hxxps://github[.]com/MalwareStudio/Virus_Destructive/blob/main/Virus_Destructive_open_source[.]zip

Analysis

max time kernel
210s
max time network
208s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
21/11/2024, 00:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/MalwareStudio/Virus_Destructive/blob/main/Virus_Destructive_open_source.zip

Score

8^/10

discovery evasion exploit

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Possible privilege escalation attempt 4 IoCs

exploit

pid	Process
1176	takeown.exe
4612	icacls.exe
2680	takeown.exe
2924	icacls.exe

Modifies file permissions 1 TTPs 4 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1176	takeown.exe
4612	icacls.exe
2680	takeown.exe
2924	icacls.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
53	raw.githubusercontent.com
54	raw.githubusercontent.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241121002130.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\4717a124-43ce-4b6a-8d60-7f8de29c26b9.tmp	setup.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\rescache\_merged\2229298842\2447628140.pri	LogonUI.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "245"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766220203560184"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 29 IoCs

pid	Process
2596	chrome.exe
2596	chrome.exe
3420	msedge.exe
3420	msedge.exe
1112	msedge.exe
1112	msedge.exe
5984	identity_helper.exe
5984	identity_helper.exe
1708	msedge.exe
1708	msedge.exe
3604	msedge.exe
3604	msedge.exe
3636	identity_helper.exe
3636	identity_helper.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
3844	msedge.exe
3844	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
5156	msedge.exe
5156	msedge.exe
5716	msedge.exe
5716	msedge.exe
952	identity_helper.exe
952	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
2596	chrome.exe
2596	chrome.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
5716	msedge.exe
5716	msedge.exe
5716	msedge.exe
5716	msedge.exe
5716	msedge.exe
5716	msedge.exe
5716	msedge.exe
5716	msedge.exe
5716	msedge.exe
5716	msedge.exe
5716	msedge.exe
5716	msedge.exe
5716	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe
Token: SeShutdownPrivilege	2596	chrome.exe
Token: SeCreatePagefilePrivilege	2596	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
1112	msedge.exe
1112	msedge.exe
3604	msedge.exe
3604	msedge.exe
1708	msedge.exe
5716	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe
2596	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4752	LogonUI.exe
4752	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 2688	2596	chrome.exe	83
PID 2596 wrote to memory of 2688	2596	chrome.exe	83
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1608	2596	chrome.exe	84
PID 2596 wrote to memory of 1240	2596	chrome.exe	85
PID 2596 wrote to memory of 1240	2596	chrome.exe	85
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86
PID 2596 wrote to memory of 4360	2596	chrome.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/MalwareStudio/Virus_Destructive/blob/main/Virus_Destructive_open_source.zip
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffe41dacc40,0x7ffe41dacc4c,0x7ffe41dacc58
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2088,i,18097598861890492223,13835928809638000327,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1856,i,18097598861890492223,13835928809638000327,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,18097598861890492223,13835928809638000327,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2256 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,18097598861890492223,13835928809638000327,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,18097598861890492223,13835928809638000327,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4600,i,18097598861890492223,13835928809638000327,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4352,i,18097598861890492223,13835928809638000327,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5312,i,18097598861890492223,13835928809638000327,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1344

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4900

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3708

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\dcea5595-2447-4944-b577-d4b5549db451_Virus_Destructive_open_source.zip.451\Virus_Destructive\Virus_Destructive\obj\Debug\Virus_Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\dcea5595-2447-4944-b577-d4b5549db451_Virus_Destructive_open_source.zip.451\Virus_Destructive\Virus_Destructive\obj\Debug\Virus_Destructive.exe"
1⤵
PID:3112
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /k color 47 && takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant %username%:F && takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant %username%:F && Exit
  2⤵
  PID:2364
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Windows\System32
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:1176
- - C:\Windows\system32\icacls.exe
    icacls C:\Windows\System32 /grant Admin:F
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:4612
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Windows\System32\drivers
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:2680
- - C:\Windows\system32\icacls.exe
    icacls C:\Windows\System32\drivers /grant Admin:F
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UC9keh4wDjXFyiRhHDE_h90Q?view_as=subscriber
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:1112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffe2db946f8,0x7ffe2db94708,0x7ffe2db94718
    3⤵
    PID:508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11076750479291032866,5342607065351086876,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
    3⤵
    PID:4644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,11076750479291032866,5342607065351086876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,11076750479291032866,5342607065351086876,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
    3⤵
    PID:4876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11076750479291032866,5342607065351086876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
    3⤵
    PID:4956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11076750479291032866,5342607065351086876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
    3⤵
    PID:5060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11076750479291032866,5342607065351086876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
    3⤵
    PID:4420
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11076750479291032866,5342607065351086876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
    3⤵
    PID:5692
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:5748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x2a4,0x2a8,0x2ac,0x16c,0x120,0x7ff70e975460,0x7ff70e975470,0x7ff70e975480
      4⤵
      PID:5788
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11076750479291032866,5342607065351086876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11076750479291032866,5342607065351086876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
    3⤵
    PID:6080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11076750479291032866,5342607065351086876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
    3⤵
    PID:5152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,11076750479291032866,5342607065351086876,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6116 /prefetch:8
    3⤵
    PID:5564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11076750479291032866,5342607065351086876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
    3⤵
    PID:3728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11076750479291032866,5342607065351086876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
    3⤵
    PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UC9keh4wDjXFyiRhHDE_h90Q?view_as=subscriber
  2⤵
  PID:512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffe2db946f8,0x7ffe2db94708,0x7ffe2db94718
    3⤵
    PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?sxsrf=ALeKk007atE4-A-mD40nsEcYaIJklYlv_g%3A1605092231197&ei=h8OrX5XEC4mdkwXO84XoAg&q=how+2+cut+leg&oq=how+2+cut+leg&gs_lcp=CgZwc3ktYWIQDDIICCEQFhAdEB4yCAghEBYQHRAeMggIIRAWEB0QHjIICCEQFhAdEB4yCAghEBYQHRAeMggIIRAWEB0QHjIICCEQFhAdEB4yCAghEBYQHRAeMggIIRAWEB0QHjoJCCMQ6gIQJxATOgcIIxDqAhAnOgQIIxAnOgQIABBDOgUIABCxAzoKCAAQsQMQgwEQQzoCCC46CAguELEDEIMBOgIIADoFCC4QsQM6BQguEMsBOgUIABDLAToGCAAQFhAeOggIABAWEAoQHlDzaFiDigFg86UBaANwAHgAgAHzAYgB7w2SAQYwLjEyLjGYAQCgAQGqAQdnd3Mtd2l6sAEKwAEB&sclient=psy-ab&ved=0ahUKEwjVo5bCqvrsAhWJzqQKHc55AS0Q4dUDCA0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:3604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffe2db946f8,0x7ffe2db94708,0x7ffe2db94718
    3⤵
    PID:1900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5543140501417548535,17801557827691957262,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
    3⤵
    PID:3448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,5543140501417548535,17801557827691957262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,5543140501417548535,17801557827691957262,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
    3⤵
    PID:2448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5543140501417548535,17801557827691957262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:1624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5543140501417548535,17801557827691957262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
    3⤵
    PID:1204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5543140501417548535,17801557827691957262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2492 /prefetch:1
    3⤵
    PID:2432
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,5543140501417548535,17801557827691957262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
    3⤵
    PID:5596
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,5543140501417548535,17801557827691957262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5543140501417548535,17801557827691957262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
    3⤵
    PID:3384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5543140501417548535,17801557827691957262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
    3⤵
    PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?sxsrf=ALeKk007atE4-A-mD40nsEcYaIJklYlv_g%3A1605092231197&ei=h8OrX5XEC4mdkwXO84XoAg&q=how+2+cut+leg&oq=how+2+cut+leg&gs_lcp=CgZwc3ktYWIQDDIICCEQFhAdEB4yCAghEBYQHRAeMggIIRAWEB0QHjIICCEQFhAdEB4yCAghEBYQHRAeMggIIRAWEB0QHjIICCEQFhAdEB4yCAghEBYQHRAeMggIIRAWEB0QHjoJCCMQ6gIQJxATOgcIIxDqAhAnOgQIIxAnOgQIABBDOgUIABCxAzoKCAAQsQMQgwEQQzoCCC46CAguELEDEIMBOgIIADoFCC4QsQM6BQguEMsBOgUIABDLAToGCAAQFhAeOggIABAWEAoQHlDzaFiDigFg86UBaANwAHgAgAHzAYgB7w2SAQYwLjEyLjGYAQCgAQGqAQdnd3Mtd2l6sAEKwAEB&sclient=psy-ab&ved=0ahUKEwjVo5bCqvrsAhWJzqQKHc55AS0Q4dUDCA0
  2⤵
  PID:4956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffe2db946f8,0x7ffe2db94708,0x7ffe2db94718
    3⤵
    PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UCviSYAcwdnDX1UoRzAHYgNg
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:1708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffe2db946f8,0x7ffe2db94708,0x7ffe2db94718
    3⤵
    PID:1952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2320,16158720612880223066,592668947397821979,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2332 /prefetch:2
    3⤵
    PID:3736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2320,16158720612880223066,592668947397821979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2320,16158720612880223066,592668947397821979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
    3⤵
    PID:2424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,16158720612880223066,592668947397821979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
    3⤵
    PID:2492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,16158720612880223066,592668947397821979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
    3⤵
    PID:5892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,16158720612880223066,592668947397821979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
    3⤵
    PID:3156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,16158720612880223066,592668947397821979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
    3⤵
    PID:4784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2320,16158720612880223066,592668947397821979,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5536 /prefetch:8
    3⤵
    PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?sxsrf=ALeKk03p6_nh5gjKk_7WWWGDr0qYtnieXg%3A1605092222038&ei=fsOrX5rzAY63kwWYq56IDg&q=my+mum+is+gay&oq=my+mum+is+gay&gs_lcp=CgZwc3ktYWIQAzIKCAAQFhAKEB4QEzIKCAAQFhAKEB4QEzoJCCMQ6gIQJxATOgcIIxDqAhAnOgQIIxAnOgUIABCxAzoCCAA6CAgAELEDEIMBOgIILjoECAAQQzoHCC4QsQMQQzoECC4QQzoFCC4QsQM6CAguELEDEIMBOgUILhCTAjoECC4QCjoECAAQCjoFCC4QywE6BQgAEMsBOggILhDLARCTAjoGCAAQFhAeOggIABAWEAoQHlD_GliuO2D3PGgCcAB4AIABiwKIAeAOkgEGMS4xMi4xmAEAoAEBqgEHZ3dzLXdperABCsABAQ&sclient=psy-ab&ved=0ahUKEwiaque9qvrsAhWO26QKHZiVB-EQ4dUDCA0&uact=5
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:5716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffe2db946f8,0x7ffe2db94708,0x7ffe2db94718
    3⤵
    PID:4396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3585291479576972617,9046850396176519881,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:2640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,3585291479576972617,9046850396176519881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,3585291479576972617,9046850396176519881,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
    3⤵
    PID:5480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3585291479576972617,9046850396176519881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:5476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3585291479576972617,9046850396176519881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
    3⤵
    PID:6052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3585291479576972617,9046850396176519881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
    3⤵
    PID:5912
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3585291479576972617,9046850396176519881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
    3⤵
    PID:3780
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3585291479576972617,9046850396176519881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3585291479576972617,9046850396176519881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
    3⤵
    PID:5644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3585291479576972617,9046850396176519881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
    3⤵
    PID:1720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,3585291479576972617,9046850396176519881,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5600 /prefetch:8
    3⤵
    PID:5752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3585291479576972617,9046850396176519881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
    3⤵
    PID:5920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3585291479576972617,9046850396176519881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
    3⤵
    PID:2880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3585291479576972617,9046850396176519881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
    3⤵
    PID:3816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3585291479576972617,9046850396176519881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
    3⤵
    PID:4388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3585291479576972617,9046850396176519881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
    3⤵
    PID:192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3585291479576972617,9046850396176519881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
    3⤵
    PID:5744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3585291479576972617,9046850396176519881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2028 /prefetch:1
    3⤵
    PID:4544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3585291479576972617,9046850396176519881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
    3⤵
    PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UCviSYAcwdnDX1UoRzAHYgNg
  2⤵
  PID:536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffe2db946f8,0x7ffe2db94708,0x7ffe2db94718
    3⤵
    PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UCviSYAcwdnDX1UoRzAHYgNg
  2⤵
  PID:1032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffe2db946f8,0x7ffe2db94708,0x7ffe2db94718
    3⤵
    PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?sxsrf=ALeKk03p6_nh5gjKk_7WWWGDr0qYtnieXg%3A1605092222038&ei=fsOrX5rzAY63kwWYq56IDg&q=my+mum+is+gay&oq=my+mum+is+gay&gs_lcp=CgZwc3ktYWIQAzIKCAAQFhAKEB4QEzIKCAAQFhAKEB4QEzoJCCMQ6gIQJxATOgcIIxDqAhAnOgQIIxAnOgUIABCxAzoCCAA6CAgAELEDEIMBOgIILjoECAAQQzoHCC4QsQMQQzoECC4QQzoFCC4QsQM6CAguELEDEIMBOgUILhCTAjoECC4QCjoECAAQCjoFCC4QywE6BQgAEMsBOggILhDLARCTAjoGCAAQFhAeOggIABAWEAoQHlD_GliuO2D3PGgCcAB4AIABiwKIAeAOkgEGMS4xMi4xmAEAoAEBqgEHZ3dzLXdperABCsABAQ&sclient=psy-ab&ved=0ahUKEwiaque9qvrsAhWO26QKHZiVB-EQ4dUDCA0&uact=5
  2⤵
  PID:2408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffe2db946f8,0x7ffe2db94708,0x7ffe2db94718
    3⤵
    PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?sxsrf=ALeKk03p6_nh5gjKk_7WWWGDr0qYtnieXg%3A1605092222038&ei=fsOrX5rzAY63kwWYq56IDg&q=my+mum+is+gay&oq=my+mum+is+gay&gs_lcp=CgZwc3ktYWIQAzIKCAAQFhAKEB4QEzIKCAAQFhAKEB4QEzoJCCMQ6gIQJxATOgcIIxDqAhAnOgQIIxAnOgUIABCxAzoCCAA6CAgAELEDEIMBOgIILjoECAAQQzoHCC4QsQMQQzoECC4QQzoFCC4QsQM6CAguELEDEIMBOgUILhCTAjoECC4QCjoECAAQCjoFCC4QywE6BQgAEMsBOggILhDLARCTAjoGCAAQFhAeOggIABAWEAoQHlD_GliuO2D3PGgCcAB4AIABiwKIAeAOkgEGMS4xMi4xmAEAoAEBqgEHZ3dzLXdperABCsABAQ&sclient=psy-ab&ved=0ahUKEwiaque9qvrsAhWO26QKHZiVB-EQ4dUDCA0&uact=5
  2⤵
  PID:5556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffe2db946f8,0x7ffe2db94708,0x7ffe2db94718
    3⤵
    PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UC9keh4wDjXFyiRhHDE_h90Q?view_as=subscriber
  2⤵
  PID:2420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffe2db946f8,0x7ffe2db94708,0x7ffe2db94718
    3⤵
    PID:3024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1072

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x2d0
1⤵
PID:5624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5616

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3906055 /state1:0x41c64e6d
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4776

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:1576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c9348950115f7220fb8a3d85be564b7c

SHA1
954a98bce8d4583a8ab4f8a0a81e619478f11ded

SHA256
b6a3e754a079abec793628fe9633fa0a4d213bec4e03a3d3afbd2060e1446d5d

SHA512
84ec0a79ea7e61e0787a05a0414ff4818ecb9be8f45c1d237ff3267d982ebf5fe3746b77480dc873177875a5bd430fb95c756b51ec642a0387edf38cbfa45398

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f6fa920e76b1d71ffea7ce6d172e6e31

SHA1
a752b63cac1663f3862bfef4ae91919b6839fd5c

SHA256
b1d531f220358e7194a3525b53eebab0133b925bd18937968352057a33c0ae0e

SHA512
57b633e653589df4b5b66da3b96aafadd96a95531526b3de19fd52038f92b09347ddef465ed8f267684f6b6c766c1fb086764d7a5a642fa936183bba16c0d7a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
210693c596529a1bfa993b720b5b8125

SHA1
c705a0ab5fbd5f4ea48010e935d3fe76f90adc99

SHA256
ae7ec12b7273c0dca74097381951d477350cee6ffdb8b07ab7b97012fa313c80

SHA512
1835d933dca9d356fd835a061e36223f1e8b341a6e685fa0fbc157a2e3acfb72b409bb1a4ed855db004f7ab143329e8b2416f72964dfd111425d4edb74fa94cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fa0042e74491a515f0b0a9a24bc06190

SHA1
2b5b6a096ab170d6ce77122d7d7dc47256142ba3

SHA256
69b20b25ece182d561170ed3955833e52f39128d1ba3aad2aaab8e8c963a8b3e

SHA512
ec6332c6e9af7f7d97a466c9d2874122dfb6a1cee89c8adde7987e1f87be9912ea15033ac386a8cc4336a1f6e5e4c63dc092ff560dbe1a28c466f7196dabd965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e501370b39612c1420412249362a0e6a

SHA1
0308f94c4a26b76d2c679cdfad64fa6b3befb7f3

SHA256
7688ea5ec61dcd2d4cfcc890b06d5aac80927d26cb058108b0f98a429a413631

SHA512
ccc3d8abe99fb5259a988b9a41c677e72dc8f952f694b26f589917e9c0ea76ee94649f6127bce6368d4e7713fcc25214db4408e1816c1b668347e40d1fd256b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3cebd40d13b8f66bc88c88f0c888157d

SHA1
2c64f62222c9f02001abd2de52395fd3c2585298

SHA256
c45b30d3afefa9f549cd7bd32f68440fb202ee7f22fd97fa981e212bdde74567

SHA512
25c45fe756f70ca74b7c3e1b315783a1f855e19f74df19b0e2063954143683f069dd4936c4ea5ffc30993c86f8e9bb10bb7dc124a8c195641f31533001ac36f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7a9108f3f0ee0c4ea55120c2a6ced42b

SHA1
a6f3a4f88ee68daffb83eb04290b624df55ab473

SHA256
b83727cccf4f3415c0f415584537ee37b305291079a37f0b6b6efb724564df77

SHA512
cb87a11b8b1adaf4f028ebb6abd387622a75bc412e146c0d1e8378f7e5444beb4fb79024f271586b874e6a7f10ddab9655290bdee2c1f60801dd1ecd98fcc59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3d353101ea12aaf12fb7d72a1fcddbaf

SHA1
5ba29b10132bbd67d565b268accaec786af589c3

SHA256
aa1bc9d9f0cb1f6a1e59c649b6228362d3c5d28184ae20a0e5d9c8e8d33bf8e1

SHA512
6d3e913d1d5794d1198e4d2ddb8718779d33f83904aecc5783e60e9d0da5d749fcf65d7c1882b72af2e6f4a54d453bf5dc3b5fd0535f22bff5f5dac2150c6dc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f3c7bb5e7b5e34171fc1ddd2f39d2bbf

SHA1
9fb1c2b5f59306fb224409226d609275ed722a67

SHA256
bf093f90aa3827f2aabae2881c2db3f4d8b5a73b426e7dfdc0dab25392b838ff

SHA512
c30903839b414244c4d8ae00fdf9b15321671faf50b22792f15014a844ed686ebde0832a9930fae355ea07dbdaee45edfc4f6db3235c670a3e29c887a7915ba4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
093214187501b4dde2d1d2ddde375466

SHA1
6fa83285ef38597f351cf0f1fb7e58d162f9de2d

SHA256
1470506a4c6191fd8dd032e3fd4873e56d73cf910f9c5b79cc78a522d26cd139

SHA512
d4c625f1cda1fd69a04ed7dd032becb57b0ef6254e6074d1a1c008cb95099fa75f8e336879e34a2b1404af8c576ca8f9c22e6c65ee9bcd0301046af59134e55f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
46ad70b8720acf397acfe98d2e11eecc

SHA1
7449a799a8b0ad9d0c3043f80f3c255fa2b45c12

SHA256
a21c418fcb2760b26148626766f5c39454bec1d9e2956f9804c963703067cad0

SHA512
b382f51824c16db814e54f8a9392c418bc990eac629b8a6012c1285f53469bcea17fa5ef19c5fe51aada94354fb78c6fe68f2cbcf4852ef0167e364a8a0bb5b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ebc915314909fe9c144ed39a6ea4ce92

SHA1
81137af8926697256d24f539e7b4e0b3cfa65e22

SHA256
653b7f1a291ba462422d33c660ff4c76bc0e4e599e6b431d2744ee90ebaadd6d

SHA512
14c49b90da83dff3965394f6e69a45e489ae145296db26bdfa542ed452011895ad8a55b37c4ef88681eedd538e25d9befb3855406f6e6a0545adf93561185682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a2b792b205dd83ced13a78d1a45068ec

SHA1
3a58b32aeea6ccc14f3d114b23836749a84cc58b

SHA256
e2a8ebd24dd40fc037bef17854ab49d9e9f6bb73b5cc09635d84448ec1ac990e

SHA512
e04919677fee87f2bb5617b8e79faa4a8decafdabd0df27884aa1f7c271ba07fc76da2765180783d6a7be7155ba44d519604d2c7975395e519f4106130bc0876

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
86339f0788ef0963e2413ce3b19010c9

SHA1
3aa06a71e421ae76d528f189b7df905cf1c29a70

SHA256
4bac97c21a7e7ccc91c992d491dc6a2e8ee9a02ebefdac5eb18378ebb78f4e8a

SHA512
23ed6e3e67e2eecdc0728a5e344c8a81178adbc658b2d760b012de8d365055b2dc3d66e0cf0084d2a839864449a6ba4252b1f696ad521a9e5670597b6d70fbba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b0adfcdee484f2f36e961551ed294dff

SHA1
ebdc382c4685f52469f1d156d0af0a92ec48512d

SHA256
ba1fc22e3d0dccf6840893a62bab6cd03b88ffa84e3bd9454535c2baff33b552

SHA512
b32c7a3fa42ceae234fa5059552f67d4bec0ad348c80095bdad8e585109aaed6a559da4bacc25f31e808e887696ca6ca8e78512675a746f2f6a4126e2dcfa711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
005d908bdb90fe576b32ce1b06fbe373

SHA1
f117e4cb5bc8c85dae2b95a9a9f39630e6f2d077

SHA256
90f8907affc8e9b91660741e6a8ea5312bf90aed388f588857a53f9dfd37cc66

SHA512
2a99f8c91c4b76c38e859abfc980fff02e3c058184cc7fb12eff2c0f1c503a599f0d11b0144137cbe6d8a1aded3f32402b92bbaf5706b63830e24b117341eeb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
6488edbdb7598d87fb65475c02b57118

SHA1
ac1293a448345dd673fbcd9a52872b7879457edd

SHA256
aea3df478926fdca7b29930bd48a1f2b0d897ddc21ceec10a1515e6b175e5d5f

SHA512
ad930c1753b58c7c1d3944ca4fe999daebb3ff729a99714538fe713c61c22f99e244dfd106314102e273be0d2bd35fcb0215b5dd67b2f298cd66d48b5fb76380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
2ed1648d0b6a33d892698994d6dad52c

SHA1
8073481347ef5c059f2463e12d2e5014e1248331

SHA256
a5c9bc660055f8f176275e3606fdfef9c736f0169c9c0e3a4a37364dd440a5c4

SHA512
09d7033aeefe426b630869151aee895f826d9f1e62333df213a093bc8ba3fa2de28fb7cffec403775cedef95711de4c44eac08a21cc0c9e435afaf6f754fdcc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2d7b8340fd29eeb437b0421ab0a88467

SHA1
23ccc53b3e4c0e97e0eb8963e4538ab55b90c827

SHA256
6c831215a09b6c2274616589849b0c067f59ef8c77487803be9ae2460e42d27c

SHA512
9f64db4622a9d1e2233fd0e1d2cc2c827cece7c79735acdd914abf8009be1550970beef98b8fbe8e3440ae4508dfbad3d3acf6df53ff4f5602bd8a107c37722f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5feff61c76839b5bebe1723919f4e1c5

SHA1
4839ee30f5459c622f3ada81d5f77d87cd2c08fc

SHA256
59600e98fa048729d633494ead58f450e4dcb931af369c8af4f0e7cbffc7e2ca

SHA512
13b035cdd9393579a7e595633ed9fbcccde0498db7c143c73e220b1bfa3138fd62ac1385361416cd9f61629a06bba689edbfb1b1d75dbbde238e190c1b6acc5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5391bd7b113cd90892553d8e903382f

SHA1
2a164e328c5ce2fc41f3225c65ec7e88c8be68a5

SHA256
fd9710650fc6774ce452b01fb37799cd64d3cdc282ac693e918e38322349fe79

SHA512
41957bea3e09c2f69487592df334edc6e3e6de3ab71beb64d9b6d9ce015e02a801b4215344d5d99765abe8ab2396394ac4664fced9f871204453a79463cc7825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2905b2a304443857a2afa4fc0b12fa24

SHA1
6266f131d70f5555e996420f20fa99c425074ec3

SHA256
5298bdb27d48c2c2b5e67bdd435445ef5b06d9b36c11394705b413ff3d0f51f3

SHA512
df85de0c817350d8ca3346def1db8653aaee51705822b4c4484c97e7d31282a2936fa516d68c298dcbbb293b044aa7101b3de0c7852c26e98ac6c91415162b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28a972e24eef6f7e3924ba37204f9fd

SHA1
56df67c07d6d851756dd408ccb01857ccdfbe414

SHA256
26ba40d2122798635b637009c7d041f149eabdf1d0b075a87a5e65ea203f2821

SHA512
8d3f8e3297dccda92a5222f4007dea5adc04531703c47ab0e626231cdd71ef9dd7fe30566aa989a5e60da4e6427da7af100298d8d64cc848df1a981ee18a3f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4d4fecc4f79af09ee9058013a5d0933

SHA1
8c15752d73da3f130079028e435f2daf50f698e3

SHA256
d4bd83a9074665acc707d2572ccaa251aec3af919a325a4914fcf74315b7325d

SHA512
449b0c0203eb1b37f922db5af0a34582a69a500e09daa86cd0a794d717e63588153aabda336401f47690aa3b416c0b69fcaf9ffdc715d61d59357a79cf620e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
41KB

MD5
503766d5e5838b4fcadf8c3f72e43605

SHA1
6c8b2fa17150d77929b7dc183d8363f12ff81f59

SHA256
c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9

SHA512
5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
615KB

MD5
33fc776f10d022a60c1e973c4ee94ba4

SHA1
d9f3cf53e8034db68c989c1901599db9ad73082d

SHA256
1f10496e8925eb655a09223c49aa1a4694f59fa305b33e43d3adac5f20a904e9

SHA512
b56b056918ce0c01aae4637f6384a5f34412b30662e260fe341955fc9b32f1ad40c4260a3f9a00faa12438eae78eeb6a06e093911afc647614080f0f33d45b2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
d3620e9974f8a31bd8ac1a3e04f57a81

SHA1
d7ef0c8ee31ae9f9ed30e5aad49184eef6d7b930

SHA256
d8ef5a4e56588130807d15d42f07ea1d86ed9ea39e235aba3167f5e1d525134e

SHA512
e7109c855315a9dbd40e59c2b98e9d0e85111ef0b3bce71e401b7fd67492b86519acfcda492f68f83407cd4a5c1d6adb739bdf5cf2570dc0feec2b7f91058f24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
337cc33c7ca3366cf1e0ff0d96afdc9c

SHA1
c6990c40df7bf78d2553b1103db39ffe0ce825cd

SHA256
8b06155d1abd5612c68e661e8d587c3e6c1458cf68c3cf2c126ad1280e55819c

SHA512
12149c7cb37d58b869066a02fcffe814d842f43ab05866f92c8801140b7de3c78557c95534dbc243dd4f8605c769643d845906159833ba9bdc6e12ab85c66dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
250f9bc8cb1273b869bc1d34475f22e1

SHA1
292d0405153dde6626831fa943fc1ef13139e500

SHA256
bd7de924de54f4deecb1983921493b91ad3fba3d1c47d15cd829a4d2c8f33a6b

SHA512
662b0634c676309aed8a4856321732fd65dc4691f179ddb036c5e69e574f5fa7faf7efe8316e7348640877fa98c7cc6a6e6b6f33d1581ceb5f9cf9b92c5356a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
7e270068d89e1ad1d5da8b05b5133fdd

SHA1
24e182b8a9e3d964ff4631ea36b978626855ab96

SHA256
0d231ef7ce29293fa1504db909605ebf2ac109355c4fda21b795e298c9354f1f

SHA512
6ead77babda507b318c150f345aba6f1c3a5a8bfe1c5dff88cb6fac71c39492bdc201da37279f47c70da90b8c56991156dfdf686aee9216e4a5c232f9f43ae2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
f295864f299a384dde37ae4e8aa58e77

SHA1
6bc7312b93f5c1596096209ec2d610905a574596

SHA256
c20f6466acdf950afe97115fede6d0305f23b6ab2436965f3f6c5e4ad746639a

SHA512
95056c92e911c236d764a9bbf92660426f2c2ae1ae77f78c414be44930b0730fc1c1e9dc1a6d9517fbae3dfbf007fe086318d8e6da98d9ddf49ea302436f41f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
8b1bb3d881ef968ba31a4d46116bc468

SHA1
a58f5a9711a85e69b6de1ed0e184c79f4d1c9b8c

SHA256
0ed4ad52037365e2484e1666370e3cbe3a8ebc3910f76e6de5a00096552b7077

SHA512
c971f70d9ba47490fd19117803602c6105688f9c51fbe8a9151f9abb9d00d54c4c48afe613bf41c4aa9bd70527b464e0c325a1af44cf3df950114a3d00c9c72c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
aa1ac50fdff2b25e0df7928760ed8568

SHA1
c5433ebc4d19beeba61a9da69635375661e732ae

SHA256
b5759d63148abfc7b08b2656389cf447beae4562c7ba58a963d9f432b2c4d9cf

SHA512
25ac95fb8758d2862868cb168acec59e8af81dec428e4252220ab763afb728435e68854b615cb294c48c56d114bd4e42cdc8a3b101364496240dfd24750eb9b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
164a30b93aacf5dfed6bd554fbb3155e

SHA1
f5b2e99754d9f08bd3d1ec8dbe7a793f047d2dcd

SHA256
0faf0405129ee8563e421d60eccc03c2a83e5f8b2de9b8219cd817e0401c5006

SHA512
e8e08ee6735b4b3332a2c7ebda2dbcbb54080cebb1e27b43e7461555583b97b328dcbeef4f4a1fc87993f041d402d431ebb18e436d7393ac7fac8d13a89a0433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
1KB

MD5
3debe704da98120eb6ea2f30a81dc0a2

SHA1
0a14492623e31fe6b43b688a90917466f8f65efd

SHA256
4106c547a3dbea18fb7e225b2ac46b2f0b003737c7d05e88b589a19eb442f643

SHA512
a8da3165084f59ffbac4a33fcaec54745ffb272172e155da08136e39bb6163e6af74bbea3ec47801318d8171d5ff0cf1268394459d558028b239b9e3d145cf50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
291B

MD5
af3f41a20e671549bfb26b5b066363cf

SHA1
ccdc6b2ebf64e5c1b14a6bc7d3dac7820e827732

SHA256
c38775d14a9cbe40abd31e6f5b8e0d68ef0288e8ddeaeb4ff324fef3773f3a5a

SHA512
04441dc39059226b1cb0edd2865d6cefe2f273593a5c630cc92f3f2ab536ff4f250a929e1c811ccab7506b9a2edac9839b81679c97283a6486c61c0ec76dee7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e0b08ac24087fd53e1e28d489d71f5c7

SHA1
e960433af94221f8639b14d7dcf707104e3f71e2

SHA256
b1e9bfb20b053ebc969aa7023a579c2e3403662e8309d3f8d680778031e2c217

SHA512
db3583663c79614ad9adc84370da2ffd3cc40ab57fd14d3872046c7a0a292181f93a7c71a75345d608d3a473ba3d13563fef9e149c7325a54a01803c0946cbe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dd5e442a7aab895f9d638a76d7de8503

SHA1
b1f68244fbb21e9c642d229cb9ae9bcb837ccec0

SHA256
f8e8799e7d1b6ccafc323770f173ab7b9a613054a670111e791088cc221aa6db

SHA512
794c7358b29bfcff2f613bd6e2f2667272be6161847255203d04fb0c1c2248e7b53a117bfc1971c609c4db75842d8ce106571362349093c0d5d4a792c82bada6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58cd6d.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
efaa4e9450bbd6ea9d909dd4f6847b75

SHA1
7baa5e07f0bb881bf432441c98dbca9541067147

SHA256
03c742444c0223d1f5414a116a50faf0af740f3b478da658e3b6d1be5266fb2b

SHA512
506726a24670dfa994e5958cdc1f5575748d7594d12929f70ca31ce054f61a672662dd96cf36eef6f7521b5e3861a9cd3fc7acb6c1e986fc0ee0e30100e63667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b237df2d05d36396b595d1b558802715

SHA1
aa544825621e7459ef3fa690b772749eac5ca13d

SHA256
3ca7b46a6bb5e46668b32d1cd1b8a4f9514885f2095de0872aa4c3b805a873a4

SHA512
83e8a67ac8dce041c4afbec8f2540b97fcfcbad9d8ea4a3a03ad95fec824742eb696c8195cbf0f42ad52720e9540d8f69db6db7b768d2e49b2d46f5925f1bd1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
efc2ba27458db2c8dc96a299e02d4d0e

SHA1
049ab576136b1cd832624b7fd13d604e66705653

SHA256
8077ae921613a96bfe408e4c9b4a6e3fd61f33f5cfc7109b653868feff217cd3

SHA512
0c7a7d9ffadb95d4a564a5a6bd3f085e04add41535d0dea8e86766d8fa64750d52e2625d7f6b77a9790f667536bd285b8a76d9c044d3236badde490321fd85a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b57d83c51fd2701ea016f02d4e7ad850

SHA1
86d47db9c4b9e83b4b963bc33882455aaf1179b3

SHA256
faf43099c5bc4b2b0479a52c46ae132e026009f86568f307d4228be233a28ad9

SHA512
19f29d41be42aa2b72bb929af7dea685d302b3088b67c00ab785e1878ab5cfc4cfdc00fc946858c83949896ded00ef0dc570a0a7464f601decab58a4d204e99b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
05eec6affa152098d153127bd8f3001c

SHA1
72d187ad2f997d734034b124d75e26696f092eb3

SHA256
dbd10db5df18159037a9805888db62e0d0e774ad20c8de51d32067587bbca2f8

SHA512
6e9ca9ebbba333373a8592fa4b1a672221329f3d30bf60a9abd802d5fc938b36ca06194e8e7ad6de49e1ef8b3c0df01778ed444903efd0c98ef6287110a8c29f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3d652a6a3c16edced68d1c67f9b2704c

SHA1
3df4388a179fa2ff91904eb3f1f71b640ab290e1

SHA256
3b58d50b90934a7e5a3449d400b51b448535b96e0284ed586f42f1c6ab3e294f

SHA512
117df30db5b0d81f9f7752270817cc0d38b84edb8244287d8300e511f4aea4c2b88becada34e412100aaee1efb2d91376e318fbbdfedae08eb73342c6df7b379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a858c3c15181f50074236f339e67ee2d

SHA1
4e990092936a0bfaf9c8c8890d44f16eaa31bb55

SHA256
aea347eecb6c46a4f2bd66af50204a4eaa5d8e5c1d00688702abde65c6777516

SHA512
9b797d952e6bb6a3c1a80488d6bc18c9828414ba13b1ee1e7b6445ad2e505be65e5e5c9f42e26240a6abec709d1825de6e21c21c6634f38c998136fd9e5cce01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f305b8961731a2f3215a5e15f176218d

SHA1
e215124f286bd9aa3b95408dde9172a76ce86540

SHA256
de6846f7556c5b3c24548b8543495d8458dfd1604f72dd4d0c398307e994f13a

SHA512
b343adda0d1957675902f3b32340326b4e93d78b954327cde8ebf79e306a6b75c7b84876d2e00c5e1f94daf1c9388f7921d94103a0072302106f90c9c5a458de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b55b61c8591467a4e2b968941271dcf7

SHA1
036357b5d15c76aa532720d48afd9f274764e9e9

SHA256
e389d8732ba2ffb6f5387182eade45f60dc3798eeec56500e4342d421e8dbb9a

SHA512
17340363fbf9dcfa0dff30ec737a4a89b0266d7cb3a35e081bc990c37cd39849b7997cf844e0ca5038d3fb7423baab14a8844f3203a900cf332c00299d14bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1b0452c088ff24e10e7b407f8c765102

SHA1
be911519d8cbbd33790461dac9d6175c58924e89

SHA256
5b56a30e9dbea2bf8332dc1609ba2303a9e3dcd67628f6138e66a278f271454f

SHA512
8e590e3b183ced3eaf9767cba8300ec5fddb2c59e029b0a39f72b62402885c6bc0ec73de1043fd156213716b80e1495c51958931fccbb61236674f42f1f896f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
475a16778026d3ce6af86047a17ddee1

SHA1
f8c4e1a5aaa88c8be74b0ed2fa7b50b1cc553720

SHA256
4b02525135a83fa261882164af89fbc33179393b384bb80d9efa10753f95fe8b

SHA512
dbe426d71961742dbe6d808174bfd1e5cefa3ed7f3a294df6c7f8c11263c5e869c5b4ece63673de9ae61ccf94c75472fae0cc081aab4fa6a7ef4c90364cb4e38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7ad9709100fb43b77314ee7765b27828

SHA1
5cd0c406c08c9c1073b0c08169ccaffbd4ef6b98

SHA256
04b61824ffce6fdbae4e6a527ae58b85813226ee28fe4d631feb76b5f936a1a9

SHA512
fc55ee34b1107e298f2cfcb20dce42b5dbc98a7b68e72ed80a6ea594f66dff6f9e9cb70ad5ccbf5ad2171275f375abac1defd8dad4118afa280cd9c1d9f6a538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
685bda5e49d622fb6b616e2e4efa8c9a

SHA1
d6a5e3da1979fdf77bd12bf4f9ab11bd44f1a594

SHA256
520c4a0bab05b66bc934f139c565ad142f820375452e2d2ff6751df298bcbef3

SHA512
07f8d52eb86cc9a835938eab3d617245ceac65c30c2ff5c14caa65ab6d7faebd27680c2deb4d2d4088e17e1539e7327bc4670a34c2edd2c046ef969d312e5b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e122fc93c0ad25d45d09ba51a3e86421

SHA1
bb52a7be91075de9d85f4a4d7baeecc3167c871b

SHA256
a277c1c6fafd7a44b47d94e4bc3c0337a64a34d252e58722855aab09e6f52bee

SHA512
12787aebefd6a5e4584ec8747a78538f948a16b214bdf81302036ae89e2c4563027847236a4770c4f780a9ca0ed03f29b1577bfb6f11feffad85b7a625324bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\084ec014-1834-4777-a75e-91284b386b3c\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\42b0022d-15ae-49cc-ac61-b2369a5c931d\index-dir\the-real-index

Filesize
2KB

MD5
f06d575dc591bc87d74bbde2f63b3643

SHA1
f393f04119309fb51c6adeed6ec76f67472d608d

SHA256
91c55a06365cc19d0bc669a15a8109bd8c4e3330fea38d4f0071da39930e7b5e

SHA512
923b174ef2409305772bb780f81b32d9079ef813aa0d8194fde17a37d2f410aae013a0b55db0a4684b3b165a3c619917fe3a867478609d97ca023b15d352b843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\42b0022d-15ae-49cc-ac61-b2369a5c931d\index-dir\the-real-index

Filesize
2KB

MD5
2a7c75fa4499f974a2af050206fd059d

SHA1
3c82361df4be88c2e5223e868b599843082d9bdb

SHA256
9ce07b8580410a5ea0b274f4609781c356046aef7a22213d4860572388a69e54

SHA512
56cfbe3c90f030b1bfd0471bd5877d83e1638f38f6ea704425a175d2829d10fd513bec7509e64e81cf9a1102cf98209b0335c27e3ea26845c194e0fe4af0fc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\42b0022d-15ae-49cc-ac61-b2369a5c931d\index-dir\the-real-index~RFe58cd2e.TMP

Filesize
48B

MD5
ade84988437537a3061b2d22a61e4cc2

SHA1
66c9af48b4b81c2c59ae1478b811eb4484be1c25

SHA256
9ca272c096edfc6cbb756a76bf94037cb5495317d922dd23daf6365d1dad5d5b

SHA512
668c485115e82d96e16dfa6bfb774dea7fe42139aa93d9f52ed1ea648ebed2a688f59a997624cf3cee367950261e0ba18dd7d5ebcb8c1953edef50a59f435d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
bf6c0c76cdebe57e2d26d75c38b717b7

SHA1
403a4f269b5616ecb21d01df9bda507c3f0e746d

SHA256
8a9e60821212452e5fca383c454ab68bc89633b1ee74e288e1254c7c0ae0783a

SHA512
fecbe4b01b58e698505f50bc44c95f4a1d7166668edfab89946d188781f5d4e6bf4c7afc1ae180a5c342144ca8439248197135a0833450074f888d847d87b49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
2129b3db4c23f3faa04b1c109907e9b5

SHA1
b6f1bae5135aa0232ad90fb9a21d51b0459e1a79

SHA256
605e8c0b685338c025f5a829b3410ad9011c56e69446d6cda45b9023ccbe9865

SHA512
53f99525e51c7bdcfe57b4516ff79ecddbe36e23811013f09a330c725bd1f7dd9c6e46f8885322f4a84b54b4d66ba0d5f6efc9bb591b56120b941bddc3d3b4e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
3704c3873411aebbc589c3616e96be2f

SHA1
dede55cff85433f9ddf05a0c1328aaaafa1fa264

SHA256
17e12953ed966934d72b640beb708bc1ae6536351f5259787728c0a14753a2c1

SHA512
9317ff6e78e29eaabba00f4aad81a29654178a70686fa02fcae32b29624f6a5df42533ca5ea3ea0708f3af12e37693cb219fd1034cd57f23a6e29b3b83c222c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
5f3dce38b16d633175bce9e3f742fb6c

SHA1
746caf2d4024f337f450cfeab2b9d78f75990c05

SHA256
9792dc37e0484ef505e57db574c605ed044d6134218e20d3e5d106401f53c0cb

SHA512
f5d13ae0062c399e7880f49ef9635f188d6e38edee360d552f735485a01cae0c28226943514c9981c6a54b36728aa02763652c88f0bcbcf155daade5c0f31cd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
906ae1fadef59626332e24200adb3cc4

SHA1
da6766f8ddc9c982d2fe65459273dfc668a9169f

SHA256
ec11744a9b45a5b4a85cd1392264f4aa575b95aeeb4751eb48e236d043ebc88f

SHA512
04c00f7325c7f9bf55f379143881ffbde5f602323e2a62ac5c92eaee2b8ade7a1b3bbaceaad00056f43609fa5fb640f5406e1470d6078974e269b00b1945e73b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
f9487868701104af82aa2748aced9adb

SHA1
95ffb324765c1c05075908683682ebc2a4a9af4f

SHA256
9efec36b83d415873f193e169f5f0d0bfa68cc6645140fc70b2a6ad0d4c1b573

SHA512
efd31e4f2b448b6670ab55704151858208e59810f4d5a3048d978ad8c4743a65d5fcddbd0334310879bf3ddebeff51b1e271a2af5b721713316aaa9a55270214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
0d3c4a8c41997ef6b682a055b2e1d6e8

SHA1
c310d1ba93a09a01a1aad1fca65bf0854848a5fc

SHA256
68b52737d6e595241bd68069575a3071849efe20e6519ad39797ec3f235952e8

SHA512
c08f8ff4b22141112857d917de4122f76f5a46c43225baa0af2f8712df1ecfc818af4d8dd48e906a213d184a67510e8081a48f2de8e38c3954de1667a5a95694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
f42e2410796b25968cce16566a11b22a

SHA1
0fd94cb81468dc4ab7bb6e2766c0b76a6c3b39a7

SHA256
d49aab6571d07ca502abf683485bb059aa4c7a93f76edf772675d001daa0e488

SHA512
4995cf7029794f17febc2f1f1dd4cb54344501cca30ad1df7d5771e17490bd4a1ad0519218119592ee8e74a11b99c57c7de27442142f589f45ae1f4d56b4e221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
b5523ae182216b938996b204d3b60faa

SHA1
593149baf43e56650e626bf3c02c8664c3af62d0

SHA256
1b10466229361ba935b77080010a290b0ebb53c5a53df1663cde63c4e8386339

SHA512
98c83d96ec348c7f9082dbd601c44475eecca86bda58ef28d536c4e559250dc2031a7273064c57ac8dd820cb77d6dae0985bb0b086953a3df630f09925f8926b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
25bf5fd14c4f2cd92041e00e3993e8d8

SHA1
256a96d926d6360d476cb49ce01549d8a74a43a9

SHA256
e740a186ca9a7f295a86a141062b9333fab4e7ca962c13b864edf936dc3016a3

SHA512
fac4b5269dd4872b951c2a3ebdc633ab66d1c3a736461f5670a50101c88b75eb5855b3fb27d853e0989a0708947af12cb53337e74cd4747ff661a1aa5ded9cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5bb4943dfb57ae41e8f0000dfc97c0e1

SHA1
49dc4cfc6641298e4bfaa424e70517676727c861

SHA256
8a2f783d299fa92a949bf369edd85d5f2bf248e6445d111fbd9f9bdedf1676a6

SHA512
6cd091c98d4b1b1a38013befe6d70aad70690248b727b0a479905c2c5952dc7d2455a9d66a5330d5f6b0a5af3bdf81cdb8751eb4cc61c78fe8eaa22137a54d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58cd1f.TMP

Filesize
48B

MD5
ccd47428d150242bd4c680aa9cd6c6e6

SHA1
00be149f2e4ea9e9974ba41abc5369a0f16a4ba0

SHA256
0e612183b1f46d5071bcc0f0a831f82ad8764c56402737a2a5b38b28e7e6f3f6

SHA512
84d7598a4afe6a5f385cb5a79a3e7140eccdcbfe0fa3ea102f3cd94d9c1bf5212ca1c707e3e3af129a1c64766587ad823a2d6519261dbbe7749631404d362abd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
279B

MD5
7f2c79e8a513c89203f1bd2ec5fc4dec

SHA1
2b52b97ddf40489d1b80f679f06232345b8896d5

SHA256
7b24ed02e5749e21d5c87aff0d0f1e2abaebe64838c5a4acd14ae86c7e9e32c7

SHA512
a0eb19c0081461a2bb4553c6595f3bff8189448112f056f692e31e3beda902e69bfde89efd54ffdce54a952abdf516d53941db804827c1e7193a64cdf5ae241b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13376622099951240

Filesize
9KB

MD5
d3a18416132a0d78f9600ab3ac4d9ba6

SHA1
070bf579cedff7c9da10c18d7f85da89b9ef257b

SHA256
a2f87abd7dedbb8c47131f1a4a02965a532398117830a37ddeaabbcbaccee512

SHA512
97a2411e3f907e4754d17a6b6e3d70c95288ad908b02db5fc9d5b13778d49e17f8a022e031d312fe9567abdf88c77a572e50b0a74f62e4227df0afd19a69c77d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
172B

MD5
bbfeb70e37695ae02ffa70f5d20bf0c5

SHA1
1df8d6b16d97610853be581f7f9135899ae051f4

SHA256
3ea0dbe29c8a99d99677d9ad4b23e34404ee80c75f1485d2eea1825bede55106

SHA512
9fa1747cb29238b62faff00e2427df5ee31ecb28c97ab66ed307690fa938cd8d72df39dce938afabf8865d2ddc816284d844abd3f559b0ef5a6729f26a76c159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
9f7db5cf30860ceb63ad69eae94b2d67

SHA1
67c88d54d739bfdf9b77f51528cf9e053d5dc3e4

SHA256
6bcd0bf1f31ef480398369b7cbc39e308d7b51bd7e010f4343c0c2639a5a6883

SHA512
93a25773e08bbe80061ea04f9a3c3dc9635668370309626ae01d2a7985bedb0a4671d91f644d65e0a89c7aa7d86f2f7c9ee38d6816c2f22950f376af1f3ae646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
8f53d034da4fda7a0ecf986b81c784de

SHA1
44c5a5a8cde7bd9e0cb4c600b0d7d2569c63be16

SHA256
164c0bad430276150b5f2d7a9e6afc8c6736f0033825166fec3e571fcc7a74db

SHA512
0c64c2de9a6eb0eb73a3a758268bf0c143fba4c899da7515d814bb2679c0f5edad3f09f08d43f642c0c6163f86a50b088bdd7a1fca6d6b0723b63cc2af541cd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
12896e8dd74fca996114856ae4f25af0

SHA1
07ae94d19bff8fdf59f97971625d40fbbb57e1fa

SHA256
dcf21a80af11e535e41d77e75aa2e65df43955e38fe239537a77d380f9376ee4

SHA512
c06c3cd842dbe8fbf2653ac6b29ca2364d3dbf35ce112e2d0a159259c7291df6c03a78f67283d1d42a356f8ec112754c27717f998c8811721594e53da21f1df6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
236634220bb1fd3482193d9a3a9066d2

SHA1
b4c8088734a87adb6b3396068fd207a97f79dd5d

SHA256
2a07254ff25d2ce15b1cc1714a74ed7db800e45e1f6c56a38547c6760071e845

SHA512
8d3ad1cdd901d21e2ef35503329df5475e889c7b032326037736405bcaff8a830e45c2dd8c083daba4398f9cef61ce4f33f3d9ce42c63fd0413d9ab4f8119c46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
f5246b316731558923bd9827bbce564e

SHA1
42bfe15ee7ec4ea60494b6dacd670975701dac3c

SHA256
736fd8ca4b285df72f674739b23bd46a4659416711322f186c2b03ab34a8ef7a

SHA512
413805ea083751b3452e4cf3ec98a8f7c58abf6f02ba734710129a08b57567701fccabb39da856b59a4b4e5a3461627483d974700e6d030dfb2690e02c77aaec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
b767911a729a738c1a3259141300f36e

SHA1
d14cfab5ff7112f5e0dfaa63edd0e7d1a2d54087

SHA256
72d81acb8ec617cdb81f313232dd86f15151cb16b4c426ae562cc990536a868a

SHA512
4a84613afb3f78469351fe4bfe33c98df3d07bd1810dc4205ff0bb0d304e305f63790dc530d7ed6074cc0a35aba2b5a33379d6cdc7f1b5af17c1f32104c04056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
78b0fbbb14f41b7e428d7536e0653e68

SHA1
6a7420a018f8efbe8c4ddfea285ccb01eefc0eed

SHA256
504dede3ddc34131c0b80009c9ad255163c9e15d05fd75c24019c0a91f6347ad

SHA512
65d9919e5542da0c7da8172dd46e51db81915974d303c3c49490ff0310d618c160ef5de2ffe26d0cbbed5dc264b0fe0d35c7d86c9f99efcba235bcf7ab5d5507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
ba5ac31ec9c4d3b565232e8f06461aa3

SHA1
6f45b719126d692af29c10e2af369ff666af1689

SHA256
e910619d6097685078896ce1d22ca0af500da19915932b851df43401a3822dc1

SHA512
2e0c2298af2345d317d16f4527c8015996db501bde64d34498d77cc8ea57089d68c466d2d4eda0f5e585111ce54a339bd3044db709167119e05225a32176caef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
b7aa89df3e6e68f352b685a57b6e93c5

SHA1
a5cdffdcfc18fa8a6323147110f86ed3642eb31b

SHA256
0787a4167417a47bd3f32587be8e4f131ff2c17cbe78017fd6d8f27101223e0a

SHA512
fced7fbf4e6e674b3c4d91a0774dba96a18b82c719c077190c8661d736e5bcfafb88390e33c7ae4d139da9d9320c7c030182606e90773cbf7655558226a22d37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58cd5d.TMP

Filesize
704B

MD5
6d1d7e4122aedb4a575e9d0c0174689b

SHA1
fc78487c88d96d1989bb9dea7bf6078775608c44

SHA256
6b3bbc3f31a94e0474fb3a4bd5f53f59df79a21463227ea674d2db3d2c870236

SHA512
eaaf71a3a72b51f65e04c145c316829cfeaa264df2c3dc2c41256bcf96addeeb88933264bf97c57c71ce13b2285dffec0ff573fdb149ae1d13b61a4893f60340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
6ee749ba0a69c4e34f570be677217681

SHA1
be1cca82fa627dcbf305464fc15f51f1b5b5d431

SHA256
520d2f9c9a195139f154a8e8a4eef92786e51b8aee068ddb83b70e06f3740c56

SHA512
c9e870b7ef369dc9438cc236629e5e184480138dd46466840cf231de02d734b699a7318983f9b6e020cb18a6cce12eee087795b9aefd9a40efb4e6ce5a17a6bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fbcc7462-6ee0-44f0-a694-f8078dc634a6.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
80KB

MD5
0c368ced7679245e43dff0f49e69d0dd

SHA1
00cd53a5bccc19e7cc863698d3404e3c0e0aeb2f

SHA256
6ef39fc3d8761ca3c8ee034d00d9380457fed1c7e209951e7c3d3e5915636486

SHA512
08839278c313f39edb6aaf93459ebfea5b699455e527b22c14e2c8b16c9d2c943f42ec1a9f4421964343db1d7146c15079110adb5158916239e8ee526da18986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
59c76ad75f6aa725bd62758c650a9829

SHA1
db21c233b1d2c7728c718e91e43591cb8841b1db

SHA256
1b1bd5f868ab625b44a46e155a1fd2b390525df3dd0954b421277bfa30c8fd38

SHA512
c3aff91163f7039044fb3d1781854b9cf3925f80c8cbc3d5fe6f942ed0e76d2e5d2b7d38fa92d6c1155a4b62dbe4973a684835e9547ef2c3e2938cd75d29aa24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4fdacd57dcd9f18009332de51b87b5d5

SHA1
3dbf9c10c3faea5d31eb519ac3c4010c36116709

SHA256
34ff5799252e49450e78fc1bdbfd0aad7d4cd0aab679fd758ea3dd7968470762

SHA512
678551aeb25dc76d8791ed2b51731ef72d0ed4dbff7e744689c8244ad696caa4f3519feec4e90282f5b95f132a8489144dedea2111bb96da5f6adbd2761513c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c2eb841668e31d07e758ee07d204670b

SHA1
18b58b69fdfe4d49ec4a8a266c33f4e0e98f3d76

SHA256
060e1bc4db080b4cd0df1db7d1799ebbf879651d2872dc01ac6b302d88dc486e

SHA512
4aeeb9cd3ddbe389d3103dc829f2d8ce54903e7f3564abc8965c89ac0d6a3ee001446b1e8fe2467aa787df6d298bbd88b0d13f1310ba05fc67e619d9d70a5b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f88c1abb13e4d426c8af5fed75607380

SHA1
cf7e8c97f2e1afc3d2e4bcd93047614e4f3bd461

SHA256
83fa2d3ed6d1f42a9c833321481c53758e04ff1a49613ca0650fd9d1d79bc522

SHA512
26b606acc4fd0b43f4465cc92eb3072d7e47c45c8884a8abf87a9c723f9bd566d5018244144c487c36bcc3a48141790bc221d96a8910e8b38283997f1d6707c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

Filesize
40B

MD5
6a3a60a3f78299444aacaa89710a64b6

SHA1
2a052bf5cf54f980475085eef459d94c3ce5ef55

SHA256
61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f

SHA512
c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468

Filesize
57B

MD5
3a05eaea94307f8c57bac69c3df64e59

SHA1
9b852b902b72b9d5f7b9158e306e1a2c5f6112c8

SHA256
a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e

SHA512
6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

Filesize
29B

MD5
52e2839549e67ce774547c9f07740500

SHA1
b172e16d7756483df0ca0a8d4f7640dd5d557201

SHA256
f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32

SHA512
d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982

Filesize
450KB

MD5
e9c502db957cdb977e7f5745b34c32e6

SHA1
dbd72b0d3f46fa35a9fe2527c25271aec08e3933

SHA256
5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4

SHA512
b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
a6888cbf96f8ef661fb1d2ad5cf7efab

SHA1
5ac83d4a74335eb3fd0989374e7fe39b34d237ed

SHA256
b3b036cf35853db28d548f33164f18c6b9764a6b86308621845993b72f44db8b

SHA512
acf0dba86446a6a6c6fe6b477f366e71d2fb675e43d9ab6d048544c4424aa7f79e72b0e4da5ead5f65c6e2175aa2415db256e4df2935918a429676eee1686675

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
91f79ad4bb177ffe8e1b8e42216cb170

SHA1
1833cfaba3572e26c075185364989e0e0175b7a9

SHA256
3de4cd53b121cf632d3fabcfa0fab2c1cf63b0c39614856c22299875ac818884

SHA512
8cc6d1f070f8e77285f92a7a5621dcc0882356f0ba0d5bd53230e54cb4fdb19b385b397f054b697dc18cc51bbfdbb27e6d3767ee2bc4fe2063ca1eb3358e9bad

Download Submit
C:\Users\Admin\Downloads\Virus_Destructive_open_source.zip

Filesize
283KB

MD5
0592f326bdc30a76214b2a145f6ef04e

SHA1
3d7f82338a8ec90d3effb7d3f123c4e05a3b6178

SHA256
bc4e2e5e6b47482339f33f041636fc1b03f7ae31c7aaf575ebc3a090fdd51d32

SHA512
161646245dec8cb4f9a6195968eba8fb721c613b4ed6736ecfa6198e67fa894ac49247d026d814e19ecd5b9b03ef86a8d63b1b510b81b3329269434c1104b122

Download Submit
memory/3112-232-0x00007FFE2CBE3000-0x00007FFE2CBE5000-memory.dmp

Filesize
8KB

Download
memory/3112-221-0x00007FFE2CBE0000-0x00007FFE2D6A2000-memory.dmp

Filesize
10.8MB

Download
memory/3112-220-0x0000000000D20000-0x0000000000D64000-memory.dmp

Filesize
272KB

Download
memory/3112-219-0x00007FFE2CBE3000-0x00007FFE2CBE5000-memory.dmp

Filesize
8KB

Download
memory/3112-233-0x00007FFE2CBE0000-0x00007FFE2D6A2000-memory.dmp

Filesize
10.8MB

Download