a155e817214f1d637cdfb006c8cd83d82df6c2f6afccbf604e3d3e4cf344576c

Analysis

max time kernel
1199s
max time network
1201s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
10/10/2024, 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-09-17 10.38.45 AM.png
Size

6KB
MD5

a77a3b7802e4fb4d6a9d75fd0b6acf25
SHA1

fbf1982714c7442ed7d2395261ea619f8da537ac
SHA256

a155e817214f1d637cdfb006c8cd83d82df6c2f6afccbf604e3d3e4cf344576c
SHA512

44e31dc578f2b90dfd12aa6d0e0e8670c2a8afa65985bcf352d4c2f582e0c85388051daff76f3024e57e7b6845d66743d1d6833107c09afbeefc20feee8e84f6
SSDEEP

192:eea/tFLQgnTAk94wcSL7UUkDxOvnX8APfLF/lx:EAuYSXU2vphtx

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
5768	Memz Clean.exe
5312	Monoxidex86.harmless.exe
5952	Memz Clean.exe
4616	Monoxidex86.harmless.exe
1556	Monoxidex86.harmless.exe
5776	Monoxidex86.harmless.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
129	raw.githubusercontent.com
130	raw.githubusercontent.com
131	raw.githubusercontent.com
132	raw.githubusercontent.com

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\Monoxidex86.harmless.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Memz Clean.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Memz Clean.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monoxidex86.harmless.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Memz Clean.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monoxidex86.harmless.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monoxidex86.harmless.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Monoxidex86.harmless.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Memz Clean.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
720	msedge.exe
720	msedge.exe
6132	msedge.exe
6132	msedge.exe
2220	msedge.exe
2220	msedge.exe
3000	msedge.exe
3000	msedge.exe
4308	identity_helper.exe
4308	identity_helper.exe
3056	msedge.exe
3056	msedge.exe
568	msedge.exe
568	msedge.exe
5836	msedge.exe
5836	msedge.exe
3540	identity_helper.exe
3540	identity_helper.exe
776	msedge.exe
776	msedge.exe
6544	msedge.exe
6544	msedge.exe
4908	msedge.exe
4908	msedge.exe
560	msedge.exe
560	msedge.exe
5600	identity_helper.exe
5600	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5952	Memz Clean.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

pid	Process
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	1260	firefox.exe
Token: SeDebugPrivilege	1260	firefox.exe
Token: SeDebugPrivilege	1260	firefox.exe
Token: SeDebugPrivilege	1260	firefox.exe
Token: SeDebugPrivilege	1260	firefox.exe
Token: 33	5888	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5888	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
6132	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
5768	Memz Clean.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
5768	Memz Clean.exe
5768	Memz Clean.exe
5768	Memz Clean.exe
5768	Memz Clean.exe
5768	Memz Clean.exe
5768	Memz Clean.exe
5768	Memz Clean.exe
5768	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
2192	OpenWith.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
1252	MiniSearchHost.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe
5952	Memz Clean.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3460 wrote to memory of 1260	3460	firefox.exe	89
PID 3460 wrote to memory of 1260	3460	firefox.exe	89
PID 3460 wrote to memory of 1260	3460	firefox.exe	89
PID 3460 wrote to memory of 1260	3460	firefox.exe	89
PID 3460 wrote to memory of 1260	3460	firefox.exe	89
PID 3460 wrote to memory of 1260	3460	firefox.exe	89
PID 3460 wrote to memory of 1260	3460	firefox.exe	89
PID 3460 wrote to memory of 1260	3460	firefox.exe	89
PID 3460 wrote to memory of 1260	3460	firefox.exe	89
PID 3460 wrote to memory of 1260	3460	firefox.exe	89
PID 3460 wrote to memory of 1260	3460	firefox.exe	89
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4532	1260	firefox.exe	90
PID 1260 wrote to memory of 4680	1260	firefox.exe	91
PID 1260 wrote to memory of 4680	1260	firefox.exe	91
PID 1260 wrote to memory of 4680	1260	firefox.exe	91
PID 1260 wrote to memory of 4680	1260	firefox.exe	91
PID 1260 wrote to memory of 4680	1260	firefox.exe	91
PID 1260 wrote to memory of 4680	1260	firefox.exe	91
PID 1260 wrote to memory of 4680	1260	firefox.exe	91
PID 1260 wrote to memory of 4680	1260	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-09-17 10.38.45 AM.png"
1⤵
PID:3424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:988

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3460
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1872 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b9e918a-059e-4f50-a8b0-270a04780b09} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" gpu
    3⤵
    PID:4532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2360 -parentBuildID 20240401114208 -prefsHandle 2336 -prefMapHandle 2284 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bce7db2-52da-413b-883a-29c22327f566} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" socket
    3⤵
    - Checks processor information in registry
    PID:4680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3032 -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 2844 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16f0d660-0276-4a15-8a99-d54b15935466} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
    3⤵
    PID:4828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3164 -childID 2 -isForBrowser -prefsHandle 3500 -prefMapHandle 3496 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e657528-3589-4ccc-b083-804bf987a493} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
    3⤵
    PID:2720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4284 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3848 -prefMapHandle 3852 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3e01e34-3b43-4765-bf30-5b32025995ea} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" utility
    3⤵
    - Checks processor information in registry
    PID:3652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5432 -childID 3 -isForBrowser -prefsHandle 5404 -prefMapHandle 5400 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b666e6ca-a1a8-44cd-9d52-b3b1d8760e80} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
    3⤵
    PID:5508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5444 -childID 4 -isForBrowser -prefsHandle 5412 -prefMapHandle 5408 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0aaf671-0ae5-4e62-8967-e679e8940164} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
    3⤵
    PID:5516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5772 -childID 5 -isForBrowser -prefsHandle 5604 -prefMapHandle 5600 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5f7b093-9678-41d0-9090-4df971d47151} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
    3⤵
    PID:5532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3172 -childID 6 -isForBrowser -prefsHandle 3152 -prefMapHandle 3132 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {613b7d58-ee27-4de4-b951-1c60675eb420} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
    3⤵
    PID:1560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5316 -childID 7 -isForBrowser -prefsHandle 6672 -prefMapHandle 6676 -prefsLen 28425 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f760e3c-791d-40b9-8147-4e1a0a042472} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
    3⤵
    PID:1500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6244 -childID 8 -isForBrowser -prefsHandle 4112 -prefMapHandle 6732 -prefsLen 28425 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eeefacb7-9c5a-4b41-83da-e988e51a7265} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
    3⤵
    PID:3304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7276 -childID 9 -isForBrowser -prefsHandle 7180 -prefMapHandle 7236 -prefsLen 28465 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {832b1d0d-a313-4680-af0b-c57f6227f0a7} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
    3⤵
    PID:348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5964 -childID 10 -isForBrowser -prefsHandle 5784 -prefMapHandle 5820 -prefsLen 28465 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50e8fb23-e4ce-473d-b13b-2b519ba9f5ad} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
    3⤵
    PID:6104
- - C:\Users\Admin\Downloads\Memz Clean.exe
    "C:\Users\Admin\Downloads\Memz Clean.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:6132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffde2b93cb8,0x7ffde2b93cc8,0x7ffde2b93cd8
        5⤵
        
        PID:6136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,3711227007042060237,4336737516717304173,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
        5⤵
        
        PID:2176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,3711227007042060237,4336737516717304173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,3711227007042060237,4336737516717304173,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
        5⤵
        
        PID:1236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3711227007042060237,4336737516717304173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
        5⤵
        
        PID:5588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3711227007042060237,4336737516717304173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
        5⤵
        
        PID:5668
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3711227007042060237,4336737516717304173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
        5⤵
        
        PID:3004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:3000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffde2b93cb8,0x7ffde2b93cc8,0x7ffde2b93cd8
        5⤵
        
        PID:5692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2096 /prefetch:2
        5⤵
        
        PID:6024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
        5⤵
        
        PID:4144
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
        5⤵
        
        PID:5744
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
        5⤵
        
        PID:5724
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
        5⤵
        
        PID:4716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
        5⤵
        
        PID:4744
    - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4308
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
        5⤵
        
        PID:2800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
        5⤵
        
        PID:2816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
        5⤵
        
        PID:4788
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
        5⤵
        
        PID:1348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
        5⤵
        
        PID:6552
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
        5⤵
        
        PID:6772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:6476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffde2b93cb8,0x7ffde2b93cc8,0x7ffde2b93cd8
        5⤵
        
        PID:6492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of SendNotifyMessage
      PID:5836
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffde2b93cb8,0x7ffde2b93cc8,0x7ffde2b93cd8
        5⤵
        
        PID:3372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2096 /prefetch:2
        5⤵
        
        PID:3996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
        5⤵
        
        PID:5028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
        5⤵
        
        PID:5144
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
        5⤵
        
        PID:5156
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
        5⤵
        
        PID:5220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3244 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:776
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1
        5⤵
        
        PID:5284
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
        5⤵
        
        PID:2620
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:1
        5⤵
        
        PID:2052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
        5⤵
        
        PID:2504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
        5⤵
        
        PID:7032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
        5⤵
        
        PID:5300
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
        5⤵
        
        PID:2792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:2076
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffde2b93cb8,0x7ffde2b93cc8,0x7ffde2b93cd8
        5⤵
        
        PID:5948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of SendNotifyMessage
      PID:4908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffde2b93cb8,0x7ffde2b93cc8,0x7ffde2b93cd8
        5⤵
        
        PID:4688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2096 /prefetch:2
        5⤵
        
        PID:6432
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
        5⤵
        
        PID:3728
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
        5⤵
        
        PID:5176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
        5⤵
        
        PID:2124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1
        5⤵
        
        PID:5404
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
        5⤵
        
        PID:5576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5600
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
        5⤵
        
        PID:6312
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
        5⤵
        
        PID:3052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
        5⤵
        
        PID:3708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
        5⤵
        
        PID:3356
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
        5⤵
        
        PID:6932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
        5⤵
        
        PID:2136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
        5⤵
        
        PID:956
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
        5⤵
        
        PID:6896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
        5⤵
        
        PID:1260
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
        5⤵
        
        PID:4280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1352 /prefetch:1
        5⤵
        
        PID:7008
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
        5⤵
        
        PID:4784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
      4⤵
      PID:5384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffde2b93cb8,0x7ffde2b93cc8,0x7ffde2b93cd8
        5⤵
        
        PID:6044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
      4⤵
      PID:7100
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffde2b93cb8,0x7ffde2b93cc8,0x7ffde2b93cd8
        5⤵
        
        PID:6204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
      4⤵
      PID:3140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0x100,0x12c,0x7ffde2b93cb8,0x7ffde2b93cc8,0x7ffde2b93cd8
        5⤵
        
        PID:488
- - C:\Users\Admin\Downloads\Monoxidex86.harmless.exe
    "C:\Users\Admin\Downloads\Monoxidex86.harmless.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5312

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3768

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:6704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:744

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:5236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6900

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:772

C:\Users\Admin\Downloads\Memz Clean.exe
"C:\Users\Admin\Downloads\Memz Clean.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5952

C:\Users\Admin\Downloads\Monoxidex86.harmless.exe
"C:\Users\Admin\Downloads\Monoxidex86.harmless.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4616

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\Downloads\Monoxidex86.harmless.exe
"C:\Users\Admin\Downloads\Monoxidex86.harmless.exe"
1⤵
- Executes dropped EXE
PID:1556

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1252

C:\Users\Admin\Downloads\Monoxidex86.harmless.exe
"C:\Users\Admin\Downloads\Monoxidex86.harmless.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6ad5f8331daca9be3c0a4bf484de0cf9

SHA1
b5cec0c50544855840e59f284fc4eca21b091c15

SHA256
11e00137c81eee1679525f917b6c408c2c350617b0f18e87bfb71772dd91bf2c

SHA512
7cc4a6c66f1d28d2f8be0e386fc46515807ae91a6b369eea094cc8c4d5fd3c828c215a0198f521f23efe017cb05fc2e32f054ac552c6c009b7b93ab6750a32e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60c2c834856f243556012fcf2e68c259

SHA1
a0b157664cba4487d4903ed42d61cdb4f08a698e

SHA256
f2200dcf666700ce8ffe792b4712be9a8c979f12e045394bfeb049f966d20a98

SHA512
1edac554b7e32c60b17e27e5efdf52b712f275546ee59041740d9cd2faf665af0c135797edf1894e90cefcc98bb76190dd7f1519143a5f4ccca644d5e5dce7c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0c70bc10e48066831a0cf02f11206e8e

SHA1
d025704a6b6a65c0db979d09a6bf99320f91573b

SHA256
e9a18029e0a0067e49e5bfda3bbdfd9babc220492c219dcddbd52f5911697e60

SHA512
31d8464e1db36b6c248251bdc9d751001292dece82dfe2f3a8ecc84f7a5e8d23d6e1d53114885ceba752809dd6a2076e9e10ce0c809fa9e32ced45f800b170c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c023b5cd37bec15dbd7bf45accd08a76

SHA1
56ae3b5496c1b56b49f1b71e0a58c152b88f824c

SHA256
ff0d5e2bde6dda134f0019b3387f26b5ad5355efdadbb522beac144419516cdb

SHA512
995466d91328ba44a18c5a4ea629619ae1a00b3b95b330ef61794302d22ca0decf9dc967c2e75a35446f970aaf4631555238acd62e42d65b693656ab22abfb77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4086ffbd-6096-4198-8b6f-be57a0a388a0.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
feac5bbaba4084763cf3c0bcb5950574

SHA1
57f98238507031626c4f325b3ec3cd418ea2bc01

SHA256
a8b2fe9dcb67ff245e37cc850fb333e8dbf0cbdc780f744a90fada94591b143c

SHA512
12fc5817c30899de1cf10d580323ba491275968fc9d72fd5c37a77b10d1734601866edc9a2228fe9cad6a1d0d969d035b3dcc18edaa1ee1b2dcf6b9929c4d844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
f4c42d6461350474eee9a3e1a905e2ac

SHA1
55a3880c01b801307c29e8911cef17292cc90173

SHA256
0dfe01442672652cbfe43aacbdc7399873e66fdc539450286589f87a7d026787

SHA512
5acfb2a7c6aa1b7a61c6523faf1afdeaed5b17efe9731846c19458e5548f45329826844e3d40efa825e9bb47840005621909cd2c2e55e6cb0061d40aa3247aea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
f336cef39fb04a9041551e6b5e84e5ff

SHA1
17bb3d2383c57876fb2e77c6d9ade942d7df28d2

SHA256
c6713fd9824f78440bf19f7f8fb60b883f4cadbf4ef35e01732ca8634b7e73a6

SHA512
4fcbf4b90bf131d8f677c1a61ecb7bafb8374c9d3748ceda02f39a73551f7136139e4dccfbbdf6f0d69f3ec66ba345f6f82619ca931d76a01f5265afe9240c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
50d9245164543fa39500ac5ffcba67bc

SHA1
394cebd4ce1a7878e67bee016ce4a6683fd549d6

SHA256
7bb692e5c4277eaf42469f29bc158b753fa33a8098d0f0805975c6e2c2694132

SHA512
5db40c2b4acada4eaa4b1213e527bbb92691fd1b808a196c3bc9386fc3c4ddcca6432b93ac13816c46bedbf080627dab841175e53499186065e17157040c05fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
abf494863ce8a6bd7afe8592169d2763

SHA1
b4d8a46e39c018fb0f6833bf2e010068c6491ebe

SHA256
a95c859c497a4e84516af036840706a5856aa99af9c42a854a98338fa37829c5

SHA512
faee12e5f8fcb70e1ee3cd7dacebd546f9b558774642473836a3dd03231a6b133d2cf34d61dde9cb7ecc096ddd13cc1815d624d14327da10e0114f703df954dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
b781e6b33a930e99719e74fa1e245e4b

SHA1
0295de6b6e3b1a616e0a4659b9621e678dc2543f

SHA256
108eecc9ad8b7352e9faf29a63ecd01bac993f3b1357de32476cc08d882f5702

SHA512
5a34c3af8f877bcc1c3220795754600698e92409a0e35b3d3c09578a6475e83ad6f2e37dc6c40bc4eff26950fbf7ee5a3aa7de51bb08540cc9511dbc4323fe19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b8f6ba3def3141f090aef7ecce5bd286

SHA1
df978628601183511823030f4bc4092895f161d8

SHA256
a5ccc8c932b5673d390492e10a17853cc4b9234d0b84b0ec506468128832fe4a

SHA512
6e936ce736c4f21340397a500018964f35cb133b0b21b0aafd38e0b7cfc42a93f3c18111939d28b581b9239e89511c396aa7511a8aefd68616b505581b5d6100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
83fd54d9828be90553a61164f4b71c0f

SHA1
e57d92ba481d48b4b90528d6571960be6ac4cf12

SHA256
addb30dfb299e749d1868e864db9fc9c1db082320cc64480a160fb55cca148b4

SHA512
1db3ac8d8329d3b8dfc4eea0073f04c6dd01930b1bf2ee57229f704a85428ead3d281ff9d815cc5143f6401b4d5b600fe9af1952b18e8af1fd3411c305068217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
3e600570fd3e276302b13a6ce8f5f59c

SHA1
4ef27afaeb229cdae0fb6a1c77ab805a19f9c5c2

SHA256
1007896f991ac579254ddc779b2a4ab19ed4a278105e8f886273c3efdc95f7be

SHA512
0d425f09f7c01455833b57374d5c6f53ea2c5fc26cfa18d0af0c52926a76a8b0f7829463d898c7d930962e4ece7ce62726ee690786cf63b72908a648a360db07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
3ae44c7f8927a14e21b44ea8d3e4d5bc

SHA1
4862d38215c9b9813cc62458b0f0d14cd62bad1e

SHA256
14b07fb24a9877fd44c1adc55d5ce6ec5710079646c04d26207109db7d9aa316

SHA512
dd6a485a3865d7e9886dcbbcd45007fb5d68d03f7645ad2dda56994661d1c1240fed6de7eb7593e1426ed6fd5e5e520b77027c64e69bd2bebf5a33e8757a9758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
f51cb8be6bbde84057d8fca9cc8dd60f

SHA1
76cdefd8aa25dea2d31a31937d0feeafab05e1da

SHA256
385313dd9d5c1ee11b79ba910f060a14de9202dff4c4b513334448e394a16197

SHA512
7566f05b9a889ffd3b0ca4f47e81c32a83075fd31eb060bc188f32462938cd6cc5a30157e237a177d26e42fc1a6536cc80f342c587d97bcf9775d88aa6893dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
cc4e936d9d95db81cb50761c0dcf3370

SHA1
9b8ce9eab6d0b6e5a6c8caeff6bb2086f0654e14

SHA256
127983463da47af2da4311bd9f05b1ec614644922b6f1a1d85c7caed2c7e20fa

SHA512
bc221d6e4361ae70b87ce8bbebe7eaeeddf560bd7ec90a1980098dfc91a3c6afdc140c3e69e2fc48d65121a5e9a2c861f503bfceea5a43abfb28d8acc112463c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
266aee886619070f24f6bc32f1e6c355

SHA1
48653b73aba7c12b48e2f134f96b2d1fc22a1505

SHA256
8d29738ca60522bf86fb39b56c395d2bd7b9dc7241432a2e6c645a3563adc03f

SHA512
a6536c722501d76a3d548af2efa0d3c8db3c86af2785555cf6df20b4d915d3331b68de492f8125a405a3b6f628e32ccacdc3f601525b38d99b140e7f3d84622e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
761a971f310061b278400b812c42a31c

SHA1
83bd763fc004b37bcee73dcbea035bfafa8b4836

SHA256
8cee202cb8969b1858bcfc817796b4d24146d8aa31eb45e944e530d9e01f9b0c

SHA512
62e534071e4357f0c4575289f8d35eb11a71469d2aac3fe91cc32c8a4afceb62d309533eeaa48ff09d93e9a2dad90ac0e163511838cc3019089211f010594a81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
964B

MD5
e9d61523a2c7d935907ce8ee5c5a9239

SHA1
be7c53c35f20a538068ceba7aa1a8583762b4a05

SHA256
f7081d8d904127e7b438bdec0b70b72be5dfe863ae4e74722b3813c6403a6da9

SHA512
70ff7eeb749d4f4885312ef75cc90594abfc7e2f8466028df2e6cb8969e3aab67928879afc94da58bdccc83c462c77b776327c6afd79ff2c4030c34b8a8d1408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
303B

MD5
9be0d290e3484a0888773847548d5bf3

SHA1
9f92ecedfcf3a93592c58e06df6e93eb40ddfc7e

SHA256
1f58446a0bdee57120eefd1e62cdefa83d237d8d3e0435ebda37eba185dd3a21

SHA512
e1c41212f15a0d276bd8909c831df801a0b38d5e39542fcbb6bfae3658cbf9d1919c029806418323c52b8a0da96f81f4e25c241898a4296985e11d3a8a8462fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
964B

MD5
974964be44492d15cd7fa6819af8d3c2

SHA1
ec13d6620269b44c84c32a5967666b25db096840

SHA256
eabcc314f1be5a866ad2a03844b1ff9ba1997d599abe0b13a5c6101809dfc3f6

SHA512
6f4df0297fc52874fc21e2379e107397b89c6f3878274adf76509011d108b589b17adc7c6ee0a9b2f8be2cabeea2b3f48b578f7bfff7a93a55ba51f62e9f1251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
303B

MD5
f17bfa2d5027d14d3419b7a5eaba8c13

SHA1
ca9fd1e0615793d64fddea00fe85448fed66e794

SHA256
004872824dc8e3c171d4771842cd5d31c2b3c97245177df3e9c07d1518d35215

SHA512
ad2b9330db0ad662035f97699fa12aadd18279b777253e3b42148af1ce34c4d223d0d1f91a8843fb339f18ea3adfa8b88afe317ea11f6157cd89d4cfacaf82b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3069f6fc66bfebca18acf17c8e191a9d

SHA1
750397c86a7d3feb5bcbd3065932f3ef11f2c3d1

SHA256
9a8a9cc6b053f7162964d1f4a447993f7e41b916665d18187269c69d547ceb68

SHA512
aa14bc0f17ec1c6db712c9c4cff9c283b1d6a475c71e5160b8df51c1ddcf27fd3640540ccaf4d035bc92f9d044581e9ddf685852d575f57a73f95e4ece1ec7ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
64f0dc08c301470eed81503bab7efb98

SHA1
c90dd55e40a4e2e4e9de194b7ee5c097004a43df

SHA256
f8195c22560fba187a0be04811637bcf95df624253963dbc906518b9b4d3a291

SHA512
b17431bb288d27cedfce553cd5af2c306f6205a66f4988e30f2d23513eaf589c198dc7918ffc58806b79d0e79a4a150edde64744cf753383d07d8188a07f51c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
24767fb6c754f0b03c4fdd1af16bf4d9

SHA1
b91cec4e642fb06e1a775a0a33dff6b1d4209ae3

SHA256
87856a4fb2722da3c5342ec9174ad268b1be2765c195f9e11995a3620104851c

SHA512
b437f776b277c67cbed92b49e3e97d639b1650a3ced41333e4393dea4e8aa5cc6f9ec7855f57ea5c5161ac67adc4928e99e296b0a56601d95cb2e556c914a1ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
421a09486f4797871cb8e92664d01bc8

SHA1
a31d3564d281d51a01a5ab9181d9fd55e3e70890

SHA256
5598981515f4049282819b2833ca4cbf58eeb5c22014cabd45c639586b0e7add

SHA512
561d5c8817c759b32d561d374473245f2da01853e06378838f15074570c233ea9f00942f80b38f92ff7b879ed7f34fa4a78699792563445477f725a9f35db429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
386cffdaf6fd9059da2cbcb8da8db17e

SHA1
c96c1702f4dc548d8e09d585920b4d4b2d88c50d

SHA256
b527b57527f93dcd646cb76a465474b8c982aa7287c151b24e1ee2580730b644

SHA512
76527863d14c380396ab1c74e27dd6ecccf4e31a4590f698af87cd0e4e8a87c38121a06224dead28612369cb74f67cd1f718b8d38c10b2c4a58c43e393ad4a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8b99d1300449be21a621596335068355

SHA1
acce2985a56b59139675baa2b207d4e61758ca2c

SHA256
f40a53ce49df1164a750cd827c3f456934285b17b0f3f4d7f19454be7cc21fb7

SHA512
b33cc26a85a861cd82b2875d14b77e4ba49e6f0bdb46c9e1966ed45aaf11607e25405d308b481b1b935bf1d9671d769d1561738fcd035a0baddb3f00221154df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eb53dca9b66e2e8c35e9d821550eac0e

SHA1
1e094477a7723a393fcb4f8226c134fa60032c8b

SHA256
04f070a7122565d5a5253aaa3c56af9978e8c111c2ad2f3ca2ba8eada025d353

SHA512
fd8afe389e492da1c1d879386a31440eefd060ff8f4cbcfb2444fd066d79f6b431164af930bffaee1e32f268845981076387fae0d042d181e7eafdf4533b7057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
397c9e7de46b04fb94a26d49bbcd1108

SHA1
56debfdd5bb3b817f4680f6f9816c1f8400735f2

SHA256
930ea04eae2979c59fa288fdb75765eb140bb8e04f05aeba899cc3cc0e9a1a9f

SHA512
675837eb4c83f084992a1f0875acb26d68e79ef05798a8b5aaa55763b9b829b35f11a799abd9dfe56aa3c2431d742ead3a9141faf1e151ef57db150e8b456a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
18738157b5474d00c31e1a27c88f8015

SHA1
8da6c952ec3fd07790d1ae27c738006eb5300b75

SHA256
f72e8e0f3e860a864843d247c2098cf716f27633d38fe7184f346a7008645b07

SHA512
549f0adf6179998b38625e86fafeb31cdbd051e4ea4af8b89e549761b1899d2769d80984e9030133b8f14c7c2e98f9c18681688474f1b96880592abbd76507a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6b9793514253f2768eacaf784d02cc77

SHA1
ca822a6cb7623471279784ae4cb9b14e607eb80a

SHA256
8d9cd9f96bba1d027fd3e2050d0b254b2357d60775071e69d170642916c56ba4

SHA512
6f1efda4793bcab950020c0895fec81df6458bd6d07e601fe5137215ed555a3c0acdd5f666bacd05cfd1e61c4b95af979195785f525da50aaa80b12041317d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fcd0b488d534691f5b3983eb519cbece

SHA1
67c7a9ee006d45a3a1aa22e03aae75c87be7e6b7

SHA256
e8d590e5f314ef8f9d6512812e71ea44d5dd9b57689e7f06c45b16863f7e0144

SHA512
f7b14cf606d9bc7c54e0a352e84e055efb7e1ba833cc7f6d093e48558384b661b67f7f0fa494841d12a45960dedebd56f284b999a5c625f753c4ce97c33c8061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2b685bf0dd033461821f9caf1c7e3518

SHA1
35a02b7abc979b0173fb4bfab5a0eecff7c83914

SHA256
638cd233f48a7a1b187a290d35c61cf6af9ab143a326ffa02d99ec5904d4eeab

SHA512
c964650f18291875b1e81c7a10e5313f6ec05fe677b687385fad2585f43c4d477dabb95ecd275fd7fb57895d3f5408113ba13207b9bce46705073767f0204244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
949f096c129e24dc52b876efab97a255

SHA1
59ac77fcb38292e13b1e2cc03b93383560adaead

SHA256
d563875f730082da3336826fc459a5c2ad9225f01e64c636ac3bbf1a7eb8680b

SHA512
10c8831c7810433943fa0f8882230a0cd17fdcc326f49c10885c4da1abc7b545d9446ded5639454cc200e9683f8080a955c199c0f177af5074566735d418fe78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f95344bd0ddd96d6c409e56ff0ff4c5f

SHA1
94545848b622a4bb2f89c0aa5400a6900aab4698

SHA256
c87985375a860ea6f392551c8fe0abd2111021ec02709572293476daed0b4dda

SHA512
33e9b6d56c146d7797957866e7df902c6737699a7ee08fb9131e54007de5f0b55f7536bd136ca3af31bf19a6fbe6dff43c99ad5abd80a16d73744b61bc4b631c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
52e99a88e305fae33b48ed8d24c05fac

SHA1
8b39926cbad380a8c2cf324078d70055a636fe69

SHA256
6b409a994da673734cb63145001d05433a9be5cd68f73a976e8c40607e283753

SHA512
af269903a319fb3f46cf0b888ad55f4dedc5b560b0894d2f1a351cfc4db309f9a55ad0b42e216d3cf64e9fbe94412a1cfc91d712a9582bbd4652bce565dfb6d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc7be5a1a87087feadb51ccaac7b7ad6

SHA1
8289eaff4782356ce0d0d22aebdaf5ad75f048f9

SHA256
909f1c0c8a9381b7224127c7b427a0df62ee436041693d6699354c9ff7567303

SHA512
837804e8228f67dfea10fcd586ff348bcb375d78dba27d57dc36bbf76391c7f4d372a246f03d00a4ba9cc311da5613d2828a0d3db712c3cf03ac39bd0a03b4ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
94c9b2243e74aac4d7c7ef1fe2fd4f40

SHA1
64713b430de3550a48c71bd225bb09751c716d8e

SHA256
5d5d48c19e5dc3c334e3efb734d81e60605c1e889e884a414d3ea9d48c00eec1

SHA512
e9710ca3af56eb8fd7709b764e9c55d778f8182ea8515055f16ff49ab5160d13b28cace360d2aaf2ef755ec161247b9bc662df3f167c22f9a061a68be00a9a55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
0e40e62165bd5b4ae5cc0c0a4f0ec7f6

SHA1
ec2f85dc9170745971963ac17448b14ee4744be5

SHA256
800295c007151794e0c2d7ae932b56167eb7660877254abafbdd81764aded7c5

SHA512
bafd2d0d49c1ffc80829a3b5efb1bdb9ec49495b9b2f437b78bce113af169723f411f6040a72d1de3bad91d517e98aa7d3e7d49e28c99037537fe30648305ef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
ab0f046522a4a13c6e52ca7c326af922

SHA1
5db90b3f3b9c0d760933127e0aad41b0bc9996f9

SHA256
f29ce0b30bb7885c535e9d4675c9ea11d7335833e431d7942d762e557c84f4b0

SHA512
d62984169565ddfa2d5e0ed939d548715cbe9cf224853d760fc13633e14f50443ae8de24dc47a151adfdcbb801d31e0e58dcaa72f6017379abc67a95832335e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13373048813259389

Filesize
1KB

MD5
ce89b96e11a88b4140aaee7193709934

SHA1
cf7e17d37dadd3fe25466bd0892d8a610ca331b3

SHA256
c1bd32240bc151534432ea194bd111ff83386f80f7d7056766c504c2865752e4

SHA512
77cbda9be711496da867d2b1f3da0d322ad5ed5908ab4c9d627e1c9709766fd5cad4f75d0f6f218a2d78ecff497741f87ae19fd0165b2edbeb06abf0bb6bab9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13373048813264389

Filesize
1KB

MD5
2066c53d4c00964ebd3bf167cb3ecb51

SHA1
582afab7d501f321220af756766005fadac67253

SHA256
1a896e2967d1b7810733e7912258a05e34320e4aa47ae46941113939ef4bfc90

SHA512
7c2572c1ea7e1f8a05fe88e9af0ba8302c036b0a2ea1b10b623921919b639586cafe08ae86d8ae71e12ed8e8c7888900c77a6a927de5a89198e8e664d2736b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
6acf65495c128f7495486c83c9acee8f

SHA1
3b972a5f8fe3d879faae1d9db96b09e04d1f9baa

SHA256
9d2aa4f29b113411c8f53bdc01e3e687a45264c758e9cc57bb7962f02571fae3

SHA512
24206d07a8f060440e2ebb31a8bf1cb16c657050407769a881430994edc9b2b1297628c06593f245014f0d3e1554dd733f88a3be9289c4d1919f9a42643351f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
15b6ed1a3f15901273c90f1041afba84

SHA1
75876bc2554dccfca2443295dddb8de59e64b003

SHA256
0449f315f8e501f42cf5d4a56dff3a7a3b1fcd2d0847e5abc4e2ed75da8c4278

SHA512
4bb4c238b065f5e5217f8e9e22fff054342288c8369a909abd7847e33e983981e98e98f6ce0aac354196aa21bead5ee2a35f0b3d6cbb0fcc2e839b5de6fcad3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
efa95e6f0a82648215afbef463dc8ef3

SHA1
9349aac831b0dcd426033b04807c9e8851269eb3

SHA256
675dfc075c7b8f8294b813ea2d3ff198f3e95c26c6cf0875713d9385a2e1813a

SHA512
2db9f5d1d5b7c57e8ba9f0b187e8ee5c7e92c28212f65d70acf0e62aa5d721badc4937a11447faf1034a4d8fec375760b951d6ba1d54f67afa84892164dfbfa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
e1ab396339835f6a2fcbc509a162785f

SHA1
d6d20d657945994af02fc0f567751cbb3a426d77

SHA256
a62017932d4ece745b81992ee1af6280be76b5089e4215a089e21ba575cf3448

SHA512
bf5c7158f0995fd13ae852c31759ba16f8e732cb2d29fa19ae817c222427d43739a9a57152079279285b2eaa6e0f16b9f6a458a0f1df843eb10f9f9de35d1716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
64KB

MD5
064f465bed91bfc48f0de7bfd5533c3b

SHA1
f700298530e5fdd33b9d23bce7c9bed45bce0f21

SHA256
db9b5b8f0025be13054f998e070fa8524f6e63e4f41b71dde1c225edce599a97

SHA512
6203d61333279c4e766c92dc12ffe47bf028637bbe52a803ad52a3b6e82c5c6daf5464f85352c3db569d8b334f5b65bec51010455b036a7771e6b9d3c265ed95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
6557cfef203f4f5d8999b1bfb94e39b3

SHA1
42cd382873395d6e342dd2ed827593f5c9deefbc

SHA256
2a197890c055003b630ac365d5fee7f27b11491c0a39ac3a2c42a07ed059d9a7

SHA512
b0633f0af3dd1ea96e1e7571a7a1f5cbe6eb7bcb01b7dadf78f45877fc7da7725b760078938e10776758db21838940308fcea4b4af42a426f236323f38fb2649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
44491f52d92d9c1db7d7384b0f515ae2

SHA1
38560deb7515a38d6c0e216fc9f71573fa4a955a

SHA256
3ea2a702e35e4641a0ffd50c70b4fa72bad2885581de2c1471aa357f1fefbc4a

SHA512
7aa9570d25d2eeaac5fd460818ce945b4b32d0fe82b2749dfe9bb91b20d93ab0ba493e9c41131a6d41054aea7efc3619ab0cccbdc7170b8f90ad604242c2f87c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
3c0b3d758147e7bde3ef5870d43782f9

SHA1
ee62c4c06ff94d8019284ab203ec1785ae0a73ee

SHA256
a18930bd9d188bcd9c3691075cfff783639528ea07c84a36c0b8a305d046f9cf

SHA512
845c6d29c3700140d183cea57d3b0957730ed9da9b98efb5e7ce4f718db8efa26d3d50df30bc25066d2562e6a5fe4a6d925e26942009ee2f186621f3d7f68948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
fc4d5fd9fc8f70d9c492b10d8159384c

SHA1
a58fa73307a060087e550288e57404c5c3259d05

SHA256
44f5dfd8f2c0f20e3f883167d6824364b13e6a3170707992f20340b5bdc4a22c

SHA512
a1525050a9727310b87b5a434aa6fdb8e81b548cab87e30d65909a7ef021b0f1637a9845b675ff1a5f7d23d4f07ea0741cbeedbaf70d232d07595b493de438b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
cba157d17692f95e7f5c3e5a7ea2dcd3

SHA1
b1c5742e5cbe66caf8c0b5cc43ea07f477ac751a

SHA256
15c8ae8f82824b04cdceb2d0a5a5abb5402a2508d5ff01c68da4f53437bb3837

SHA512
74f9fd1c3047b3a5890a00542d8c7bdeda8224f558fc3bead8a9da2b60c173e0b1640ab0a7c1dc36b11ebb16f5e2d291e8763c90a7f6e0dc985dd3f3cc309aa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7ec4d631b4cd217fe118d0eae87f42cd

SHA1
f71000d9c26db0594a4908239a460af6d8d348cc

SHA256
e4a7c2d03dde7c28a6e7c6bcdfe2bff44fed2599a8fbd17e56c5df2c8ab26561

SHA512
1562dd0d601e1427c72500c547a243656afb175fb52501bf612e01e898147066c249eb70349240edb8c2465710a6e523d084133dc9b821abde4cb3949dd688da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5efaa3299be5cbc621cf6e41f10f30aa

SHA1
b92f757c19735460daed00810f9d6e1415bce5ae

SHA256
08f31dbb3868dca631276ba65e448053ffef575157f62ebb0e52e8307b9600d4

SHA512
5b132bc62f0ee53b4e8c717dde5452b4c34ab49f0f03fe6ba6fac6a48d368bac7df41dc1dc5a8faf46997ecab74a3d217f04a7ecd23661b148e25fe7cd581417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2728b39185b9a06f7747a7384820c6a1

SHA1
8c3e16280f0cd72a4de78c97b02e0f994c68cd64

SHA256
3453e10d2c3058c5d837b08bb4b02de409ce58880f9a992c819227ef95d9bbd3

SHA512
fbe080ef4a78ed7effc9708dffdc2696a4eb89865b923f62a85c4ccb92fd15b36b60a62c69f0c015d6870965de98b6ecee5493c3edb88aab3b06d79b265845dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f1f17293399a90b179f798bb0a622872

SHA1
f6882c8ded2282715e228b158004ff7fc5cd1cf7

SHA256
80b4be42082d10d6e5d799686b27836a6e43ce484d514c0edaa437bc24f94b13

SHA512
e7fda6b22a6a6ddc9147af240291222979a4f58779d27afd94a7175c8640e135e84b113f4d7bb0cbbcf738d7284112ca6f40d110b8b39f426e992330c126e252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
82e6062733b96d7a317a729771b9a7b1

SHA1
cc91f1eea94836ee993d10ac38998e657b0dad2f

SHA256
5cbd011e4a37b45eb75f1d6f16cff33b58a4005a0e298f78b5b09cbfbd5cf2fb

SHA512
dde4e3f4dd65a0eb8e124a00c6735619fc29c3ce6ee695cedbc13d81b168b8ae656cdbe1bd386f04b63a517c76581c149837c905da1fbcf3a81721148f260220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4cd7262244796cf484cb63dd85f82fa7

SHA1
55a6420736051a4686d6409c9def9191cd449df1

SHA256
cf08fa1d5d67c4b7f33dc3a581a2938d1e468045b57c809dcf92566cb48a959c

SHA512
85c7561a47c22dcf493b15da7a1e4d6ee37113e37d20d572022e51e1e152c40cf09b672d544369e41b51ecff6114f24656336bee6c5f55ab8c7619fdf9ce3e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c8b665ab5f9391bfee2b6fda821143be

SHA1
a65501a962aba04f72a3f1ec139079cf96aff7e7

SHA256
1e626cbcaa65a8af74158702ae0c822b18737b456078789143704bb09a1083a7

SHA512
ca86190f62811f8b6f77558b7e42d484179d212013faffeb18fc196044d95cd455eb881cd9cc852965cb611d7530e405a3e37dabce1cb5cda787f0ecda6ba972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
dcc195e0f5ff13fe6b191db8f41548d5

SHA1
b1afb7f59ebd0fdd1daebbe4ec6704e00cb9e7d2

SHA256
6250b18d90fc38bd2b4bd35f352b203a7b82e79a977270c96a1e3e6a9ad02234

SHA512
abd8482f76abe85c9ef43438f9659f5c57185ab8c30fade5d7eea85a15704f893511fa891406a872a40d11deb2761521a8f737a1abb1a5d33332b4826f0db464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
25fd5c861e2e36c58f25b68ac0f691ca

SHA1
74fab253eda31308f77af668de7c3de54f8261ad

SHA256
660b2c13981f04841bab60ee5964e2bd0826a0e28b1f9d41bf515a9eaf6f7ff7

SHA512
056d1fe11b0952f3c598800b3634b466e7841db5019d38c62fc5d336fe304877fb2c13344f3b4405c5dcdd7fdf189e17671b6ac2eecd06a10c4a907647f32506

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
ce730e0ef4c9af887f53e2ddd46ba27e

SHA1
60f874153f54a70e49f9fae90daae4aeea2f4fcb

SHA256
b5f52a055176907d275700688d1824cf6b0e9cf3e834ad469de0db9cf03aa8a5

SHA512
5f6cbafe351cecc46d75d0e4a19e706678076a122b4aa8446c302474b7294ec83c45a84d8d44da1b6b107ddcac7e4488c4c4861689185f9df3358d68eb9fc583

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

Filesize
63KB

MD5
fce6e0b7684e64c23a484f8ccda59528

SHA1
0986ee0a384ef75f33099060e99553bcc41f5e6f

SHA256
f73877b19c866a02ca968a554131b0936484abaecbada7aa41f4adcfc3df4ccd

SHA512
823128041aaea8a32b91a6c01740e1eff8d7e2f4d7a4957087b6af45435fcf20bbc9be3fb3d24dbc97b318fdc4fd5b54b8234d65f7adf05e9abeb13e125f0136

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\73A861CDE699EE431D74FE52208FA22781309C1D

Filesize
109KB

MD5
32bc19d51392109381581a2db36e7c50

SHA1
cbf33818abb017682739be15cef4af000bf9ed01

SHA256
e928949822a2412132dac10dff0d7d3be31030abe550e81833b918e83b21997e

SHA512
7ba65c120d5281e2d63b25b95ae141cf040db9f8787b247438e77cba762a4d7b4f754e237ed959804964731451c5574d2684bb77e7e003d89c46a4b7b3dd61dd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\79679B23E6BBEB689E1C79E27C32C20C5EC9DF47

Filesize
156KB

MD5
f09f749abad1da103bceda3df6798151

SHA1
1bfa197bd9859dc95e8e42e9249ffe5f7a16ab30

SHA256
0aa6221aea46fce1181e121e07d26fc47388c5c75aee807335252fdd074a04b5

SHA512
41a4760c35de5e1994f5539ae3efabdb4035629f81a027ccdc4f770250845fca9e4a478127461e6b7ba631988fa3d90831fac4803d3b1475ad3496ad857e370b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\E6387E62BBEDE663AFDA764B4C29EB34763CADD0

Filesize
630KB

MD5
6dbc814be6a0b3032446598dd7d77a05

SHA1
662c46b0de2fa87d5db389a57f9bd3a200470432

SHA256
e8b1c0803f51531853a8960c6149f401bf9995230fcc8b81f69a87f489d5eeb0

SHA512
9670f2fabd4efe5d31cbbbfa19cd5909cd3c57584143ba01513a87d7708882763fdcb66149108494254bd08fb449609c042f06735fe85d7e9cb8e96039107452

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\98672b41-5b57-4b9f-ab6c-bac4c0f30d99.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
785073822344ae3813284ebc92bb596a

SHA1
96e2a933b38352ed2c8e6e34e94756b70c143214

SHA256
36ef4cbbc494deacf81f364b546281223a39bea01a32b0c4b0e2324f984d6817

SHA512
28b21e17fdf026a025503a2ae1014ea4e8ce5385e42396007a7a23aba3aecb591d225e2a90d47f6f9e02d34792d74b89547715d66899265dbf8372258ccf4498

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
327975ba2c226434c0009085b3702a06

SHA1
b7b8b25656b3caefad9c5a657f101f06e2024bbd

SHA256
6fa9064f304b70d6dcebee643ca017c2417ff325106917058f6e11341678583c

SHA512
150a57c143fc5ff2462f496f5a9451310b8d99e32c4d570641204c8062a78590f14bed438ac981e8b0609a0c87b859a1f8502a78687bc36c3a9529d633a58e51

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin

Filesize
8KB

MD5
f1032164e35877922ec4290860daa2d9

SHA1
8a9f840a77da23474a89d09cc4fe06de7ce8aaff

SHA256
70e401da198eb8938e2f0d57d4947b5e9a45003ee3dca9873731eefe55900490

SHA512
9bdbab6b46bcf34dc93d35b78732410d4e898fba0accb3d65cd968b30ccd131d74b151d51416f89dd00b654ac4ee03a138a41fb3d386958c25fefce10582be1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin

Filesize
12KB

MD5
47225380afe553f168cf3e85009aabfd

SHA1
4259fc278c052f7929f345b118fd88fb6764fe58

SHA256
7a6cf076a4b4816abb490381aa4dbbfa246f7dc1d9067d85f6d225cc9f13425d

SHA512
de4c540f44cd0f8a776330c3156e729baf31f1f975da0870242c12f4661a618b353bc1107bdb76f095d83793f20a45e28c72f085c4b663c4b35b2db1661fce43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
13KB

MD5
2119d55d02afa54758f2a9276bea3663

SHA1
4a1e22b07eec0623cc7433d92866b0b26c2db4c7

SHA256
4edd7aa23beb6699091cdaed895c8ec4018ea468153793f9d9e98dd3210d713e

SHA512
d7d9f35d79c6073e9b26de4384adc061f8147a1904b637339dfa011d76469a9c3882c204b068b02ee4d83f513cb8dd9cc9dbff979250fc5e6a7e2044aeeddba0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
85KB

MD5
c155c4b24e1069faca9f2b1048107df1

SHA1
a55510dfd60babe735a66221170ba8171453b1a3

SHA256
f8d11b16ac7335cca5085e4d38c1d4cf125860ad8091ea32b890c2cb1a313c1b

SHA512
82599955dd8920b74a71f8de48f0f72d2514d4a6d262417353d0bf4ad2909c43d709b6cb5832200534ee061d4cfeecdcad0a831857ae865cd6b855d8433a069c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
a00893d7a2c3a1621d3d87f126349cf3

SHA1
25c0006987ccc813f6642d3a986429a347a49cb8

SHA256
7b67e075891bed8bb70218749d5f926eed39f1222b6d7ab311c62efdd36539c1

SHA512
af21d7e319b879393f74d013f9940b929da33cbd24c44e0aaf46e22fd3fd65543b5e6a95f85fe6b740f9b9ef81c924aa8aa07108e8515ab0470e8906764a6fb6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8b90cbe25ada8cd25452f85ccc43024f

SHA1
00e272d81e581442a5e6b3a8cd5f3842c569b831

SHA256
b4e61d824789ab9f7219bfce07ff6e9615d86c6047bfee574a585253d50d463a

SHA512
038c8f73108db812576cffd6bccc4f9d761a7648d73e971b4b73a7b7dd44f63cec6c1ae204dfb4be7a3c68fc6a65d44ec4b6453032d06b609b251f95a89e99bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
13KB

MD5
2e348118efe6ea5333202c5fffbb2a97

SHA1
6e959e132173ca72e6c233c9f28abce17bd3fe56

SHA256
40f459ab78856e2344087535be6f466d2b7c4ed04b9f6cc0dbbd0a81c99f5ecc

SHA512
254cdb6c5a269af1839bae260d366ffc04d6e856b6be30cf45273cb6fba5894425ecc7830c41eb4d81b8fee3e96cf7f1b483384ce96ff7f9ff80055960bb0eb7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\21551636-6e2d-4983-9446-428109e5e69b

Filesize
5KB

MD5
0f42897fdde6cb61fb9e80e5dc316a65

SHA1
85ebd33b387410b1271a0c48e78153b42673baba

SHA256
ef4374673e96daf18d8bff621966885e352e2e85d640feb839782c9643d3823e

SHA512
3d3179968e1f76f9d5dfa1c382ae14bc90ee92c6b52cb446ae2ebb257b3d7afa3925ff64301156b0c67c955f4f03731f8477680293cf1c465afdef75e96c97ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\30f84169-dd01-45c4-9d3f-aa54d3f35a83

Filesize
982B

MD5
cbddbaf8f99e88f2a0883fe44fbd178c

SHA1
8dc3cf13d540f96de5b0471ab5cce34193a6cae5

SHA256
00981e6d6f839680cce1ff46d51232be66a245e980b2dcfc18b2156aff8778f5

SHA512
746ed914176181c59cc31b6fac4de7cfcd9b69e01ed7b64063cd62a681621104d1173cd5ff08bb29c844d531da265ebb92f39eb857c7f3756783bb7321277368

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\68c84638-ad8a-48c3-bf46-632b8bd4097c

Filesize
671B

MD5
d9aee158684e6167d864ac83c68e1eff

SHA1
5f5a33a103e3a77366d9ab103aaf848e012c3fde

SHA256
4d34938c460646ac081aa4fbd1b9047a5002b6c72d910130fd8aa4b5a74eb7cf

SHA512
c8c1cd86d82b890ef1a951128a2e01a080f85fdcb5de9d74edfdb6fd3e7284766e473b0533b320bb02e0e10ce0a717dbbde455246f97a3217551d5be2589e526

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\815462d6-c27b-47cc-b685-46f743f10b8d

Filesize
26KB

MD5
28c568f5abf080e14434e4fe78cdce3c

SHA1
918e10343b699c0d39cf35e2b99aac7abe148257

SHA256
f953d09f78ab75e8743e3efedf7bedf00d4eb4c4eeb337a8246514f31b93ef5f

SHA512
21127a360e6288734bed06acbe14d4c68050e0404fcfb7fa3ce49f7bc4fe82bfefba911bda4c99f3794a5efeb3287fcee7e7d1d52ba4d0316e3ddfd3723635ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\c4d2bab6-93ff-4d10-9e84-a1435139c0f8

Filesize
847B

MD5
2b6c2f3707ffc8780ca621a1ae5b3531

SHA1
bf3f5f01bcd6c212647fdf58148458df995e1983

SHA256
8f9031e3df3912f9136e496ef1c80393117945e50f3eb0fa8f11e05092d93876

SHA512
ab4ed28687f1acbb12e43e3bc314b7cc4573d658d4eae4266dec1e3a9d46418a1e0ce2609efda629021c3c1839488ed700e811ade9e7ba41a6046e860059856c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js

Filesize
13KB

MD5
50e24411c3051f0f6bb0bcd07fee7fc2

SHA1
5bc5b8dc5fc31ebb9e40d39bbdd6ac91a4d14e21

SHA256
2487309673f1e41977ee2504bbbc518b56131f74cb9573d27cbb4ec518210715

SHA512
20b9c5f4c28109c0b472d1b1f5e9bfad7c3f48aa113442002becf0db608ddb6c9d9c769b56d20ffd8ed436838f7e87f4fca10dc1564a581bbfcdd04cc6855259

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js

Filesize
11KB

MD5
c33c41ea58fcb66d853d50372a1e8892

SHA1
c7d7f10b4919bb69ba95a68596c0a3aff5c4dd05

SHA256
6052e7529a09bd8248554a7da92e3bf565b845f6f7d70b48e0cd0ff73ec3e2b7

SHA512
570c852c4ff191e2a0c9ed032ce0a27642b200eb41d68ace3503ceb43f6afe5f194f98080fb3d3a4d895255aabd12ea400801b0d8f414a74ba0d5c33d1229be8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js

Filesize
12KB

MD5
c4c80728bb1d3c038eeb26f88dc90299

SHA1
ec7641b4953bc2f6aca152980cf9e3d57673ac06

SHA256
6cb3d6da37f869fb9f279be81b7c16929019bc5952b66fa2323b570e37b33f98

SHA512
68030988f3e6529cbf9bc3a3b062901d401bdb9cfa90ab9636da6984491207db08607ef91735c75fe6f5f225fed9cb2342b8d8105dafb60c4e4a8936b7c2c460

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js

Filesize
11KB

MD5
59e87f0a3dc28218cfb1a4e53f4966e6

SHA1
a33e594df32e799c6b0fd5b89a87b922b7641c26

SHA256
6e612ddc47bc49b27713d9e3731e12dcb6dc56bfea4976f2fa67f151305cff09

SHA512
5c143df564e547aa9d7b98b7e64303a0d141df1297949c4280f835bc91bc7ef6ba13e24e36d9284161ea656e1d4c6b2fa2885495a8c6f5d80d5373a40928a2b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
e60c8846da398be4b8e5b1201934afe4

SHA1
c943a9324726da1606b6ce27f8990102bb75a3b8

SHA256
95f60124220dab4d5e2f8650eab66b149c73211e6539c63db14f80c26a6592c5

SHA512
7071a33b2ea34d145e54edd54e8226bd3149bf0d8b5fe51cc95490219726d71fe50ee08245ff0afce1034ca86d1a93acdbbb008cc540fe7faea66faca348873e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
2c5ef2973b539d097fee7baa39472916

SHA1
0c27b866cb1af60d327895a8ffd4543c3a3c0b5f

SHA256
ed795c0fa2624036b99db108ad6461bda5c30c18bb3a13cd8db55023f9cbb328

SHA512
769c4c01d22934689508c00102a12221aecf37b9b1a03f990f38c241735d37df7ae2b675ef168becd6d8a61a1ae5b8e567ff60943ac42e8ee8164270907e90b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
971403b5ca413d858da5b4662cf5d9f3

SHA1
b70c18c7f8946cd990e3595c6156fed4321cef8d

SHA256
4bb8fcb805248124ee9b4adf50df8eb6817735a0637f1f26be5a4a7f2ef2509e

SHA512
30a96ebe759c86257befaef3780dc5d5f4662c836296c2c08addacd01fa941c4c7b70573d29adb97c27cb7732376748d0ae43ee265c61dbc2bc742625503da4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
9fd3ec4da438ccece8312dcd691f7328

SHA1
e6311589efa79af23d4d6a693855b486c5031174

SHA256
e8a2e71d28d4d77cb7d5db737b771dfb9770604b22437d3980c3fac12345072f

SHA512
51952cd79fd44c5a5cbdff61d74730f4038016223fd81c1d52ee8c456bb3e7d390db4d3cb250e7d9a88600e2bb050f66d6869e763ac2c36af73b08392fbe63d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
916803b97ff86fbc867fb3a837a01147

SHA1
0f68994ace559b06f8331eb7800264ec145733e1

SHA256
2bc7a2325356189c20637cc81ace9fc8a23167bc025ed327dc18cc8d46869c8a

SHA512
e453f045daf222793298105c5ea15880da96b08ab01e19560b5919267ccd972319c71d56a98f674db5db0064ac4ccf6b55209340f24f0456bc43eeb71068e1fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
c90f4d414beaead89b7f2d144d6b6c03

SHA1
f58c5c784ca9039d19a59ad4ea7435ff1257a7f7

SHA256
3c147bdb426e75f1c8babe2758dfee73d060b6a15b67ee1f9583a11df7241115

SHA512
dc9cde80aeed9349e4d9d049cbad4493b29af18de88c26b29317d531fcc51a6bdeb6ac5e11fd72f7a12b3d70c87228dd35fd2f2dc60b09aebe0a07b8e2ca764b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
25c2c56bb862488c726b7b130147d24b

SHA1
4b23312ccee352d469a8c6a8abd18b1a41fd5b3c

SHA256
f6eead507c4be5dbe85635b5850cfc81e61e8fff0b9f9fb7db745e254c04e0d8

SHA512
6bd55905097a37889c1c73a321dd036dd955f94cb6ceec8e06a5bcf50bdfbce3dbec06b2341104a794946e76ce40569055c16dd978d112219cb14d996d87bcc6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
4987d2f4000d57c0c7dcdf12bd408954

SHA1
f0a6812c33734002edd50c0a02abbc179b136198

SHA256
7d6e460afeb61c5e82b0058e59db00267788569f0e92b6799df58306f7a27c41

SHA512
3650c754d6ffb5d54c5d24f63d66dd69c56cf3ffb20cb8739d58d2d583559f03ff0511187098b497113e1b6afb4f8e49e93a91e7cce322cc7336f4c481b0f22c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
cf3ad0fab6d852f49a9fb69519b5a3f2

SHA1
13ea03088afaee41dd3b3d2330c00e29ea15a349

SHA256
463d12ede7be27a8055f88b0c6a5b2d901e51a55e01d036fd945fbd5fd2173fa

SHA512
1277ec9c89527789b1750571f92c2d1c7e1dc605cf185143a813a9523d4ac60ea469540ca5a54dc32637cf55cdb0098af7dc72899145c6d4e0cb9fa6d1abd3f6

Download Submit
C:\Users\Admin\Downloads\Memz Clean.exe

Filesize
12KB

MD5
9c642c5b111ee85a6bccffc7af896a51

SHA1
eca8571b994fd40e2018f48c214fab6472a98bab

SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

Download Submit
C:\Users\Admin\Downloads\Memz Clean.exe:Zone.Identifier

Filesize
50B

MD5
dce5191790621b5e424478ca69c47f55

SHA1
ae356a67d337afa5933e3e679e84854deeace048

SHA256
86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8

SHA512
a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641

Download Submit
C:\Users\Admin\Downloads\Monoxidex86.harmless.exe

Filesize
131KB

MD5
bd65d387482def1fe00b50406f731763

SHA1
d06a2ba2e29228f443f97d1dd3a8da5dd7df5903

SHA256
1ab7375550516d7445c47fd9b551ed864f227401a14ff3f1ff0d70caca3bd997

SHA512
351ecd109c4d49bc822e8ade73a9516c4a531ebcda63546c155e677dcff19708068dc588b2fcf30cad086238e8b206fc5f349d37dda02d3c3a8d9b570d92e4d9

Download Submit
C:\Users\Admin\Downloads\Monoxidex86.harmless.exe:Zone.Identifier

Filesize
625B

MD5
893429bb8bf1f4db199991db4f429a08

SHA1
3fb217b244bf71f1e6dffb00bb3961f37c8d7687

SHA256
47d366c2b88a1473d0021412ba923601680611cdb7326e9bfbef6770297a014f

SHA512
b296e6740a7d269a2599859033fe7ba3cdcdd9f820b32f2bcc3b28cc749990d1b2384a8a1cccd407b7473b9b4775f0253ba2e9dfc7e01a1921df090d26433882

Download Submit