d5c90aa8b92ae

SHA1
2ac288adc139d918573effd53a8bf2b556be1486

SHA256
a59cdd203d3cb9d8c2add3853642a0c5d76099140eab5e017da297f240701ed5

SHA512
3e172044fe57f5fb4fa709245ec0163f415bb42eba1970741aa9159f4bfa4a7a7c94b370c6a69c1eda0f36e5116c44ee359a37535db09c6753bb801888af23bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cedcad6978e95f60d20a62b014be3c39

SHA1
7d54465e3bd00efc70a464db09061c857b1825d3

SHA256
69abd74d918a1e1a0b2eb3ebb05d8142acb608b8692085811bd67932eba64a95

SHA512
1ef697962ad14bf7365b3cbd65c968f9650ec4773373df9d2e4762b65534401a24b882bbe98ba5fbf5ecb3726bd7b49dd8754d8b670ce1c4e3ddf10e552c44f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
e0e4a5ee97b1f3ff82e1bf6f6aa4c8b5

SHA1
0db632e7d06f6ac8a03883e20d2475ab82f8ccf4

SHA256
8e5171dda6cf01fc75c72d61b7379188300e44528036a3a4e72469b186f2b695

SHA512
5c0eb035762d00030faf98ddca52ceb9953f26fc13e24e5bc27fdf8d6b5135752c34f926a1aab96ba3bf9f85b28aef5b369143c7b32a8143cddaa0b945268203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
2b0e939aa522350a68b8df7419b44028

SHA1
6e3a7ca37edd61a3acef53a7280620bb361cde4c

SHA256
14c37edca9f541b41f3822905590a802150d4e2259eafbc1ff73a41ea717ac04

SHA512
aae656611e997e20a8a749a33b652f21711706fd28a4d6560369bcb1556600eb6c730a108671672253aef13b44530ec854788d7f9a1a0103c5f1f861128a94aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
856e41be6fcb8ce6107d7a71c7295fcf

SHA1
4b49a7f9584ddecdce3999c468f67e4ed7c98042

SHA256
424453e1706ade75451d20234c5b1a307b3d771f54f5765cc1100dc5120413b8

SHA512
989426c52baa5c0094c63b3b248f325a382f8824c2e15d2c8144a06bd67ec4e3d1584c14dc7dcf443e6ad668e62aebf766178661f363f56a0899157f51a40f7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e4a7b1336a73945c237450689dacb582

SHA1
567ccb8272ff555e018ced675d826610c45e0462

SHA256
9f1d59f9333cc7f74c34543712879dbe187dcef87f0c131662040e1472e5ae84

SHA512
47d43ef1c68b079fedf2982f936f2e7f41091418947a6c0759042c02d6d11d2d8b1f54eb880d308c577404177725a36fc42fe2333286da21c24188d3ad8ff1ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ad1cecfc0b03a8f01cd91ca41ec32a79

SHA1
3821607e52df61dac088c95e7f3fea69ec7a1fe3

SHA256
3de2c7ebd1c5425d1aa940c21b887ccbf4eac38efe299cd0c0ce968ad4222a73

SHA512
d22c50f693f98ead15c53065400ccadef7905678cbb1082deee10a52fbee36381b01a3dd1db8854e0a1680dd078a33f89b80a0d539bd2bf65e7c03b402613883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
515345b2b7b17de284eee9269a745e16

SHA1
2e0847205cc4c4d4ffaeaa69fe2b3c92677e6009

SHA256
78ae2240191f0139b6a82d3a381abe650d3bcec051a913bb54f777abb2c3240e

SHA512
06d560da5b0e781fa32b7d17c8a284221880320fa759b2771b7ecc36a8bf73b1c3a091310fedd8f35cb031f26ef5772919482a888674e7cf2f3d7f0cc600fb16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
57730351b844d5d7420fa1ae7c48652c

SHA1
abc1263a62654c428f4dae3411905f6df177e5f0

SHA256
e1ebd9d956aace62ff3d06473f0cd0fdfaa8d292f21be176ae98110be8876766

SHA512
8f17cfd34c98a70aa72095ad35c618c7fde04826eb909f66a91c3e20c0c807a256370f7734fa81735d0f2f17867755840a9081a7f78705290ff3db04a15373e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
3692376740dd3957f2a02e1b24fe3230

SHA1
7568b0c2bb8683d8984fd8fe3aaa32ccd6269fe4

SHA256
c2a83be24dbe648c8ac8079735ec61671e0c8370625b5da5b5630514c4ddcf30

SHA512
7f0f91ff0e089e12414b7fe2ba8389fca646aa072cbb17dfe77fcfb01635dd8e5440968127209496b547e10fcd06bf67d41b4e5c436015b9f9a6a4b9b23750d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
c697d0fd67be66c9d808f6c24f23d963

SHA1
05ad25f07365d8731fd0056dae182f9c13a10694

SHA256
4bbb17352ef071e100badf10c8e18bdeeef0d92357995eadced7f067ff701aae

SHA512
64df4cbb4281b747ffc122cd8842b3a885113a8115445a5dcc2f9c1d957cea24e6544e74f0d1cc639f9891b8c094f77bc0119c0c6a020db8eaead43b864b1b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
b35aa2759ff05b98902cb40e351bd680

SHA1
bacc57802002693b09d8b07ab6cd0bb611550b31

SHA256
aefa1b81deb1b0b4d54072aca2bc5a5060896fe78a33c2e0ae8b8003d66acf44

SHA512
7dea86c3bc460f7b0dad4904d7ed0bd5e7cdb1830ea469cdadcb06c1001aaadf318f1e9ab39d3ca800b32a562a8807e0224388f9bbfd5a79953631d7dbd7540a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
3a2023359ae9e9752d05329efa52dd0e

SHA1
94a170d009e36de423dc72fc4c1d04cace143f43

SHA256
2fe8ec5178d86173bdb564cac2a74dc3d16aacc0b172719fe471013d72486af5

SHA512
98bd83e299f42238d790f9df4e7ea45e7f09142d87d68fd84a12a144748be602b16398507a4413ee7e8feb04aeed773d4a6b711626853a638d89a94eb84a5c61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
7ecacaa3567d882403feddaab55bf853

SHA1
fdfac948fcb58897e9770a990748f6549c40254d

SHA256
7ba223fc231b306f10a824fd5201be9e89d9e584028bcc35629e9e722142c7a2

SHA512
7036eecbf3957725725c5ac50f75b6f71d473b7ef905e0cde270e17fc1236e8903d4f7d0ffb180b9e04d2248ae56186c60b0451382106efd3ad36d0c9209c804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
946e068b03ad8086427e99ed613c1c56

SHA1
a058c2c551c4824315f4ca34d3fc252f53c9f883

SHA256
a9336bd67cffb20e3dfb5b320798ef5d2c91a9bf952a398ffc5595df1605a636

SHA512
f9742046e0e4c663ebed9ef5bb484669eeecb194a3484c58db9f099aea971045a803753c4702585a21e8b5267540b2e69fcdcaf964f983a1c1e2989daf202473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8327c4af4ad9caa898cd0ded32397476

SHA1
fb22ab088ca73f2613b3bd684e9a6d8722bc5efc

SHA256
2b768e69bcc03d96da3d8f5895b014a51dbc2b513fc62d642d158e1ec1cc4572

SHA512
4aabfe0236ed71d25b8314473f4523c389fea7fdd45b4574b78c52f625f9c4d7fe7419ae4ea8c9028ce62206aa548bbca03aa75c54611b9fe18a862c7acf627c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8bf428f11d93ad7a9dad0f2691c4784d

SHA1
785e54142aa5a2eb0a82e408a1e5638d7978d68b

SHA256
dc1e55fc8e12572e4f376c0fc4e4c8c4159a5a955099178492aad39ac0762705

SHA512
b47d344c7e1a4b03a475ca63486c9f6a7d3bbcbde7b75958a2b4e5db11c5da9fad1aea88cb5da73bb544d2a8b8559d0417d0885c7babaaf96e91982c162b6db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9eaef005d90209e3162e02e90c07a203

SHA1
78f611afd030466c63f2d4b4676422bd55e3a78a

SHA256
b51c5f12d9231afcee756d18ccf625823166d11077fd903562cc8bd250ff80d3

SHA512
3998c4ca8a6067996447f5ca7ce150be287fde03509e014f0590756d80778075789d58e025f81e768f48f376fd8cb91f077ec5e50fe3f608c733d373bd05f524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e0c115a66ee3619d900a566a9bf41fdb

SHA1
47c4a7909fd18dfc23bd5a504c7ce76bd2629c63

SHA256
7aedd4c838e700284063a2d1480684ed875aa0198185cb59efdb381d5fccf757

SHA512
1e54154c1e33661249ec2fced4bfb24fe3695ab44b60db3f0a7e0cc04dfaf7937a9bb8b0f80324642e0f354b736fdbb36311bc7fbac612f9fd6994b6dccc57d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2046b2512f36b711b352a1b331197512

SHA1
fb6bca2cced0d0be96bef421f1533fc3f7297149

SHA256
4a09c45ab32dcce26ca48b6dd7c36df2fd76ba33ae188f36ec5f2ab1e794df87

SHA512
38eccbcb44cd3befcf26e15e3e5dc996c1117a08cba70a5392511f758bf32122aed9c6c85cc47a088e5e6e029bd1ca74834b98bbeb37792da326ec98617e5b2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ef03626a3e51daf525315576d85f09bb

SHA1
95877d5f7ee73fdc4c18b8fb8b3a355eb9262524

SHA256
0026fea6aebe691a484711e700f7b2446418f9bc9150436a9caada93eb8798c4

SHA512
c6f1f8e9c0b2d1594d113ab4d257812cb31873dda3bf3ba38eae4eb801a02363af1013beb5c76afcada4291766ba7c69e89c31aef6836b06623c21cb565284a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
2091339fd7eea99a33cf4c33723ca660

SHA1
307cd04bd817764cee8d9279fb7ba7c7c45ed2b5

SHA256
408e081eca85e4fceb9319f96fd782fdaf726e58bdbdbbf9effb18e872a72e5e

SHA512
578ac3cb4ce06818057b2671f9c44c605b288f369b35fe077dc1e526ea5e3f736781f14989adef478cc6364c259b783b42f872fad9d4497ab029e102142de26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
0c695cc72160549f87a9354d1d446382

SHA1
3c5aa7f26cfabece9d093fbfff67e4951e4c14d7

SHA256
8178b3d666c2a38a6f86d3dd39163506e74748ec87151056677932247368f37a

SHA512
67292b7e6644d1c1950f677d3b42916f9ed59a0705889de862ec88992d56bc5eee13a3d0be1171793cbcbb06a09d43500acb68569bf870754821a4bd9f29706b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
acbc3931f0db9204cb74b55be8b63bd0

SHA1
1b1adeff94d4bc170d05a4ec06e5aa096705c82f

SHA256
b72ecccff0a7a61d27ce4dbf7805f1151cc639b31787f307a5136a80f85cf455

SHA512
d55580864ea5f9bcc7d8f0faa01a067f3fc2792cabe0037b96beef8a1fb16df4ac2b4e477eb3954247a85848118b9506507b399ab728f1021088e5e461d91ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9eaf99150ff748d7f2bf87c25a55ef31

SHA1
f003819c2209e4e10a9b5665cfdb9ca7236d84d9

SHA256
0b01df1b8d6a43326c4265185c21e84a012158583465e4706cd6a64e7b4331c0

SHA512
9dbf4df4ce4311d566bc38e7a02c91d1a4cff2f695db740e6f8a8e0a6fe66b8b424e92bc04e5562a3d6710280efc56e8b608455df889e422995b48d24c84eb5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e8012e8542026eaba2b44b2582b063ed

SHA1
08f99c92d7115a2b204d8fd243e15e06e32ac29b

SHA256
ecb6bd6d1e6ff039a1110e250f4dcda496a8dcdafaf5cdd0bff7ae1f1fc2c2be

SHA512
c1cdf9487f636372e8a9e6173f8ec58051f84dd3877a2c5734c9c025f5bb8e5c76c035132c7c98d9d169db494f0f0c01cb665aa7d8dbd96cd91a27e38b86e66d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4622145ffffa75ed09b038929bc507c6

SHA1
5ac0deaf89358115fe733d11a112a887951ee62a

SHA256
03b5e576239a994fa66f5b3091bcec362a194c2e047dc709f433e50bde23d2ae

SHA512
8183ad0db1b8370845893eb8b12635af9152745f02e8e30cddb8eb5e07d7a80f2c2a47106ef2bfcf32c0a5cec7b4102ae503b37cb5d37596087d822e32cc3a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
410b5d8a8a32dfccc2675ec30bca334c

SHA1
993167466ee85a5308d07642ba4a88f675905a2c

SHA256
de47ca001636c85089dfbf37f02c59e7c0b0b789b04b3be10da93531e95afb4b

SHA512
b4f3db8cb632ebbaf1864e4935044cd39ada85fc4d14f01368757b51ad7d678d6ae34470dbe0e4824434c8e5b561637416d57054a540aed0fb099b03cf3656bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
efcdfaf6c3d1e06a895157150cc6cb90

SHA1
a6ea4615ff31affa6cf674fce50cad763b5036f1

SHA256
750ad5c1f28890deccbc8ac289a1b92ce7477cb405ff12c80947705bb1b4206f

SHA512
f5be3b704671ff8c9d4434dbfb46eec8fca80747b9328f4d68ac6a4ed777c7444c06835a42e40ca9da6c84a9faa10239aaaa920fcd762fd27ccede982b8f591e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
a28e92d900f02cc486bb2e29788df058

SHA1
76d71e62995e041d0cec7617880698cd12a52dfb

SHA256
880d198b95201b7800784f6b61970a2f7519df86b1af2f2fc6c530ea067c330f

SHA512
bf8bc1469594235c12c5d16066a0df17ffbc536f603cf06f171546e4db594ff9cb776bb07ba42bbae1fb6e4a4dbdca9cd52b7cefeae986a3aa4b61b36821dd30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
4f46b901122388e4984bb5c624579096

SHA1
7ddc8bb4cf063e7171d017073acb31e9066ddbfd

SHA256
542b2b1f564c8e80037f0fbeb8f26ebfe9bec9a66c921b9df10f894120e79387

SHA512
3b2369583ab154a54be2fd687ae4e49fec7abb769bd8b98dae0a0a795e26505e9c38a75e06434ff7eacc3c252daa09aa45b047b35dd966d6bb2879707ebdb3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f818c76e17251fa52e14a98c682a1137

SHA1
0082ab2723933b363616befd0c7d74174cdfdceb

SHA256
322031becede8b289bee9d5f3de709408145ece8d9569b3b6ab1409f52033c15

SHA512
c44e06873a2964d0af71fa6383d8736517aee60b90170575b7ce7c24f4f7583d01167cb351135579f2ed339aa22cb0197ef394cad22e702a23f0b17073b3c746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
cbbcc7a70d569dd76d2ad2ae518536ce

SHA1
c0c233bc3da9e57e808a6c94e500b59c11597872

SHA256
b85af97a9ab36eb7dfd3e02d25798b8a3c557c2732b556df086d5300f50950bd

SHA512
ca23fcac54db66d1234af282150205f68de1732c6482d696c2018e790f1707b9d657d8504ae77772150924abef0dbcfd7b6824b93ffe16c1d1d952f79c1fe2c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
19c642e07721f1f06b3ba9fd904863f7

SHA1
8253e29682f4c41807201448cd4682cac0255310

SHA256
e56466d8f5704697c2b508812335a69a27f5563c0625df2f952e7e58ae85a579

SHA512
a236add2abbb884c9af4100f293cc789b5dc8c1a205f953ee6ae6c5c81e44aa18517d6e3514a1be186045f4706ad4a7fc9baf84b41fba59efff0f89a3e1a9381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
e00f5d6e18db0f5439aea035a54bfaa9

SHA1
d356ecc6ee13887feadb760ea998e240e0d465b8

SHA256
a329ce9a157aef46f3772a39846f5759cc6ecdfccdf2588c016d61999d1d6e37

SHA512
25162b0009c13a71c1bd3386f161e9d9e60018a1d1f7fc9dd99e7e98f07c3ada8a2efc88e9cac52ac53c4f65a43ba67454949183ad40f40c166f86d4d891d832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cc6f52611edee0f4fd5d7c7ea58e1210

SHA1
30c77b531e206b07e64ea8e784aa777477f97d28

SHA256
d59cb9e95413ebc3e91b6d20c029b71d779a6228d3f23f25d3782ff93a6daf1e

SHA512
4568513b095f31d4b26b9c364f01cff49754cefaf2225a9f9043643cad21b61d13a17e5ddcaf8f726dcd460cf44c9e9cf5a62c584418ce42eac93222d1bbfb19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e1228bc6782cfb74ccc97341fca92953

SHA1
bdf155ed99cee7be146bbb62d356026fedd587fa

SHA256
cddc223a6bdefcd35eddd4cd9ff29f5e4feeb69ef58156f96c874290374b04b1

SHA512
91cb6c253d2f4f9d6df534f4db3f2087bab1462d0fa214ce93fa0c3ed5642725d3b579f3cca3f400c72b8d6bd3fcb6010a7fc4dbd55132b7f6082810e9caebe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2a9f6cd91cd09650beaa72b4897b7bf2

SHA1
500cb7867ce2b72f3bece35be79e47f37612e657

SHA256
4a28b5776311cc50dbd200db2fe4525cf413666acb87a93b6e6b32fc232aea25

SHA512
5911749fa9d3c99f5e2f160ace6763a7f1ca547ac52275ffbbb71e3497bef048b7d79d88a6749721f2e122bc6b264e083e3f033cf92f8df2765265f2d0af45dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
9b538622eb94d1194cb64a69aee308e9

SHA1
697d7bbebde0cca8cfc502d70cdbb8ca6ebd7ccf

SHA256
589dbb644e700b612cb0f2d202ffe533b6dfa9088203d2c1ca97c7610dc747da

SHA512
899f674beafc1bd45f5052af16eff85c21435b3aa22625fbe41dea7581c89637715f437fa085bdb554f6e7f0ec6037d35f233e5c39368e9b4c4e56709fa3dde1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
a0777500960c67e877e892854e9dbf7c

SHA1
abf6f556ad511a90b22bfeb833b02fa73de3c00d

SHA256
1bd239709d9783b5a66642262b632bd27f90d49d9741949ded8009b6fe450123

SHA512
793fd4a832c8c59c06b61bd757e0ab064d1085026caafe84d32e0f4577d8d5c260e81ab104babc0c82aa39862727d7d6e05069191aa1d74a47274d93abdd1b32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
de88521df3d8a9794ec0e4e954dea5c5

SHA1
eb23bf258c309d5b5f89cab126f5fb04bfa40aa4

SHA256
3995547741169948ef5614fd75b39ee7ffdb13c1e866b9c6d686e1cf8e4c4474

SHA512
3434a60d538db88b19eb0f958d6282067b90b0c91360c940ae0079ec4beec8be3f41880df3f2cd5d43ec8dcada560089f5346148788986318d85a1453fe43a63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2772ea61a1caef4ec2b5c28bd5bce06f

SHA1
0e5eb0753ca02d514a15a01db12af8d4953a9307

SHA256
53371049221963c2b9d8a428a4a219461b9bf954fef7e4def9a2b8b9c24fd15b

SHA512
e73fa2c813f68f24dcbea05d0d33909b77992c0626b9920d5da0205c187a1196fd1375b7c03d3737a934dc3937a46d61919a4764927345a39bd311bb1e220c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
cefb4caacbb0f90ef3138f473b3f1fcb

SHA1
d408684681a94f3f3eac00fd99ec034a73f0151a

SHA256
cae9db25317bbfc32a03df87d4c3069611fa9e27d0378a9131a85913373fe39e

SHA512
ff9e34e65fcac99247eaaabb4fe10e6537dc70052d20ac7405b15a811a608926ecbc1fccfabdce8382f1fa024830ac8f72a60df5b4b7b62f38d1a0517246543d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8bec31de047006f83e0f27c01fe95747

SHA1
36e94dc095056929b635fc2a680c6e3a02f7aae6

SHA256
fbe2b4c096797486ef7afb9d211b22dcc73852fe398a9fafaf3338dae4383dee

SHA512
5deba0cd6b4bd43ab383b3eb4c364e3d2b6417d129f163782f59e72fefe76e572b3651033a6723a6cb91c22fc1dfa14df527810848266384428f60d958b0a328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0a008f31-1338-4aa6-b711-5d9406053a7b\index-dir\the-real-index

Filesize
2KB

MD5
504294b72976e2b7f480250c1cd03956

SHA1
e78d48dde3b55c387cce24f4ece087bb0812176f

SHA256
78cd9c88b57f3204b367daf6dc9e7b9584c029f4ae08577566b76157bc001d3b

SHA512
a18312fbf4cdf9bad141f34bba69defd802241facbc527f81f4fd87bd0a1702ceb5e47cb14ab4cf6705e2b4f8abcef9de9e46d1d8f635ce84d371c7b39c7605b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0a008f31-1338-4aa6-b711-5d9406053a7b\index-dir\the-real-index~RFe5f7d95.TMP

Filesize
48B

MD5
1cce774e294b5b6af33db7a04f04c29f

SHA1
5979326281503b603360e6a595b6f0c6037cbe99

SHA256
d91a35d5283593d5807fecf251ff5bec427b301122cc0acfb5e3eb7bc3663871

SHA512
e1b594144f1d4e9ddeb45349ced47f33dfc323316f0220844e1af6d6154ad836f1e02e14dbc4069df2713a16aaec78a3f92416d9ace0135a0fac8516d388d58b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
402d7d39185f6b96b3d1970e2e9af4a0

SHA1
5f37cf054326e17517e7cca051bc68d1928b99dc

SHA256
f73812c8178f58ddd3b3f0d5ffa5520b0c9decc94897aab04099a9f12d2a1af7

SHA512
f5b75b1aee088553d11cad68fd47dfc75daccea8f998dd5794cb037e2bdda334f79fce73ffd1e88fa19721387909642b8bbddc35e1c7d2b77e8153cd23eb37bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
5bfdb0697ab961eac3ae6e5a99b5eac5

SHA1
61e6491e61d0f3a4edc15fc1635c6cfb8e96da65

SHA256
e06a2a0e0b8f67e7a49dec9027221191c9afa3fc3d58f906d15d5792c4b803be

SHA512
c12a23801304688195f771493b8f651e0e0ffc0c4de39d1fa4aa163ea2c795dc493c04e8d59e3fb86f0b2496f9e42b1e02dd2f323fec6d394b66172d7a8ab451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
8eed052fa6280fa5c1043b85c4aa2833

SHA1
b415f58836abcefc3904d5ec6f6d45eb61652f18

SHA256
dfdbfb7803dd93a34c801ac93f2d2e5646b94e9af92b0cefdb4ea79ffdb4191c

SHA512
e0d953b7bf0153f8a02917c1f9656653f080a5751336b8fd3d7bfc992de983ea4589766e534af04c8d459cd5d41295c60f1a9815b6eff9e8862a7995d5bef476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
114cce909992a3cea7d86824281583ac

SHA1
ae570279027c90a367fc070aec09d46751272c78

SHA256
acadd3bbbc38791b4d80e9cffd5978f4f62af823475cb3b611a770fbd04837e1

SHA512
89fdb836f7b04212b69f5860d29d18869bb0907d76651d877ade3f3340982c419d8887ca89c524c830adf2cbcc212a0bed7668569fda026628823e9501b505ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
a486c2f89f62b8dd77638c4c1fc620d3

SHA1
3a85d31e1dca6deb2cdb00f601d912e8a0dfc99a

SHA256
f326b8b00489444ecdffac35972e14655817a40e511ca3ed116cd828468153f0

SHA512
396d3834b4383a5835569db975bd723ab033cdb3f2477a15e5a236cd48c9f1ff4ca10b6c82977cc7ba0d61cb87f53a7c3c28d842d3099f338fc2a1c64a77b591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
e464315f51220b46e80317f3074d6f5c

SHA1
11f63553d8957b215cb6b047759d5970194508f9

SHA256
157efbcc14be997521c069366aadf884ebdab600036616feb19a285891ca1042

SHA512
e357edbc8a8a8d76562e5eafe98009464674aca800018ffc4d4a8bd168c6ceaf73b13360219aa6162533ab77a72aa1b3428a11ec16ceb822935d5d71fc85c6e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5f7d86.TMP

Filesize
48B

MD5
5a57bc84a6d81844d3de8419c3eb5c42

SHA1
fed5ddaa6b113ac772009726424feab3c471153d

SHA256
11898927682efb7238d2098ec2c1bf3533a2761be564a29768b4963cb7a611a4

SHA512
f8ca3462c353661bc3d81af84314b24a80f6af5593466d30e2becdb748312869e098904018b43c6bf03ddc2acfbde9501359de3b69b380e0c40a24e0666db736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
9KB

MD5
f5bbb7f5ff581fdfc9cbdf188fbfa35a

SHA1
f75c0b62789f0fa5b299399c2391981f5ce62d9f

SHA256
f9f1e95361c11dd30720af0165a2330958f7bd474de5475577a2d3644b32bd83

SHA512
63144265d22c85fc3caf695423a6f4c64ec0073ba886365a88f6ac3f70b7092175221904dd34ee0135d16b7652537db7a464a79ff552b0c59340467782ed0d3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13369959546270602

Filesize
20KB

MD5
f12761cb0c2572d6c8b11074ec6410fb

SHA1
a35f8db381ba7deba857fb46b91977d018cb92af

SHA256
be30fda7d95a60b5bd6f2427cdf59e1dfba043fbe0a83d11211ac128c4ce86a8

SHA512
baf3a1cff7519d0180bc4b05fadbc964b4d0051fc01455ec11b8a6b0df21469c9d5d692e8d5b941e090c11907ce32bcdbbd6f4506c30fc2917b514c3a95057de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13369960060603695

Filesize
52KB

MD5
efbcdb9784437de692799fb8ce23c5bf

SHA1
3f96a244638be608e335de791a3a836eab264242

SHA256
46d168d570b9b71c78dfb8fa965930337b69809fb75804084bc2091f5984e7dd

SHA512
27249dff05191fc7eb545fc0495bac14ded7b32679d7f2fa67616f88427da2c75287f133af5635b3d3d5ff797c3ba9cbb6480abce7131c22cfdf71e227face39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
265B

MD5
3d82de66f5ee173ec10919369ee90c91

SHA1
f537fb4a67fdf9bf336763578f33afceee3f6f84

SHA256
5889835a70bb094eed03d8570fde5af400a337905c034a53a8e417d6404c76c1

SHA512
dcd9ed18817401ab1b4f668b95868c8573d9fc213f0b6c190fd17c5e76e605e18a29eb4d7ee53272265d648b101360822502c22417399705d5298e95a237ee6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
7f435deda5fc5537c20667a0c186f194

SHA1
e44f6c86e0ac84173db92bded0ec83ede437fe9e

SHA256
ac3d45941db000d20270147a6c0039716987616fe185b34f695fa84e68a640df

SHA512
0c9a40fc87ce67734248cad6eb18eface5eba3bccf4325285c4b8eca61b4f0aed46ede5c26f7008814819c4174b70cf76c866fb5105f6d7113934ced9ca63513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
642e39cec3d8c7247b9a8bd10c66efca

SHA1
8ce50b79cb5e1d24e892a983b41f9d5fdcde7670

SHA256
d763f4294d62805bef6b2c5d5c46d0e6d3b6316103315402ed3a6b605f8ca569

SHA512
ed8e1ae0a9470301c36c00b6fa26a9e7a1fb316985d49c0521cd5afb7e4ed81d844488ab0e2dce0257938205f02a81f575810a402cdb73c02df922307b8c3086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5705d8c8087853d6faf58f2bdab40d90

SHA1
e04653ab9f79fb54fa506a4b36cf6f1867e56578

SHA256
9afa01a66f0cafb991ec31c3014cc196093f3f3ce39d843f7b34d3e77ae80844

SHA512
f8d539a6f70e6e8c19e7283db5a7ea7deec320f3ac759f0f6813bae2f88df53128caad799b466d8e64afbd07236a8860aac0db8934df488a758215589c36a33f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b24dc03d5c81cacb02f25f25b871b84b

SHA1
c103d5c29f73a0a91bc5f785969839c261abb88e

SHA256
6a27b4504ccc816c246eb630632546eb603545a0806bdfa4061f4de3db2696e3

SHA512
4dca09d6f8bd788f6315ea80fa1f73b9f759d839caa7e80307f8eeae6112e183d87819219c7cebd810b29834dc427f5823775d6f68be7dc6af06b5d92b2cd136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6121c16c564a35a31bfd7f0b615ec90f

SHA1
57d59b733920b657fa6df88a6fb2959a26efd9a4

SHA256
d6836c6982c6434a2807af08561a4037adeb5808ff26082db1b8357c3ed89c0c

SHA512
51939ff4fd51fc42a635b65f64d51a6b01e12fe000bb99d196675a596856c7b5fde12b5b8f91c469be27f0ebb699c85cf8d338c752abe018e79301c827167631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e89ab9da4ffc40bedf2d74c13a0a60ab

SHA1
1127e85e47e275e6b4f493316a37063849653563

SHA256
40383dbc5a5240f15d1169880b085824a6c8d75f301bc1d007077f21af891b0d

SHA512
8eb4d908fe94804712a613bbfca7f06a7bdaf12ba54d5330725e91f8dd2e51338f4f930776099ac51d2338fa94d5871bb536eeeb0042d6f670996bd037a79774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
78184c1b15f5083c18625cc657cc4e5e

SHA1
8a29d8b0032e9a4e228b92071a5d7a79fd37d40e

SHA256
e9801fb77bb0e2fb9671b8131f1e9986104c7244c8484d2827e5ef6245681313

SHA512
d5fdfe04de0d12aab388a5a5e886b513ce6ce24337171f58825d961f199445f38e46e31fdaf1065ffa033eaec0bf2f604d323464f277cf038ae6e6f0feee8cc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9e7736e401854a851a215a7246391be0

SHA1
1b41ff8a4b9c57fbc7a2ed790db002f97464ab70

SHA256
272e26be4053ae4db7f757dd254537576a9ec43b537dd4a2fe2218486167725e

SHA512
cb42d59a5690d4e80aa765dbf3ae7143f692ccfe0f37bb74ea1ea190c0dc37f3655497e76a5289179622738b2bca6aec26ac242fc5e947e22814e0b9043c3e1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f3615e406fb62910f5ba5c585ae0f0c9

SHA1
b6f515a2386e3053b3a3f502e9e38b7f5c30b580

SHA256
3490701183ea97fd375dc765cfa24b2acdb503cdd840cbcdfcb7273093d99519

SHA512
0cc9f8af3986a4c624747df1444e0d875d34fc03d96cb605f36241864a40ec65785b5ea3226708dba62ce713ede20fe106f1251955d0204e83d2b85834f2f7ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
30b93be9c6bee9958e1b14f5ad099347

SHA1
c9b282a458ec8939fbb30f1934bd31685fd17d90

SHA256
3a594b1221d1b9193b6e2e03780f47152caccf91f539e8f91e6f2f7bc80a86dc

SHA512
1e622594737b203de763c754b8ceb7a65ae756980fb6a331d2053033b9698c3a288734ddb8acf24cd42b149afeadb4a25a9253e5c243ee12506b80e9b378cf4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
2da7ef3f2e5c67e5159028f9f760c810

SHA1
e07bef7dd4a933c6e72422a04690e4c1a2afe48f

SHA256
6859779b41de8af2cc5369044ef7a00869ecd8f958ed97c458f9c991bca6fd3b

SHA512
e59ed94a3ebb292544bc2df27afe938c807fcc3ca38a5a5641007fc8744375958706dcd3eb43b58a3a94a4a5c4598555192d733551dee308e3f467fbb3569e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c00b284696b076437ff8696426b0d8cb

SHA1
72c9c84e8dc29d347160c388e7e2ca1b9b607ab1

SHA256
e2bea5c2a6dd3890925a15e4ec82e9777930e6ab22ac6cdf4268911096279085

SHA512
e3bcddc7dd663509e9e4d783bf468f7a39d7c2cafdc6a5c62e521c5579e2cb2d45f773cd61e63b34b09ae948aa8c7e9c81845e09f124f075ed4088f4407b8b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c85b3f921716cb0b0c1dfe16edb31e8b

SHA1
a32773e9fb8c9038456c44b1239093f1c181abe1

SHA256
5efbd81e083aca5caaf22018f4808d4c201028373eafa3767d2e68c8e52d687c

SHA512
af984e9c8c9a8295ed8976ce149a04ac9c280b76d29a1f4cad0f3a1392a5b988a0877e3b4c0d005c3016baa8ec54053518e93c9f4e30c02a3573437223434ba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a89d0068d1ff0e993749d9632f375be3

SHA1
d18b578871a970b40c7d298a39e1f38e3736d638

SHA256
339053e54e244d12e46a46e4854cac29dd97eece00c66961a4f036039a66c1bf

SHA512
5b7278d22974ecf48de410a773f30b9ab1d236f7163686887dd1b9beaf19f5540760c7786a228cf50b4ec919d76fa75d2efe062e2739451b1369b2ddd04b5c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3f0c2b9965ee35bb9a64bb991d78f637

SHA1
8280b5264f7f565eba4f583cd9f0afc8db792a7b

SHA256
f6b173d5645c141eed65526b494739d62f73ece054bc3b4597c3043b60ffec60

SHA512
5b41e5e7119fd325d14864804ac1636b81958d72dfc83e56116e92a4884c45d74e22f48bf8e95d0f7d2fce26df551ca8ed058b496dbeec3b8acf147ff0763224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
eedc5de7e31508bdbb0ec90d6b6fb452

SHA1
891e54d703dfe84f0f8ac34f25b7a3933051b7e8

SHA256
629093c84385ad8900f361070fd05f690ec7277c72f58efe50a9b14df4f3dc15

SHA512
341091bd223b7680865d38e1d6dd16c04ec055a6712c533f4cd00d001f4e84ab96b3c9ec1e8616f108ab5a9033ec1d18bd509da10d81d4a36510d0d78f16851b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c599c00e1d2785d069db691acc561458

SHA1
ec3dfdbc29caf6a48a73a58683041423cc016597

SHA256
6d5ee554733a2ed036b4b6448dac878295fdb0bb1f7d62e798dcc95cb5b08c03

SHA512
a6d45bff9644fd6d6ce5be5ec3deacf41d1ad79dae5fbb10de803bfe65e90052cb5a4487c09e3647c225d9310b9df970f10070af338349c27a41e05902ab4a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
85cf895f1f52b450422f4ac0ea80f6bd

SHA1
15e8bbbdc0ff1374b6b64666f4d2845e4453f1b2

SHA256
a13477570a206f208e07cabefc5f168ad368faa4b14f0b4273fafae7df778523

SHA512
4bc5e810b3486ae604d8752ed19f03f5e1e02937292cb9f080260ca354cbf674b4bb0791e6f22ce3932ae0182427eec2680bea36e823d53072cc4c8cd5687327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a4575aa772a2197eba2a777e2478e1ce

SHA1
fb6509295b0efbd4c6e8e996709aa4a97ac1ed31

SHA256
f37a9a32e511725b99e9d7c963a7f5bae8e8d25a1336a2a9bdd94bb87d3f2695

SHA512
4c97b1d55c56fc1204a063564f5dc9ae18cb3fdbb3f6be8548ee7faf0daac7eb3064557977f5c7720f77289ff676eff43917fe13f33db2bf7f5dff5903ca5c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
bed37e6685bcf6b58ff5a0f5fa30e56c

SHA1
d60964d56bb21b7767a0ea2d418d7d9dc1153514

SHA256
0bbe9ab92055bd069b249e08369a22ff3f90a7dc0dce2c9f8b189c9520af47b1

SHA512
c019addd34b6f7872494b6e227de411b68797cedefcbd19ef7a22b18bd7182e48f9b6f1f0db7f719c4237d1295a842d08485f1f84c2fb0320aa87a8bad872f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9087fe389ac57ec5d5f01259c6ef3c06

SHA1
eb2a1f71501a2f617ea22cc613a58daef5058c05

SHA256
2188ac3baa55ac327d903b54689028c55fe627b6cf0ce745424bfe5a64acd7e7

SHA512
4bcd432f9c157afddc3f9923f7e852f86be231889dd979df0049b3e9df5d5d480da18faaca9a299730644443da612acf76e0343f033b2ae40dd873b69a682186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5587281eea45059118b6192c3b7830f4

SHA1
7809edb3a4aacbad26fb40e0319a9d1e9aa5bc23

SHA256
2677a94f2ba5726e296aa5686201b30c21d52cc4be4bd800d80c89272dedfd57

SHA512
55cd4aab88d5b974b8607895b7d4537867b1ac00acbf7286be1c119937583f41eea158b377f050c490872b222ef622f063ed04bf6b017e070ce6548cabe09455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c525.TMP

Filesize
371B

MD5
27d1cd46da8e6e1414c04adedc9c75d2

SHA1
418eb35cfa13dfe4f3bf4eedbf8a6fcfa6e5fa8c

SHA256
47d9644465c389daf0321f5f49299467a994c5042ce212c58ed448d216baa896

SHA512
8d3bdfa98248a8b590fd10b0e1d7f85396639476a95513bd0585c05c5877c1d43210ff505d707549adbdb39664710761cf872f70ac2a47b570a58ef82935ac64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe656abc.TMP

Filesize
1KB

MD5
678e694ceff6c95e1304dbf3db22703d

SHA1
52558a746afb5ecac15f0cd599934ac97427cde3

SHA256
00ea6c2bc5825ce3a0eaf3dceb5ac5947b767474acd4836a43253f737141cc97

SHA512
8a075a7447176bb92c3202b524463984a85ad03a9f758ed682ce52e2cd1dfdf8288a955e04b18c272f3bd06771de02be7006e59a9d4445e4566c5f32de4442e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
371ffa8d257be2f5217fc99a4c8cf6c8

SHA1
54864bb9ae5bc5249cfa22e43ce4831d0b8d7081

SHA256
b1a2fe589c1d241c0b4ab67c0a44705e98c0093e77556a117cfd67db100ed0be

SHA512
2a05b74e4f7dfc256c9ef2cab522cbf4657722f2a8227114627390e91a30f48ebf8e59db73de637cd1ba28323452049a086477ae256954848f630628cf42c97e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
669761c5a7147e12d802c57872367179

SHA1
18857faea29707d37bba83784f5743bda0a5afdb

SHA256
27bc2a90e093757657f994109a6a36071b896cca6a9f90cedccd739676f40248

SHA512
f2be3b07669b5c39870e6bbba9f0db6cf8e5514521e113073d3ffb65951fc6dc13942b7ef0db5032ace122501808871891b1f7d0198965799e5095a12cbbff3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d407de49-3c57-43da-80e0-75604b65266b.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ebc863bd1c035289fe8190da28b400bc

SHA1
1e63d5bda5f389ce1692da89776e8a51fa12be13

SHA256
61657118abc562d70c10cbea1e8c92fab3a92739f5445033e813c3511688c625

SHA512
f21506feeed984486121a09c1d43d4825ec1ec87f8977fa8c9cd4ff7fe15a49f74dc1b874293409bd309006c7bbc81e1c4bcba8d297c5875ca009b02e6d2b7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
904754a73eb4f8a75410a92b2b7a920c

SHA1
208f9e70a93742e8ca1f5e2537690172971209be

SHA256
c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db

SHA512
cb251f3f6679b9f339c3697f64ed056ae53caf22aedbf37fb57dfe47e8c0e95f295cb180c342e415bc540a9332c0aa9253af7fd2ac17b3e80ad94bcf2cf29469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ab6ab31fbc80601ffb8ed2de18f4e3d3

SHA1
983df2e897edf98f32988ea814e1b97adfc01a01

SHA256
eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8

SHA512
41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
edd71dd3bade6cd69ff623e1ccf7012d

SHA1
ead82c5dd1d2025d4cd81ea0c859414fbd136c8d

SHA256
befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6

SHA512
7fa9b9ef95db0ce461de821f0dec1be8147095680b7879bad3c5752692294f94ebc202b85577b5abac9aeaf48371595dd61792786a43c0bd9b36c9fc3752669d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e70ddb36-36d0-4119-ba83-9812a99ac730.tmp

Filesize
24KB

MD5
7a80bd573c01e550f97d6e62f343b223

SHA1
7c71b24a046981f0763d9077a7c6349a85c3f30c

SHA256
1638b7f794b16bc4158d7455cab7b61b735095de0a6381dcf8f30b47f5a3edbd

SHA512
b106eb9605f382c1b90ed6c2e314df4f8485e1e8885d93a8ed57f7606fb5a987c5dc4adc78cd55b621c06f666b1ba74cbb22eb5df81c7429ece78bdfe81cf923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
6fbd1287afb7eadd8f12260dc59afb32

SHA1
1eec2b61e646e6ab14472d5b34c3ae96c7ccce5b

SHA256
e0b526ac4c0197d057701fe413fcf237e21cf0292b446b66bd81d6c779c2f690

SHA512
33265a2d57cde9180fdbc84359ff5e6b61a5f7f42d58b7da6ab1852fdd5a02ab5c061c09c25d728ded3ca7fa288ac8bb7c75f8e3609dfbc9a7b24b08f5230efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
182KB

MD5
4e04ea79f07c843d5393059545aea68c

SHA1
8bfffaedfd24b212028934ed9fae20cd36399af4

SHA256
2596f7ebe8f8be32fbe1763ec4283f24d9a9f9cbaf3f290edb9ee8134f4c4404

SHA512
3cdb178efac74609f04cf6478527bd5003fb0eeaa2da1671aac650b1e510c9ae956ece134f7fade53a2c511e05c7ab2b344407567c30f79b00e4179a9a8725ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
a6a24eaaf9960152eab0203d45e6ed51

SHA1
694f71c1eb17234a07cad033edc16b42bcfc313e

SHA256
f0d530dbe60cac94e20a8ae671ada0a2a075c414323663439bcb1cb0d09f8b10

SHA512
024f827a9f2625fbd6a9e3e1ad2e700357c45def7b0cf928b6f4739d0bab95cdc2faf8e921647f03a63094411768634b788de25e4675318521761c4e45adde2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1e8488bd19d6ac3818fdfbbd5bea46a8

SHA1
0d6199e6bfe4f5d9e42d457d21d0c30580bcc19b

SHA256
6f4f77a83d5a6a80794b718d6b4ba02f2361cedddc8023f4caa52a50dfdc0776

SHA512
c6b46827277d274960fe966d7afcaaa2f679d05b873e7c8068da16f1d15a6a75b68f3f71859364da571a6e204ec8e43a84bd5384183bc0f80aeca76c040772c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d358c9aa0e2ed838cf6b60c9c29e725b

SHA1
39c35e787088546e9613da5cf6dc150c27fbe1bf

SHA256
b0af5f839ddb2a3260b11a19389873016b7cb46c631f84d68aba24a6ebd348b8

SHA512
ba3185bbe956d233454fac9512b98deb744389461c268d9ffbd92fc24cee4ceaaea128f4c8464a95ec573bdf75cf08171caefb989be89a7c6f0838adc9eb0884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f308ae41b4a680e55f596b8b647772e7

SHA1
63517fff9a8e54c20025f7965b58665f990a144c

SHA256
897b392bc015873f245d06dc76e73bada152002218f2bb743b2c46d8d1558bc6

SHA512
9e4cb0c24ffdfc27c03eb157cd2306dc4edc342d89cdeed9188712d5558f8f017ffc7a203b1b059cda103584dd28b1c903c309413d49910ab8870c21c5536f15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c781e68e27e7a5c239ff2335669d4e07

SHA1
cf0f047f8188c810088365b43ba62c158e9b1433

SHA256
d1f1e15f0ee76fbaa61cca880b267a1ead764bb2b864819e3c5678ef087a7a72

SHA512
4073a7c1ef62e1ed33ed5d4421c67127a3ca4119464965d350a1cd2dbb2ed92b01f340bc0c5b514b02ec24e29a31385626e867a9182d9798c705c468ea21f21f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3455305d6be995440dd97679f7e5788f

SHA1
9c7020ccc9cbfac434f134faf061d4950e97b6a6

SHA256
7dadff3c17600febf3834208967d0bef5c1527f5775e3e20ac20831bc56266f7

SHA512
5aaba4dedbb82b78e964517c9b23e86f1d316f152d445f193d579b57f688e9127324b40fc3365a8f74f71172f32565adb465fe8f40e2b42baece320475132c83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ecdd166d809d02048af7b4347ef44aeb

SHA1
c534c2e56428fa8014bae05632eee505c52cec70

SHA256
912d52dff34330f6bf7da156cd2ac1ebbd3787b504e1b4a3d074255ebed58b07

SHA512
ccb14846b4671c2dab777d5ce5fa7a66aa49826e01dbff097f2597cde0d46cf34c19e216346a8fa339994420c9f6ac12b3f4b49f9a2bca203febd59e1c83892d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e2b2d0c3080f94fd7de904026ace26cb

SHA1
e7de780fccdaf4bf46875f3e71d2ccba4922b865

SHA256
55015b879d44d2ed6a9a0270c27a65c36850e717f40189d28a525203ad08fbed

SHA512
a88342fd44be568779ddb15eedf4213f5aba16ab733cf561094fa8ddb3e8b034d974476bb30018786880af36f2e3ed827dfa185383fb38f8b9a3f344882afbd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fe8da0886065314e2e198c12799d7e8a

SHA1
ddd88dd02b19f40962efbe79b5e626e2d8d530af

SHA256
e7c94fcb530145e44283b66a53c7578e830edbb1c2bfdbcc4e1061777f73c085

SHA512
3a8f2f1a8f381ead32261d111057f35f791fd857a98846969dd51a3e562eefc339fe3b0ca58b7c4531f6d60f58beaf4e20b4ddf8ee04d336450daac42e53f8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a2404541b663c7cb4d5a803508f34cc

SHA1
11e6d762bf1371700ef10d4e3a7962c1f6b158ab

SHA256
f6e34729c7821524a25bb0d14a8246efe534a6f2cadb645f2e63e693b7a0fa5c

SHA512
0f8724ef6bc3f7edbf37d2ebc6bd325a5f6a160247b24769b699ff59bd36d8c8c190ae231dc778ad8f7229f521653cb15b3994ede2dcdba4b4d56eeaecb66e66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ff3b1a8b0254c42443a8fca57f3992f4

SHA1
223f79f9a959f0ad3569450153af56472739ce09

SHA256
9b5036158643309d06b62d428b65ac00983683445b9bbbefcfb03f2bdb25ac6d

SHA512
ab3b1ac11bc2646beddaefca0b8a646e350778f7882ba3a295de41ed049ece13c5d95e41a392e8561b9c8dccd7c315acc829d537602f783789b18c55c6ad7590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4823d70b4f5d2b4504de84fd069580c3

SHA1
b7d7f0275e7ae61dec3a615da545d73125104b2b

SHA256
e96cb20c9b4f56d83a7d61167891b7c3c23652588eee158ef95aad1f598a020a

SHA512
88d387398e327090a00bb4ad9cb4192bc0f5d1f52f1c78bb7c18803a87ffbde10a5bad9ff780052f7654fafe51c8ab9ee006b1bad5d22adadf926ab277b5d697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a66fd216c917b611281f0d3fdb03da5c

SHA1
bcc372a33f229a2b045ac382eb495f49421321c1

SHA256
81543793806d02f3b574ebf82a9ebffbb1efc6a893ac4b16ee72dc1d7fee893c

SHA512
ac3326510d80d385781222fef2529ae1622f07259e80f0f645bef1c7922e83d4612dce06226384f35be2df9e4fa1d91b879195f623fc87c9d881b3833ac2821e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6f1fbece7ccb85568b843dc406e32217

SHA1
9e2980fafdd2badd0dfc39fdde1faa2599583a9d

SHA256
48f5727d8c230d5e0b0dcfb8e8dcbfacca4e5e432b32dba8305eceb4a52dddde

SHA512
9b3fdec96787a370c08473cbdea40dc4b1620279c8d7f09e73c76bb824a4171eeda8ccbd514153416cec407c68f53f819be5f20a9a4fb7e5a42076493f0aef69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7ccd9c132961db7fb6fe146b6ff7a9c9

SHA1
8c21e1a0edffa88866a0ba3f2b997c3cf5d099c0

SHA256
e1334f579d16f5a477864955277683f65dc46c059d86654d2cbc70d3da8a21f6

SHA512
c24e831458db7c86a987011e9eb698cf9aedc910644f6205fb71d3637c53fc0481df601554e802def0ffe03d6519ab0946f037e1ab4919d371467b99ddde6f7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ebb5166da0e832bb402282efaa9b0970

SHA1
79839732d511743118c8005db7aaed81ba8c28a3

SHA256
47c17eed03abaa56548189821182d4bc71316e97638ae6ae618b14226c6fa92a

SHA512
6114ef95713f6ee9a817c6ecc61b7e6d2512a4a2f9add0c7d8a5f3a28b1ddb80e3e4d165efbec441bfbae063cd826089fff455ea49b2645cc7da9de6b4bc85ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
137d18dff7c8b037f1019b1f8677a18d

SHA1
073492c0fc3480d0f3932b2c87ec32ea64bf2a16

SHA256
725fe3c7912f7b7ba2cb925b5de75ba3524a75e47d722133fcf3bffa995917ca

SHA512
2a53c520370d8ce32a79b3fcd7920f1eb60ece1bba1483d61d2fe63ec128ed54c2236a5dfd3aea08d551b4f4d8a0a858313e7d2c9e3ecffe45e8248101ab3495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
af1a87c0d7c4ecddaafc2b8da5c6b71c

SHA1
fb58b21446389bb177289e12a24474d2227d244c

SHA256
90fbd9fdd948c4ebb8c6fa14dd902efb4b3ab34ccf9892802c16389a63e1a9b8

SHA512
20cadb606dee533b664dfeeb4f725bac3ada0047840be7e54dd35da84a857ef6a929a2b5e2e52c0df513c6135fe5c18b126743e7e14ee70f390edd99fb6f14d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c433200bbc18babeacb6dd4e5f94cf6f

SHA1
7b8e31cdc5fb19132d1664ac26145c17e7b51b16

SHA256
a2bd4fe60b3bead005d694f3106d51e78e5599f2f285452d12ec3095804976a4

SHA512
f512af9e0af2950c00815fd96ca476e92d999ce7f95d8ee19f928d333fba3af09323faeac61126736594e4fb193bb4a22f1cf37e32c61e4240c0981d468e64d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a56e80dc8a0ddec0efb04dd669a9b7a4

SHA1
b9b045c4365024bdffd9ace82ce7595ea3461069

SHA256
81ab759fdf1da83be930d437f331ca2c19beeb0946fe6f35df5585c8b44a7211

SHA512
3066351c1c05a0b82a3cb7bf101ab98cca54861f62697e17ea13be5f548ca3f2cbe025fecfb0030e29287ecb64b9877176edce7c893b7451d16e4c8443e8752d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
75d695537569acd27d77f001d16b4e32

SHA1
a4ec40a0622b0dfab48b00c55cf0c8f13ee59011

SHA256
b70ebc93b07ca8352bef1026653579e9beb1535e1ec9c9fcddd073a1d1a84409

SHA512
ba1912c4d7a8754fa62ab5aeedfc8c340876c64170cb8ab291e00d8e4a721b976d736fb3adfedb93f4d26d92d2f0c01284bde9189d226940468d142f167a7717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
25558d217284e227db5a4e38b94ad834

SHA1
6b5ee03a566234877135c9ce94219d8f6eb97fac

SHA256
9376816476f94e9dd3e5e2e5c55407cd92032ad87ee97f058bf4e2c1c5989849

SHA512
d9530078c7f0742a4f80cd2e74cd46d8561331613c36d0d89ac723653bd95c8693394dce89f21b8191a958b0b086bd037c38fdfc9178ee9d140d855a1e22f714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
db7827e3a963a1f182673a12cc9c3632

SHA1
5b2f5261051055f19599a9018c74d9eadccf0cca

SHA256
0157ba6672cd54a9386acb5a8527d753e00e0a6ebe9533a3a6e16c508fcc76ea

SHA512
f565c2db268d97a82401d16322cdc797d1dd32ddd64c13010cfb5ba1e2d2a89915a01359035788e0b98b9af92b00c3d284f2eee84e8a3d8be14a443d1344cd0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2d0a5a3fa402416733b3310410c0702d

SHA1
178d69d1019e008b10353247e48a8423387eeb10

SHA256
76c8c8d92bcc16256271bc3a3beda2be4c6fd36c1eb47edc670bb262dd7e18d8

SHA512
9e33e9c002e2af98425f66b4d180eeff80f2c12bb0e9bd9e71ebb48e114a23542b63b2bd7a529fb30e5c76fba5dc1cdd04a441715d75824f4fa88a4c3444ea31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a709ff80d21edd46230e73f1380c05a7

SHA1
a530e96c3139299921010db235f13baf3919692a

SHA256
acc673bf894e9b88468841254137da3e3b47ba798eb1e28a39cc7d907060dd52

SHA512
c0be300c64d1ce7ba6c13cee74b7726692f73d9139a7ab0c66d01fbccdc15a58aa25deee628dfd84fc39afba92bfdb59de0f62c50611e7ffe82bfce82db5c3b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2016091cb0d57b4a8b7d7a01ae4c3f17

SHA1
72daeaf00fc3266fb5dcf4da7e7e9f46328f6a11

SHA256
ac5924a20a2b759a434455175e56b14e186a02fb3082e363f02b80cf70a0069b

SHA512
0f4e3f6a6bb26cc06f2935a2d3697f68ae1f59d9faa2a1f0f9c6a62c82e4ce63c5da23bf3d3086d347df204d1d3a3f908b7e266f9e3070b9422a0bf68e3fde8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
70f087a26a32c1c1ff179a9ea95992d2

SHA1
f0d08e8e46e2ae65f3d2c6f8ee4171313bd783bc

SHA256
fb0169be1c923398dede6badabfa1525a2cba69aa1d5f450290be8252e65991e

SHA512
5a1f0700a2d805767257249f42253fce4b4a650c4d1d6f8c0d1982dee80e1efc6729e5c757814d1e47ac581bbc3320ec35de7f7045b344115653e204e893dfdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State~RFe61a9cc.TMP

Filesize
11KB

MD5
77847ce6a9ca940ad920a44ca2733721

SHA1
71b5525f47ec043bd247de09c0167832d056c5d6

SHA256
73c09172e25588e3830c1c254de7c899b0d427c323c5c9bff183a3892e6b8f28

SHA512
f55be84d378ce273adb5c427e90ea3ef0651785557bfeb018a04877ba9c98a8e3a64c4b5344978845772b6c66a9751808cf975c1bf8cda468c90b27bb334c54f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
5e32bee442d5567a6c408f59d778ff76

SHA1
71a2ed8a63fa03c27e19aeb33876fef017f022c5

SHA256
8e2b8f52e0b09def696000a5039a1e3ea811446cc8557d26dc4355e5a9fe6920

SHA512
eb970fe857bb4b855b6be731ee099c28535abd153886add5683a1a16935bc5becddecc8076bb9edba3f00b97290692f21fa0ff44ab0b0fa275e89b35beadaeb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
c9849059cf6077eb2744f114fe9537a4

SHA1
1f3b25a6bb8008ad4b80411023a3ba81b7a05857

SHA256
2caacc9de1d6d83e97184bb23a8e38554c483df5bad7551600c3f6dc28667818

SHA512
7486dc7126c64ea8d3711c7e7785ea23a499772121422d2b9f11f3b7026cce4be2f3029e89e41255c310945e26f25b1c3a5d8c3222545003bc93eddfa6e01038

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7WHEUK6J\microsoft.windows[1].xml

Filesize
97B

MD5
552110238b58678859ace8a721ae738d

SHA1
89b5240419401dc4d5364a2a3449206fabbf535e

SHA256
7d763ef2289b8e4949c4bcdaaa05e5cc9ae83dff77eba89ba7bface6ca16d16b

SHA512
8cddb8b946eca85d840ae307f7fc8740f5e64667118a4b0fd602bf904e85e29025c9253d233181d4f0dc55d1727df20ad1d0ebf28a9335f5d81c1746b9268213

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133699602543932471.txt

Filesize
73KB

MD5
4c036314f080c753345c8481caf9ae5f

SHA1
c90add2903b9de1bfac12a139e2551af8ec71745

SHA256
ca7a49706055df15b0d7f15795ca9846c18f76f20ce135c039f99096bf164b71

SHA512
2c42b710436c2153a935fdbee7399177deca03c9c877cff99ef2dfa237fc7da5cc0dfbd93129122b268f8eda79f34e41ea5f9c901e5dee35861a2c9dce09bc38

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json

Filesize
240KB

MD5
4643bc603a77fa034a9461e093c9d0b1

SHA1
97fccdd4ee5ead33f53705019ed92bfa277cb3fb

SHA256
e9dbfaa4c939b8b5925a4f6098520776a6ec4c2e3bee87ffcaab8597829a6119

SHA512
48cbecdfdd8bcc0e27a0802f4436e9756f0d660d949e9d1d4c030fc7aad8cb882e5a5d893a5a84d7e3da8950e17e813bfc4cda44924bbb59477048b8c515ade7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

Filesize
9KB

MD5
ecb8941f9c143e09e30dc5b135808581

SHA1
1a9bb81a5e02615ab18adbd404217a55a47dad51

SHA256
d93292a76c7f3457a9efac35fc6441c28d40161441a7a1cb780acabaae278141

SHA512
93ec536d30baf3a3e044d4b98dafcc66efbf98c2a250047e9be2f3d2fe19f51e8941580b9333e7a98667cb25fd6ce0a6b3d227be6acbbc964de1dc3e1236f046

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

Filesize
10KB

MD5
1618717d382c61a166f05b3907d27225

SHA1
68296a52e480891d0072bfc445b85f9478a0ec68

SHA256
921e9501f8bc0d499366d0801012273f3d3665361aeaba8bc068a0053d91f475

SHA512
ce2b166bbf3952ebb18b437d4dd487cde122dd0766877d2263afee8778b0ec742acf239c8ac34bb8bdc397030ecf96b2d13e457c2a748375f840c0af8b5ade67

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

Filesize
40KB

MD5
48c00a7493b28139cbf197ccc8d1f9ed

SHA1
a25243b06d4bb83f66b7cd738e79fccf9a02b33b

SHA256
905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7

SHA512
c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

Filesize
160KB

MD5
237e13b95ab37d0141cf0bc585b8db94

SHA1
102c6164c21de1f3e0b7d487dd5dc4c5249e0994

SHA256
d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a

SHA512
9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

Filesize
60KB

MD5
a334bbf5f5a19b3bdb5b7f1703363981

SHA1
6cb50b15c0e7d9401364c0fafeef65774f5d1a2c

SHA256
c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de

SHA512
1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

Filesize
64KB

MD5
7c5aefb11e797129c9e90f279fbdf71b

SHA1
cb9d9cbfbebb5aed6810a4e424a295c27520576e

SHA256
394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed

SHA512
df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

Filesize
60KB

MD5
4fbbaac42cf2ecb83543f262973d07c0

SHA1
ab1b302d7cce10443dfc14a2eba528a0431e1718

SHA256
6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5

SHA512
4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

Filesize
36KB

MD5
b4ac608ebf5a8fdefa2d635e83b7c0e8

SHA1
d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9

SHA256
8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f

SHA512
2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

Filesize
60KB

MD5
9fafb9d0591f2be4c2a846f63d82d301

SHA1
1df97aa4f3722b6695eac457e207a76a6b7457be

SHA256
e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d

SHA512
ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

Filesize
268KB

MD5
5c91bf20fe3594b81052d131db798575

SHA1
eab3a7a678528b5b2c60d65b61e475f1b2f45baa

SHA256
e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175

SHA512
face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

Filesize
28KB

MD5
0cbf0f4c9e54d12d34cd1a772ba799e1

SHA1
40e55eb54394d17d2d11ca0089b84e97c19634a7

SHA256
6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1

SHA512
bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

Filesize
8KB

MD5
466d35e6a22924dd846a043bc7dd94b8

SHA1
35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10

SHA256
e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801

SHA512
23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

Filesize
2KB

MD5
e4a499b9e1fe33991dbcfb4e926c8821

SHA1
951d4750b05ea6a63951a7667566467d01cb2d42

SHA256
49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d

SHA512
a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

Filesize
28KB

MD5
f1656b80eaae5e5201dcbfbcd3523691

SHA1
6f93d71c210eb59416e31f12e4cc6a0da48de85b

SHA256
3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2

SHA512
e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

Filesize
7KB

MD5
b127d9187c6dbb1b948053c7c9a6811f

SHA1
b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9

SHA256
bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00

SHA512
88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

Filesize
52KB

MD5
316999655fef30c52c3854751c663996

SHA1
a7862202c3b075bdeb91c5e04fe5ff71907dae59

SHA256
ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0

SHA512
5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ADVPACK.DLL

Filesize
73KB

MD5
81e5c8596a7e4e98117f5c5143293020

SHA1
45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081

SHA256
7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004

SHA512
05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Msvcirt.dll

Filesize
76KB

MD5
e7cd26405293ee866fefdd715fc8b5e5

SHA1
6326412d0ea86add8355c76f09dfc5e7942f9c11

SHA256
647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255

SHA512
1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Msvcp50.dll

Filesize
552KB

MD5
497fd4a8f5c4fcdaaac1f761a92a366a

SHA1
81617006e93f8a171b2c47581c1d67fac463dc93

SHA256
91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a

SHA512
73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\W95INF16.DLL

Filesize
2KB

MD5
7210d5407a2d2f52e851604666403024

SHA1
242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9

SHA256
337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af

SHA512
1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\W95INF32.DLL

Filesize
4KB

MD5
4be7661c89897eaa9b28dae290c3922f

SHA1
4c9d25195093fea7c139167f0c5a40e13f3000f2

SHA256
e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5

SHA512
2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\andmoipa.ttf

Filesize
29KB

MD5
c3e8aeabd1b692a9a6c5246f8dcaa7c9

SHA1
4567ea5044a3cef9cb803210a70866d83535ed31

SHA256
38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e

SHA512
f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.dll

Filesize
1.2MB

MD5
ed98e67fa8cc190aad0757cd620e6b77

SHA1
0317b10cdb8ac080ba2919e2c04058f1b6f2f94d

SHA256
e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d

SHA512
ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.hlp

Filesize
11KB

MD5
80d09149ca264c93e7d810aac6411d1d

SHA1
96e8ddc1d257097991f9cc9aaf38c77add3d6118

SHA256
382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42

SHA512
8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.inf

Filesize
2KB

MD5
0a250bb34cfa851e3dd1804251c93f25

SHA1
c10e47a593c37dbb7226f65ad490ff65d9c73a34

SHA256
85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae

SHA512
8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tvenuax.dll

Filesize
40KB

MD5
1587bf2e99abeeae856f33bf98d3512e

SHA1
aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9

SHA256
c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0

SHA512
43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf7242.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf7242.tmp\nsExec.dll

Filesize
6KB

MD5
132e6153717a7f9710dcea4536f364cd

SHA1
e39bc82c7602e6dd0797115c2bd12e872a5fb2ab

SHA256
d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2

SHA512
9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1

Download Submit
C:\Users\Admin\AppData\Roaming\Data\2.bin

Filesize
353KB

MD5
8766dce04feb646bf62206d64d6eb0ba

SHA1
91c5d588028c6c949e9cbcec950bcfaa35a791e4

SHA256
f87e1ab69bef059744ee9244f37b0f21ef7d7b06fc5245094cfa22637ef6ae9d

SHA512
0bc8fc880bb94ad55a732f2be207d88a6bb0ae8d97f91819e889d04420a71ae5d91af21861bad351c5fd7f4e944c1899b17df326bf19d310cc31a95fd38ee6a3

Download Submit
C:\Users\Admin\AppData\Roaming\Data\8.bin

Filesize
408KB

MD5
5ada580c290b53327fc8db29d5cd66c5

SHA1
a504aff6a9fa93bf4ccb69df17b5238804c659f9

SHA256
5dcf1f4b285a6dd70ec7acd77eeb5752a3d381a8a697eafd394fcde615f3ba63

SHA512
36da1958e7b4fad5367b257d9343c4eab59d50b01c610514d48eae2d0eeabf7efd06dd8fc63551a0a7e11df91aa3ceb063003cdd9c30c6755431ba218524fd49

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
21KB

MD5
5761ae6b5665092c45fc8e9292627f88

SHA1
a7f18d7cf5438ee7dcb4e644163f495d3fa9c0ef

SHA256
7acabca3631db2a73a5e20abd050097e44390ead1d74717aed936601904b73c2

SHA512
1d743b407663e00a296c2ae45cb5a05a0866657afafbc9e8220e4c1839cbab2c09bf2a3510ec8016f902ccb7254edddf2a3412e7f5a4cafcabbeb5724a67b46e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
7d4dbd8c71d8a5f53c54a426a21a9d8f

SHA1
949176906e665765941cc2a39e365b248b3760bb

SHA256
6e1bba06f983db2cf2e4a1f15afc2cbab250cd3205b1d12ed2d5fffec81d8b2b

SHA512
ddc58c07beb77c51e4f117967c65878af7658cac09431db0ff7a368bd0df4d12ae8af4da92a24a663430c4525f3bc2426a9f4f7bccebf58a09a5874b2bcf9d1c

Download Submit
C:\Users\Admin\AppData\Roaming\data\12.bin

Filesize
5.4MB

MD5
9e0ab3181d32ac9950dbe1026b197207

SHA1
d8b53f3a93d5e2df9507b6256f2e414712347256

SHA256
a3091d14161d268924a4d6195f820c64b1811d6afbd6948dde29e267ecb56cae

SHA512
424f8f0a6e945fcd831ca0d0f73f898dad0214f38cc477cb3be8b161836e349cd5d629444033e134e2fd6b8c85cae088f177aea4e26d7192a4f60a5739584c2e

Download Submit
C:\note.txt

Filesize
133B

MD5
910efec550edf98bf4f4e7ab50ca8f98

SHA1
4571d44dc60e892fb22ccd0bc2c79c3553560742

SHA256
7349f657a8d247fc778b7dd68e88bc8aba73bf2c399dc17deb2c9114c038430b

SHA512
320de5e34c129dd4a742ff352cfe0be2fac5874b593631529e53d5fe513709ac01f5d1d3dfae659f36a2a33aae51534ec838f5d3748cd6d1230a0f3d29341442

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/2172-4195-0x000001EFE1930000-0x000001EFE1931000-memory.dmp

Filesize
4KB

Download
memory/2172-4207-0x000001EFE1960000-0x000001EFE1961000-memory.dmp

Filesize
4KB

Download
memory/2172-4198-0x000001EFE1930000-0x000001EFE1931000-memory.dmp

Filesize
4KB

Download
memory/2172-4204-0x000001EFE1960000-0x000001EFE1961000-memory.dmp

Filesize
4KB

Download
memory/2172-4200-0x000001EFE1940000-0x000001EFE1941000-memory.dmp

Filesize
4KB

Download
memory/2172-4201-0x000001EFE1940000-0x000001EFE1941000-memory.dmp

Filesize
4KB

Download
memory/2172-4203-0x000001EFE1960000-0x000001EFE1961000-memory.dmp

Filesize
4KB

Download
memory/2172-4205-0x000001EFE1960000-0x000001EFE1961000-memory.dmp

Filesize
4KB

Download
memory/2172-4221-0x000001EFE1960000-0x000001EFE1961000-memory.dmp

Filesize
4KB

Download
memory/2172-4222-0x000001EFE1970000-0x000001EFE1971000-memory.dmp

Filesize
4KB

Download
memory/2172-4199-0x000001EFE1940000-0x000001EFE1941000-memory.dmp

Filesize
4KB

Download
memory/2172-4212-0x000001EFE1960000-0x000001EFE1961000-memory.dmp

Filesize
4KB

Download
memory/2172-4216-0x000001EFE1960000-0x000001EFE1961000-memory.dmp

Filesize
4KB

Download
memory/2172-4215-0x000001EFE1960000-0x000001EFE1961000-memory.dmp

Filesize
4KB

Download
memory/2172-4158-0x000001EFD9540000-0x000001EFD9550000-memory.dmp

Filesize
64KB

Download
memory/2172-4193-0x000001EFE17F0000-0x000001EFE17F1000-memory.dmp

Filesize
4KB

Download
memory/2172-4217-0x000001EFE1960000-0x000001EFE1961000-memory.dmp

Filesize
4KB

Download
memory/2172-4220-0x000001EFE1960000-0x000001EFE1961000-memory.dmp

Filesize
4KB

Download
memory/2172-4219-0x000001EFE1960000-0x000001EFE1961000-memory.dmp

Filesize
4KB

Download
memory/2172-4174-0x000001EFD9640000-0x000001EFD9650000-memory.dmp

Filesize
64KB

Download
memory/2172-4218-0x000001EFE1960000-0x000001EFE1961000-memory.dmp

Filesize
4KB

Download
memory/2172-4214-0x000001EFE1960000-0x000001EFE1961000-memory.dmp

Filesize
4KB

Download
memory/2172-4213-0x000001EFE1960000-0x000001EFE1961000-memory.dmp

Filesize
4KB

Download
memory/2172-4211-0x000001EFE1960000-0x000001EFE1961000-memory.dmp

Filesize
4KB

Download
memory/2172-4210-0x000001EFE1960000-0x000001EFE1961000-memory.dmp

Filesize
4KB

Download
memory/2172-4202-0x000001EFE1960000-0x000001EFE1961000-memory.dmp

Filesize
4KB

Download
memory/2172-4206-0x000001EFE1960000-0x000001EFE1961000-memory.dmp

Filesize
4KB

Download
memory/2172-4224-0x000001EFE1980000-0x000001EFE1981000-memory.dmp

Filesize
4KB

Download
memory/2172-4223-0x000001EFE1970000-0x000001EFE1971000-memory.dmp

Filesize
4KB

Download
memory/3320-1029-0x0000000003520000-0x0000000003530000-memory.dmp

Filesize
64KB

Download
memory/3320-1031-0x0000000003520000-0x0000000003530000-memory.dmp

Filesize
64KB

Download
memory/3320-1030-0x0000000003520000-0x0000000003530000-memory.dmp

Filesize
64KB

Download
memory/3320-1032-0x0000000003520000-0x0000000003530000-memory.dmp

Filesize
64KB

Download
memory/3320-1033-0x0000000003520000-0x0000000003530000-memory.dmp

Filesize
64KB

Download